We use the product to collect and monitor my environment. It models my traffic and sends me reports. Additionally, I have the response module in place to handle critical breaches by quarantining devices. I utilize it for generating reports and analyzing data to leverage threat intelligence.
Network Admin at Naivas Ltd
Has a straightforward setup process and good technical support services
Pros and Cons
- "Its AI technology supports cybersecurity by learning my environment and accurately responding to threats."
- "The pricing needs improvement."
What is our primary use case?
What is most valuable?
The product's most valuable features are the response module and email protection.
What needs improvement?
Darktrace is quite expensive, which can be a significant factor for organizations with budget constraints. The pricing needs improvement.
For how long have I used the solution?
I have been working with Darktrace for around four to five years now.
Buyer's Guide
Darktrace
December 2024
Learn what your peers think about Darktrace. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
What do I think about the stability of the solution?
It is a stable solution. I rate the stability an eight.
What do I think about the scalability of the solution?
I rate the platform scalability a ten. It supports a wide range of devices and is highly scalable.
How are customer service and support?
The technical support services are reliable.
How would you rate customer service and support?
Positive
How was the initial setup?
With the support from Darktrace and its partners, the setup process was user-friendly and easy.
The deployment took less than a week, although the learning phase for the environment can take some additional time.
What was our ROI?
Darktrace generates an ROI by effectively mitigating threats and avoiding costs related to downtime and other issues.
What's my experience with pricing, setup cost, and licensing?
The product is expensive.
What other advice do I have?
Darktrace provides real-time alarms for any anomalies in my network, which I utilize for incident response. It has significantly improved our reporting capabilities and response times once we set the parameters for identifying critical threats.
The response capability is beneficial because it autonomously responds to identified threats without manual intervention, ensuring that alerts are addressed 24/7. This includes quarantining devices as needed, which adds resilience to our security operations.
There have been improvements in incident response times. Before using the response functionality, we experienced a breach last year. Now, reports highlight and address incidents more effectively, reducing response times.
Its AI technology supports cybersecurity by learning my environment and accurately responding to threats. It reduces false positives and provides accurate threat detection by understanding the behavior of my network.
It is a tool worth trying, but the pricing aspect should be considered. I rate an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: May 31, 2024
Flag as inappropriateA stable and reliable cyber-security solution for network and email monitoring
Pros and Cons
- "It has helped the organization to detect any malware affecting the machines...The network monitoring and the email monitoring features are very valuable for us."
- "The main portal needs improvement as it is difficult to use."
What is our primary use case?
The solution is a security cover for our on-premises solution to improve our security rating. Also, we want to protect our emails.
How has it helped my organization?
It has helped the organization to detect any malware affecting the machines. For example, if any phishing email creates a factory view bug or some of the workstations have some weird activities, or if someone downloaded malware from the internet, then Darktrace sends us a warning notification to look into the details so that our machine does not get involved with the malware. This function has helped our organization.
What is most valuable?
The network monitoring and the email monitoring features are very valuable for us.
What needs improvement?
The main portal needs improvement as it is difficult to use. But it's straightforward to follow compared to other VPN portals, for example, Azure. You don't have to bug the customer support team quite often.
They can add the EDR and follow-up options in the next release. For instance, if something happens, we get a notification. If a follow-up option is available, we can create a case and then understand how to record the evidence.
For how long have I used the solution?
I have been using Darktrace for one year.
What do I think about the stability of the solution?
It is a stable solution. I rate it nine out of ten.
What do I think about the scalability of the solution?
It is a scalable solution. I rate it a nine out of ten. Presently, 150 users are using the solution, and we wish to increase the number of users in the future.
How are customer service and support?
The technical support team is slow, but not that bad. I rate it eight out of ten.
How would you rate customer service and support?
Positive
How was the initial setup?
I do not know much about it, as an engineer from Darktrace did the setup for us.
What about the implementation team?
The engineer from Darktrace set it up about two years ago.
What was our ROI?
There has been a return on investment using the product.
What's my experience with pricing, setup cost, and licensing?
We pay 8,000 a year. The pricing is reasonable.
What other advice do I have?
If any company has enough budget to put another layer between the internet and the on-prem device, they should consider Darktrace.
I rate the product a nine and a half out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Darktrace
December 2024
Learn what your peers think about Darktrace. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,053 professionals have used our research since 2012.
Cybersecurity Manager at DP World Australia (Holding) Pty. Ltd.
Useful AI network threat detection, highly reliable, and helpful support
Pros and Cons
- "The most valuable feature of Darktrace is the AI that detects abnormal network activity."
- "Although we haven't detected any network threats since implementing Darktrace, we are unsure of its efficacy. It would be beneficial if the solution could offer additional details to the user regarding any potential or prevented threats. Additionally, there could be better search tools and integration."
What is our primary use case?
Darktrace is used for network security.
The solution can be deployed in the cloud and on-premise.
What is most valuable?
The most valuable feature of Darktrace is the AI that detects abnormal network activity.
What needs improvement?
Although we haven't detected any network threats since implementing Darktrace, we are unsure of its efficacy. It would be beneficial if the solution could offer additional details to the user regarding any potential or prevented threats. Additionally, there could be better search tools and integration.
For how long have I used the solution?
I have been using Darktrace for approximately three years.
What do I think about the stability of the solution?
The stability has been good in my usage.
I rate the stability of Darktrace an eight out of ten.
What do I think about the scalability of the solution?
We have serval engineers that use Darktrace.
I rate the scalability of Darktrace an eight out of ten.
How are customer service and support?
The support has been good. When we contacted them we received a helpful response.
I rate the support of Darktrace an eight out of ten.
Which solution did I use previously and why did I switch?
We have used many similar solutions before Darktrace. We choose Darktrace because of the AI. We can develop many use cases with the solution.
How was the initial setup?
The initial setup of Darktrace is straightforward. We are using Slunk and the implementation is simple.
What about the implementation team?
We used a third party for parts of the implementation of Darktrace.
What's my experience with pricing, setup cost, and licensing?
There is an annual license to use Darktrace.
What other advice do I have?
One person can handle the maintenance of Darktrace.
I recommend the solution to others.
I rate Darktrace an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer:
IT Network Administrator at Foord
Learns patterns and identifies malicious behavior with AI capabilities
What is most valuable?
Darktrace learns patterns and can identify malicious behavior based on that learning. It learns what tasks users perform, what data they access, and similar activities. Unlike an EDR, which uses patterns and signatures to identify existing threats, Darktrace uses AI to learn and recognize patterns. This provides a different approach to monitoring and detecting anomalies.
What needs improvement?
Pricing could be cheaper.
For how long have I used the solution?
I have been using Darktrace as an end user for three years.
What do I think about the scalability of the solution?
I rate the solution’s scalability a ten out of ten.
How was the initial setup?
The initial setup is straightforward and takes a couple of hours.
What about the implementation team?
We did in-house because we've got skill levels, but differently depending from time to time, depending on
What was our ROI?
The benefit is the security. You probably have a security case, an alarm system, and one or two locks. You don't rely on one security device; you have different layers. Darktrace is just one of those layers.
What's my experience with pricing, setup cost, and licensing?
It is very expensive.
I rate the product’s pricing a ten out of ten, where one is cheap and ten is expensive.
What other advice do I have?
I am the sole administrator and monitor of Darktrace because we have a small IT team. However, Darktrace monitors our entire organization. In a larger company with many IT departments, multiple people might monitor Darktrace and engage with it. Our finance company has a small IT department.
Darktrace adapted to the evolving landscape of cybersecurity threats by leveraging proprietary technology and machine learning algorithms. Their unique approach and cutting-edge solutions have established them as a leading company.
It's difficult to gauge the effectiveness of Darktrace because we don't fully understand how it operates; we only see the alerts it generates. If we create an event on the network, Darktrace will alert us so we know it works in those scenarios. If something new and unknown happens on the network, it's unclear whether Darktrace will detect it. We're paying a lot of money, hoping it does, as Darktrace is a proprietary technology. It might work, or it might not detect some threats. We don't have full visibility or a map of its coverage.
Darktrace can be expensive, depending on the use case. It's like comparing different types of cars: some people need a two-seater, while others need a ten-seater. Darktrace is more like a seven-seater—very specific and not suitable for everyone.
Overall, I rate the solution an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Aug 1, 2024
Flag as inappropriateSenior Security Architect at Meeza
A stable, scalable, and valuable tool that provides excellent network monitoring
Pros and Cons
- "The solution is outstanding from a monitoring perspective."
- "Darktrace is a closed technology, meaning we know very little about how it works, including the architecture, which is significant. As a result, when we implement the system and find we're getting many false positives, we have minimal insight into why it's happening and what we can do to fix it. We don't know how the solution is configured, the criteria for threats to be determined, or the product's inner workings. We understand that they have to ensure privacy and their copyright, but we want to see some documentation or public research into the security Darktrace provides."
What is our primary use case?
I work for a Managed Security Service Provider (MSSP), and we provide the solution for our clients to improve their security posture in both IT and OT. The deployments are typically hybrid.
What is most valuable?
The solution is outstanding from a monitoring perspective.
All of the features are valuable and provide excellent capability in the field.
What needs improvement?
Darktrace is a closed technology, meaning we know very little about how it works, including the architecture, which is significant. As a result, when we implement the system and find we're getting many false positives, we have minimal insight into why it's happening and what we can do to fix it. We don't know how the solution is configured, the criteria for threats to be determined, or the product's inner workings. We understand that they have to ensure privacy and their copyright, but we want to see some documentation or public research into the security Darktrace provides.
A relatively new module called Darktrace PREVENT provides digital protection to the company from the internet. However, the protection doesn't extend to the dark web, which limits its depth. PREVENT also offers phishing awareness training in the form of dummy attacks and some penetration testing, but it is very limited from my point of view.
The AI and Darktrace breach model must be enhanced to minimize false positives, as they can give our customers a negative impression of the solution. Some of them come to us and say they aren't getting what they expect from it, especially after a significant investment.
For how long have I used the solution?
I initially used the product in 2016, then returned to it in 2022 and have been using it for about a year. Over the years, the extension to the Darktrace portfolio has been tremendous, and they have made improvements in many areas, including reporting and autonomous response.
What do I think about the stability of the solution?
The stability is very good; I rate the solution eight out of ten here.
What do I think about the scalability of the solution?
The solution is scalable; I rate it eight out of ten for scalability.
How are customer service and support?
Darktrace tech support is helpful, but there is room for improvement, especially around assistance for complex deployments. I rate them seven out of ten.
How would you rate customer service and support?
Neutral
How was the initial setup?
The deployment is straightforward. However, a complex network, such as one in the cloud and a DOCSIS ecosystem, can become extremely difficult. Generally, though, the deployment is straightforward, and in our case, we completed the whole setup in three to four hours.
Specifically, large, complex MPLS networks are exceedingly tricky when deploying Darktrace. We may need more experience or training, but it would be good to see some improvements here.
Our InfoSec team uses the solution, consisting of two to three staff members. Regarding endpoints protected by the product, there were around 400 in my old position and 2000 in my current organization.
What's my experience with pricing, setup cost, and licensing?
I'm unfamiliar with the exact cost, but we have a yearly license and had to pay for Darktrace's services before the deployment. The product is very expensive, so some organizations can't afford to pay the total amount directly, meaning they often seek a partner or pay in installments, which increases the price more.
Darktrace requires direct billing to London, which isn't possible for organizations in Qatar, so they have to go through processes that increase the price even further. If they had an office in Dubai or Qatar, that could solve this payment issue.
What other advice do I have?
I rate the solution eight out of ten and highly recommend it.
From a technological perspective, Darktrace is an excellent company, and the rate at which they improved and continue to improve their product is impressive.
All the data is on the appliance on the customers' premises, and we have to open back doors to the analysts in London to access the devices, who have complete visibility into what's happening on the customer side. This is a significant negative point for Darktrace. They also have complete visibility into our email, which is a privacy concern for us.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Manager Information Systems / Technology at Food Sciences Corporation
Easy to implement with a nice interface and very good at identifying intrusions
Pros and Cons
- "We liked their approach to identifying intrusions or network anomalies using AI."
- "Upper management wasn't sold on the value proposition."
What is our primary use case?
We were trying to justify Darktrace, and I was starting to do an analysis of the different solutions. We did a POC and haven't made a decision as to if we will use it or not.
We were just trying to validate their claims of AI-driven preventive network issues. They showed us a number of things, and we were able to show or verify that, yes, the things that they pointed out we were glad they caught. Nothing turned out to be a true intrusion, however, the stuff that they showed us were things that we were happy to see on our network. They discovered traffic on our network that was anomalous. We were just looking to see if they could point us to anomalous traffic, and they did.
What is most valuable?
We liked their approach to identifying intrusions or network anomalies using AI.
We liked their interface and the graphics that they deployed to present the information. It was really good, and we were happy with the overall quality of the product, which was very, very robust.
The implementation was easy.
What needs improvement?
We didn't really notice any downsides to the product. We were very impressed with it. It was a matter of timing and cost. Upper management wasn't sold on the value proposition.
For how long have I used the solution?
We had demoed Darktrace for a few months.
What do I think about the stability of the solution?
It ran pretty fast. Its interface was quick, and it did not impact our network traffic. It didn't slow down anything on our network. It was stable.
What do I think about the scalability of the solution?
We had a sense that it was going to handle our network without many problems. We have a few hundred endpoints of all types, and there was no problem. We had three users on the solution.
Since we weren't really entirely familiar with the product we were, I'd say we were probably using 10% to 20% of its capabilities.
How are customer service and support?
When we originally initially configured and set it up, we used some support, and we were happy with them. We thought they were very confident and good.
Which solution did I use previously and why did I switch?
We haven't demoed anything else before or since.
How was the initial setup?
The initial setup was actually pretty easy, as I recall. The hardest thing was finding space on our rack. That said, once we had that up and running, it was pretty straightforward.
We needed one or two people to deploy the solution. Two and a half people were on the deployment full-time.
What about the implementation team?
We did the deployment on our own, with Dartrace assisting us remotely.
What was our ROI?
We only demoed the solution for a few months and therefore did not witness an ROI.
What's my experience with pricing, setup cost, and licensing?
The cost was reasonable. They were pitching us a five-year contract at a fairly reduced rate annually. The product cost was on the lower side. I'd rate it a two or three out of five in terms of the expense involved. There were no hidden or extra fees involved.
Which other solutions did I evaluate?
We started looking at some other things yet didn't really dig very deep. When we were initially looking at Darktrace, they were the only game in town for us. They seemed to be unique after the fact.
What other advice do I have?
We were end-users.
I'd rate the solution an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
AI-driven tools enhance security and reduces spam
Pros and Cons
- "The most valuable features are the AI and advanced learning tools that distinguish it from other products."
- "Implementing this solution has given us confidence that we are secure."
- "There are still some issues with the network capturing or blocking traffic even after implementing exceptions. It requires more learning in this area."
- "There are still some issues with the network capturing or blocking traffic even after implementing exceptions."
What is our primary use case?
I am using it for network and email security. I am a systems administrator overseeing cybersecurity at Alpha International Company Limited. We have been using it for about two years, focusing on the latest version.
How has it helped my organization?
Implementing this solution has given us confidence that we are secure. It has improved our network security and email filtering, significantly reducing spam. Overall, it has had a positive impact on our organization's IT operations, providing a comfortable and secure environment.
What is most valuable?
The most valuable features are the AI and advanced learning tools that distinguish it from other products.
What needs improvement?
There are still some issues with the network capturing or blocking traffic even after implementing exceptions. It requires more learning in this area.
For how long have I used the solution?
I have been using the solution for two years.
What do I think about the stability of the solution?
I would rate the stability as a nine out of ten. It is very stable.
What do I think about the scalability of the solution?
The product is scalable, and I would rate it as a nine out of ten for scalability.
How are customer service and support?
The customer support is good and they are responsive. I would rate them an eight out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I used Barracuda before switching to this solution.
How was the initial setup?
The initial setup was straightforward.
What about the implementation team?
I led the implementation within my company, with support from them. There was no third-party service involved for training or support.
What was our ROI?
Using this solution provides financial benefits by securing from server attacks, which offers indirect savings. The percentage of budget savings can range from 30% to 40% for online businesses and five to ten percent for in-house processes.
What's my experience with pricing, setup cost, and licensing?
The price is competitively good, although it is a bit on the higher side. I would rate the price a seven out of ten.
Which other solutions did I evaluate?
We evaluated a couple of other products, however, this one suited our pricing and network flexibility.
What other advice do I have?
I would recommend this product to online businesses and infrastructures with more than 250 users.
I'd rate the solution eight out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Other
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Nov 8, 2024
Flag as inappropriateCo-Founder & Managing Director at a comms service provider with 1-10 employees
Used for detecting network-based threats like ransomware or illicit communications with external endpoints
Pros and Cons
- "A very useful feature in Darktrace for real-time threat analysis is the packet inspection that analyzes the packet traffic in real time."
- "Darktrace could expand into EDR (endpoint detection and response) and combine it with its network detection."
What is our primary use case?
Darktrace is used for detecting network-based threats like ransomware in the early stage or illicit communications with external endpoints.
What is most valuable?
A very useful feature in Darktrace for real-time threat analysis is the packet inspection that analyzes the packet traffic in real time. Data acquisition is the source rather than tapping the data downstream after some processing.
What needs improvement?
Darktrace could expand into EDR (endpoint detection and response) and combine it with its network detection. They could thereby have a more holistic knowledge of the system through network information or through visibility into the operating system of the endpoints.
For how long have I used the solution?
I have been working with Darktrace for four years.
What do I think about the stability of the solution?
Darktrace is a very stable solution.
What do I think about the scalability of the solution?
Darktrace is a very scalable solution. Our clients for Darktrace are enterprise customers.
How are customer service and support?
The solution’s technical support is very good.
How would you rate customer service and support?
Positive
How was the initial setup?
The solution’s initial setup is very straightforward.
What about the implementation team?
The solution's deployment time depends on the complexity of the network. For some huge networks, you need to tap the right resources and measure the system to acquire all the required traffic. The deployment is very straightforward in smaller networks where you have to connect to only one switch.
What's my experience with pricing, setup cost, and licensing?
Darktrace is quite an expensive solution. Users need to pay a yearly licensing fee for the solution.
What other advice do I have?
Darktrace has improved our client's organization's threat detection and response capabilities. Darktrace has helped users intercept and stop ransomware attack attempts in the very early stage, within a couple of minutes of its detection Autonomous response is a very good and useful feature that differentiates Darktrace from other solutions.
One person can easily maintain the solution. Darktrace easily integrates with our client's IT infrastructure solutions, like Microsoft 365, CrowdStrike, and Palo Alto firewalls. Darktrace has impacted our clients' incident response time to be very quick.
Darktrace is an autonomous solution. Users have to ensure they present all the traffic to the tool so it can intercept threats and not have hidden spots in their networks.
Overall, I rate Darktrace a nine out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Buyer's Guide
Download our free Darktrace Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Product Categories
Extended Detection and Response (XDR) Email Security Intrusion Detection and Prevention Software (IDPS) Network Traffic Analysis (NTA) Network Detection and Response (NDR) AI-Powered Chatbots Cloud Security Posture Management (CSPM) Cloud-Native Application Protection Platforms (CNAPP) Attack Surface Management (ASM) AI-Powered Cybersecurity PlatformsPopular Comparisons
CrowdStrike Falcon
Wazuh
SentinelOne Singularity Complete
Cortex XDR by Palo Alto Networks
Vectra AI
Trend Vision One
Cynet
Rapid7 InsightIDR
NetWitness NDR
Stellar Cyber Open XDR
Fidelis Elevate
Adlumin Cybersecurity
LogRhythm UEBA
Secureworks Taegis XDR
Buyer's Guide
Download our free Darktrace Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- I'm building a next-gen AI powered threat intelligence platform. What's missing from existing solutions?
- Which is better - SentinelOne or Darktrace?
- What are the pros and cons of Darktrace vs CrowdStrike Falcon vs alternative EPP solutions?
- Which alternative solutions (other than Darktrace) do you recommend for an SMB?
- How does Crowdstrike Falcon compare with Darktrace?
- What is the best EDR or XDR product for a company with 9000 employees?
- When evaluating Extended Detection and Response (XDR), what aspect do you think is the most important to look for?
- How do you decide about the alert severity in your Security Operations Center (SOC)?
- Which is better for Endpoint Security: EDR or XDR solutions?
- What are the main differences between XDR and SIEM?