"One of the most valuable features of the platform is its ability to provide you with aggregated risk scores based on impact and certainty of threats being detected. This is both applied to individual and host detections. This is important because it enables us to use this platform to prioritize the most likely imminent threats. So, it reduces alert fatigue follow ups for security operation center analysts. It also provides us with an ability to prioritize limited resources."
"It has helped us to organize our security. We get a better overview on what is happening on the network, which has helped us get quicker responses to users. If we see malicious activity, then we can quickly take action on it. Previously, we weren't getting an overview as fast as we are now, so we can now provide a quicker response."
"One of the core features is that Vectra AI triages threats and correlates them with compromised host devices. From a visibility perspective, we can better track the threat across the network. Instead of us potentially finding one device that has been impacted without Vectra AI, it will give us the visibility of everywhere that threat went. Therefore, visibility has increased for us."
"The most valuable feature for Cognito Detect, the main solution, is that external IDS's create a lot of alerts. When I say a lot of alerts I really mean a lot of alerts. Vectra, on the other hand, contextualizes everything, reducing the number of alerts and pinpointing only the things of interest. This is a key feature for me. Because of this, a non-trained analyst can use it almost right away."
"The solution provide visibility into behaviors across the full lifecycle of an attack in our network, beyond just the Internet gateway. It makes our security operations much more effective because we are now looking not just at traffic on the border, but we're looking at east-west internal traffic. Now, not only will we see if an exploit kit is being downloaded, but we would be able to see then if that exploit kit was then laterally distributed into our environment."
"The key feature for me for Detect for Office 365 is that it can also concentrate all the information and detection at one point, the same as the network solution does. This is the key feature for me because, while accessing data from Office 365 is possible using Microsoft interfaces, they are not really user-friendly and are quite confusing to use. But Detect for Office 365 is aggregating all the info, and it's only the interesting stuff."
"It gives you access, with Recall, to instant visibility into your network through something like a SIEM solution. For us, being able to correlate all of this network data without having to manage it, has provided immediate value. It gives us the ability to really work on the stuff where I and my team have expertise, instead of having to manage a SIEM solution..."
"It has reduced the time it takes to respond to attacks. That comes back to the proactive point. It makes us able to lower down in the kill chain, we can react now, rather than reacting to incidents that happened, we can see an instant, in some cases, as it's being implemented, or as it's being launched."
"One of the great things about Auvik is the shared collector mode, which is useful in an environment that has more than one physical location. We have 15 different locations, and I can have all of those locations pointing to one collector. So, all these locations are sharing this one collector, and I can get a map, which is way out on top of the map that you would see in Google maps, to see all my locations. I can see alerts on that map for any of those 15 locations. I can zoom in right there to the location, and from there, click on it. It is really handy."
"The traffic insights feature shows us our network bandwidth usage without the need for expensive inline traffic decryption. It's very important to us. Knowing exactly what's going on, what traffic is flowing over my network is very much an important thing for me to know. We know that policies and procedures are being followed. And so we know that nobody is doing anything that they shouldn't be doing on a company network."
"The automation of the network mapping enables junior network specialists to resolve issues directly, freeing up senior-level team members to perform higher-value tasks. They can see if it is something as simple as a power issue in a wing of a building. This lets them pick the low hanging fruit. Then, if a configuration needs a more skilled person, they can easily escalate it."
"The other element that it's helped us with is in predicting the future. And another thing that it allows us to do very easily is to track our bandwidth usage that's going in and out of each of the data centers. We've been able to use that information to trend and predict when we need to get upgrades in place. Funny enough, we have an order now where we're increasing our connectivity at one of our data centers tenfold and that's being driven because Auvik's enabled us to understand that we're rapidly approaching our threshold."
"Its network discovery capabilities are very impressive. The discovery piece is amazing. I don't know if they have an AI or some type of advanced intelligence inside of their program that helps with the discovery piece. I haven't seen anything that discovers products that well and is able to label them, tag them, and pull as much information about them. I don't know what drives that engine, but I'm just absolutely blown away by it. It is cool."
"One of the best things about Auvik, and it's why it's one of my go-to products, are the remote access capabilities. Without a VPN and without any other way in, I'm able to get in and work on and troubleshoot my devices through the remote access console. It has multiple options for that and has been very useful and a huge time-saver. That's one of the killer features. It's one of my must-haves and that's why I like it so much."
"Auvik is easy to use. The first thing you see when you open it up is a map of the United States or wherever you are, and it shows the locations of all of your network endpoints. For discovery, you set credentials and manage the credentials and it tells you when it needs a new credential. So you just click the "Manage Credentials" button and it takes you to the right spot. You enter in a new credential and then it starts looking closer at the device. It can give you all kinds of information from inside the device's log. We use it for CIS logs and we use it for just regular logging. The CIS log was something I was looking for in the other products, just so we have a place for the CIS logs to congregate so we can look them up."
"Remote accessibility of the network devices is the most valuable feature. I often have to log into switches and routers to make changes, and I can do so from any computer as long as I have an Internet connection. I don't need to have my laptop or a VPN. Auvik is faster."
"The monitoring is perfect, showing you the details for the utilization of resources and network bandwidth."
"The most valuable feature is the alarm that is set up to trigger based on bandwidth utilization."
"The most valuable feature is the ability to look for any increases in bandwidth over time so that we can plan before it becomes critical."
"The most valuable features are the bandwidth analyzer, the monitoring, the network analyzer, it has overall good performance, and an easy deployment."
"The integration with other SolarWinds products is good."
"What I like the most is the bandwidth assessment."
"They have instructional videos and other information available on the site to assist you with learning it."
"For managing the traffic, it provides you a response about whether the traffic is down, up, or heavy, which is a very powerful feature. It has a good response time. We have been using this solution for many years, and we don't have any problem with this solution."
"If you hit a certain number of rules, triage filters, or groups, the UX responds more slowly. However, we have a complex network and a lot of rules. So, our setup might not be a typical implementation example. We even had UX engineers onsite, and they looked at issues, improvements, and user feedback. Since then, it has gotten a lot better, they even built in features that we specifically requested for our company."
"Vectra is still limited to packet management. It's only monitoring packet exchanges. While it can see a lot of things, it can't see everything, depending on where it's deployed. It has its limits and that's why I still have my SIEM."
"It does a little bit of packet capture on alert so you can look at the packet capture activity going on, but it doesn't collect a whole lot of data. Sometimes it's only one or two frames, sometimes it does collect more. That's why they have the addition of their Recall platform, because that really does help expand the capability."
"Integration with other security components needs improvement. It should have true integration as opposed to just being a separate pane of glass."
"I would like more integrations with IOCs and threats currently on the Internet. I would also like to know which threats are based on zero-day attacks, current botnets, etc. Therefore, I would like more information on external threats."
"You are always limited with visibility on the host due to the fact that it is a network based tool. It gives you visibility on certain elements of the attack path, but it doesn't necessarily give you visibility on everything. Specifically, the initial intrusion side of things that doesn't necessarily see the initial compromise. It doesn't see stuff that goes on the host, such as where scripts are run. Even though you are seeing traffic, it doesn't necessarily see the malicious payload. Therefore, it's very difficult for it to identify these type of host-driven complex attacks."
"I would like to see a bit more strategic metrics instead of technical data. Information that I could show to my executive management team or board would be valuable."
"They use a proprietary logging format that is probably 90% similar to Bro Logs. Their biggest area of improvement is finishing out the remaining 10%. That 10% might not be beneficial to their ML engine, but that's fine. The industry standard is Zeek Logs or Bro Logs, or Bro or Zeek, depending on how old you are. While they have 90% of those fields, they're still missing some fields. In very rare instances, some community rules do not have the fields that they need, and we had to modify community rules for our logs. So, their biggest area of improvement would be to just finish their matching of the Zeek standard."
"Auvik could have better compatibility with more devices. The devices that we're using are essential within our network infrastructure. It would be great to access the full range of features that some of the other ones do, such as the device configuration backups and the configuration change alert."
"They need to improve the reporting system. They still don't have a proper reporting system in Auvik. They have built a dashboard in Power BI using APIs, but they should build some sort of report within Auvik itself. If Auvik fixes the reporting or comes up with a good reporting module, it will change the game."
"It's missing the license checker feature. We are using Salesforce and the license is a really crucial part of the development, and we have to monitor it. Now, I have to write a script and then run it on a random Linux box and get a notification if it's expiring. It's a really specific feature. I'm not sure Auvik will develop it."
"Some of the automation pieces for discovery still need a little bit more improvement. I wouldn't mind seeing some more security features as that's the world we're driving into. I know Auvik probably wants to try to keep itself separate because that's its brand, but even if they brought on board another brand that was able to plug into them, it would benefit us. It would lower some more network security costs if as a company, they are a one-stop shop. They have already got the network piece going. If they improved in that area and focused a lot on that, they would gain me as a customer, and they would probably gain a lot of others."
"If I am an administrator, then I have to maintain, clean, and label that environment. Auvik's utility in that regard is cumbersome. It is hard to find where certain things are configured. Also, it is sometimes hard to figure out why Auvik is doing what it is doing."
"The map would be the first thing I would like to see improved because sometimes the maps get really odd-looking and the automated placement of things on the map, devices on the map is sometimes not right. In fact, I was just looking at the map and something got moved. I'm sure it didn't get moved, it's just that Auvik realized it was supposed to go somewhere else. So the map could be better if there was a little bit of manual manipulation that you could do."
"It uses SNMP in its discovery process and how it pulls in data. But today it doesn't have an SNMP trap facility so you can't have your infrastructure devices push alerts into Auvik. And that for us would be a big feature that we would like to see."
"Currently, with Auvik's support, I'm troubleshooting some of the information gathered on Cisco devices through SNMP V3. Auvik is not able to pull some of the important information that it uses to draw the map, which is kind of shocking because it is Auvik. So, it is their platform, and it is monitoring Cisco devices, which are obviously very prevalent in the world. Auvik is having a hard time gathering such important information over SNMP V3, which is a networking standard, and on super popular device brand and model. They're actively working with me on that piece. It seems that network device management using SNMP V3 could use a little tuning."
"I would like to see better customization capabilities."
"Technical support could be improved with quicker response times."
"This solution does not do a very good job when I am trying to look deeper into my internal network, in particular with respect to individual ports."
"The Atlas module that is used for building the network map is very bad."
"It's not a cheap product, so the pricing could be improved."
"It's scalable, but it could be simplified because it's not completely easy."
"The pricing is expensive."
"If your network is on SolarWinds, and you notice that the traffic is bad because it says "user downloading a heavy file," it doesn't indicate which endpoint is downloading those heavy files. SolarWinds doesn't have the tools to be able to handle this kind of situation. You can just notice through your network device that the traffic is becoming overwhelming or heavy, but you cannot go inside and get more details related to the endpoint where it is happening. We would like SolarWinds to be able to handle this kind of situation and even manage the traffic inside a network from the endpoint to the network device. These would be good enhancements. It is mostly stable. The problem comes only when we want to add another SolarWinds model. SolarWinds has so many models, and sometimes when we want to add other models on the platforms that are reserved for our firm, it freezes. When this happens, we have to create a new VM for that model."
Vectra threat detection and response is a complete cybersecurity platform that collects, detects, and prioritizes security alerts. The Cognito platform for Network Detection and Response (NDR) detects and responds to attacks inside cloud, data center, Internet of Things, and enterprise networks. The platform also provides automated response capabilities for low-level threats and escalates more severe anomalies to security personnel.
Cognito captures data for multiple relevant sources and enriches it with context and security insights. It starts by deploying sensors across different networks in datacenters, IoT, or enterprise networks. The algorithm extracts relevant metadata from network and cloud traffic. The information can also be non-security information that can help investigation.
The data is enriched with security context to support critical use cases, such as threat detection, investigation, hunting and compliance. The platform is machine learning-based, which enables it to adapt to any new and current threat scenario. It detects, clusters, prioritizes, and anticipates attacks by using identity and host-level enforcement.
With the Vectra platform, a person can investigate 50 threats in just two hours. By prioritizing alerts and leveraging threat intelligence, it provides faster results.Vectra solves today’s security challenges for network detection and response.
One of Vectra’s best features is the emphasis they put in pairing research and data science for security insights. It offers behavior codification with unsupervised, supervised, and deep learning models.
The pricing is according to a subscription model with a free trial available.Vectra is available for Office 365, Azure AD and AWS Brain.
Features of Vectra AI
Benefits of Vectra AI
Other advantages of Vectra services include that they can be deployed in the public, private, or hybrid cloud. Support is available via email or online ticketing with an average of 4 hours of response. Phone support is available 24/7.
Vectra provides full on-site and online training and documentation. Regarding the user interface, it supports several types of web browsers, such as Internet Explorer, Microsoft Edge, Firefox, Chrome, Safari and Opera. However, it is not available for mobile devices.
Reviews from Real Users
Here’s what PeerSpot users of Vectra AI have to say about it:
"One of the core features is that Vectra AI triages threats and correlates them with compromised host devices. From a visibility perspective, we can better track the threat across the network. Instead of us potentially finding one device that has been impacted without Vectra AI, it will give us the visibility of everywhere that threat went. Therefore, visibility has increased for us." - Dave W., Operations Manager at a healthcare company
"It does a reliable job of parsing out the logs of all the network traffic so that we can ingest them into our SIEM and utilize them for threat hunting and case investigations. It is pretty robust and reliable. The administration time that we spend maintaining it or troubleshooting it is very low.” - T.S., Senior Security Engineer at a manufacturing company
Auvik is cloud-based software that simplifies and automates network monitoring and management to give you complete network visibility and control.
Designed to deploy in minutes, you’ll resolve problems faster than ever with real-time network mapping and inventory, powerful troubleshooting features, deep network traffic insights, automated config backups and restore, and more. https://www.auvik.com/get-free-trial
Auvik is ranked 3rd in Network Traffic Analysis (NTA) with 21 reviews while SolarWinds NetFlow Traffic Analyzer is ranked 6th in Network Traffic Analysis (NTA) with 9 reviews. Auvik is rated 9.0, while SolarWinds NetFlow Traffic Analyzer is rated 7.8. The top reviewer of Auvik writes "Incredibly easy to use, cuts our resolution time, and automatically takes care of configuration management and backups". On the other hand, the top reviewer of SolarWinds NetFlow Traffic Analyzer writes "Good reporting allows us to proactively deal with bandwidth-related issues". Auvik is most compared with LogicMonitor, Meraki Dashboard, BMC TrueSight Operations Management, PRTG Network Monitor and Zenoss Service Dynamics, whereas SolarWinds NetFlow Traffic Analyzer is most compared with Cisco Stealthwatch, Zabbix, Centreon and Plixer Scrutinizer. See our Auvik vs. SolarWinds NetFlow Traffic Analyzer report.
See our list of best Network Traffic Analysis (NTA) vendors.
We monitor all Network Traffic Analysis (NTA) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.