Head of Information Security at a insurance company with 1,001-5,000 employees
Jan 7, 2020
One of the key advantages for us is we define a 24/7 service around it. We use far more of Vectra alerts than we do with our SIEM product because we understand that when we get an alert from Vectra we actually need to do something about it.
Operational Security Manager at a financial services firm with 1,001-5,000 employees
Oct 21, 2020
The most valuable feature for Cognito Detect, the main solution, is that external IDS's create a lot of alerts. When I say a lot of alerts I really mean a lot of alerts. Vectra, on the other hand, contextualizes everything, reducing the number of alerts and pinpointing only the things of interest. This is a key feature for me. Because of this, a non-trained analyst can use it almost right away.
Operations Manager at a healthcare company with 51-200 employees
Aug 3, 2021
One of the core features is that Vectra AI triages threats and correlates them with compromised host devices. From a visibility perspective, we can better track the threat across the network. Instead of us potentially finding one device that has been impacted without Vectra AI, it will give us the visibility of everywhere that threat went. Therefore, visibility has increased for us.
Global Security Operations Manager at a manufacturing company with 5,001-10,000 employees
Feb 25, 2020
One of the most valuable features of the platform is its ability to provide you with aggregated risk scores based on impact and certainty of threats being detected. This is both applied to individual and host detections. This is important because it enables us to use this platform to prioritize the most likely imminent threats. So, it reduces alert fatigue follow ups for security operation center analysts. It also provides us with an ability to prioritize limited resources.
Sr. Specialist - Enterprise Security at a mining and metals company with 5,001-10,000 employees
Oct 6, 2022
The most useful feature is the anomaly detection because it's not signature-based. It picks up the initial part of any attack, like the recon and those aspects of the kill chain, very well.
Senior Security Engineer at a manufacturing company with 10,001+ employees
Jul 1, 2021
It does a reliable job of parsing out the logs of all the network traffic so that we can ingest them into our SIEM and utilize them for threat hunting and case investigations. It is pretty robust and reliable. The administration time that we spend maintaining it or troubleshooting it is very low. So, the labor hour overhead is probably our largest benefit from it. We spend 99% of our time in Vectra investigating cases, responding to incidents, or hunting, and only around 1% of our time is spent patching, troubleshooting, or doing anything else. That's our largest benefit from Vectra.
Sr. Specialist - Enterprise Security at a mining and metals company with 5,001-10,000 employees
Mar 4, 2020
The solution's ability to reduce alerts, by rolling up numerous alerts to create a single incident or campaign, helps in that it collapses all the events to a particular host, or a particular detection to a set of hosts. So it doesn't generate too many alerts. By and large, whatever alerts it generates are actionable, and actionable within the day.
Manager, IT Security at a energy/utilities company with 201-500 employees
Jun 3, 2020
Vectra produces actionable data using automation. That has helped us. It's less manpower now to look at incidents, which has definitely increased efficiency. Right now, in a lot of cases, our mean time to detection is within zero days. This tells me by the time something happened, and we were able to detect it, it was within the same day.
Cyber Security Analyst at a financial services firm with 1,001-5,000 employees
Jan 12, 2020
It is doing some artificial intelligence. If it sees a server doing a lot of things, then it will assume that is normal. So, it is looking for anomalous behavior, things that are out of context which helps us reduce time. Therefore, we don't have to look in all the logs. We just wait for Vectra to say, "This one is behaving strange," then we can investigate that part.
Project Manager at a university with 1,001-5,000 employees
Oct 29, 2020
It has helped us to organize our security. We get a better overview on what is happening on the network, which has helped us get quicker responses to users. If we see malicious activity, then we can quickly take action on it. Previously, we weren't getting an overview as fast as we are now, so we can now provide a quicker response.
Head of Information Security at a insurance company with 1,001-5,000 employees
Jan 7, 2020
The solution has not reduced the security analyst workload in our organization because we still need to SIEM. Unfortunately, while Vectra, for us, is a brilliant tool for network investigations, giving wonderful visibility, it doesn't go the whole way to replace our SIEM that is needed for compliance. So, I still have the same amount of alerting and logging that I did before. It gives us more defined ability to see incidents, but it doesn't give us enough information to satisfy a PCI or 27001 audit.
Operational Security Manager at a financial services firm with 1,001-5,000 employees
Oct 21, 2020
Vectra is still limited to packet management. It's only monitoring packet exchanges. While it can see a lot of things, it can't see everything, depending on where it's deployed. It has its limits and that's why I still have my SIEM.
Operations Manager at a healthcare company with 51-200 employees
Aug 3, 2021
I would like to see data processed onshore. Right now, the cloud components, like Office 365, must be processed on servers outside of Australia. I would like to see a future adoption of onshore processing.
Global Security Operations Manager at a manufacturing company with 5,001-10,000 employees
Feb 25, 2020
You are always limited with visibility on the host due to the fact that it is a network based tool. It gives you visibility on certain elements of the attack path, but it doesn't necessarily give you visibility on everything. Specifically, the initial intrusion side of things that doesn't necessarily see the initial compromise. It doesn't see stuff that goes on the host, such as where scripts are run. Even though you are seeing traffic, it doesn't necessarily see the malicious payload. Therefore, it's very difficult for it to identify these type of host-driven complex attacks.
Sr. Specialist - Enterprise Security at a mining and metals company with 5,001-10,000 employees
Oct 6, 2022
The reporting from Cognito Detect is very limited and doesn't give you too many options. If I want to prepare a customized report on a particular host, even though I see the data, I have to manually prepare the report. The reporting features that are built into the tool are not very helpful.
Senior Security Engineer at a manufacturing company with 10,001+ employees
Jul 1, 2021
They use a proprietary logging format that is probably 90% similar to Bro Logs. Their biggest area of improvement is finishing out the remaining 10%. That 10% might not be beneficial to their ML engine, but that's fine. The industry standard is Zeek Logs or Bro Logs, or Bro or Zeek, depending on how old you are. While they have 90% of those fields, they're still missing some fields. In very rare instances, some community rules do not have the fields that they need, and we had to modify community rules for our logs. So, their biggest area of improvement would be to just finish their matching of the Zeek standard.
Sr. Specialist - Enterprise Security at a mining and metals company with 5,001-10,000 employees
Mar 4, 2020
One thing which I have found where there could be improvement is with regard to the architecture, a little bit: how the brains and sensors function. It needs more flexibility with regard to the brain. If there were some flexibility in that regard, that would be helpful, because changing the mode of the brain is complex. In some cases, the change is permanent. You cannot revert it.
Manager, IT Security at a energy/utilities company with 201-500 employees
Jun 3, 2020
I would like to see a bit more strategic metrics instead of technical data. Information that I could show to my executive management team or board would be valuable.
Cyber Security Analyst at a financial services firm with 1,001-5,000 employees
Jan 12, 2020
We would like to see more information with the syslogs. The syslogs that they send to our SIEM are a bit short compared to what you can see. It would be helpful if they send us more data that we can incorporate into our SIEM, then can correlate with other events.
