Competitive
Analysis

ExtraHop vs. Vectra

Always-on, always-watching, ExtraHop Reveal(x) goes far beyond its competitors to detect and respond to advanced threats that other tools will miss. Complete visibility augmented by decryption, forensic level workflows, and historical data capture for threat hunting and retrospective investigations, are just a few of the Reveal(x) differences. See more below.

  • Investigation
    & Response
  • Enterprise
    Scale & Speed
  • Visibility
    & Decryption
  • Hybrid, Cloud
    & SaaS

Investigation & Response

It's not enough to fire a detection, what's important is to consider the context and correlation of what else is happening on your network. Do you have the depth of data you need to investigate any activity on your network with the ability to look back for threat hunting?

Detections

ExtraHop Logo

Detections on every asset bolstered by full analysis of 70+ protocols, decryption, and cloud-based machine learning.

Vectra Logo

Provides detection on all assets but is limited to on-box machine learning and lacks full protocol analysis and decryption capabilities.

Why It Matters

Full analysis of every asset across all protocols, augmented by decryption, is crucial for the detection of advanced attacks like SUNBURST and Kerberos GoldenTicket attacks. Cloud based machine learning means you can process larger, more complex datasets to ensure seamless detection of even the newest attacks.

Investigation & Threat Hunting

ExtraHop Logo

Real-time and historical data for all observed communications

Vectra Logo

Data is limited to detection-driven investigations

Why It Matters

To answer the question "Are we impacted by the latest threat?" you need all observed data to determine context and perform proactive investigations and retrospective threat-hunting with detailed historical data.

Unified Console: NetOps + SecOps + CloudOps

ExtraHop Logo

Single console for network, security and cloud teams

Vectra Logo

Security only use cases

Why It Matters

A single source of truth provides faster resolution for security, performance, cloud and hygiene use cases increasing efficiency, decreasing response time, and providing the opportunity to simplify tool portfolios.

Full Continuous Packet Capture (PCAP)

ExtraHop Logo

Always-on continuous PCAP

Vectra Logo

Precision PCAP

Why It Matters

Always-on, continuous PCAP guarantees availability of relevant packets. A reliance on Precision PCAPs means you will miss details critical to determining the severity of an incident.

Enterprise Scalability & Real-time Analysis

To scale to the needs of the enterprise, your traffic analysis must deliver real-time insights by monitoring every asset communicating across your hybrid environment. Reveal(x) leverages the cloud to constantly adapt to the demands of your network, providing analysts instant access to the data they need to respond to threats.

Scale: Raw Throughput Per-Sensor

ExtraHop Logo

Up to 100Gbps

Vectra Logo

Up to 55Gbps

Why It Matters

Raw throughput is not the only governing factor to determine the scale of monitoring but it is an important one. Higher throughput ensures cost efficiency when scaling to the needs of your organization.

Scale: IP Monitoring

ExtraHop Logo

Up to 1 Million assets

Vectra Logo

Up to 300,000 assets

Why It Matters

Scaling to 1M assets ensures a single investigative console to rapidly correlate asset activity without data fragmentation for all your threat hunting needs.

Scale: Machine Learning

ExtraHop Logo

Cloud-based Machine Learning

Vectra Logo

Appliance-based Machine Learning

Why It Matters

Cloud-based machine learning ensures you immediately have the most up-to-date detection capabilities while simultaneously scaling on-demand to ensure no detection is missed. Appliance based ML is limited to available system resources.

Tunable Data Streaming to SIEM

ExtraHop Logo

Pick the data you want to store.

Vectra Logo

All or nothing approach.

Why It Matters

Sending all data to your SIEM is both expensive and inefficient. Tuning your NDR to stream only the most important data to your SIEM saves time and money.

Visibility & Decryption

Visibility requires a complete picture of every asset connected to the network and its function. This challenge combined with the rapid adoption of encryption has hampered visibility industry wide. Reveal(x) provides complete visibility augmented by decryption into every asset (including IoT), application and user communicating on the hybrid network. Decryption is required to detect the most advanced threats.

Decryption and Encrypted Traffic Analysis (ETA)

ExtraHop Logo

ETA + Out of band line-rate decryption (up to and including TLS 1.3)

Vectra Logo

ETA only. Vectra claims: "Decryption violates privacy laws."

Why It Matters

As TLS 1.3 reaches ubiquity it becomes increasingly necessary to decrypt traffic to catch threats like SQL injection, cross-site scripting, SSRF, and Kerberos Golden Ticket attacks.

Asset Classification

ExtraHop Logo

Complete asset inventory with role-based classification including IoT

Vectra Logo

IP address based asset inventory with no asset classification

Why It Matters

You need to classify an assets role to provide needed context to rapidly determine if observed behaviors align with the assets intended function ex. DNS, VOIP, AD, SQL, IoT etc.

Historical Lookback

ExtraHop Logo

Up to 90 days of customizable historical data included

Vectra Logo

Up to 14 days of Zeek formatted historical data with a fee for additional storage

Why It Matters

When advanced attacks like SUNBURST are disclosed, answering the question "Were we impacted?" requires you have the maximum amount of historical data for investigation.

Hybrid, Multi Cloud & SaaS

Cloud-native security and flexible deployment models are central to the needs of modern enterprises. Reveal(x) leverages its AWS expertise to provide frictionless on-demand deployments to secure your cloud infrastructure.

Flexible Deployment Cloud

ExtraHop Logo

Hybrid, Multi-Cloud, and SaaS deployment models, in one interface. Support for AWS, Azure, GCP

Vectra Logo

No SaaS: Deploy VM's in cloud instances. No Google Cloud support.

Why It Matters

Deployment models must meet with your business requirements for scale and efficiency. ExtraHop Reveal(x) 360 is a true SaaS solution and provides flexibility to adapt to your future security needs.

AWS Competency

ExtraHop Logo

AWS Security Competency

Vectra Logo

None

Why It Matters

Certification by AWS demonstrates that vendors have deep technical expertise and proven customer success securing every stage of cloud

Cloud Throughput

ExtraHop Logo

Up to 25Gbps

Vectra Logo

Up to 10Gbps

Why It Matters

Raw throughput is not the only governing factor to determine the scale of monitoring but it is an important one. Higher throughput ensures cost efficiency when scaling to the needs of your organization.