Darktrace is used for detecting network-based threats like ransomware in the early stage or illicit communications with external endpoints.
Co-Founder & Managing Director at a comms service provider with 1-10 employees
Used for detecting network-based threats like ransomware or illicit communications with external endpoints
Pros and Cons
- "A very useful feature in Darktrace for real-time threat analysis is the packet inspection that analyzes the packet traffic in real time."
- "Darktrace could expand into EDR (endpoint detection and response) and combine it with its network detection."
What is our primary use case?
What is most valuable?
A very useful feature in Darktrace for real-time threat analysis is the packet inspection that analyzes the packet traffic in real time. Data acquisition is the source rather than tapping the data downstream after some processing.
What needs improvement?
Darktrace could expand into EDR (endpoint detection and response) and combine it with its network detection. They could thereby have a more holistic knowledge of the system through network information or through visibility into the operating system of the endpoints.
For how long have I used the solution?
I have been working with Darktrace for four years.
Buyer's Guide
Darktrace
November 2024
Learn what your peers think about Darktrace. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.
What do I think about the stability of the solution?
Darktrace is a very stable solution.
What do I think about the scalability of the solution?
Darktrace is a very scalable solution. Our clients for Darktrace are enterprise customers.
How are customer service and support?
The solution’s technical support is very good.
How would you rate customer service and support?
Positive
How was the initial setup?
The solution’s initial setup is very straightforward.
What about the implementation team?
The solution's deployment time depends on the complexity of the network. For some huge networks, you need to tap the right resources and measure the system to acquire all the required traffic. The deployment is very straightforward in smaller networks where you have to connect to only one switch.
What's my experience with pricing, setup cost, and licensing?
Darktrace is quite an expensive solution. Users need to pay a yearly licensing fee for the solution.
What other advice do I have?
Darktrace has improved our client's organization's threat detection and response capabilities. Darktrace has helped users intercept and stop ransomware attack attempts in the very early stage, within a couple of minutes of its detection Autonomous response is a very good and useful feature that differentiates Darktrace from other solutions.
One person can easily maintain the solution. Darktrace easily integrates with our client's IT infrastructure solutions, like Microsoft 365, CrowdStrike, and Palo Alto firewalls. Darktrace has impacted our clients' incident response time to be very quick.
Darktrace is an autonomous solution. Users have to ensure they present all the traffic to the tool so it can intercept threats and not have hidden spots in their networks.
Overall, I rate Darktrace a nine out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Assistant Manager - IT and Innovation at a financial services firm with 51-200 employees
We can integrate it with our firewall to automatically block things
Pros and Cons
- "We allow customers to access our Wi-Fi as guests, and some of them were going to restricted sites. Darktrace showed us what they were doing so we could block them."
- "I was under impression that Darktrace's automatic blocking would be an out-of-the-box feature, but we had to integrate it with our firewall to get it to block automatically. The salesperson should be upfront and explain that you need to integrate it with your network. I would also like to see more reporting on risk. Banks in my region want to see at a glance the risk level of various assets."
What is our primary use case?
We use Darktrace to monitor our network and block URLs from certain countries. Darktrace is integrated with our firewall, so the blocking is automatic.
How has it helped my organization?
We allow customers to access our Wi-Fi as guests, and some of them were going to restricted sites. Darktrace showed us what they were doing so we could block them.
What is most valuable?
Darktrace blocks any new scanning tools that are detected on your system.
What needs improvement?
I was under impression that Darktrace's automatic blocking would be an out-of-the-box feature, but we had to integrate it with our firewall to get it to block automatically. The salesperson should be upfront and explain that you need to integrate it with your network. I would also like to see more reporting on risk. Banks in my region want to see at a glance the risk level of various assets.
For how long have I used the solution?
We have used Darktrace for about six months.
What do I think about the stability of the solution?
Darktrace is highly stable. We haven't had any downtime except for a power outage last year.
How are customer service and support?
We reported one case, and Darktrace support responded right away. They assigned us an account executive who contacts us at least once monthly to discuss any outstanding issues.
How was the initial setup?
Setting up Darktrace was pretty straightforward. We had to open the port that is plugged into the switch. The whole process was done in under five minutes. You plug in the device and turn it on.
What was our ROI?
Darktrace has helped us identify gaps in our system.
What's my experience with pricing, setup cost, and licensing?
Darktrace is pricey, but the price is reasonable for what the solution does, and it's comparable to other products.
What other advice do I have?
I rate Darktrace 8.5 out of 10. I recommend doing a proof of concept to see what you're getting. We got good results. During the POC, Darktrace showed us lots of things we didn't know about.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Darktrace
November 2024
Learn what your peers think about Darktrace. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.
Network Security Engineer at Social Security Commission
Can be deployed in half a day and is scalable
Pros and Cons
- "I have found the automation and AI features to be valuable. If someone were to come in to the office at midnight and log in, Darktrace would flag it."
- "It takes time to go through the interface and pick up things. If it were a more straightforward interface, then it would free up time."
What is our primary use case?
We have a layered approach to our cyber security. We have unified threat management and use several solutions such as Kaspersky, FortiGate, and Mimecast. However, we felt that we needed something on top of all of these and decided to go with Darktrace. We only have one in-house IT security person and were looking for a solution like Darktrace that was more automated.
What is most valuable?
I have found the automation and AI features to be valuable. If someone were to come in to the office at midnight and log in, Darktrace would flag it.
What needs improvement?
It takes time to go through the interface and pick up things. If it were a more straightforward interface, then it would free up time.
For how long have I used the solution?
We did a proof of concept with Darktrace for a year.
What do I think about the scalability of the solution?
It is a scalable solution.
How are customer service and support?
Darktrace's technical support staff were responsive. We did not have to wait long for feedback on anything.
How was the initial setup?
We were able to deploy it in half a day. One person can handle the maintenance of the solution.
What about the implementation team?
We implemented the solution with the help of Darktrace representatives.
What's my experience with pricing, setup cost, and licensing?
We had an issue with pricing initially and had to cancel some of the features of the projects to fit the budget. I would like to see pricing that is not broken up into parts so that we can buy the whole package once.
Darktrace is more expensive than an average solution, but it's functionality won't match that of an average solution.
What other advice do I have?
I would rate Darktrace at nine out of ten. It is a growing product that helps with an ever changing threat landscape. Traditional endpoint antivirus solutions will not be able to keep up.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Security & Infrastructure Architect at a retailer with 10,001+ employees
Built-in AI analytics helps give you total visibility of your architecture assets
Pros and Cons
- "AI analytics are built directly into the product."
- "It is a very simple product to use."
- "A reporting portal could be a great addition to help customize reports."
What is our primary use case?
I am working with Darktrace in concert with F5, Tufin, and SAP security products.
What is most valuable?
One of the things I like most about Darktrace is the fact that it has AI analytics built into it. That merger allows us to have a look at the way that things are working within our company. The fact that it is self-learning is a benefit that has given me 100% visibility across the cloud, my SaaS (Software as a Service) providers, my Office 365 services, within my data center, and also on-premises.
We are also working with Darktrace on their alpha and beta testing for endpoint security. That is a model that we are thinking about incorporating later.
Another thing I really like is that it is a very simple product to use. It is very logical and it works beautifully.
What needs improvement?
The product is really excellent all around and I can not fault it. The only thing that I can think of that would improve it would be if they had a better visualization and a reporting portal.
What I mean by better visualization is it could help map our services and endpoints in a better way. At the moment it is fairly complex in the way that it represents our network devices. It would help if there was in a slightly more logical way of visualizing the assets as opposed to the way it is currently being done.
We are talking to Dartrace at the moment about putting in a reporting portal so we can have technical reports separate from management reports. Some of our management gets information in reports that they do not need to see. When they see it they will not understand what it means. Targeting — or customizing — the reports that we make can allow us to have the content fit what the recipient needs to see without distracting extras.
Apart from those potential additions, this product is absolutely excellent. It has given us everything we have wanted. Darktrace, as a company, has been really good. Our account manager is totally responsive. The support teams have been really conscientious.
Fingers crossed. So far Darktrace has proven to be a great asset.
For how long have I used the solution?
We have been using Darktrace for about four-and-a-half years now.
What do I think about the scalability of the solution?
The scalability of Darktrace is excellent. If we want to increase the IP count it is just a matter of negotiating the licenses. We have already upgraded to the largest model of their hardware, and scaling is nice and simple in that situation.
How are customer service and technical support?
The technical support people have been good. They understand exactly what we need every time. So I am very happy about that.
If you ask a question and support can not answer straight away, they will say that they will be back to you within 'X' number of hours. Then they actually do it, which is not something that you get a lot of in technical support teams. Normally people do not stick to what they say they are going to do.
How was the initial setup?
Our deployment took probably the best part of three months. But the amount of time was more a matter of our constraints, not a problem with Darktrace and the difficulty of deployment. We are operating in 13 countries and it was the scale of it that took additional time. Smaller deployments will take less time.
What other advice do I have?
If someone asked me for advice about the product I would definitely highly recommend it to those who need this type of solution. It is really good. It has given us a view of our company and it has actually caught a couple of people that were doing data exfiltration and stealing data from our company. We caught them doing it in the act in live time, which is just incredible.
On the scale from one to ten where one is the worst and ten is the best, I would definitely rate this product at the moment as a ten. It is a perfect solution for our needs.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Information Security Program Manager at a non-profit with 11-50 employees
Useful traffic tracing, good support, and beneficial anomaly alerts
Pros and Cons
- "Darktrace's most valuable features are that it understands the network environment and is able to trace the traffic and alert on anomalies."
- "I did not use the AI features because they should make it more user-friendly which would be a benefit. Additionally, the solution could integrate with more SIEM or SOAR tools."
What is our primary use case?
Darktrace is used for lateral entry investigations, lateral movement investigations, behavioral anomalies from end users, and endpoint detection.
How has it helped my organization?
Darktrace has helped our organization by troubleshooting a few issues that were happening in the environment. It was able to see the traffic between the two network components.
What is most valuable?
Darktrace's most valuable features are that it understands the network environment and is able to trace the traffic and alert on anomalies.
What needs improvement?
I did not use the AI features because they should make it more user-friendly which would be a benefit. Additionally, the solution could integrate with more SIEM or SOAR tools.
For how long have I used the solution?
I have been using Darktrace for approximately two and a have years.
What do I think about the stability of the solution?
Darktrace is stable. We had it set up to where it was redundant. If one sensor went offline, we had another sensor that was constantly monitoring, and it worked well for us.
What do I think about the scalability of the solution?
The scalability of Darktrace was very good.
We had a license for five users, but we had two that were working on it on a daily basis.
How are customer service and support?
We used Darktrace's technical support to help with the setup and with implementation.
I rate the support from Darktrace a four out of five.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I did not use a similar solution prior to Darktrace.
How was the initial setup?
The initial setup of Darktrace was straightforward, but we used professional services to do it.
What about the implementation team?
We used professional services for the implementation of Darktrace.
What was our ROI?
We received a return on investment using Darktrace.
Which other solutions did I evaluate?
We evaluated other solutions prior to using Darktrace.
What other advice do I have?
My advice to others is they have to understand that the solution is looking for behavioral anomalies, and it is going to take tuning to achieve this. It's not a set-it-and-forget-it solution. You have to monitor, update, and optimize it for your environment.
I rate Darktrace an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Head of Infrastructure, Security and Communications at a construction company with 5,001-10,000 employees
Easy to set up with good integration capabilities and useful UI
Pros and Cons
- "We have found the product to be stable and issue-free."
- "We'd like threat hunting, and we'd like to see a global solution that can automate vulnerability scans. I know it is something they are working on."
What is our primary use case?
We're using it in a complete security solution yet still within a different product that Darktrace has that's related to the network or email.
What is most valuable?
The most valuable aspect of the product would be that it's a product that is quite easy to integrate. It's quite easy to start working with it, which is working well. The concept of artificial intelligence that is behind the solution is the most interesting feature for us.
The sense of detection and monitoring and topics within security is good.
It was easy to set up the product.
We have found the product to be stable and issue-free.
It is scalable.
What needs improvement?
We need them to ensure they will detect new attacks and pick up anomalies.
We, of course, would love more threat intelligence, and more integration with vulnerability scanners. We'd like threat hunting, and we'd like to see a global solution that can automate vulnerability scans. I know it is something they are working on.
They're working in different modules that could be related to threat intelligence and to the tech vulnerabilities or functionalities related to EDR.
For how long have I used the solution?
We've been working with the solution for the last couple of years.
What do I think about the stability of the solution?
We've had no issues with stability. It's reliable. There are no bugs or glitches. It doesn't crash or freeze.
What do I think about the scalability of the solution?
It is scalable and easily expands.
The whole of the organization leverages the product, however, I do not have a clear picture of how many people we are working it. That said, we have a company of 2,000.
How are customer service and support?
I've dealt with technical support in the past. I found them to be helpful.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We did previously use a different solution. That said, I don't remember what it was called.
How was the initial setup?
The product is easy to set up.
After deployment, we spent three months, which is the time that this solution needs to learn about what's happening in our network. In one day, once we had defined all the configurations and once they have been seen on the appliance, we were able to start running it.
It's an easy product to maintain.
What about the implementation team?
We handled the initial setup ourselves. We did not need any outside assistance from integrators or consultants.
What's my experience with pricing, setup cost, and licensing?
The pricing is okay. I'd rate it seven out of ten in terms of affordability.
You have different modules which you have to pay for. If you want to expand functionality, it ends up costing more.
Which other solutions did I evaluate?
Looked at Microsoft, Proofpoint, and Minecraft when we were looking into Darktrace. We decided on this product based on the available features.
What other advice do I have?
We are using the last version of the solution, although I don't know the exact version number. We plan to upgrade in the next couple of weeks. We might be on version five, with the latest being six.
This is something that is really easy to implement in an organization. It gives us good visibility about what is happening in our networks, and on the system. We like the transparency available within our infrastructure now. We can also personalize it to fit our needs. You can either choose plug and play or you can go deeper. They have artificial intelligence you can start working with. You can define more by leveraging modules. Overall, it's very interesting.
I'd rate the solution eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Engineer at a real estate/law firm with 1,001-5,000 employees
Provides a higher level of threat detection, detects any type of attack, and very useful for an autonomous response
Pros and Cons
- "The Antigena feature is most valuable. Once it learns your environment, Antigena can step in and block a denial of service attack, a ransomware attack, or just about anything that doesn't belong in the environment. It can detect any type of attack that hits the environment because it understands what normal looks like for the network. It is very useful for an autonomous response."
- "They just need to make it a little bit more accurate as far as their alerts are concerned. It does generate some false positives that you have to tune. You have to do a lot of tuning when you first get it because of the false positives, but once it is all tuned up and ready to go, it will do its thing from there."
What is our primary use case?
We use it to protect IoT devices. Darktrace does network traffic analysis. So, by analyzing all traffic patterns in your environment, you can detect any type of anomalous activity, as far as the network is concerned.
I have been using its latest version. Its deployment depends on the environment. It can do sensors in the cloud, and it can also do on-prem.
How has it helped my organization?
It provided a higher level of threat detection.
What is most valuable?
The Antigena feature is most valuable. Once it learns your environment, Antigena can step in and block a denial of service attack, a ransomware attack, or just about anything that doesn't belong in the environment. It can detect any type of attack that hits the environment because it understands what normal looks like for the network. It is very useful for an autonomous response.
What needs improvement?
They just need to make it a little bit more accurate as far as their alerts are concerned. It does generate some false positives that you have to tune. You have to do a lot of tuning when you first get it because of the false positives, but once it is all tuned up and ready to go, it will do its thing from there.
For how long have I used the solution?
I used it for about a year.
What do I think about the stability of the solution?
It is a very stable product. We didn't have any issues.
What do I think about the scalability of the solution?
It has sensors that you can install. So, it can scale on-prem and off-prem in the cloud.
It is being used extensively. We have 2,000 employees. We use it to protect IoT devices. We also use it to protect Windows servers, desktops, and laptops. Its usage would increase if the net grows, but it's probably not going to grow too much bigger than 2,000 employees.
How are customer service and technical support?
The support from Darktrace is very helpful.
Which solution did I use previously and why did I switch?
We didn't use any other solution previously.
How was the initial setup?
It was pretty straightforward. You just monitor everything from your core switch. It monitors everything in and out.
We got it up in half an hour, but it still has to learn. You still have to give it some time to learn about the environment, and that's usually going to be at least two weeks.
What about the implementation team?
We brought in their guy to the site. In terms of maintenance, it is automatically set up to reach out to their website and pull down updates and stuff. We don't have to worry about that too much.
What's my experience with pricing, setup cost, and licensing?
It was $3,600 a month or $2,000 plus or so. I am not sure.
Its licensing is pretty simple.
Which other solutions did I evaluate?
We were thinking about getting another solution called Vector, but we didn't. We brought Darktrace in.
What other advice do I have?
Darktrace is a pretty good company. The only thing that they need to really work on is just being able to get rid of some of those false positives. Once the solution is tuned up, it pretty much just runs.
I would advise making sure that you do a really good PoC of the product so that you can be sure that it makes sense in your environment.
I would rate it a nine out of 10.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Cybersecurity Architecture Manager at Banco de Chile
A stable and scalable solution for investigating cases
Pros and Cons
- "It is a stable solution."
- "It can have more integration with orchestration or event management solutions. They can provide more knowledge or research information for analysts for investigating cases and detecting anomalies in networks."
What is our primary use case?
We mostly use it for investigating cases. It is deployed on-premises. We have some new projects for this year to extend Darktrace to the cloud.
What is most valuable?
It is a stable solution.
What needs improvement?
It can have more integration with orchestration or event management solutions. They can provide more knowledge or research information for analysts for investigating cases and detecting anomalies in networks.
For how long have I used the solution?
I have been using this solution for a year.
What do I think about the stability of the solution?
It is a stable solution. We don't have any problems with that.
What do I think about the scalability of the solution?
It has got good scalability, but you need to buy many appliances to scale it. We have ten users of this solution from the incident response team.
How are customer service and technical support?
We don't directly raise tickets with Darktrace. We use a local partner for support.
Which solution did I use previously and why did I switch?
We didn't use any other solution previously. We are trying to introduce ExtraHop. The main difference is the capacity and the ability to see encrypted traffic.
How was the initial setup?
It is not a complex setup, but it requires a lot of time. It took two or three months the first time, but it was a very smart installation.
What about the implementation team?
We have a partner.
What's my experience with pricing, setup cost, and licensing?
It is expensive. I don't have the price for other competitors.
What other advice do I have?
I would recommend this solution. You need to have a good plan for its initial installation. It requires a lot of work in the network.
I would rate Darktrace an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Darktrace Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Product Categories
Extended Detection and Response (XDR) Email Security Intrusion Detection and Prevention Software (IDPS) Network Traffic Analysis (NTA) Network Detection and Response (NDR) AI-Powered Chatbots Cloud Security Posture Management (CSPM) Cloud-Native Application Protection Platforms (CNAPP) Attack Surface Management (ASM) AI-Powered Cybersecurity PlatformsPopular Comparisons
CrowdStrike Falcon
Wazuh
SentinelOne Singularity Complete
Cortex XDR by Palo Alto Networks
Vectra AI
Trend Vision One
Cynet
Rapid7 InsightIDR
NetWitness NDR
Stellar Cyber Open XDR
Fidelis Elevate
LogRhythm UEBA
Adlumin Cybersecurity
Bitdefender GravityZone Extended Detection and Response (XDR)
Buyer's Guide
Download our free Darktrace Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- I'm building a next-gen AI powered threat intelligence platform. What's missing from existing solutions?
- Which is better - SentinelOne or Darktrace?
- What are the pros and cons of Darktrace vs CrowdStrike Falcon vs alternative EPP solutions?
- Which alternative solutions (other than Darktrace) do you recommend for an SMB?
- How does Crowdstrike Falcon compare with Darktrace?
- What is the best EDR or XDR product for a company with 9000 employees?
- When evaluating Extended Detection and Response (XDR), what aspect do you think is the most important to look for?
- How do you decide about the alert severity in your Security Operations Center (SOC)?
- Which is better for Endpoint Security: EDR or XDR solutions?
- What are the main differences between XDR and SIEM?