Previously, we used Darktrace. Though it is a good platform, because there were so many false positives coming through, we found that we were neglecting it and not investigating the alerts. After less than a year of using Vectra, we've managed to tailor our dashboards to a point where we just see the high-volume or high-risk alerts coming through, and we act on those on an instant basis. Vectra AI has helped me get my time back. 

We did not use another solution before Cognito.

We did not use any similar solution. 

We already had a solution like this one in place, which was another competitor's product, where the three-year contract for that product was up. We wanted to retain the level of detection that the product provided, but adapt to the way our network had changed over three years to adopt a more hybrid cloud technology. This device sits on our internal network watching for any threats to our internal network. It looks at our Office 365 threats as well.

We were previously using DarkTrace. We went to the market for reasons of maturity over time for our network. We wanted to further adapt this product to a hybrid working model. We wanted it to be able to adapt to cloud technology that we were adopting. We also wanted something commercially competitive. After three years, they came back asking for a 20% increase in their renewal fees, which wasn't acceptable.

One of the main things that Vectra has brought to the table for us, over what we were previously using, was the ability to combine our on-prem packet data that we were watching with the cloud data that we needed to start including. We have one system monitoring a hybrid environment, rather than having separate systems for separate environments. That is a key thing that Vectra does that others might not. It comes back to visibility with network monitoring.

For critical alerts, there has been a huge reduction compared to our previous solution, approximately 80% less. What our previous tool would mark as high, we wouldn't, and Vectra AI aligns with that. Vectra gave us some classifications of the threats, where our previous tool would just trigger high risks on a lot of things that to us, as a business, were not high risk. This is because of fundamentally the way that Vectra looks at detections compared to the way that our previous product did. Every detection was its own entity within the previous one. Whereas, with Vectra AI, it is all about combining the detections and getting a more complete picture. When you are looking for more than just one indicator of compromise, and you are not viewing these things in isolation, you start to realize that one indicator oftentimes doesn't mean critical. That is what Vectra does pretty well.

We weren't using any solution before. We went for Vectra AI because we wanted something to have visibility. We were completely blind to what could happen on the network. With Vectra AI, we aren't so blind.

We didn't have a previous solution. We have no internal networking monitoring capability.

Previously, we had a general sensor solution taking logs. We didn't have an equivalent detection platform for our network nor did we have a tool capable of providing us with competent intrusion detection capabilities post-breach. Our main SIEM logging platform was generating over a 1000 alerts a day. It was bloated and unusable when trying to identify events/anomalies that were occurring. Once we implemented Vectra, it was able to give us a refined view and tell us which things we need to prioritize so we were able to reduce our workload from a 1000 alerts a day down to 10.

It isn't a tool set to replace a current tool set. It's just an additional feature. For me, it has only increased our workload, but that's because we had nothing there before.

We did not previously have a network monitoring solution. We have a toolset that does event log monitoring, but nothing across the network itself. I think we have basic flow visiblity, and the network team use that. However, there is no real way of investigating individual network packets, then using them for anything in particular.

Prior to Vectra AI, we used Gatewatcher and Microprobes and also the IPS/IDS firewall. Vectra AI is an additional layer of security.

We did not have any tools in the same league. We had security tools, but not with anomaly detection as part of the feature set.

We decided that we wanted to have an alert within 30 minutes, which is doable with this solution. It fulfills our needs. However, we didn't have this before, so it has increased our time, but for things we need to do.

We had a SIEM solution that was mainly focused on event-based logging, not necessarily on the network part. We were looking at more of a network IDS solution, and that's where Vectra came in. We wanted something that was easy to use as we didn't want too much platform maintenance. We wanted something to plug into the box and make it work. At first, we didn't believe that we would be able to find something like that after we had seen Darktrace, their biggest competitor, but in the end, Vectra was a perfect fit for us because it made it very easy to insert it into our branch offices as well.

We switched from an open source solution to Cognito because there was a lower operational maintenance burden and it provided more visibility into our environment. It also has more analysis and initial triage done by the network AI and machine learning.

Vectra enables us to answer investigate questions faster than our open source solutions previously did.

We previously used a different tool, Darktrace. We used it for four years. The management told us to look for other tools. This was after we switched our main network hardware. We contacted Vectra and took the next step. We were just comparing different tools when we decided to go with Vectra. There were many different tools that were similar but we ultimately chose Vectra. Compared to Darktrace, Vectra's UI is much cleaner, there is less noise, and the performance is way better in the graphical interface. We get much fewer false positives. We also have to put less work into this tool, which is great for companies with small teams.

We didn't have anything in place before Vectra AI. 

I have used another solution in the past. I used Darktrace where I was before. It compares very favorably with Darktrace. I wouldn't say it was any better or worse.

The UI is quite different, but apart from that, there are obviously slight differences in the analytics behind it, but I'd be struggling to say that one of them was better than the other. They both seem to do what I do well. Vectra AI is a little bit more honest about their capabilities than Darktrace is.

I don't think Vectra AI enables us to answer investigative questions that other solutions are unable to address. I know that there are other solutions that could do it as well. They're as good as everything else out there, but I wouldn't go and say they're massively better. The thing that sells it for me is that the support has been very good. That's one of the bits that keeps me with them.

We didn't use any similar solution previously.

I have some personal experience with one of Vectra's main competitors, but I won't mention them by name. I'm trying to go beyond all the marketing hype, and I have huge respect for both tools. As an analyst, I want to find the bad guys at the end of the day, and I've had good experiences with both. We have more experience with the other tool, and I'm comfortable detecting threats on both. They're equally capable in this field.

Vectra AI has advantages, including a more extensive list of attack and defense references. Vecta has better at-a-glance integration options with EDR tools like CrowdStrike. There are nuanced differences between the products, and one might be more suitable depending on your needs. 

There are more dimensions than detection capabilities. It depends on the partner model and the market. Vectra covers many of those areas, and it's our primary vendor. 

A few years ago when we were looking at this, we had a gap in the organization. We didn't have like a managed service offering. We had an on-prem SIEM, but we didn't have a large team so we didn't have resources fully dedicated to looking to see threats and correlating them with other event logs to see exactly what was occurring. The reason that we didn't have a managed server previously was cost. Therefore, we looked for alternative ways to solve the gap, lower the resource count, and be able to automate and integrate within our enterprise solutions.

Vectra AI displaced an EOL North South solution.

We didn't have a solution like Vectra previously.

We previously used open-source SIEM models. We switched to Vectra AI to help with the automation of alerts.