Vectra AI Room for Improvement
AG
reviewer1302852
Sr. Specialist - Enterprise Security at a mining and metals company with 5,001-10,000 employees
The reporting from Cognito Detect is very limited and doesn't give you too many options. If I want to prepare a customized report on a particular host, even though I see the data, I have to manually prepare the report. The reporting features that are built into the tool are not very helpful. They are very generic and broad. That's one main area that I keep telling Vectra they need to improve.
Also, whenever there's a software upgrade and new detections are introduced and the intelligence improves, there is a short period at the beginning where there's a lot of noise. Suddenly, you will get a burst of detections because it's a new detection. It's a new type of intelligence they've introduced and it takes some time to learn. We get worried and we always check whether an upgrade has happened. Then we say, "Okay, that must be the reason." I would like to see an improvement wherein, whenever they do an upgrade, that transition is a bit smoother. It doesn't happen all the time, but sometimes an upgrade triggers noise for some time until it settles down.
View full review »PV
reviewer2119917
Security at a financial services firm with 201-500 employees
One of the things that we are missing a bit is the capability to add our own rules to it. At the moment, the tech engine does its thing, but we have some cool ideas to make additional rules. There should be an option in the platform to add custom rules, or there should be some kind of user group where we can suggest them for the roadmap and see if they get evaluated and get transparent communication on whether they will be implemented in the product or not. I understand that not everything can be implemented in the product, but if everyone presses the plus one button, then you know that there's a need for it.
There is the concept of groups within Vectra. You have IP groups, host groups, and domain groups. Wild cards would be very handy there, or side ranges would be a good one to start with. One of the big things that some of our operational people complain about is that if it's an IP and it has reverse look-ups, why do they need to make two groups—an IP group and a hostname group—just to get the same feature set?
View full review »GW
reviewer2197812
Head of ICT Security & Governance at a construction company with 501-1,000 employees
A blind spot that I have is around the ease with which you can automate threat intervention.
View full review »Buyer's Guide
Vectra AI
February 2024
Learn what your peers think about Vectra AI. Get advice and tips from experienced pros sharing their opinions. Updated: February 2024.
763,955 professionals have used our research since 2012.
ML
reviewer2036466
Product Owner NDR at a tech vendor with 201-500 employees
Vectra Recall could be utilized much more, and I'm seeing some indications of that today with the investigative components. I use the visualize feature to visualize components and dashboards a lot. I'm interested in new ways to build automated searches or having them leveraged already from Vectra.
View full review »CF
reviewer2120748
Cybersecurity Consultant at a tech services company with 201-500 employees
We have had a few issues with the integration of Vectra AI with EDR. Some filters have not been working. We've also had issues with the brain not being powerful enough.
In the next release, I would like to see more triage choices. From my point of view, Vectra is missing a lot of choices. This is an area that they could focus on.
Vectra is also moving to a full cloud model, and I am not sure if going full cloud and leaving the on-premises environment is the way to go. We are not sure whether we'll move to the cloud with Vectra because it's hosted by AWS, which is one of our competitors. We don't like to work with anything that works on AWS.
In education as a sector, we are looking at AI a lot in terms of how it can be used as part of the teaching and learning side of things. It would be great to have Vectra AI look at a better way to enhance the security posture related to the AI tools in our portfolio.
MB
Martin Bruno
CIO at General Transmissions
We got two problems that couldn't be solved because of the philosophy of the product. We are using SMB 3.0, which is an encrypted protocol. When we get some alerts or something, we cannot go deep into the protocol to see what's wrong because it's encrypted. We need to decrypt the protocol in another way, which is quite difficult. We might go back to SMB 2.0 just for this reason, but that's not a good solution.
We did some penetration tests and tried to get some hashes or encrypted passwords from Active Directory. Those hashes didn't provide alerts into Vectra. Vectra doesn't survey them, which is quite problematic because it's a very common attack. They said that it's not the only aspect that would come with that kind of attack, but when somebody tries to get a lot of hashes, we would like that there is an alert because that seems like the start of an attack.
For the hashes issue, it could be very easy for them to make the improvement. They can just change a rule, and that's it, but for encrypted protocols, it could be trickier.
One area where there's room for improvement is the absence of a comprehensive TCP recording and replay feature. While there is an alternative method available, it doesn't provide the same functionality in a graphical interface.
View full review »We offer two solutions, Vectra and ExtraHop in the Qatar market. However, ExtraHop has better features that seem more advantageous when compared to Vectra. During demos, I encountered challenges with Vectra when demonstrating its capabilities, such as dealing with expired SSL certificates. Vectra AI is capable but ExtraHop is able to provide comprehensive insights and easier data querying. It excels in data query capabilities which is helpful for customers to access and manipulate their data effortlessly. This is where Vectra needs to enhance its capabilities. Customer support and handling high network traffic are additional areas that it needs to work on. There should be more flexible options to handle customers’ needs. Also, customers desire performance enhancements and integration capabilities with a single solution and cyber security.
View full review »What is most important for us is to have one place where we can manage a few brains because we are based on a zero-trust network. As a result, each customer needs to have a separate brain. For the SOC team, we need to have one place where the SOC analyst can go to visit the website and from that site manage all of the customers. Right now, Vectra AI doesn't have this capability, and I would really like to have this feature.
View full review »AS
reviewer2120022
Network Engineer at a comms service provider with 501-1,000 employees
One of the things I am not so happy about when it comes to Vectra is the scoring board.
In Darktrace, you can point or click on any client and see any connections that have been made directly in the dashboard. You don't have to go to recall. This is likely why Darktrace isn't as fast as Vectra, but it would still be nice to see this feature in Vectra. In addition, Darktrace has an advanced mode, but you are also able to see it directly in the main dashboard. This would be great to see in Vectra as well.
RM
reviewer2120730
CSirt Manager at a construction company with 10,001+ employees
The UI/UX and detection could be improved. More detections of specific security events could be useful. We've had a few incidents that were not detected by Vectra. The teams are working on it right now, but more detection is always better.
Vectra AI is quite good at threat detection, however, it cannot respond to threats and attacks in real time by itself. It has to have plugins with other components, such as EDR or other software, to be able to respond properly. By itself, Vectra AI cannot do much, but it's powerful enough to pilot other software.
View full review »AT
reviewer2120736
Security Engineer at a legal firm with 1,001-5,000 employees
I think Vectra AI's automation, reporting, and integration could be improved.
View full review »MG
Maik Gonstala
Network Engineer at a university with 1,001-5,000 employees
For S&D account scans, it would be easier if Vectra AI could triage with users. If a client uses a lot of accounts, then it could indicate that these accounts are benign, for example. That would help a lot.
View full review »NK
reviewer2120739
CyberOps at a manufacturing company with 10,001+ employees
There is room for improvement in the documentation. We would like to have more details on how it detects what we see.
View full review »SA
reviewer2120031
Head of system and infrastucture at a government with 1,001-5,000 employees
The solution needs to become more proactive. When Vectra AI is the primary solution in an environment - like it is in our case - we must work on response time. We have a small team so response time at the endpoint level is vital. At the network level, response time actually works with Vectra AI.
FU
Farman Ullah
SOC Administrator at The National Commercial Bank
An area for improvement in Vectra AI is reporting because it currently lacks some details. For example, when you download a report from Vectra AI, you won't see complete information about the alerts or triggers.
Another area for improvement in the tool is that sometimes, an alert has high severity, yet it's marked as low severity. Vectra AI should have a mechanism to change the severity level from low to high or critical.
View full review »PA
reviewer2125176
System Engineer at a computer software company with 1,001-5,000 employees
There could be an option where Vectra manages the solution remotely, and when there is an attack, there could be a notification center to give us information about the attack.
PL
reviewer1859892
Security Analyst at a computer software company with 1,001-5,000 employees
We have a lot of system solutions and integrations with system solutions. Vectra is a type of black box. It implements AI-informed detection mechanisms, but we cannot create system detections. I understand that the product is designed this way, but it would be great if we could create our own detections as well.
The solution's marketing is not good. It probably needs to refresh its branding because a lot of it is confusing. People see it as an expensive tool for what it actually does.
View full review »HB
Hugo Bertrand
Analyste SOC at LGM Group
The rules for threats are not always precise and Vectra AI should improve this.
LF
reviewer2313546
Chief Network Engineer Security at a government with 51-200 employees
Other alternatives, like Darktrace, have a fancier UI.
View full review »Buyer's Guide
Vectra AI
February 2024
Learn what your peers think about Vectra AI. Get advice and tips from experienced pros sharing their opinions. Updated: February 2024.
763,955 professionals have used our research since 2012.