Darktrace and Vectra product overviews
Introduction
It’s easy to see that the information security field is full of intrusion detection and prevention systems options. Two of the most popular products today are Darktrace and Vectra.
This article will explore both the Darktrace and Vectra intrusion detection and prevention products, looking at the various pros and cons of each. As we strive to make this article an unbiased, objective review of both, you will walk away with more complete knowledge of both products and doubtless have a much easier time choosing between them.
Learn Network Security Fundamentals
Before we begin, a quick definition. For those new to these products, IDS products monitor networks and systems for intrusions, malicious activity and policy violations.
Darktrace
Founded by cybersecurity experts and UK intelligence personnel at Cambridge University, Darktrace uses innovative tactics to combat cyberattacks. Leveraging AI machine learning, Darktrace Enterprise Immune System and its new IDS product, Antigena, learn by analyzing an enormous amount of data and rely on probabilistic mathematics to determine the likelihood of an attack. Darktrace does not lean on rules, signatures or prior assumptions. For many, Darktrace is both a powerful and useful product.
The unique thing about Darktrace is that it is modeled on the human immune system. When it predicts that an attack is likely to occur, it releases its own form of antigens to slow down and deter attacks. Real-world examples of this can include identifying an attack route and slowing down the connection speed, switching off routes completely, marking specific content for subsequent investigations and quarantining systems, users and devices as the situation requires. From a functionality perspective, Darktrace Antigena will be able to handle most organizations’ IDS needs.
Recently, Darktrace unveiled Antigena v2. This new version includes an email module capable of blocking threats at the point of entry, autonomous response for email, network and cloud attacks as well as better orchestration with leading firewalls and switches. Antigena v2 also allows for greater control and visibility from its Darktrace Mobile App.
While Darktrace offers useful IDS functionality and solid benefits for an information security environment, it is not without its downsides. First, many have complained that Darktrace is cost-prohibitive. What’s worse than having a high initial cost (which plagues it) is that the product will cost more if you want to make use of prevention services, and it will cost more still if you have a disturbed network.
Another related complaint is that to use IPS functionality available to Darktrace you would pretty much need a 24/7 SOC on staff to respond. This will drive up overhead costs of the organization — possibly to the point of being entirely cost-prohibitive.
Darktrace products also require proper configuration, management and tuning for the product to be effective. While many comparative IDS products may require configuration, it seems that the configuration and management needed to make the products effective is a bridge too far for many.
One last concern is Darktrace’s apparent dysfunction with identifying devices. For example, one client had 112 servers running and without proper tuning, Darktrace identified 2,000 servers. Coupled with a GUI that many find unappealing, these cons have led some to consider Darktrace not ready for primetime.
Vectra
Billed as being part IDS, part traffic monitoring tool and part SIEM, the Vectra Cognito platform is an interesting hybrid. Vectra combines supervised, unsupervised and deep machine learning with optimized artificial intelligence techniques and traffic monitoring into one tool.
The functionalities above are not all Vectra can do — it can also track attacks enterprise-wide, import IoCs for detection purposes and integrates with your current network firewall, endpoint, NAC, SIEM and SOAR products. This provides for more streamlined incident response.
A common compliment among a wide variety of Vectra users in different industries is that Vectra’s deployment is very easy to perform. While some may consider this benefit to be minimal, those professionals who already have a lot of work on their plate will not want to invest any more time than is necessary for deployment.
Unlike some other solutions, cost does not seem to be an issue with Vectra. One source stated that cost management benefit was one of the pros associated with it, and another source claimed that it features low monitoring staff overhead. With many small- to medium-sized organizations facing rising costs, keeping the cost relatively low for an IDS can give it an edge over its competitors.
Vectra is not without its complaints, and this is most clearly demonstrated in its product reviews. The most common complaint is that it is not a very effective product if it is not properly configured. The result of using the unconfigured, out-of-the-box version is that there is a significant number of false positives in detection. Implementing Vectra in your organization without careful consideration of your current environment will also result in false positives.
Another reported con: Due to the nature of Vectra, it cannot fully detect external-to-internal attacks on the network. This occurs because it is intended to protect the inside of a network — the individual who made this complaint said they used the workaround of using a pre-existing IPS on their network.
Another con reported is that Vectra’s policy exceptions are difficult to manage. I have not been able to confirm this with any other known issues, so for fairness’s sake, this may have just been user error.
Conclusion
When you are looking for an IDS for your organization, you have many options, with each having different pros and cons. Darktrace and Vectra are no exception and choosing one or the other requires a weighing of these concerns.
Learn Network Security Fundamentals
Sources
- The Enterprise Immune System, Darktrace
- Darktrace Reviews, TrustRadius
- The Cognito platform: AI-driven network detection and response, Vectra
- Vectra vs. Darktrace, Vectra
Network Security Fundamentals
Learn the fundamentals of networking and how to secure your networks with seven hands-on courses. What you'll learn:- Models and protocols
- Networking best practices
- Wireless and mobile security
- Network security tools
- And more
In this Series
- Darktrace and Vectra product overviews
- What is zero trust architecture (ZTA)? Pillars of zero trust and trends for 2024
- A deep dive into network security protocols: Safeguarding digital infrastructure 2024
- Asset mapping and detection: How to implement the nuts and bolts
- The Pentagon goes all-in on Zero Trust
- How to configure a network firewall: Walkthrough
- 4 network utilities every security pro should know: Video walkthrough
- How to use Nmap and other network scanners
- Security engineers: The top 13 cybersecurity tools you should know
- Converting a PCAP into Zeek logs and investigating the data
- Using Zeek for network analysis and detections
- Suricata: What is it and how can we use it
- Intrusion detection software best practices
- What is intrusion detection?
- How to use Wireshark for protocol analysis: Video walkthrough
- 9 best practices for network security
- Securing voice communications
- Introduction to SIEM (security information and event management)
- VPNs and remote access technologies
- Cellular Networks and Mobile Security
- Secure network protocols
- Network security (101)
- IDS/IPS overview
- Exploiting built-in network protocols for DDoS attacks
- Firewall types and architecture
- Wireless attacks and mitigation
- Wireless network overview
- Open source IDS: Snort or Suricata? [updated 2021]
- PCAP analysis basics with Wireshark [updated 2021]
- What is a firewall: An overview
- NSA report: Indicators of compromise on personal networks
- Securing the home office: Printer security risks (and mitigations)
- Email security
- Data integrity and backups
- Cost of non-compliance: 8 largest data breach fines and penalties
- How to find weak passwords in your organization’s Active Directory
- Monitoring business communication tools like Slack for data infiltration risks
- Firewalls and IDS/IPS
- IPv4 and IPv6 overview
- The OSI model and TCP/IP model
- Endpoint hardening (best practices)
- Wireless Networks and Security
- Networking fundamentals (for network security professionals)
- How your home network can be hacked and how to prevent it
- Network design: Firewall, IDS/IPS
- Work-from-home network traffic spikes: Are your employees vulnerable?
- RTS threshold configuration for improved wireless network performance [updated 2020]
- Web server protection: Web server security monitoring
- Web server security: Active defense
- Web server security: Infrastructure components
- Web server protection: Web application firewalls for web server protection
Get certified and advance your career
- Exam Pass Guarantee
- Live instruction
- CompTIA, ISACA, (ISC)², Cisco, Microsoft and more!
