We performed a comparison between Palo Alto Networks Advanced Threat Prevention and Vectra AI based on real PeerSpot user reviews.
Find out in this report how the two Intrusion Detection and Prevention Software (IDPS) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The sandboxing tools offer great prevention for cloud feeds."
"For those who want a next-gen firewall that's easy to configure and easy to operate, I think you should go for Palo Alto."
"We are currently using the URL filtering feature, which is the most popular."
"It is a stable product."
"Palo Alto Networks Threat Prevention is the market leader as far as security gateways and endpoint protection. Additionally, the threat database that is used is one of the best."
"You can scale the product."
"With the IP address flag, I was able to see that I was being hacked. The moment there was an interaction between somebody on my network and that IP, the solution was able to flag it, and we were able to protect ourselves."
"The most valuable feature of Palo Alto Threat Prevention for our company is the next generation firewall."
"The most valuable feature for Cognito Detect, the main solution, is that external IDS's create a lot of alerts. When I say a lot of alerts I really mean a lot of alerts. Vectra, on the other hand, contextualizes everything, reducing the number of alerts and pinpointing only the things of interest. This is a key feature for me. Because of this, a non-trained analyst can use it almost right away."
"The solution provide visibility into behaviors across the full lifecycle of an attack in our network, beyond just the Internet gateway. It makes our security operations much more effective because we are now looking not just at traffic on the border, but we're looking at east-west internal traffic. Now, not only will we see if an exploit kit is being downloaded, but we would be able to see then if that exploit kit was then laterally distributed into our environment."
"What I like best about Vectra AI is that it alerts you about suspicious activities."
"The fact that we get the visualization of what's happening on our network, which is a way of improving our security in-depth is most valuable."
"Vectra produces actionable data using automation. That has helped us. It's less manpower now to look at incidents, which has definitely increased efficiency. Right now, in a lot of cases, our mean time to detection is within zero days. This tells me by the time something happened, and we were able to detect it, it was within the same day."
"The core product provides excellent visibility, but my favorite feature is Vectra Recall."
"It does a reliable job of parsing out the logs of all the network traffic so that we can ingest them into our SIEM and utilize them for threat hunting and case investigations. It is pretty robust and reliable. The administration time that we spend maintaining it or troubleshooting it is very low. So, the labor hour overhead is probably our largest benefit from it. We spend 99% of our time in Vectra investigating cases, responding to incidents, or hunting, and only around 1% of our time is spent patching, troubleshooting, or doing anything else. That's our largest benefit from Vectra."
"The administrative privilege detection feature is the most valuable feature. The admin accounts are often highly accessible to the high-risk component of the environment. If those accounts are compromised or are being used in a suspicious manner, that's high-fidelity events for us to look into."
"The initial setup is complex."
"Palo Alto's maintenance needs to be improved."
"The pricing has improved with the newer generation of their Firewalls, but the price could always be lower. In comparison with other solutions, I believe they're quite competitive."
"The installation was complicated."
"The solution needs to improve its local technical support services. There is no premium support offered in our market."
"Palo Alto Networks Threat Prevention could improve the commercial offing. Other solutions, such as Fortinet provide better commercial features."
"Generally, to deploy it will take some downtime, about a day."
"The price of licenses should be lowered to make it less costly to scale our solution."
"The reporting from Cognito Detect is very limited and doesn't give you too many options. If I want to prepare a customized report on a particular host, even though I see the data, I have to manually prepare the report. The reporting features that are built into the tool are not very helpful."
"The false positives and the tuning side of it is something that could use improvement. But that could be from our side."
"One thing which I have found where there could be improvement is with regard to the architecture, a little bit: how the brains and sensors function. It needs more flexibility with regard to the brain. If there were some flexibility in that regard, that would be helpful, because changing the mode of the brain is complex. In some cases, the change is permanent. You cannot revert it."
"The rules for threats are not always precise and Vectra AI should improve this."
"What is most important for us is to have one place where we can manage a few brains because we are based on a zero-trust network. As a result, each customer needs to have a separate brain. For the SOC team, we need to have one place where the SOC analyst can go to visit the website and from that site manage all of the customers. Right now, Vectra AI doesn't have this capability, and I would really like to have this feature."
"They use a proprietary logging format that is probably 90% similar to Bro Logs. Their biggest area of improvement is finishing out the remaining 10%. That 10% might not be beneficial to their ML engine, but that's fine. The industry standard is Zeek Logs or Bro Logs, or Bro or Zeek, depending on how old you are. While they have 90% of those fields, they're still missing some fields. In very rare instances, some community rules do not have the fields that they need, and we had to modify community rules for our logs. So, their biggest area of improvement would be to just finish their matching of the Zeek standard."
"We would like to see more information with the syslogs. The syslogs that they send to our SIEM are a bit short compared to what you can see. It would be helpful if they send us more data that we can incorporate into our SIEM, then can correlate with other events."
"Vectra is still limited to packet management. It's only monitoring packet exchanges. While it can see a lot of things, it can't see everything, depending on where it's deployed. It has its limits and that's why I still have my SIEM."
More Palo Alto Networks Advanced Threat Prevention Pricing and Cost Advice →
Palo Alto Networks Advanced Threat Prevention is ranked 7th in Intrusion Detection and Prevention Software (IDPS) with 24 reviews while Vectra AI is ranked 2nd in Intrusion Detection and Prevention Software (IDPS) with 42 reviews. Palo Alto Networks Advanced Threat Prevention is rated 8.8, while Vectra AI is rated 8.6. The top reviewer of Palo Alto Networks Advanced Threat Prevention writes "A good amount of granularity and advanced URL filtering capabilities". On the other hand, the top reviewer of Vectra AI writes "Integrates well with other security solutions and provides good technical support". Palo Alto Networks Advanced Threat Prevention is most compared with Check Point IPS, Fortinet FortiGate IPS, Arista NDR, Trend Micro TippingPoint Threat Protection System and Cisco Secure Network Analytics, whereas Vectra AI is most compared with Darktrace, ExtraHop Reveal(x), Cisco Secure Network Analytics, Arista NDR and Check Point IPS. See our Palo Alto Networks Advanced Threat Prevention vs. Vectra AI report.
See our list of best Intrusion Detection and Prevention Software (IDPS) vendors.
We monitor all Intrusion Detection and Prevention Software (IDPS) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.