We performed a comparison between Darktrace and LogRhythm UEBA based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Cisco, TitanHQ and others in Email Security."The initial setup is straightforward. You just add the license, click it, and then you can set up the rules. It is quite simple."
"I like its investigation capabilities, as that is what is most important to me. It is fairly simple with a user-friendly interface."
"Defender for 365 is a comprehensive cloud-based solution. The value of the cloud is that you aren't alone. Threat intelligence and analytics are shared in the cloud. We don't have to find the solution alone. If you face an unknown threat with traditional solutions like Trend Micro and Symantec, you need to open a case and send your information to them to analyze forensically and identify the source of the attack."
"The email protection is excellent, especially in terms of anti-phishing policies."
"Defender helps us prioritize threats across our organization."
"Some of the valuable features on the email side are anti-phishing, anti-malware, and Safe Links."
"The most valuable feature is the integration. It's a single console, so we don't have to switch around between multiple products. Another valuable feature is the ease of operations and maintenance."
"Defender for Office 365 has helped eliminate having to look at multiple dashboards and that is the aspect I like most about it. It is simpler, effective, and convenient. The users like the process efficiency."
"Darktrace is extremely stable."
"It is very stable and easy to use."
"I like the Antigena feature in Darktrace, as it offers immediate response and is helpful."
"It has helped the organization to detect any malware affecting the machines...The network monitoring and the email monitoring features are very valuable for us."
"I have used multiple solutions, but its graphical user interface is quite interesting and quite descriptive. There are a lot of video animations, and we can easily see how the data is transferred between various points. That's something really interesting. It is also quite easy to understand for a new user."
"I like the dashboards, which are cool. They are more user-friendly, in my experience. Its learning capabilities are really good."
"The Antigena feature is most valuable. Once it learns your environment, Antigena can step in and block a denial of service attack, a ransomware attack, or just about anything that doesn't belong in the environment. It can detect any type of attack that hits the environment because it understands what normal looks like for the network. It is very useful for an autonomous response."
"It is autonomous. So, it learns. It uses algorithms and AI to learn the common behavioral patterns on the network, and it is able to identify threats based on abnormal patterns."
"The most valuable features are file activity monitoring and registry activity monitoring."
"It is easy to monitor users and that is how the solution is adding value to our firm."
"Good capability pinpointing specific cyber incidents."
"The solution is useful for privilege accounts and super admin accounts. It is beneficial from a security perspective. The tool uses machine learning rather than threshold-based alerts. For instance, it can detect unusual user logins, such as a user logging in from a new browser or location."
"LogRhythm UEBA’s best feature is the dashboard. It provides several graphs, charts, and event logs."
"The tool's most valuable feature is server threat hunting."
"It has a lot of features. It has file integration monitoring."
"What I like most about LogRhythm UEBA is that it allows you to identify and analyze end-user behaviors and suspicious activities within the systems."
"Configuration requires going to a lot of places rather than just accessing one tab."
"We are always looking for others tools to increase automation on tasks. There can be better integration with other solutions, such as PowerPoint and email."
"The custom alerts have to improve a lot."
"The pre-sales cost calculations could be more transparent."
"In one of the reports I can get the exact place where a vulnerable file resides. But for that, I need to explicitly go into the device and check. If they could include that file part in the report, without my having to go to the device itself, that would help."
"The only thing they should improve is the licensing model. They should stop changing it. A year ago, the five features I mentioned were included in one product. Now, three of them are bundled into one product, and you have to pay extra for the other two. I don't mind paying extra, but I don't want them to change it every year or every six months. I need to know what I'm looking at and not worry about it next year."
"There needs to be an improvement in integrating the product to work across multiple operating systems, and to have better support for non-Microsoft file types."
"There is room for improvement in terms of reporting."
"It would be useful if there was a way to check to see if there are certain devices that are not in sync with the solution. I'm not sure if this is an option or not."
"In terms of improvements, fine-tuning is the area where we have to spend some time because it works on unsupervised machine learning. It would be good if they can improve their algorithm or technical functionality to reduce the fine-tuning effort. They can also come up with something at the endpoint level. So far, Darktrace has been a network detection response (NDR) solution. It does not offer much at the endpoint level or on user-client devices or servers. There should be more visibility at the endpoint level. It would be good to have the detection and response at the endpoint level by Darktrace. It should also have integration with an agile environment so that we can have continuous development and continuous integration in the application development environment. This is currently not there. It should also have internet-facing platform visibility, which is currently missing. They also need to improve the reporting and management dashboards. Currently, these are not so easy for a non-technical person. All these features would make Darktrace much better, and they would also be helpful in selling more solutions."
"The interface and dashboards could be improved for ease-of-use."
"They just need to work on their price. In terms of features, we are trying to understand all the features that we have. We're still exploring everything that we have so that we can fully utilize it. At this point in time, it is not about the features. It is more about utilization. We're just trying to utilize everything to full capacity."
"Darktrace could improve its features, such as monitoring and detecting ransomware."
"It can have more integration with orchestration or event management solutions. They can provide more knowledge or research information for analysts for investigating cases and detecting anomalies in networks."
"I would like for the product to work on the endpoints as well. I would like to see enhanced visibility into the endpoints and network but this solution only sits on the network itself."
"The module can improve so that every time it's more intelligent."
"It should have better mitigation with other solutions and be tightly integrated with other solutions. It has to be improved."
"What needs improvement in LogRhythm UEBA is the pricing. Here in Asia, for example, in Sri Lanka, pricing is the primary concern, and this is the only area for improvement I see in the product."
"The search feature needs to be improved."
"The UI could be improved a little bit."
"The product could be user-friendly for someone who doesn’t have any prior experience working with it."
"The cloud version is lacking and not up to par."
"The product should improve its dashboards. Splunk has neat dashboards. Additionally, we would like to enhance the use cases provided by LogRhythm as its use case library is not as extensive as other tools. Its machine-learning capabilities need to improve when compared to other solutions. It lacks risk quantification in a single, transparent view for individuals such as CSOs."
"LogRhythm UEBA's data aggregation needs to be improved. Open-source users do not have much documentation available. Documentation is available only for enterprise users."
More Microsoft Defender for Office 365 Pricing and Cost Advice →
Darktrace is ranked 12th in Email Security with 66 reviews while LogRhythm UEBA is ranked 12th in User Entity Behavior Analytics (UEBA) with 10 reviews. Darktrace is rated 8.2, while LogRhythm UEBA is rated 7.2. The top reviewer of Darktrace writes "Great autonomous support, offers an easy setup, and has responsive support". On the other hand, the top reviewer of LogRhythm UEBA writes "Detects unusual logins but dashboards need improvement ". Darktrace is most compared with CrowdStrike Falcon, Vectra AI, SentinelOne Singularity Complete, Cortex XDR by Palo Alto Networks and ExtraHop Reveal(x), whereas LogRhythm UEBA is most compared with Wazuh, CrowdStrike Falcon, Microsoft Purview Insider Risk Management, Trend Micro Deep Discovery and Aruba IntroSpect.
We monitor all Email Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.