Vectra AI Primary Use Case

reviewer1259193
Head of Information Security at a insurance company with 1,001-5,000 employees
One of the biggest things is the visibility of stopping or identifying any infection as soon as possible. In this case, if someone downloads something malicious to their workstation, we have a number of controls in place. However, it wasn't so much the endpoint. It was the spreading of a worm type scenario or a WannaCry type thing. Anything that could potentially spread after the initial infection, which is where we wanted to come in and get that visibility. It was key for us to have something that we could use for identifying as soon as possible, which would be call center initiated. That was probably our biggest thing: To push it in that direction, as we're a regulated company from the FCA. They drive us continually for improvement and behavioral analysis. Network analysis sort of falls into that bucket. We already have a SIEM, which some people would argue gives us a lot of that visibility. It doesn't tend to give it the focus that we need. From Vectra, we get a lot of alerts of, "This is happening," or, "This is unusual." This is a lot easier than waiting for a couple of logs to come in, then a bit of AI logic at the back of it to potentially push it in that direction. It's very much for us to get a view of a potential attack, then deal with it as quickly as possible. To pinpoint where it's coming from, and where it is going to go. One of the biggest things that I wanted to ensure is that it covered our call centers because that is where I see my biggest risk. So, I was really key on getting sensors across all geographic locations within the UK and in all of our small communication rooms. It is all on-premise. We have a number of call centers spread around the UK. We look at all east-west traffic, as well as north-south. It all goes into our brain in our data center. We do have some branches out in Azure, but we're waiting on the new plugin that they are trying to develop. We are just starting in on our cloud journey and most of our infrastructure is in still private cloud. We haven't really gotten to the point where we have public cloud. We're up-to-date, but I don't know the exact version number that we are on. View full review »
reviewer1296420
Global Security Operations Manager at a manufacturing company with 5,001-10,000 employees
We use Vectra with the assumption that our other defensive controls are not working. We rely on it to be able to detect anomalous activities on our network and trigger investigation activities. It's a line of detection assuming that a breach occurred or has been successful in some way. That's our primary use case. We have it in some of other use cases, like anomalous network activity and detection for things. E.g., we are trying to refine or improve suspicious internal behaviours because we are a development technology company. We have developers doing suspicious things all the time. Therefore, we use it to help us identify when they are not behaving correctly and improve our best practices. We have it predominantly on-prem, which is a combination of physical and virtual sensors. We also have a very minor element on the cloud where we are trialing a couple of components that are not fully deployed. For the cloud deployment, we are using Azure. We are on the latest version of Cognito. View full review »
reviewer1302852
Sr. Specialist - Enterprise Security at a mining and metals company with 5,001-10,000 employees
Our main intention was to see what type of visibility, in terms of detections, Vectra could give us. We use it on both our manufacturing perimeter and at the internet perimeter. That's where we have placed the devices. We have placed it across four sites, two in UAE and two outside UAE. View full review »
Learn what your peers think about Vectra AI. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
441,672 professionals have used our research since 2012.
reviewer1362528
Manager, IT Security at a energy/utilities company with 201-500 employees
The Detect platform that we have is on-prem. We have what's called "the brain", then we have sensors placed in different key/strategic areas in the organization. It is helping us do a lot of the monitoring. We also have some SaaS offerings from the Recall platform, which look at some of the metadata, etc. If we were doing things like incident response, it gives us a bit more granular type of information to query. However, the Cognito Detect platform is all on-prem. We are using the latest version. View full review »
reviewer1263180
Cyber Security Analyst at a financial services firm with 1,001-5,000 employees
The original use case was because we had some legacy stuff that doesn't do encryption at rest. Compliancy-wise, we had to put in some additional mitigating actions to protect it. That was the start of it. Then, we extended it to check other devices/servers within our network as well. We are on the latest version. View full review »
John Vicencio
Cyber Specialist, Forensics at Richemont
We have two use cases. The first is that Vectra's platform allows us to get visibility into anomalous behavior, which, previously, we never really had access to, for threat hunting and incident response. We use it in support of our incident response operations to help supplement our investigations on hosts. We use it to correlate any suspicious activities, which is something that Vectra has been extremely accurate in, when used the right way. The second use case is that we've used the Vectra Cognito Recall and Cognito Stream devices. With these integrations, it's given us instant visibility into all the network data as well. That enables us to conduct our own hunts on our network data, data you'd see on a security information and event management (SIEM) solution. It also gives us the ability to correlate with our playbooks because it gives us access to the data itself in much more depth and detail. View full review »
Eric Weakland
Director, Information Security at American University
One of the reasons we went with this solution was because there is less that we have to customize; it's more commercial off the shelf. Therefore, my team can spend their time doing what's most beneficial for the university, which is protecting it, not upgrading custom software. We use it to inspect and look for malicious, abusive, or other types of forbidden behavior with our north-south and east-west traffic. We not only look at traffic from our campus to the Internet, but we look at traffic internally in our network as it does network AI. It not only looks when a specific event happens, but whether, "Is this a normal event? Or is it normal for the host to do that?" View full review »
Headofinfosec82347
Head of Information Security at a retailer with 1,001-5,000 employees
Vectra AI sits across our entire estate, we have an outsource provider for a lot of our backend systems. It sits in theirs and it sits in our own estates. It's deployed across our other numerous offices across the country. It sits across our entire state. View full review »
Mark Davies
Security Operations Specialist at a tech services company with 1,001-5,000 employees
We use Vectra AI to sniff the network using Ixia taps so that we can identify potentially malicious activity on the network and at all points of the kill chain. What it's exceptionally good at doing is correlating seemingly unrelated events. It's in our data center, but the versioning is controlled by Vectra. They push it out discreetly so I don't have any touch on that. View full review »
reviewer1358853
Information Technology Security Engineer II at a mining and metals company with 10,001+ employees
We use it as an intrusion detection system to monitor traffic that's going on within our network. View full review »
Learn what your peers think about Vectra AI. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
441,672 professionals have used our research since 2012.