Introduction and overview
Introduction and overview of the Vectra AI platform for Quadrant UX (QUX) deployments and appliance modes
Introduction
This guide is intended to help customers or partners get started with a with a Quadrant User Experience (Quadrant UX or QUX) deployment of the Vectra AI Platform. The User Interface (UI) for a QUX deployment is served from a Brain appliance that is installed in your premises (physical data center, traditional hypervisor, or IaaS cloud).
For users working with the Respond UX, the UI is served from Vectra’s cloud as part of the overall Vectra AI Platform. Please refer to the Vectra Respond UX Deployment Guide if you are planning to deploy using the Respond UX. If you are unsure of your deployment type, please see analyst UX options.
This guide will include an overview of the platform including components and Vectra terminology. It covers firewall rules that may be required in your environment, guidance for air-gapped deployments, initial settings, and recommended next steps. It is intended for use regardless of your deployment method (physical appliances, virtual appliances, cloud (IaaS), etc).
This guide is meant to be used in conjunction with related guides in the deployment area of the overall documentation site. Here you will find guides that are relevant for deploying NDR physical, virtual, and cloud Sensors, other Vectra SaaS products such as CDR for AWS and M365, IDR for M365, Match, and Stream.
Vectra AI Platform Overview
A Quadrant UX deployment typically includes several components of the overall Vectra AI Platform:
Brain appliance – installed in customer premises (physical or virtual datacenter or IaaS cloud).
Data sources such as
Network (campus, data center, and IaaS clouds)
Public cloud
SaaS
Identity
The diagram above shows a conceptual high-level deployment with Sensors in IaaS clouds, SaaS and Identity data sources, Sensors in physical locations, Vectra’s cloud, a SOC with a Brain installed locally that feeds a customer data lake via Vectra Stream, and integration with SOAR/SIEM that is done locally with the Brain. The simplest deployment is a single Vectra X-series appliance that is deployed in mixed mode and acts as both a Brain and Sensor.
The metadata that Vectra processes is valuable to customers for investigation, compliance, security posture assessment, and many other reasons. Metadata can be made available to customers via Stream and Recall.
Admins and analysts login to the Brain locally to access the Quadrant UX.
Analysts can login from anywhere provided the customer has VPN or other access to the Brain from the analyst work locations.
Physical or Virtual Sensors will be deployed and paired with your Brain to capture network metadata across hybrid environments.
Vectra supports IaaS public clouds, datacenters, remote workers, and campuses.
Customer with non-network data sources must allow their Brain to connect to the Vectra cloud to retrieve detection data.
Detection processing for SaaS data sources happens in Vectra’s cloud.
SOAR/SIEM/EDR/etc integration all happens from the customer Brain to these configured integrations.
Appliance Modes
The 3 modes are Brain, Sensor, and Mixed. S-series appliances and virtual Sensors function only as Sensors. B-series appliances and virtual Brains function only as Brains. X-series appliances can be configured as Brains or Sensors. The X29 appliance can also function in mixed mode.
Brain Mode
Serves as the central point of management for a Quadrant UX based deployment.
Processes / deduplicates and optionally forwards metadata received from Sensors (when licensed for Recall or Stream).
Runs NDR when licensed for it.
Sensor Mode
Must be paired to Brain.
Captures / deduplicates traffic.
Forwards metadata to Brain.
Houses rolling capture buffer to enable PCAP retrieval when requested from the Brain.
Mixed Mode
Performs both Brain and Sensor functions.
Last updated
Was this helpful?