We performed a comparison between Rapid7 Metasploit and Vectra AI based on real PeerSpot user reviews.
Find out what your peers are saying about Tenable, Wiz, Check Point Software Technologies and others in Vulnerability Management."It is scalable. It's in line with our needs."
"The greatest advantage of Rapid7 Metasploit is that it is the only system that can directly exploit vulnerabilities on the Metasploit platform."
"I don't have any other tools like it, and I always use it when I'm doing a pen test. Metasploit is a great solution for penetration testing,"
"It's not possible to do penetration testing without being very proficient in Metasploit."
"Rapid7 Metasploit is a useful product."
"All of the features are great."
"I use Rapid7 Metasploit for payload generation and Post-Exploitation."
"The most valuable feature for us is the support for testing Linux-based web server components."
"It provides various dashboards that facilitate the identification of connections and can detect data exfiltration, meaning data sent from your environment to another."
"The key feature for me for Detect for Office 365 is that it can also concentrate all the information and detection at one point, the same as the network solution does. This is the key feature for me because, while accessing data from Office 365 is possible using Microsoft interfaces, they are not really user-friendly and are quite confusing to use. But Detect for Office 365 is aggregating all the info, and it's only the interesting stuff."
"We discovered a lot of things in our network and are correcting several misconfigurations. We are learning how some apps work together and how some things shouldn't happen. It's also easier for us to identify the source of a brute force, whereas before, we didn't even know we had a brute force."
"Vectra AI is the best. It is a major product in our cybersecurity."
"The solution's ability to reduce alerts, by rolling up numerous alerts to create a single incident or campaign, helps in that it collapses all the events to a particular host, or a particular detection to a set of hosts. So it doesn't generate too many alerts. By and large, whatever alerts it generates are actionable, and actionable within the day."
"One of the most valuable features is all the correlation that it does using AI and machine learning. An example would be alerting on a host and then alerting on other things, like abnormal behavior, that it has noticed coming from the same host. It's valuable because we're a very lean team."
"We often use the new feature to create PCAP files from the whole data traffic. It makes it much easier to find network problems such as whether the server is responding to a request. It has nothing to do with security, but it helps a lot to find other problems."
"The fact that we get the visualization of what's happening on our network, which is a way of improving our security in-depth is most valuable."
"The solution should improve the responsiveness of its live technical support."
"It is necessary to add some training materials and a tutorial for beginners."
"I think areas with shortcomings that need improvement are more integration and automation."
"Advanced Infrastructure should be implemented in the next release for better orchestration."
"At the time I was using it, the graphical user interface needed some improvements."
"Metasploit cannot be installed on a machine with an antivirus."
"If your company's patch is not up to date, but you have other detection or defense solutions such as endpoint detection and response and antivirus software, the product exploit may not work effectively. This is because its exploit database update process is slow and not real-time. For zero-day vulnerabilities or new security threats, relying on Rapid7 Metasploit alone may not be effective."
"The initial setup was a bit "tweaky" for the open-source version."
"I would like more integrations with IOCs and threats currently on the Internet. I would also like to know which threats are based on zero-day attacks, current botnets, etc. Therefore, I would like more information on external threats."
"In education as a sector, we are looking at AI a lot in terms of how it can be used as part of the teaching and learning side of things. It would be great to have Vectra AI look at a better way to enhance the security posture related to the AI tools in our portfolio."
"I would like to see data processed onshore. Right now, the cloud components, like Office 365, must be processed on servers outside of Australia. I would like to see a future adoption of onshore processing."
"Integration with other security components needs improvement. It should have true integration as opposed to just being a separate pane of glass."
"I think Vectra AI's automation, reporting, and integration could be improved."
"One area where there's room for improvement is the absence of a comprehensive TCP recording and replay feature."
"One of the things I am not so happy about when it comes to Vectra is the scoring board."
"We have a lot of system solutions and integrations with system solutions. Vectra is a type of black box. It implements AI-informed detection mechanisms, but we cannot create system detections. I understand that the product is designed this way, but it would be great if we could create our own detections as well."
Rapid7 Metasploit is ranked 14th in Vulnerability Management with 18 reviews while Vectra AI is ranked 2nd in Intrusion Detection and Prevention Software (IDPS) with 39 reviews. Rapid7 Metasploit is rated 7.6, while Vectra AI is rated 8.6. The top reviewer of Rapid7 Metasploit writes "Directly exploit vulnerabilities, is stable, and scalable". On the other hand, the top reviewer of Vectra AI writes "Integrates well with other security solutions and provides good technical support". Rapid7 Metasploit is most compared with Tenable Nessus, Pentera, Rapid7 InsightVM, Acunetix and Horizon3.ai, whereas Vectra AI is most compared with Darktrace, ExtraHop Reveal(x), Cisco Secure Network Analytics and Arista NDR.
We monitor all Vulnerability Management reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.