We use the product to collect and monitor my environment. It models my traffic and sends me reports. Additionally, I have the response module in place to handle critical breaches by quarantining devices. I utilize it for generating reports and analyzing data to leverage threat intelligence.
Network Admin at Naivas Ltd
Has a straightforward setup process and good technical support services
Pros and Cons
- "Its AI technology supports cybersecurity by learning my environment and accurately responding to threats."
- "The pricing needs improvement."
What is our primary use case?
What is most valuable?
The product's most valuable features are the response module and email protection.
What needs improvement?
Darktrace is quite expensive, which can be a significant factor for organizations with budget constraints. The pricing needs improvement.
For how long have I used the solution?
I have been working with Darktrace for around four to five years now.
Buyer's Guide
Darktrace
November 2024
Learn what your peers think about Darktrace. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,649 professionals have used our research since 2012.
What do I think about the stability of the solution?
It is a stable solution. I rate the stability an eight.
What do I think about the scalability of the solution?
I rate the platform scalability a ten. It supports a wide range of devices and is highly scalable.
How are customer service and support?
The technical support services are reliable.
How would you rate customer service and support?
Positive
How was the initial setup?
With the support from Darktrace and its partners, the setup process was user-friendly and easy.
The deployment took less than a week, although the learning phase for the environment can take some additional time.
What was our ROI?
Darktrace generates an ROI by effectively mitigating threats and avoiding costs related to downtime and other issues.
What's my experience with pricing, setup cost, and licensing?
The product is expensive.
What other advice do I have?
Darktrace provides real-time alarms for any anomalies in my network, which I utilize for incident response. It has significantly improved our reporting capabilities and response times once we set the parameters for identifying critical threats.
The response capability is beneficial because it autonomously responds to identified threats without manual intervention, ensuring that alerts are addressed 24/7. This includes quarantining devices as needed, which adds resilience to our security operations.
There have been improvements in incident response times. Before using the response functionality, we experienced a breach last year. Now, reports highlight and address incidents more effectively, reducing response times.
Its AI technology supports cybersecurity by learning my environment and accurately responding to threats. It reduces false positives and provides accurate threat detection by understanding the behavior of my network.
It is a tool worth trying, but the pricing aspect should be considered. I rate an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: May 31, 2024
Flag as inappropriateA stable and reliable cyber-security solution for network and email monitoring
Pros and Cons
- "It has helped the organization to detect any malware affecting the machines...The network monitoring and the email monitoring features are very valuable for us."
- "The main portal needs improvement as it is difficult to use."
What is our primary use case?
The solution is a security cover for our on-premises solution to improve our security rating. Also, we want to protect our emails.
How has it helped my organization?
It has helped the organization to detect any malware affecting the machines. For example, if any phishing email creates a factory view bug or some of the workstations have some weird activities, or if someone downloaded malware from the internet, then Darktrace sends us a warning notification to look into the details so that our machine does not get involved with the malware. This function has helped our organization.
What is most valuable?
The network monitoring and the email monitoring features are very valuable for us.
What needs improvement?
The main portal needs improvement as it is difficult to use. But it's straightforward to follow compared to other VPN portals, for example, Azure. You don't have to bug the customer support team quite often.
They can add the EDR and follow-up options in the next release. For instance, if something happens, we get a notification. If a follow-up option is available, we can create a case and then understand how to record the evidence.
For how long have I used the solution?
I have been using Darktrace for one year.
What do I think about the stability of the solution?
It is a stable solution. I rate it nine out of ten.
What do I think about the scalability of the solution?
It is a scalable solution. I rate it a nine out of ten. Presently, 150 users are using the solution, and we wish to increase the number of users in the future.
How are customer service and support?
The technical support team is slow, but not that bad. I rate it eight out of ten.
How would you rate customer service and support?
Positive
How was the initial setup?
I do not know much about it, as an engineer from Darktrace did the setup for us.
What about the implementation team?
The engineer from Darktrace set it up about two years ago.
What was our ROI?
There has been a return on investment using the product.
What's my experience with pricing, setup cost, and licensing?
We pay 8,000 a year. The pricing is reasonable.
What other advice do I have?
If any company has enough budget to put another layer between the internet and the on-prem device, they should consider Darktrace.
I rate the product a nine and a half out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Darktrace
November 2024
Learn what your peers think about Darktrace. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,649 professionals have used our research since 2012.
Cybersecurity Manager at DP World Australia (Holding) Pty. Ltd.
Useful AI network threat detection, highly reliable, and helpful support
Pros and Cons
- "The most valuable feature of Darktrace is the AI that detects abnormal network activity."
- "Although we haven't detected any network threats since implementing Darktrace, we are unsure of its efficacy. It would be beneficial if the solution could offer additional details to the user regarding any potential or prevented threats. Additionally, there could be better search tools and integration."
What is our primary use case?
Darktrace is used for network security.
The solution can be deployed in the cloud and on-premise.
What is most valuable?
The most valuable feature of Darktrace is the AI that detects abnormal network activity.
What needs improvement?
Although we haven't detected any network threats since implementing Darktrace, we are unsure of its efficacy. It would be beneficial if the solution could offer additional details to the user regarding any potential or prevented threats. Additionally, there could be better search tools and integration.
For how long have I used the solution?
I have been using Darktrace for approximately three years.
What do I think about the stability of the solution?
The stability has been good in my usage.
I rate the stability of Darktrace an eight out of ten.
What do I think about the scalability of the solution?
We have serval engineers that use Darktrace.
I rate the scalability of Darktrace an eight out of ten.
How are customer service and support?
The support has been good. When we contacted them we received a helpful response.
I rate the support of Darktrace an eight out of ten.
Which solution did I use previously and why did I switch?
We have used many similar solutions before Darktrace. We choose Darktrace because of the AI. We can develop many use cases with the solution.
How was the initial setup?
The initial setup of Darktrace is straightforward. We are using Slunk and the implementation is simple.
What about the implementation team?
We used a third party for parts of the implementation of Darktrace.
What's my experience with pricing, setup cost, and licensing?
There is an annual license to use Darktrace.
What other advice do I have?
One person can handle the maintenance of Darktrace.
I recommend the solution to others.
I rate Darktrace an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer:
IT Network Administrator at Foord
Learns patterns and identifies malicious behavior with AI capabilities
What is most valuable?
Darktrace learns patterns and can identify malicious behavior based on that learning. It learns what tasks users perform, what data they access, and similar activities. Unlike an EDR, which uses patterns and signatures to identify existing threats, Darktrace uses AI to learn and recognize patterns. This provides a different approach to monitoring and detecting anomalies.
What needs improvement?
Pricing could be cheaper.
For how long have I used the solution?
I have been using Darktrace as an end user for three years.
What do I think about the scalability of the solution?
I rate the solution’s scalability a ten out of ten.
How was the initial setup?
The initial setup is straightforward and takes a couple of hours.
What about the implementation team?
We did in-house because we've got skill levels, but differently depending from time to time, depending on
What was our ROI?
The benefit is the security. You probably have a security case, an alarm system, and one or two locks. You don't rely on one security device; you have different layers. Darktrace is just one of those layers.
What's my experience with pricing, setup cost, and licensing?
It is very expensive.
I rate the product’s pricing a ten out of ten, where one is cheap and ten is expensive.
What other advice do I have?
I am the sole administrator and monitor of Darktrace because we have a small IT team. However, Darktrace monitors our entire organization. In a larger company with many IT departments, multiple people might monitor Darktrace and engage with it. Our finance company has a small IT department.
Darktrace adapted to the evolving landscape of cybersecurity threats by leveraging proprietary technology and machine learning algorithms. Their unique approach and cutting-edge solutions have established them as a leading company.
It's difficult to gauge the effectiveness of Darktrace because we don't fully understand how it operates; we only see the alerts it generates. If we create an event on the network, Darktrace will alert us so we know it works in those scenarios. If something new and unknown happens on the network, it's unclear whether Darktrace will detect it. We're paying a lot of money, hoping it does, as Darktrace is a proprietary technology. It might work, or it might not detect some threats. We don't have full visibility or a map of its coverage.
Darktrace can be expensive, depending on the use case. It's like comparing different types of cars: some people need a two-seater, while others need a ten-seater. Darktrace is more like a seven-seater—very specific and not suitable for everyone.
Overall, I rate the solution an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Aug 1, 2024
Flag as inappropriateSenior Security Architect at Meeza
A stable, scalable, and valuable tool that provides excellent network monitoring
Pros and Cons
- "The solution is outstanding from a monitoring perspective."
- "Darktrace is a closed technology, meaning we know very little about how it works, including the architecture, which is significant. As a result, when we implement the system and find we're getting many false positives, we have minimal insight into why it's happening and what we can do to fix it. We don't know how the solution is configured, the criteria for threats to be determined, or the product's inner workings. We understand that they have to ensure privacy and their copyright, but we want to see some documentation or public research into the security Darktrace provides."
What is our primary use case?
I work for a Managed Security Service Provider (MSSP), and we provide the solution for our clients to improve their security posture in both IT and OT. The deployments are typically hybrid.
What is most valuable?
The solution is outstanding from a monitoring perspective.
All of the features are valuable and provide excellent capability in the field.
What needs improvement?
Darktrace is a closed technology, meaning we know very little about how it works, including the architecture, which is significant. As a result, when we implement the system and find we're getting many false positives, we have minimal insight into why it's happening and what we can do to fix it. We don't know how the solution is configured, the criteria for threats to be determined, or the product's inner workings. We understand that they have to ensure privacy and their copyright, but we want to see some documentation or public research into the security Darktrace provides.
A relatively new module called Darktrace PREVENT provides digital protection to the company from the internet. However, the protection doesn't extend to the dark web, which limits its depth. PREVENT also offers phishing awareness training in the form of dummy attacks and some penetration testing, but it is very limited from my point of view.
The AI and Darktrace breach model must be enhanced to minimize false positives, as they can give our customers a negative impression of the solution. Some of them come to us and say they aren't getting what they expect from it, especially after a significant investment.
For how long have I used the solution?
I initially used the product in 2016, then returned to it in 2022 and have been using it for about a year. Over the years, the extension to the Darktrace portfolio has been tremendous, and they have made improvements in many areas, including reporting and autonomous response.
What do I think about the stability of the solution?
The stability is very good; I rate the solution eight out of ten here.
What do I think about the scalability of the solution?
The solution is scalable; I rate it eight out of ten for scalability.
How are customer service and support?
Darktrace tech support is helpful, but there is room for improvement, especially around assistance for complex deployments. I rate them seven out of ten.
How would you rate customer service and support?
Neutral
How was the initial setup?
The deployment is straightforward. However, a complex network, such as one in the cloud and a DOCSIS ecosystem, can become extremely difficult. Generally, though, the deployment is straightforward, and in our case, we completed the whole setup in three to four hours.
Specifically, large, complex MPLS networks are exceedingly tricky when deploying Darktrace. We may need more experience or training, but it would be good to see some improvements here.
Our InfoSec team uses the solution, consisting of two to three staff members. Regarding endpoints protected by the product, there were around 400 in my old position and 2000 in my current organization.
What's my experience with pricing, setup cost, and licensing?
I'm unfamiliar with the exact cost, but we have a yearly license and had to pay for Darktrace's services before the deployment. The product is very expensive, so some organizations can't afford to pay the total amount directly, meaning they often seek a partner or pay in installments, which increases the price more.
Darktrace requires direct billing to London, which isn't possible for organizations in Qatar, so they have to go through processes that increase the price even further. If they had an office in Dubai or Qatar, that could solve this payment issue.
What other advice do I have?
I rate the solution eight out of ten and highly recommend it.
From a technological perspective, Darktrace is an excellent company, and the rate at which they improved and continue to improve their product is impressive.
All the data is on the appliance on the customers' premises, and we have to open back doors to the analysts in London to access the devices, who have complete visibility into what's happening on the customer side. This is a significant negative point for Darktrace. They also have complete visibility into our email, which is a privacy concern for us.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Assistant Manager - Network & Security at a financial services firm with 5,001-10,000 employees
Issue-free with a helpful Antigena feature and responsive support
Pros and Cons
- "The product can scale."
- "The cost is a bit on the higher side."
What is our primary use case?
We were testing the solution to see its network detection response capabilities.
What is most valuable?
We had an okay experience with the product and didn't really have any issues.
The Antigena feature is very useful.
It is stable.
The product can scale.
Support so far has been helpful and responsive.
What needs improvement?
I don't have any specific issues with the solution. We are still in the early phase of analyzing the product.
The cost is a bit on the higher side. We'd like it to be less expensive.
For how long have I used the solution?
We were using the solution. In the past month, we stopped using it. We used it for three months.
We're just trying the solution. We had meetings. We were testing it. Nothing is finalized.
What do I think about the stability of the solution?
The solution is stable and reliable. There are no bugs or glitches. It doesn't crash or freeze.
What do I think about the scalability of the solution?
It is scalable. However, it varies on a case-by-case basis.
We have four people working with the solution in our company right now. They are in the IT department.
How are customer service and support?
We did speak to technical support and found them to be very helpful and responsive.
How was the initial setup?
I did not handle the setup process. We had a vendor come in and set it up and handle the whole process.
What about the implementation team?
The vendor set the solution up with us.
What's my experience with pricing, setup cost, and licensing?
The cost is a little high.
We've budgeted about 50,000 Kuwaiti dinars for the solution. That is a yearly operating cost.
Which other solutions did I evaluate?
We're busy with some different projects and we wanted to evaluate different products as well on the same technology. We looked into, for example, Check Point EDR and options like Crowdstrike.
What other advice do I have?
We're a potential end-user. We tested the solution. We just tried different scenarios to see what would suit us. We were testing it and will still go ahead with testing. The testing is not yet complete. We've put it on hold for now; however, we will still continue testing in the coming days.
I'd rate the solution eight out of ten.
I'd advise potential new users that they should definitely give it a try; however, the price is on the higher side. Darktrace has to consider lowering its price.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Chief Information Officer at Amadys
Strong intrusion detection in the complete network; low maintenance
Pros and Cons
- "One member of staff is enough for deployment and maintenance because Darkforce is AI-driven. It does a lot of things by itself."
- "Darkforce could be improved in the range of the interface; how to interact with the actions it's taking or not taking."
What is our primary use case?
Our use cases for Darktrace are intrusion detection in the complete network, including for all the devices connected, detection, emails, email spoofing, and supply chain attacks.
What is most valuable?
The most valuable Darktrace feature is the cloud protection for all the cloud services, OneDrive, and all the things related to that.
What needs improvement?
Darkforce could be improved in the range of the interface; how to interact with the actions it's taking or not taking.
For how long have I used the solution?
I have been using Darktrace for about a year now.
What do I think about the stability of the solution?
Darktrace is stable.
What do I think about the scalability of the solution?
Darktrace is scalable.
How was the initial setup?
The initial setup was quite straightforward. It took us between two and six months. We got shipped an appliance and installed it in the data center. It then started collecting data. We had a few reviews of what it was collecting and what it would do. There was a test phase after which we enabled it, part by part, following a series of reviews.
Right now, 350 users are affected by Darkforce in our organization. It exists in the background, so they are not actively using it.
One member of staff is enough for deployment and maintenance because Darkforce is AI-driven. It does a lot of things by itself. You need to review what it's doing every now and then. You may, for example, need to release an email that was blocked for some reason, but it's quite low maintenance overall.
You do not need an engineer to manage it. It can be managed by a manager as doing so is not super technical. You always have access to Darktrace support, which means their engineers are available help you with the more complex stuff.
What about the implementation team?
Our deployment was done by Darktrace themselves, but they have some partners that also do it. Once you are up and running, you can deploy any additional appliances by yourself.
What was our ROI?
This is a difficult question and one that was asked of us by the higher ups, but you have to compare the cost with what would happen if there was a breach. It is difficult to articulate a return on investment in hard numbers, but I can see that Darkforce deflects typical attacks and protects users.
What's my experience with pricing, setup cost, and licensing?
I cannot be completely sure what the license cost but it is on a per-user basis. I handle the technical side, so I do not have insight into how much we are paying for it exactly.
What other advice do I have?
I would surely recommend Darkforce. The price might be quite high, but it is really worth it.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Head of Infrastructure, Security and Communications at a construction company with 5,001-10,000 employees
Easy to set up with good integration capabilities and useful UI
Pros and Cons
- "We have found the product to be stable and issue-free."
- "We'd like threat hunting, and we'd like to see a global solution that can automate vulnerability scans. I know it is something they are working on."
What is our primary use case?
We're using it in a complete security solution yet still within a different product that Darktrace has that's related to the network or email.
What is most valuable?
The most valuable aspect of the product would be that it's a product that is quite easy to integrate. It's quite easy to start working with it, which is working well. The concept of artificial intelligence that is behind the solution is the most interesting feature for us.
The sense of detection and monitoring and topics within security is good.
It was easy to set up the product.
We have found the product to be stable and issue-free.
It is scalable.
What needs improvement?
We need them to ensure they will detect new attacks and pick up anomalies.
We, of course, would love more threat intelligence, and more integration with vulnerability scanners. We'd like threat hunting, and we'd like to see a global solution that can automate vulnerability scans. I know it is something they are working on.
They're working in different modules that could be related to threat intelligence and to the tech vulnerabilities or functionalities related to EDR.
For how long have I used the solution?
We've been working with the solution for the last couple of years.
What do I think about the stability of the solution?
We've had no issues with stability. It's reliable. There are no bugs or glitches. It doesn't crash or freeze.
What do I think about the scalability of the solution?
It is scalable and easily expands.
The whole of the organization leverages the product, however, I do not have a clear picture of how many people we are working it. That said, we have a company of 2,000.
How are customer service and support?
I've dealt with technical support in the past. I found them to be helpful.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We did previously use a different solution. That said, I don't remember what it was called.
How was the initial setup?
The product is easy to set up.
After deployment, we spent three months, which is the time that this solution needs to learn about what's happening in our network. In one day, once we had defined all the configurations and once they have been seen on the appliance, we were able to start running it.
It's an easy product to maintain.
What about the implementation team?
We handled the initial setup ourselves. We did not need any outside assistance from integrators or consultants.
What's my experience with pricing, setup cost, and licensing?
The pricing is okay. I'd rate it seven out of ten in terms of affordability.
You have different modules which you have to pay for. If you want to expand functionality, it ends up costing more.
Which other solutions did I evaluate?
Looked at Microsoft, Proofpoint, and Minecraft when we were looking into Darktrace. We decided on this product based on the available features.
What other advice do I have?
We are using the last version of the solution, although I don't know the exact version number. We plan to upgrade in the next couple of weeks. We might be on version five, with the latest being six.
This is something that is really easy to implement in an organization. It gives us good visibility about what is happening in our networks, and on the system. We like the transparency available within our infrastructure now. We can also personalize it to fit our needs. You can either choose plug and play or you can go deeper. They have artificial intelligence you can start working with. You can define more by leveraging modules. Overall, it's very interesting.
I'd rate the solution eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Darktrace Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Product Categories
Extended Detection and Response (XDR) Email Security Intrusion Detection and Prevention Software (IDPS) Network Traffic Analysis (NTA) Network Detection and Response (NDR) AI-Powered Chatbots Cloud Security Posture Management (CSPM) Cloud-Native Application Protection Platforms (CNAPP) Attack Surface Management (ASM) AI-Powered Cybersecurity PlatformsPopular Comparisons
CrowdStrike Falcon
Microsoft Defender for Endpoint
Cloudflare
Wazuh
Microsoft Defender for Office 365
SentinelOne Singularity Complete
Prisma Cloud by Palo Alto Networks
Microsoft Defender for Cloud
Cortex XDR by Palo Alto Networks
Commvault Cloud
Qualys VMDR
Cisco Secure Email
Proofpoint Email Protection
Tenable Security Center
Buyer's Guide
Download our free Darktrace Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- I'm building a next-gen AI powered threat intelligence platform. What's missing from existing solutions?
- Which is better - SentinelOne or Darktrace?
- What are the pros and cons of Darktrace vs CrowdStrike Falcon vs alternative EPP solutions?
- Which alternative solutions (other than Darktrace) do you recommend for an SMB?
- How does Crowdstrike Falcon compare with Darktrace?
- What is the best EDR or XDR product for a company with 9000 employees?
- When evaluating Extended Detection and Response (XDR), what aspect do you think is the most important to look for?
- How do you decide about the alert severity in your Security Operations Center (SOC)?
- Which is better for Endpoint Security: EDR or XDR solutions?
- What are the main differences between XDR and SIEM?