• Home
  • Sophos UTM vs. Vectra AI

Sophos UTM vs Vectra AI comparison

Cancel
You must select at least 2 products to compare!
Sophos Logo

Sophos UTM

Read 110 Sophos UTM reviews
3,486 views|2,369 comparisons
89% willing to recommend
Vectra AI Logo

Vectra AI

Read 40 Vectra AI reviews
7,438 views|3,458 comparisons
100% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Unified Threat Management (UTM)
April 2024
Executive Summary

We performed a comparison between Sophos UTM and Vectra AI based on real PeerSpot user reviews.

Find out what your peers are saying about Sophos, Cisco, WatchGuard and others in Unified Threat Management (UTM).
To learn more, read our detailed Unified Threat Management (UTM) Report (Updated: April 2024).
Download the complete report
768,886 professionals have used our research since 2012.
Featured Review
AlaaMady
A useable solution for small businesses who are willing to rely on cloud-based, centralized management of the software
I don't believe it has improved our organization; I don't actually like the product because of the features it is missing.
Hugo Bertrand
Efficient, stable and improves productivity
It's important for us that the user interface is easy to understand and that is the biggest benefit we see from Vectra AI. When it comes to Vectra... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The most valuable feature of Sophos UTM is reporting, it is flexible. I can monitor the end user's devices, even when they are not on my network. It has good drill-down capabilities.""It helped to connect our satellite offices to the main Amazon infrastructure in a circular way.""The cost of the solution is very reasonable.""The stability, overall, is excellent. I haven't had a problem in the last two years.""An easy solution to learn because the graphics are very intuitive.""It now controls all the security aspects of our web servers with Sophos UTM WAF.​""The most valuable features of Sophos UTM are the ease of use, it is very user-friendly. You can understand what they implement in the new firmware, and it's easy to manage the firewalls.""It's a stable solution."

More Sophos UTM Pros →

"It gives you access, with Recall, to instant visibility into your network through something like a SIEM solution. For us, being able to correlate all of this network data without having to manage it, has provided immediate value. It gives us the ability to really work on the stuff where I and my team have expertise, instead of having to manage a SIEM solution...""Vectra is very compatible with various cloud providers, such as Amazon and Azure AD. This is helpful as customers often migrate their network infrastructure to the cloud.""What I like best about Vectra AI is that it alerts you about suspicious activities.""The key feature for me for Detect for Office 365 is that it can also concentrate all the information and detection at one point, the same as the network solution does. This is the key feature for me because, while accessing data from Office 365 is possible using Microsoft interfaces, they are not really user-friendly and are quite confusing to use. But Detect for Office 365 is aggregating all the info, and it's only the interesting stuff.""The solution's ability to reduce alerts, by rolling up numerous alerts to create a single incident or campaign, helps in that it collapses all the events to a particular host, or a particular detection to a set of hosts. So it doesn't generate too many alerts. By and large, whatever alerts it generates are actionable, and actionable within the day.""Cognito Streams gives you a detailed view of what happens in the network in the form of rich metadata. It is just a super easy way to capture network traffic for important protocols, giving us an advantage. This is very helpful on a day-to-day basis.""The solution is currently used as a central threat detection and response system.""Some valuable features of Vectra AI are that it is very intuitive and that there are only a small amount of false positives. Therefore, it's an effective solution."

More Vectra AI Pros →

Cons
"We would like to have unique viewable IDs for rules and in the packet filter logfile, for easier debugging of old log files.""Sophos UTM could be simplified, and they can improve on the many other features, like SD-WAN and load balancing. Sophos UTM is missing a few features that their competitors have. For example, if you have multiple branches you would like to connect, the load balancing features aren't available on multilink. If we create a VPM for multiple LAN links, we cannot load balance the traffic.""Updates come out agonizingly slowly, a trickle.""An area for improvement in Sophos UTM is load balancing because my company cannot use it currently. If Sophos could release a new configuration for the load balancing feature to work for my company, that would be great.""There's an issue that when we deploy UTM on fiber, it automatically upgrades to the latest version without giving an option to stay on the current one.""The management suite is easy and the agent is easy to develop.""I didn't like it much. It suits only small businesses. It isn't scalable and reliable. There is a very critical issue with the power supply.""We didn’t find any issues but I know there have been some in the last few years."

More Sophos UTM Cons →

"The UI/UX and detection could be improved. More detections of specific security events could be useful. We've had a few incidents that were not detected by Vectra. The teams are working on it right now, but more detection is always better.""What is most important for us is to have one place where we can manage a few brains because we are based on a zero-trust network. As a result, each customer needs to have a separate brain. For the SOC team, we need to have one place where the SOC analyst can go to visit the website and from that site manage all of the customers. Right now, Vectra AI doesn't have this capability, and I would really like to have this feature.""It does a little bit of packet capture on alert so you can look at the packet capture activity going on, but it doesn't collect a whole lot of data. Sometimes it's only one or two frames, sometimes it does collect more. That's why they have the addition of their Recall platform, because that really does help expand the capability.""There is room for improvement in the documentation. We would like to have more details on how it detects what we see.""We would like to see more information with the syslogs. The syslogs that they send to our SIEM are a bit short compared to what you can see. It would be helpful if they send us more data that we can incorporate into our SIEM, then can correlate with other events.""We have a lot of system solutions and integrations with system solutions. Vectra is a type of black box. It implements AI-informed detection mechanisms, but we cannot create system detections. I understand that the product is designed this way, but it would be great if we could create our own detections as well.""The solution's marketing is not good.""They use a proprietary logging format that is probably 90% similar to Bro Logs. Their biggest area of improvement is finishing out the remaining 10%. That 10% might not be beneficial to their ML engine, but that's fine. The industry standard is Zeek Logs or Bro Logs, or Bro or Zeek, depending on how old you are. While they have 90% of those fields, they're still missing some fields. In very rare instances, some community rules do not have the fields that they need, and we had to modify community rules for our logs. So, their biggest area of improvement would be to just finish their matching of the Zeek standard."

More Vectra AI Cons →

Pricing and Cost Advice
  • "The licensing model is very straightforward, it's a bit pricey, but for what you get, it's well worth it."
  • "If you can afford it, go for a small Check Point, as it is easier to manage."
  • "Unless you are in the United States, or you have to use Sophos, you can't contact Sophos directly. You have to use a third-party ​company, and they all have different ways of how they explain their licensing."
  • "Go to a vendor and let them assess your needs so you can get a right-sized device."
  • "Sophos offers free training when selling their products from within the partner portal.​"
  • "I would recommend to follow Sophos’ sizing guidelines for choosing which license and model to use. Sophos has their own way of going about this and supplies partners with all the information required. If you follow their documentation and guidelines, there should be zero questions about licensing and sizing."
  • "For under 50 users, MSP licensing is profitable."
  • "​In the case of a software/virtual appliance subscription, you pay by protecting user/IP addresses. You can do this to as much hardware resources as you like.​​"

    • More Sophos UTM Pricing and Cost Advice →

  • "We are running at about 90,000 pounds per year. The solution is a licensed cost. The hardware that they gave us was pretty much next to nothing. It is the license that we're paying for."
  • "The license is based on the concurrent IP addresses that it's investigating. We have 9,800 to 10,000 IP addresses."
  • "There are additional features that can be purchased in addition to the standard licensing fee, such as Cognito Recall and Stream."
  • "We have a desire to increase our use. However, it all comes down to budget. It's a very expensive tool that is very difficult to prove business support for. We would like to have two separate networks. We have our corporate network and PCI network, which is segregated due to payment processing. We don't have it for deployed in the PCI network. It would be good to have it fully deployed there to provide us with additional monitoring and control, but the cost associated with their licensing model makes it prohibitively expensive to deploy."
  • "At the time of purchase, we found the pricing acceptable. We had an urgency to get something in place because we had a minor breach that occurred at the tail end of 2016 to the beginning of 2017. This indicated we had a lack of ability to detect things on the network. Hence, why we moved quickly to get into the tool in place. We found things like Bitcoin mining and botnets which we closed quickly. In that regard, it was worth the money."
  • "The pricing is very good. It's less expensive than many of the tools out there."
  • "The pricing is high."
  • "Their licensing model is antiquated. I'm not a fan of their licensing model. We have to pay for licensing based on four different things. You have to pay based on the number of unique IPs, the number of logs that we send through Recall and Stream, and the size of our environment. They need to simplify their licensing down to just one thing. It should be based on the amount of data, the number of devices, or something else, but there should be just one thing for everything. That's what they need to base their licensing on. Cost-wise, they're not cheap. They were definitely the most expensive option, but you get what you pay for. They're not the cheapest option."

    • More Vectra AI Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Unified Threat Management (UTM) solutions are best for your needs.
    See Recommendations
    768,886 professionals have used our research since 2012.
    Comparison Review
    Anonymous User
    Sophos UTM vs. Fortinet FortiGate
    I have used both Sophos and Fortinet products in production and I have found the Sophos UTM appliances (hardware and virtual) to be a better fit most of the time -- with a few caveats which I will touch on below. In both instances, the transition from TMG will be mostly straightforward. The main hang-ups will be with the VIP/load balancing and SSL. For some reason that completely escapes me, both of these vendors make getting valid certificates onto their boxes unnecessarily difficult -- the Fortinet appliances more so than the Sophos UTM appliances. At one point a Fortinet engineer had to write an entire manual on how to get an SSL certificate uploaded successfully on the 4.x firmware Sophos: The one feature that is missing (and this makes some amount of sense) from the Sophos appliance is BITS caching for updates. Other than that, Sophos offers a full replacement for TMG on UTM9. The XG platform also offers a replacement for the TMG; however, some of the rumblings about upcoming releases suggests that Sophos is going to give XG the Apple iOS treatment and "streamline" the interface...potentially cutting out/hiding some functionality. On the effectiveness of the NGFW, Sophos is mostly good but has a few issues blocking all pieces of an application. For instance, we had to build custom blocking rules for OpenVPN (the vpn was being used to bypass the content filter) because the default Application Control wasn't effectively blocking the application. Fortinet: If it… Read more →
    Questions from the Community
    What are the biggest technical differences between Sophos UTM and Fortine...
    Top Answer:As a solution, Sophos UTM offers a lot of functionality, it scales well, and the stability and performance are quite good. The most valuable features for me are their web and email filtering. I would… more »
    Read all 11 answers   →
    What Is The Biggest Difference Between Sophos UTM and Sophos XG?
    Top Answer:The Sophos UTM is a UTM and Sophos XG is the NGFW. First, you must know about the difference between a UTM and NGFW. They can not be compared with each other because the price, license, firewall… more »
    Read all 18 answers   →
    What do you like most about Sophos UTM?
    Top Answer:The most valuable feature of Sophos UTM is the endpoint protection feature.
    Read all 70 answers   →
    What is the biggest difference between Corelight and Vectra AI?
    Top Answer:The two platforms take a fundamentally different approach to NDR. Corelight is limited to use cases that require the eventual forwarding of events and parsed data logs to a security team’s SIEM or… more »
    Read all 5 answers   →
    What do you like most about Vectra AI?
    Top Answer:Vectra AI generates relevant information.
    Read all 36 answers   →
    What is your experience regarding pricing and costs for Vectra AI?
    Top Answer:It's relatively on the pricier side, but when compared to other solutions. It's not the most budget-friendly option, but it can be considered somewhat more cost-effective in comparison to other… more »
    Read all 25 answers   →
    Ranking
    1st
    out of 15 in Unified Threat Management (UTM)
    Views
    3,486
    Comparisons
    2,369
    Reviews
    27
    Average Words per Review
    392
    Rating
    8.2
    2nd
    out of 42 in Intrusion Detection and Prevention Software (IDPS)
    Views
    7,438
    Comparisons
    3,458
    Reviews
    20
    Average Words per Review
    772
    Rating
    8.3
    Comparisons
    Netgate pfSense logo
    Netgate pfSense vs. Sophos UTM
    Compared 19% of the time.
    Fortinet FortiGate logo
    Fortinet FortiGate vs. Sophos UTM
    Compared 15% of the time.
    Sophos XG logo
    Sophos XG vs. Sophos UTM
    Compared 13% of the time.
    OPNsense logo
    OPNsense vs. Sophos UTM
    Compared 13% of the time.
    More Sophos UTM Competitors   →
    Darktrace logo
    Darktrace vs. Vectra AI
    Compared 38% of the time.
    ExtraHop Reveal(x) logo
    ExtraHop Reveal(x) vs. Vectra AI
    Compared 10% of the time.
    Arista NDR logo
    Arista NDR vs. Vectra AI
    Compared 5% of the time.
    Corelight logo
    Corelight vs. Vectra AI
    Compared 4% of the time.
    More Vectra AI Competitors   →
    Also Known As
    Astaro
    Vectra Networks, Vectra AI NDR
    Learn More
    Sophos
    Vectra AI
    Overview

    Sophos UTM is a unified threat management platform designed to protect your businesses from known and emerging malware including viruses, rootkits and spyware. The solution provides a complete network security package with everything your organization needs in a single modular appliance.

    Sophos UTM Features

    Sophos UTM has many valuable key features. Some of the most useful ones include:

    • Web and Email Filtering
    • General Management
    • Network Protection
    • Network Routing and Services
    • Advanced Threat Protection
    • Authentication
    • Email Encryption and DLP
    • Web Policy
    • End-User Portal
    • VPN IPsec Client, VPN SSL Client, and Clientless VPN
    • Web Application Firewall Protection
    • UTM Endpoint Protection and Management
    • SEC Endpoint Integration
    • Logging and Reporting

    Sophos UTM Benefits

    There are many benefits to implementing Sophos UTM. Some of the biggest advantages the solution offers include:

    • Simplifies your IT security without the complexity of multiple point solutions
    • Intuitive interface to help you quickly create policies to control security risks
    • Provides clear, detailed reports to give you the insight you need to improve your network performance and protection
    • Complete control to block, allow, shape and prioritize applications
    • Two-factor authentication with one-time password (OTP)
    • Integrated wireless controller
    • Allows you to connect remote offices with easy VPN and Wi-Fi

    Reviews from Real Users

    Below are some reviews and helpful feedback written by PeerSpot users currently using the Sophos UTM solution.

    PeerSpot user Dana B., Network Administrator at a manufacturing company, says “The web and email filtering are the two biggest and most valuable aspects of the solution for us. The solution overall has just been a good, cost-effective solution for us. The solution offers a lot of functionality. The solution scales well. We've found the technical support to be helpful. The stability and performance are quite good.”

    A Technical Director at a security firm mentions, "Sophos SG UTM had all the basic functionality that you needed. It is user-friendly and easy to manage for any integrator."

    Marek M., Senior Network Engineer at a computer software company, comments, “Sophos UTM is the simplest of these products to set up. If you follow the instructions using the wizard, which is just a few steps, then you will have a firewall to protect you and your customer.”

    A Software Sales Manager at a tech services company explains, “The overall visibility of the console is what I find most valuable, plus it's very user-friendly. It can be integrated with other solutions such as SOAR, SIEM, etc., even when you have an existing firewall. I really like that the console can be integrated. You'll see everything on the same window, and the single window feature of the machine is so good. These are the features I really like.”

    James D., IT Manager at Manual Workers Union, states, “The fact that it's on the cloud means we don't have to administer it on our network or deal with a physical machine, which saves us money. The solution has many great features. From the console, we can start different scannings on different machines. We enjoy the centralized reporting part of it. The initial setup is simple. We enjoy its general stability. The solution can scale. So far, the solution has been problem-free.”

    Vectra threat detection and response is a complete cybersecurity platform that collects, detects, and prioritizes security alerts. The Cognito platform for Network Detection and Response (NDR) detects and responds to attacks inside cloud, data center, Internet of Things, and enterprise networks. The platform also provides automated response capabilities for low-level threats and escalates more severe anomalies to security personnel.

    Cognito captures data for multiple relevant sources and enriches it with context and security insights. It starts by deploying sensors across different networks in datacenters, IoT, or enterprise networks. The algorithm extracts relevant metadata from network and cloud traffic. The information can also be non-security information that can help investigation. 

    The data is enriched with security context to support critical use cases, such as threat detection, investigation, hunting and compliance. The platform is machine learning-based, which enables it to adapt to any new and current threat scenario. It detects, clusters, prioritizes, and anticipates attacks by using identity and host-level enforcement. 

    With the Vectra platform, a person can investigate 50 threats in just two hours. By prioritizing alerts and leveraging threat intelligence, it provides faster results.Vectra solves today’s security challenges for network detection and response. 

    One of Vectra’s best features is the emphasis they put in pairing research and data science for security insights. It offers behavior codification with unsupervised, supervised, and deep learning models. 

    The pricing is according to a subscription model with a free trial available.Vectra is available for Office 365, Azure AD and AWS Brain.

    Features of Vectra AI

    • AI-based threat detection and response. 
    • Detects attacks in real time with behavior-based threat detection. 
    • Consolidates and correlates thousands of events, detecting threats. 
    • Enriches threat investigation with a chain of evidence and data science security insights. 
    • Machine learning techniques, including deep learning and neural networks. 
    • Gives visibility into cyberattackers and analyzes all network traffic. 
    • Continuous updates with new threat detection algorithms. 
    • Provides encryption at rest and in transit. For the AWS version, it offers AES-256 encryption via AWS Key Management Service. 
    • Guaranteed availability according to the SLA of the service selected. 
    • Does not connect to public sector networks. 

    Benefits of Vectra AI

    • Behavioral models use AI to find unknown attackers. 
    • Context increases the accuracy of threat hunting. 
    • Allows for proactive action by prioritizing the most relevant information. 
    • Provides a clear picture and extensive context for investigations. 
    • Aids decision-making in the incident response process. 
    • Helps working with large datasets by capturing metadata at scale. 
    • Automates time-consuming analysis. 
    • Reduces the security analysts’ workloads on threat investigations. 

    Other advantages of Vectra services include that they can be deployed in the public, private, or hybrid cloud. Support is available via email or online ticketing with an average of 4 hours of response. Phone support is available 24/7. 

    Vectra provides full on-site and online training and documentation. Regarding the user interface, it supports several types of web browsers, such as Internet Explorer, Microsoft Edge, Firefox, Chrome, Safari and Opera. However, it is not available for mobile devices.

    Reviews from Real Users

    Here’s what PeerSpot users of Vectra AI have to say about it:

    "One of the core features is that Vectra AI triages threats and correlates them with compromised host devices. From a visibility perspective, we can better track the threat across the network. Instead of us potentially finding one device that has been impacted without Vectra AI, it will give us the visibility of everywhere that threat went. Therefore, visibility has increased for us." - Dave W., Operations Manager at a healthcare company

    "It does a reliable job of parsing out the logs of all the network traffic so that we can ingest them into our SIEM and utilize them for threat hunting and case investigations. It is pretty robust and reliable. The administration time that we spend maintaining it or troubleshooting it is very low.” - T.S., Senior Security Engineer at a manufacturing company

    Sample Customers
    One Housing Group
    Tribune Media Group, Barry University, Aruba Networks, Good Technology, Riverbed, Santa Clara University, Securities Exchange, Tri-State Generation and Transmission Association
    Top Industries
    REVIEWERS
    Comms Service Provider12%
    Manufacturing Company12%
    Financial Services Firm10%
    Computer Software Company9%
    VISITORS READING REVIEWS
    Computer Software Company18%
    Comms Service Provider10%
    Government8%
    Educational Organization6%
    REVIEWERS
    Financial Services Firm17%
    University11%
    Manufacturing Company11%
    Mining And Metals Company8%
    VISITORS READING REVIEWS
    Computer Software Company16%
    Financial Services Firm12%
    Government8%
    Manufacturing Company6%
    Company Size
    REVIEWERS
    Small Business58%
    Midsize Enterprise20%
    Large Enterprise21%
    VISITORS READING REVIEWS
    Small Business36%
    Midsize Enterprise19%
    Large Enterprise45%
    REVIEWERS
    Small Business15%
    Midsize Enterprise23%
    Large Enterprise63%
    VISITORS READING REVIEWS
    Small Business22%
    Midsize Enterprise14%
    Large Enterprise64%
    Buyer's Guide
    Unified Threat Management (UTM)
    April 2024
    Download Free Report
    Find out what your peers are saying about Sophos, Cisco, WatchGuard and others in Unified Threat Management (UTM). Updated: April 2024.
    DOWNLOAD NOW
    768,886 professionals have used our research since 2012.

    Sophos UTM is ranked 1st in Unified Threat Management (UTM) with 110 reviews while Vectra AI is ranked 2nd in Intrusion Detection and Prevention Software (IDPS) with 40 reviews. Sophos UTM is rated 8.4, while Vectra AI is rated 8.6. The top reviewer of Sophos UTM writes "It's a highly stable platform with very few hardware issues". On the other hand, the top reviewer of Vectra AI writes "Integrates well with other security solutions and provides good technical support". Sophos UTM is most compared with Netgate pfSense, Fortinet FortiGate, Sophos XG, OPNsense and Palo Alto Networks NG Firewalls, whereas Vectra AI is most compared with Darktrace, ExtraHop Reveal(x), Cisco Secure Network Analytics, Arista NDR and Corelight.

    We monitor all Unified Threat Management (UTM) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.