• Home
  • Arista NDR vs. Vectra AI

Arista NDR vs Vectra AI comparison

Cancel
You must select at least 2 products to compare!
Arista Logo
Arista NDR
Read 14 Arista NDR reviews
2,209 views|1,302 comparisons
100% willing to recommend
Vectra AI Logo
Vectra AI
Read 42 Vectra AI reviews
9,274 views|4,303 comparisons
97% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Arista NDR vs. Vectra AI
May 2024
Executive Summary

We performed a comparison between Arista NDR and Vectra AI based on real PeerSpot user reviews.

Find out in this report how the two Network Traffic Analysis (NTA) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI.
To learn more, read our detailed Arista NDR vs. Vectra AI Report (Updated: May 2024).
Download the complete report
772,649 professionals have used our research since 2012.
Featured Review
Anonymous User
Researched Vectra AI but chose Arista NDR: Gives us network layer visibility into things that may not be covered by other monitoring tools, such as shadow IT
Awake's MNDR has affected our overall security posture very positively. Having a team that is able to monitor our network activity has been a huge... Read more →
Anonymous User
Improves network visibility and has boosted our productivity
Vectra AI helped improve our mean time to identify by allowing us to have visibility and reveal some hidden or unknown things. Vectra AI has had a... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"Other solutions will say, "Hey, this device is doing something weird." But they don't aggregate that data point with other data points. With Awake you have what's called a "fact pattern." For example, if there's a smart toaster on the third floor that is beaconing out to an IP address in North Korea, sure that's bizarre. But if that toaster was made in North Korea it's not bizarre. Taking those two data points together, and automating something using machine-learning is something that no other solution is doing right now.""The interface itself is clean and easy to use, yet customizable. I like that I can create my own dashboards fairly easily so that I can see what is important to me. Also, the query language is pretty easy to use. I haven't needed to use it a ton, but as I need to go in and do different queries based on their requests, it has been fairly simple to use.""The most valuable feature is the ability to see suspicious activity for devices inside my network. It helps me to quickly identify that activity and do analysis to see if it's expected or I need to mitigate that activity quickly.""We appreciate the value of the AML (structured query language). We receive security intel feeds for a specific type of malware or ransomware. AML queries looking for the activity is applied in almost real-time. Ultimately, this determines if the activity was not observed on the network.""This solution help us monitor devices used on our network by insiders, contractors, partners, or suppliers. Its correlation and identification of specific endpoints is very good, especially since we have a large, virtualized environment. It discerns this fairly well. Some of the issues that we have had with other tools is we sometimes are not able to tell the difference between users on some of those virtualized instances.""The security knowledge graph has been very helpful in the sense that whenever you try a new security solution, especially one that's in the detection and response market, you're always worried about getting a lot of false positives or getting too many alerts and not being able to pick out the good from the bad or things that are actual security incidents versus normal day to day operations. We've been pleasantly surprised that Awake does a really good job of only alerting about things that we actually want to look into and understand. They do a good job of understanding normal operations out-of-the-box.""The query language that they have is quite valuable, especially because the sensor itself is storing some network activity and we're able to query that. That has been useful in a pinch because we don't necessarily use it just for threat hunting, but we also use it for debugging network issues. We can use it to ask questions and get answers about our network. For example: Which users and devices are using the VPN for RDP access? We can write a query pretty quickly and get an answer for that.""The query language makes it easy to query the records on the network, to do searches for the various threat activities that we're looking for. The dashboard, the Security Knowledge Graph, displays information meaningfully and easily. I am able to find the information that I want to find pretty quickly."

More Arista NDR Pros →

"It does a reliable job of parsing out the logs of all the network traffic so that we can ingest them into our SIEM and utilize them for threat hunting and case investigations. It is pretty robust and reliable. The administration time that we spend maintaining it or troubleshooting it is very low. So, the labor hour overhead is probably our largest benefit from it. We spend 99% of our time in Vectra investigating cases, responding to incidents, or hunting, and only around 1% of our time is spent patching, troubleshooting, or doing anything else. That's our largest benefit from Vectra.""The biggest feature for us, because we are heavy Microsoft users, is its integration with Office 365. On top of Vectra AI, we use all of the Microsoft security platforms, such as Defender ATP and Sentinel. Having full integration and a central platform to look at all of the threats that are coming through from the different platforms is a huge benefit for us.""The automatic filtering that they provide is valuable. The logic inside that makes some detections instead of us is very useful. We are confident that if we are just looking into it and there is nothing, nothing could happen.""One of the things that we didn't expect to happen was that our network team also jumped on it faster than we thought. In most cases, if it's a security tool that's working on the network part, they can also use it to find out certain flaws that have been in the system. Certain flaws, related to some legacy stuff, were already there for quite a few years, which they couldn't explain at first, but we could explain them based on the timing of certain things.""The most useful feature is the anomaly detection because it's not signature-based. It picks up the initial part of any attack, like the recon and those aspects of the kill chain, very well.""The packet-capturing feature is very useful.""What I like best about Vectra AI is that it alerts you about suspicious activities.""The dashboard gives me a scoring system that allows me to prioritize things that I should look at. I may not necessarily care so much about one event, whereas if I have a single botnet detection or a brute force attack, I really want to get on top of those."

More Vectra AI Pros →

Cons
"Awake Security needs to move to a 24/7 support model in the MNDR space. Once they do that, it will make them even better.""I would like to see a bit more in terms of encrypted traffic. With the advent of programs that live off the land, a smart attacker is going to leverage encryption to execute their operation. So I would like to see improvements there, where possible. Currently, we're not going to be decrypting encrypted traffic. What other approaches could be used?""One concern I do have with Awake is that, ideally, it should be able identify high-risk users and devices and entities. However, we don't have confidence in their entity resolution, and we've provided this feedback to Awake. My understanding is that this is where some of the AI/ML is, and it hasn't been reliable in correctly identifying which device an activity is associated with. We have also encountered issues where it has merged two devices into one entity profile when they shouldn't be merged. The entity resolution is the weakest point of Awake so far.""I enjoy the query language, but it could be a bit more user-friendly, especially for new users who come across it... They should push it more into a natural language style as opposed to a query language.""There's room for improvement with some of the definitions, because I don't have time and I'm not a Tier 4 analyst. I believe that is something they're working towards.""The one thing that the Awake platform lacks is the ability to automate the ingestion of IOCs rather than having to import CSV files or JSON files manually.""One thing I would like to see is a little bit more education or experience on AWS cloud for their managed services team. We've explained how we have the information set up, that the traffic coming in goes to the AWS load balancer and then gets sent on to our internal servers... but when I get notices they always tell me this traffic is coming from the IPs belonging to the load balancers, not the source IPs. So a little bit more education for their team about how AWS manages the traffic might help out.""I would like to see the capability to import what's known as STIX/TAXII in an IOC format. It currently doesn't offer this."

More Arista NDR Cons →

"Some of the customization could be improved. Everything is provided for you as an easy solution to use, but working with it and doing specific development could be worked on a bit more in the scope of an incident response team.""What is most important for us is to have one place where we can manage a few brains because we are based on a zero-trust network. As a result, each customer needs to have a separate brain. For the SOC team, we need to have one place where the SOC analyst can go to visit the website and from that site manage all of the customers. Right now, Vectra AI doesn't have this capability, and I would really like to have this feature.""ExtraHop has better features that seem more advantageous when compared to Vectra.""One of the things I am not so happy about when it comes to Vectra is the scoring board.""One of the things that we are missing a bit is the capability to add our own rules to it. At the moment, the tech engine does its thing, but we have some cool ideas to make additional rules. There should be an option in the platform to add custom rules, or there should be some kind of user group where we can suggest them for the roadmap and see if they get evaluated and get transparent communication on whether they will be implemented in the product or not.""The main improvement I can see would be to integrate with more external solutions.""I'd like to be able to get granular reports and to be able to output them into formats that are customizable and more useful. The reporting GUI is lacking.""In comparison with a lot of systems I used in the past, the false positives are really a burden because they are taking a lot of time at this moment."

More Vectra AI Cons →

Pricing and Cost Advice
  • "The solution has saved thousands of dollars within the first day. Our ROI has to be in the tens of thousands of dollars since October last year."
  • "Awake Security was the least expensive among their competitors. Everyone was within $15,000 of each other. The other solutions were not providing the MNDR service, which is standard with Awake Security's pricing/licensing model."
  • "We switched to Awake Security because they were able to offer a model that was significantly less expensive and the value that we get out of it is higher."
  • "The solution is very good and the pricing is also better than others..."
  • "The pricing seems pretty reasonable for what we get out of it. We also found it to be more competitive than some other vendors that we've looked at."
  • "Awake's pricing was very competitive. It's not a cheap option though. It's an investment to utilize it, but it's one that we decided was worth the cost, with the managed services. At our scale, it was a much better option to utilize their software and their managed services to handle this, rather than hiring another person to be an analyst. It was quite cost-effective for us."
  • "Because I represent a hedge fund, I have some leverage. I told them that they had to meet my conditions if they wanted me as a client. It was the same way with Awake. They wanted an initial four-year agreement. Initially, we signed on for a one-year contract, but they wanted the four-year deal when it came time for the renewal. I told them that I was not doing that. I said that they either had to do it on my terms, or I'd go somewhere else."

    • More Arista NDR Pricing and Cost Advice →

  • "We are running at about 90,000 pounds per year. The solution is a licensed cost. The hardware that they gave us was pretty much next to nothing. It is the license that we're paying for."
  • "The license is based on the concurrent IP addresses that it's investigating. We have 9,800 to 10,000 IP addresses."
  • "There are additional features that can be purchased in addition to the standard licensing fee, such as Cognito Recall and Stream."
  • "We have a desire to increase our use. However, it all comes down to budget. It's a very expensive tool that is very difficult to prove business support for. We would like to have two separate networks. We have our corporate network and PCI network, which is segregated due to payment processing. We don't have it for deployed in the PCI network. It would be good to have it fully deployed there to provide us with additional monitoring and control, but the cost associated with their licensing model makes it prohibitively expensive to deploy."
  • "At the time of purchase, we found the pricing acceptable. We had an urgency to get something in place because we had a minor breach that occurred at the tail end of 2016 to the beginning of 2017. This indicated we had a lack of ability to detect things on the network. Hence, why we moved quickly to get into the tool in place. We found things like Bitcoin mining and botnets which we closed quickly. In that regard, it was worth the money."
  • "The pricing is very good. It's less expensive than many of the tools out there."
  • "The pricing is high."
  • "Their licensing model is antiquated. I'm not a fan of their licensing model. We have to pay for licensing based on four different things. You have to pay based on the number of unique IPs, the number of logs that we send through Recall and Stream, and the size of our environment. They need to simplify their licensing down to just one thing. It should be based on the amount of data, the number of devices, or something else, but there should be just one thing for everything. That's what they need to base their licensing on. Cost-wise, they're not cheap. They were definitely the most expensive option, but you get what you pay for. They're not the cheapest option."

    • More Vectra AI Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Network Traffic Analysis (NTA) solutions are best for your needs.
    See Recommendations
    772,649 professionals have used our research since 2012.
    Questions from the Community
    What do you like most about Arista NDR?
    Top Answer:Arista NDR's scalability is very good, making it easy to add more hardware components. You can order additional hardware and integrate it by stacking it with the existing setup. This feature cannot be… more »
    Read all 13 answers   →
    What is your experience regarding pricing and costs for Arista NDR?
    Top Answer:The tool's pricing is expensive but it is competitive.
    Read all 8 answers   →
    What needs improvement with Arista NDR?
    Top Answer:Arista NDR needs to open legal offices to be closer to customers and partners. It needs more visibility in the NDR market in the Middle East. While they are doing well, they lack sufficient engineers… more »
    Read all 14 answers   →
    What is the biggest difference between Corelight and Vectra AI?
    Top Answer:The two platforms take a fundamentally different approach to NDR. Corelight is limited to use cases that require the eventual forwarding of events and parsed data logs to a security team’s SIEM or… more »
    Read all 5 answers   →
    What do you like most about Vectra AI?
    Top Answer:The solution is currently used as a central threat detection and response system.
    Read all 37 answers   →
    What is your experience regarding pricing and costs for Vectra AI?
    Top Answer:Vectra AI has an annual subscription license. You could choose the components you need for your environment.
    Read all 26 answers   →
    Ranking
    8th
    out of 24 in Network Traffic Analysis (NTA)
    Views
    2,209
    Comparisons
    1,302
    Reviews
    1
    Average Words per Review
    392
    Rating
    9.0
    2nd
    out of 24 in Network Traffic Analysis (NTA)
    Views
    9,274
    Comparisons
    4,303
    Reviews
    21
    Average Words per Review
    760
    Rating
    8.4
    Comparisons
    Also Known As
    Awake Security Platform
    Vectra Networks, Vectra AI NDR
    Learn More
    Arista
    Vectra AI
    Overview

    Arista NDR (formerly Awake Security) is the only advanced network detection and response company that delivers answers, not alerts. By combining artificial intelligence with human expertise, Arista NDR hunts for both insider and external attacker behaviors, while providing autonomous triage and response with full forensics across traditional, IoT, and cloud networks. Arista NDR delivers continuous diagnostics for the entire enterprise threat landscape, processes countless network data points, senses abnormalities or threats, and reacts if necessary—all in a matter of seconds. The Arista NDP platform stands out from traditional security because it is designed to mimic the human brain. It recognizes malicious intent and learns over time, giving defenders greater visibility and insight into what threats exist and how to respond to them. 

    The Advent of Advanced Network Detection and Response & Why it Matters

    The 5 Levels of Autonomous Security paper

    Vectra threat detection and response is a complete cybersecurity platform that collects, detects, and prioritizes security alerts. The Cognito platform for Network Detection and Response (NDR) detects and responds to attacks inside cloud, data center, Internet of Things, and enterprise networks. The platform also provides automated response capabilities for low-level threats and escalates more severe anomalies to security personnel.

    Cognito captures data for multiple relevant sources and enriches it with context and security insights. It starts by deploying sensors across different networks in datacenters, IoT, or enterprise networks. The algorithm extracts relevant metadata from network and cloud traffic. The information can also be non-security information that can help investigation. 

    The data is enriched with security context to support critical use cases, such as threat detection, investigation, hunting and compliance. The platform is machine learning-based, which enables it to adapt to any new and current threat scenario. It detects, clusters, prioritizes, and anticipates attacks by using identity and host-level enforcement. 

    With the Vectra platform, a person can investigate 50 threats in just two hours. By prioritizing alerts and leveraging threat intelligence, it provides faster results.Vectra solves today’s security challenges for network detection and response. 

    One of Vectra’s best features is the emphasis they put in pairing research and data science for security insights. It offers behavior codification with unsupervised, supervised, and deep learning models. 

    The pricing is according to a subscription model with a free trial available.Vectra is available for Office 365, Azure AD and AWS Brain.

    Features of Vectra AI

    • AI-based threat detection and response. 
    • Detects attacks in real time with behavior-based threat detection. 
    • Consolidates and correlates thousands of events, detecting threats. 
    • Enriches threat investigation with a chain of evidence and data science security insights. 
    • Machine learning techniques, including deep learning and neural networks. 
    • Gives visibility into cyberattackers and analyzes all network traffic. 
    • Continuous updates with new threat detection algorithms. 
    • Provides encryption at rest and in transit. For the AWS version, it offers AES-256 encryption via AWS Key Management Service. 
    • Guaranteed availability according to the SLA of the service selected. 
    • Does not connect to public sector networks. 

    Benefits of Vectra AI

    • Behavioral models use AI to find unknown attackers. 
    • Context increases the accuracy of threat hunting. 
    • Allows for proactive action by prioritizing the most relevant information. 
    • Provides a clear picture and extensive context for investigations. 
    • Aids decision-making in the incident response process. 
    • Helps working with large datasets by capturing metadata at scale. 
    • Automates time-consuming analysis. 
    • Reduces the security analysts’ workloads on threat investigations. 

    Other advantages of Vectra services include that they can be deployed in the public, private, or hybrid cloud. Support is available via email or online ticketing with an average of 4 hours of response. Phone support is available 24/7. 

    Vectra provides full on-site and online training and documentation. Regarding the user interface, it supports several types of web browsers, such as Internet Explorer, Microsoft Edge, Firefox, Chrome, Safari and Opera. However, it is not available for mobile devices.

    Reviews from Real Users

    Here’s what PeerSpot users of Vectra AI have to say about it:

    "One of the core features is that Vectra AI triages threats and correlates them with compromised host devices. From a visibility perspective, we can better track the threat across the network. Instead of us potentially finding one device that has been impacted without Vectra AI, it will give us the visibility of everywhere that threat went. Therefore, visibility has increased for us." - Dave W., Operations Manager at a healthcare company

    "It does a reliable job of parsing out the logs of all the network traffic so that we can ingest them into our SIEM and utilize them for threat hunting and case investigations. It is pretty robust and reliable. The administration time that we spend maintaining it or troubleshooting it is very low.” - T.S., Senior Security Engineer at a manufacturing company

    Sample Customers
    - Dolby Laboratories- Seattle Genetics- ARM Energy- Ooma- Prophix- Yapstone
    Tribune Media Group, Barry University, Aruba Networks, Good Technology, Riverbed, Santa Clara University, Securities Exchange, Tri-State Generation and Transmission Association
    Top Industries
    REVIEWERS
    Insurance Company18%
    Pharma/Biotech Company9%
    Energy/Utilities Company9%
    Computer Software Company9%
    VISITORS READING REVIEWS
    Computer Software Company15%
    Financial Services Firm12%
    Manufacturing Company8%
    Educational Organization7%
    REVIEWERS
    Financial Services Firm16%
    Manufacturing Company11%
    University11%
    Computer Software Company8%
    VISITORS READING REVIEWS
    Computer Software Company16%
    Financial Services Firm12%
    Government8%
    Manufacturing Company6%
    Company Size
    REVIEWERS
    Small Business31%
    Midsize Enterprise15%
    Large Enterprise54%
    VISITORS READING REVIEWS
    Small Business22%
    Midsize Enterprise14%
    Large Enterprise64%
    REVIEWERS
    Small Business17%
    Midsize Enterprise21%
    Large Enterprise62%
    VISITORS READING REVIEWS
    Small Business22%
    Midsize Enterprise14%
    Large Enterprise64%
    Buyer's Guide
    Arista NDR vs. Vectra AI
    May 2024
    Free Report: Arista NDR vs. Vectra AI
    Find out what your peers are saying about Arista NDR vs. Vectra AI and other solutions. Updated: May 2024.
    DOWNLOAD NOW
    772,649 professionals have used our research since 2012.

    Arista NDR is ranked 8th in Network Traffic Analysis (NTA) with 14 reviews while Vectra AI is ranked 2nd in Network Traffic Analysis (NTA) with 42 reviews. Arista NDR is rated 9.0, while Vectra AI is rated 8.6. The top reviewer of Arista NDR writes "Gives us network layer visibility into things that may not be covered by other monitoring tools, such as shadow IT". On the other hand, the top reviewer of Vectra AI writes "Integrates well with other security solutions and provides good technical support". Arista NDR is most compared with Palo Alto Networks Advanced Threat Prevention, Trend Micro Deep Discovery, Cisco Secure Network Analytics, Darktrace and ExtraHop Reveal(x), whereas Vectra AI is most compared with Darktrace, ExtraHop Reveal(x), Cisco Secure Network Analytics, Corelight and Trend Micro Deep Discovery. See our Arista NDR vs. Vectra AI report.

    See our list of best Network Traffic Analysis (NTA) vendors and best Network Detection and Response (NDR) vendors.

    We monitor all Network Traffic Analysis (NTA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.