Vectra vs Extrahop

correct.

Decryption is not necessary.

‍Reality: Vectra detects attackers in encrypted SSL/TLS 1.3 traffic without requiring decryption.

‍Fact: Strong security is possible without decryption. Vectra does not decrypt because it violates privacy laws, slows network performance and increases packet storage costs.

Decryption is not needed to expose attackers.

‍Reality: Strong security is possible without decryption.
‍
Reality: Vectra detects attackers in encrypted SSL/TLS 1.3 traffic (Hidden HTTPS Tunnel) without requiring decryption.
‍
Fact: Vectra does not decrypt because it violates privacy laws, slows network performance and full decryption is impossible.

correct.

Throughput does not mean efficacy.

Reality: Raw throughput is not the governing factor in determining the scale of monitoring. The primary factor is the maximum number of hosts that are continuously monitored for threats.

Fact: Vectra supports 40 Gbps sensor and 55 Gbps of active threat monitoring with the X80 Cognito appliance.

Throughput does not mean efficacy

Reality: Raw throughput is not the governing factor in determining the scale of monitoring. The primary factor is the maximum number of hosts that are continuously monitored for threats.

Fact: Vectra supports 40 Gbps sensor and 55 Gbps of active threat monitoring with the X80 Cognito appliance.

correct.

Threat behavior monitoring and data streams are not synonymous.

Reality: The majority of ExtraHop protocols only collect network performance monitoring metrics and do monitor for hidden attackers.

Fact: Vectra records more than 15 different data streams and monitors for hidden threats in traffic over countless protocols.

Reality: Threat behavior monitoring and data streams are not synonymous.

Reality: The majority of ExtraHop protocols only collect network performance monitoring metrics and do not monitor for hidden attackers.

Fact: Vectra records more than 15 different data streams and monitors for hidden threats in traffic over countless protocols.

correct.

Reality: Vectra is focused on detecting behaviors related to adversarial tactics, techniques and procedures (TTPs).

Fact: Pure anomaly detection produces overwhelming volumes of false-positive alerts that require examination.

Fact: With anomaly detection, the distinction between user behaviors and attacker behaviors is nebulous, even though they are fundamentally different.

Reality: Vectra is focused on detecting behaviors related to adversarial tactics, techniques and procedures (TTPs).

Fact: Pure anomaly detection produces overwhelming volumes of false-positive alerts that require examination.

Fact: With anomaly detection, the distinction between user behaviors and attacker behaviors is nebulous, even though they are fundamentally different.

correct.

Reality: ExtraHop is limited by the number of critical hosts it can monitor. Throughput is not the limiting factor.

Reality: ExtraHop incorporates network context that you must search for manually, whereas Vectra's security insights automatically surface and label hosts and accounts using network metadata.

Fact: Vectra supports 8 Gbps cloud monitoring with an r5n.4xlarge instance type.

Reality: ExtraHop is limited by the number of critical hosts it can monitor. Throughput is not the limiting factor.

Reality: ExtraHop incorporates network context that you must search for manually, whereas Vectra's security insights automatically surface and label hosts and accounts using network metadata.

Fact: Vectra supports 8 Gbps cloud monitoring with an r5n.4xlarge instance type.