We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"The solution provide visibility into behaviors across the full lifecycle of an attack in our network, beyond just the Internet gateway. It makes our security operations much more effective because we are now looking not just at traffic on the border, but we're looking at east-west internal traffic. Now, not only will we see if an exploit kit is being downloaded, but we would be able to see then if that exploit kit was then laterally distributed into our environment."
"It does a reliable job of parsing out the logs of all the network traffic so that we can ingest them into our SIEM and utilize them for threat hunting and case investigations. It is pretty robust and reliable. The administration time that we spend maintaining it or troubleshooting it is very low. So, the labor hour overhead is probably our largest benefit from it. We spend 99% of our time in Vectra investigating cases, responding to incidents, or hunting, and only around 1% of our time is spent patching, troubleshooting, or doing anything else. That's our largest benefit from Vectra."
"It keeps up with the network traffic, which is a good thing. It provides more context to plain alerts compared to using an older system. So, it helps an analyst reduce the information overload."
"Vectra produces actionable data using automation. That has helped us. It's less manpower now to look at incidents, which has definitely increased efficiency. Right now, in a lot of cases, our mean time to detection is within zero days. This tells me by the time something happened, and we were able to detect it, it was within the same day."
"The key feature for me for Detect for Office 365 is that it can also concentrate all the information and detection at one point, the same as the network solution does. This is the key feature for me because, while accessing data from Office 365 is possible using Microsoft interfaces, they are not really user-friendly and are quite confusing to use. But Detect for Office 365 is aggregating all the info, and it's only the interesting stuff."
"The most valuable feature for Cognito Detect, the main solution, is that external IDS's create a lot of alerts. When I say a lot of alerts I really mean a lot of alerts. Vectra, on the other hand, contextualizes everything, reducing the number of alerts and pinpointing only the things of interest. This is a key feature for me. Because of this, a non-trained analyst can use it almost right away."
"It gives you access, with Recall, to instant visibility into your network through something like a SIEM solution. For us, being able to correlate all of this network data without having to manage it, has provided immediate value. It gives us the ability to really work on the stuff where I and my team have expertise, instead of having to manage a SIEM solution..."
"One of the key advantages for us is we define a 24/7 service around it. We use far more of Vectra alerts than we do with our SIEM product because we understand that when we get an alert from Vectra we actually need to do something about it."
"It is highly customizable and can be integrated well with third-party software."
"The initial setup is easy."
"We didn't experience any bugs."
"We have had many requests to understand in the network which devices are connected to others. Most people don't have this information or are able to establish a map of data flow everywhere around the network. Scrutinizer can really help with this. We are using it to understand who is talking to what, how, and which protocols can help us to improve security and analyze flow."
"The solution helps to enrich the data context of our network traffic. It allows me to see what applications are most in use on a slightly historical basis, going back a day or week at tops. It allows me to tune QoS or traffic shaping around what's being used. It saves me from having to unnecessarily upgrade, if I don't need to."
"It shows us the saturation of the network of devices. It gives us a clear view of the flows in the network to understand, for instance, planning upgrades in the network to get an idea of what's going on the network on traffic flows. It gives us insight, for instance, on what's going on on our VPN Client. There are a lot of things where it provides very helpful information. It also gives us our security reports with quite detailed information on what's going on in the network, and whether there are data exfiltrations and so on."
"It helps us determine what is going on with our Internet and who is hogging it all up. If we get a real high throughput or a throughput that's going over and getting dropped fairly quickly, we can tell who (or what device) is consuming that traffic."
"Visualization of the network traffic is the most valuable feature. It allows you to drill into information quite quickly."
"The solution has not reduced the security analyst workload in our organization because we still need to SIEM. Unfortunately, while Vectra, for us, is a brilliant tool for network investigations, giving wonderful visibility, it doesn't go the whole way to replace our SIEM that is needed for compliance. So, I still have the same amount of alerting and logging that I did before. It gives us more defined ability to see incidents, but it doesn't give us enough information to satisfy a PCI or 27001 audit."
"It does a little bit of packet capture on alert so you can look at the packet capture activity going on, but it doesn't collect a whole lot of data. Sometimes it's only one or two frames, sometimes it does collect more. That's why they have the addition of their Recall platform, because that really does help expand the capability."
"Some of their integrations with other sources of data, like external threat feeds, took a bit more work than I had hoped to get integrated."
"Integration with other security components needs improvement. It should have true integration as opposed to just being a separate pane of glass."
"I would like to see a bit more strategic metrics instead of technical data. Information that I could show to my executive management team or board would be valuable."
"You are always limited with visibility on the host due to the fact that it is a network based tool. It gives you visibility on certain elements of the attack path, but it doesn't necessarily give you visibility on everything. Specifically, the initial intrusion side of things that doesn't necessarily see the initial compromise. It doesn't see stuff that goes on the host, such as where scripts are run. Even though you are seeing traffic, it doesn't necessarily see the malicious payload. Therefore, it's very difficult for it to identify these type of host-driven complex attacks."
"In comparison with a lot of systems I used in the past, the false positives are really a burden because they are taking a lot of time at this moment."
"The false positives and the tuning side of it is something that could use improvement. But that could be from our side."
"There are some loopholes you need to be aware of from a security perspective."
"The graphics and reports can be a little bit better."
"It would be useful if there was a way to back up the configuration information. E.g., if you wanted to deploy a new instance or disaster recovery, you could quite easily deploy and restore the config, as opposed to having to restore all the NetFlow data. If there was just a button that said "backup config information", that would be good."
"For updating the Scrutinizer platform, when we have the actual data, it never happens in one day. Every time we have the data, we are obliged to install a new server in order to integrate the old data, and every time it has a problem. Most of the time, we were obliged to scrap all the data because we couldn't transfer it to the new server. So, it would be very good if they could improve this part."
"I wish the reporting side was easier to work with, but it does a decent job. I also wish the reporting side was a little more intuitive or they offered more reporting examples."
"Data retention needs improvement. Data retention is a thing where we are looking for a better way to collect flow data for a longer time to do forensic research on security incidents. By default, data retention is quite low. We need detailed data in safe storage for a longer time, e.g., for a couple of months. An improvement would be a way to export data into a secure long-term storage."
"We couldn't get it set up properly."
"The visual acuity of how it presents data can sometimes be confusing. It takes a bit for people to spin up how to look at the graphs."
"We are running at about 90,000 pounds per year. The solution is a licensed cost. The hardware that they gave us was pretty much next to nothing. It is the license that we're paying for."
"The license is based on the concurrent IP addresses that it's investigating. We have 9,800 to 10,000 IP addresses."
"There are additional features that can be purchased in addition to the standard licensing fee, such as Cognito Recall and Stream."
"The pricing is very good. It's less expensive than many of the tools out there."
"From a pricing perspective, they are very commercially competitive. From a licensing perspective, just be conscious that some of their future cloud solutions come with additional subscriptions. Also, if you're outside of the US, you will get charged freight for the device back to your country."
"The pricing is high."
"Vectra's licensing model could scale to our research network, which has multiple, 100-gigabit links."
"Their licensing model is antiquated. I'm not a fan of their licensing model. We have to pay for licensing based on four different things. You have to pay based on the number of unique IPs, the number of logs that we send through Recall and Stream, and the size of our environment. They need to simplify their licensing down to just one thing. It should be based on the amount of data, the number of devices, or something else, but there should be just one thing for everything. That's what they need to base their licensing on. Cost-wise, they're not cheap. They were definitely the most expensive option, but you get what you pay for. They're not the cheapest option."
"We have increased the license over time. We have added more licenses as the network has grown."
"We just renewed. The pricing is 5,000 euro per year. This is the final price. All tax (20 percent) is included."
"There are no extra costs. It's about $8,000 a year. The bang for the buck (cost) is definitely a plus."
"There is a recurring maintenance fee after the initial purchase or if we want the license upgrade."
"We recently bought a license upgrade, so we will integrate more exporters. We upgraded from a 25 exporter license to a 50 exporter license. Therefore, there will be more flows, and this will be an extension. I don't know when we will purchase a faster server, because the server that we have is quite new."
"It's about €10,000 a year for initial license and yearly maintenance costs. In addition, the hardware costs are about €10,000 once every five years."
"The license is per device. We have 50 devices."
Vectra® is the leader in network detection and response – from cloud and data center workloads to user and IoT devices. Its Cognito® platform accelerates threat detection and investigation using artificial intelligence to collect, store and enrich network metadata with the right context to detect, hunt and investigate known and unknown threats in real time. Vectra offers three applications on the Cognito platform to address high-priority use cases. Cognito Stream™ sends security-enriched metadata to data lakes and SIEMs. Cognito Recall™ is a cloud-based application to store and investigate threats in enriched metadata. And Cognito Detect™ uses AI to reveal and prioritize hidden and unknown attackers at speed.
Nagios Enterprises delivers official products, services, and solutions for and around Nagios – the industry standard in enterprise-grade IT infrastructure monitoring. With millions of users worldwide, Nagios is the undisputed champion in the IT monitoring space. Our team of dedicated professionals works to ensure total customer satisfaction with all the services we provide. Our extensive network of partners helps extend Nagios services and solutions to new organizations and markets worldwide to meet a variety of business needs. Nagios Enterprises was founded in 2007 by Ethan Galstad. Ethan created what would later become known as Nagios in 1999, and currently serves as the President of Nagios Enterprises.
The Scrutinizer incident response system leverages network traffic analytics to provide active monitoring, visualization, and reporting of network and security incidents. The system quickly delivers the rich forensic data needed by IT professionals to support fast and efficient incident response.
Nagios Network Analyzer is ranked 13th in Network Traffic Analysis (NTA) with 2 reviews while Plixer Scrutinizer is ranked 4th in Network Traffic Analysis (NTA) with 6 reviews. Nagios Network Analyzer is rated 8.0, while Plixer Scrutinizer is rated 8.2. The top reviewer of Nagios Network Analyzer writes "Easy to set up, integrates well with other solutions, and is largely quite stable". On the other hand, the top reviewer of Plixer Scrutinizer writes "Allows for QoS tuning or traffic shaping around what is being used, saving from us from unnecessary upgrades". Nagios Network Analyzer is most compared with Darktrace and SolarWinds NetFlow Traffic Analyzer, whereas Plixer Scrutinizer is most compared with SolarWinds NetFlow Traffic Analyzer, Cisco Stealthwatch, Darktrace, PRTG Network Monitor and LiveAction LiveNX. See our Nagios Network Analyzer vs. Plixer Scrutinizer report.
See our list of best Network Traffic Analysis (NTA) vendors.
We monitor all Network Traffic Analysis (NTA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.