Darktrace is used for detecting network-based threats like ransomware in the early stage or illicit communications with external endpoints.
Co-Founder & Managing Director at a comms service provider with 1-10 employees
Used for detecting network-based threats like ransomware or illicit communications with external endpoints
Pros and Cons
- "A very useful feature in Darktrace for real-time threat analysis is the packet inspection that analyzes the packet traffic in real time."
- "Darktrace could expand into EDR (endpoint detection and response) and combine it with its network detection."
What is our primary use case?
What is most valuable?
A very useful feature in Darktrace for real-time threat analysis is the packet inspection that analyzes the packet traffic in real time. Data acquisition is the source rather than tapping the data downstream after some processing.
What needs improvement?
Darktrace could expand into EDR (endpoint detection and response) and combine it with its network detection. They could thereby have a more holistic knowledge of the system through network information or through visibility into the operating system of the endpoints.
For how long have I used the solution?
I have been working with Darktrace for four years.
Buyer's Guide
Darktrace
November 2024
Learn what your peers think about Darktrace. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,763 professionals have used our research since 2012.
What do I think about the stability of the solution?
Darktrace is a very stable solution.
What do I think about the scalability of the solution?
Darktrace is a very scalable solution. Our clients for Darktrace are enterprise customers.
How are customer service and support?
The solution’s technical support is very good.
How would you rate customer service and support?
Positive
How was the initial setup?
The solution’s initial setup is very straightforward.
What about the implementation team?
The solution's deployment time depends on the complexity of the network. For some huge networks, you need to tap the right resources and measure the system to acquire all the required traffic. The deployment is very straightforward in smaller networks where you have to connect to only one switch.
What's my experience with pricing, setup cost, and licensing?
Darktrace is quite an expensive solution. Users need to pay a yearly licensing fee for the solution.
What other advice do I have?
Darktrace has improved our client's organization's threat detection and response capabilities. Darktrace has helped users intercept and stop ransomware attack attempts in the very early stage, within a couple of minutes of its detection Autonomous response is a very good and useful feature that differentiates Darktrace from other solutions.
One person can easily maintain the solution. Darktrace easily integrates with our client's IT infrastructure solutions, like Microsoft 365, CrowdStrike, and Palo Alto firewalls. Darktrace has impacted our clients' incident response time to be very quick.
Darktrace is an autonomous solution. Users have to ensure they present all the traffic to the tool so it can intercept threats and not have hidden spots in their networks.
Overall, I rate Darktrace a nine out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Assistant Manager - IT and Innovation at a financial services firm with 51-200 employees
We can integrate it with our firewall to automatically block things
Pros and Cons
- "We allow customers to access our Wi-Fi as guests, and some of them were going to restricted sites. Darktrace showed us what they were doing so we could block them."
- "I was under impression that Darktrace's automatic blocking would be an out-of-the-box feature, but we had to integrate it with our firewall to get it to block automatically. The salesperson should be upfront and explain that you need to integrate it with your network. I would also like to see more reporting on risk. Banks in my region want to see at a glance the risk level of various assets."
What is our primary use case?
We use Darktrace to monitor our network and block URLs from certain countries. Darktrace is integrated with our firewall, so the blocking is automatic.
How has it helped my organization?
We allow customers to access our Wi-Fi as guests, and some of them were going to restricted sites. Darktrace showed us what they were doing so we could block them.
What is most valuable?
Darktrace blocks any new scanning tools that are detected on your system.
What needs improvement?
I was under impression that Darktrace's automatic blocking would be an out-of-the-box feature, but we had to integrate it with our firewall to get it to block automatically. The salesperson should be upfront and explain that you need to integrate it with your network. I would also like to see more reporting on risk. Banks in my region want to see at a glance the risk level of various assets.
For how long have I used the solution?
We have used Darktrace for about six months.
What do I think about the stability of the solution?
Darktrace is highly stable. We haven't had any downtime except for a power outage last year.
How are customer service and support?
We reported one case, and Darktrace support responded right away. They assigned us an account executive who contacts us at least once monthly to discuss any outstanding issues.
How was the initial setup?
Setting up Darktrace was pretty straightforward. We had to open the port that is plugged into the switch. The whole process was done in under five minutes. You plug in the device and turn it on.
What was our ROI?
Darktrace has helped us identify gaps in our system.
What's my experience with pricing, setup cost, and licensing?
Darktrace is pricey, but the price is reasonable for what the solution does, and it's comparable to other products.
What other advice do I have?
I rate Darktrace 8.5 out of 10. I recommend doing a proof of concept to see what you're getting. We got good results. During the POC, Darktrace showed us lots of things we didn't know about.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Darktrace
November 2024
Learn what your peers think about Darktrace. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,763 professionals have used our research since 2012.
Network Security Engineer at Social Security Commission
Can be deployed in half a day and is scalable
Pros and Cons
- "I have found the automation and AI features to be valuable. If someone were to come in to the office at midnight and log in, Darktrace would flag it."
- "It takes time to go through the interface and pick up things. If it were a more straightforward interface, then it would free up time."
What is our primary use case?
We have a layered approach to our cyber security. We have unified threat management and use several solutions such as Kaspersky, FortiGate, and Mimecast. However, we felt that we needed something on top of all of these and decided to go with Darktrace. We only have one in-house IT security person and were looking for a solution like Darktrace that was more automated.
What is most valuable?
I have found the automation and AI features to be valuable. If someone were to come in to the office at midnight and log in, Darktrace would flag it.
What needs improvement?
It takes time to go through the interface and pick up things. If it were a more straightforward interface, then it would free up time.
For how long have I used the solution?
We did a proof of concept with Darktrace for a year.
What do I think about the scalability of the solution?
It is a scalable solution.
How are customer service and support?
Darktrace's technical support staff were responsive. We did not have to wait long for feedback on anything.
How was the initial setup?
We were able to deploy it in half a day. One person can handle the maintenance of the solution.
What about the implementation team?
We implemented the solution with the help of Darktrace representatives.
What's my experience with pricing, setup cost, and licensing?
We had an issue with pricing initially and had to cancel some of the features of the projects to fit the budget. I would like to see pricing that is not broken up into parts so that we can buy the whole package once.
Darktrace is more expensive than an average solution, but it's functionality won't match that of an average solution.
What other advice do I have?
I would rate Darktrace at nine out of ten. It is a growing product that helps with an ever changing threat landscape. Traditional endpoint antivirus solutions will not be able to keep up.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Senior Security & Infrastructure Architect at a retailer with 10,001+ employees
Built-in AI analytics helps give you total visibility of your architecture assets
Pros and Cons
- "AI analytics are built directly into the product."
- "It is a very simple product to use."
- "A reporting portal could be a great addition to help customize reports."
What is our primary use case?
I am working with Darktrace in concert with F5, Tufin, and SAP security products.
What is most valuable?
One of the things I like most about Darktrace is the fact that it has AI analytics built into it. That merger allows us to have a look at the way that things are working within our company. The fact that it is self-learning is a benefit that has given me 100% visibility across the cloud, my SaaS (Software as a Service) providers, my Office 365 services, within my data center, and also on-premises.
We are also working with Darktrace on their alpha and beta testing for endpoint security. That is a model that we are thinking about incorporating later.
Another thing I really like is that it is a very simple product to use. It is very logical and it works beautifully.
What needs improvement?
The product is really excellent all around and I can not fault it. The only thing that I can think of that would improve it would be if they had a better visualization and a reporting portal.
What I mean by better visualization is it could help map our services and endpoints in a better way. At the moment it is fairly complex in the way that it represents our network devices. It would help if there was in a slightly more logical way of visualizing the assets as opposed to the way it is currently being done.
We are talking to Dartrace at the moment about putting in a reporting portal so we can have technical reports separate from management reports. Some of our management gets information in reports that they do not need to see. When they see it they will not understand what it means. Targeting — or customizing — the reports that we make can allow us to have the content fit what the recipient needs to see without distracting extras.
Apart from those potential additions, this product is absolutely excellent. It has given us everything we have wanted. Darktrace, as a company, has been really good. Our account manager is totally responsive. The support teams have been really conscientious.
Fingers crossed. So far Darktrace has proven to be a great asset.
For how long have I used the solution?
We have been using Darktrace for about four-and-a-half years now.
What do I think about the scalability of the solution?
The scalability of Darktrace is excellent. If we want to increase the IP count it is just a matter of negotiating the licenses. We have already upgraded to the largest model of their hardware, and scaling is nice and simple in that situation.
How are customer service and technical support?
The technical support people have been good. They understand exactly what we need every time. So I am very happy about that.
If you ask a question and support can not answer straight away, they will say that they will be back to you within 'X' number of hours. Then they actually do it, which is not something that you get a lot of in technical support teams. Normally people do not stick to what they say they are going to do.
How was the initial setup?
Our deployment took probably the best part of three months. But the amount of time was more a matter of our constraints, not a problem with Darktrace and the difficulty of deployment. We are operating in 13 countries and it was the scale of it that took additional time. Smaller deployments will take less time.
What other advice do I have?
If someone asked me for advice about the product I would definitely highly recommend it to those who need this type of solution. It is really good. It has given us a view of our company and it has actually caught a couple of people that were doing data exfiltration and stealing data from our company. We caught them doing it in the act in live time, which is just incredible.
On the scale from one to ten where one is the worst and ten is the best, I would definitely rate this product at the moment as a ten. It is a perfect solution for our needs.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Information Security Program Manager at a non-profit with 11-50 employees
Useful traffic tracing, good support, and beneficial anomaly alerts
Pros and Cons
- "Darktrace's most valuable features are that it understands the network environment and is able to trace the traffic and alert on anomalies."
- "I did not use the AI features because they should make it more user-friendly which would be a benefit. Additionally, the solution could integrate with more SIEM or SOAR tools."
What is our primary use case?
Darktrace is used for lateral entry investigations, lateral movement investigations, behavioral anomalies from end users, and endpoint detection.
How has it helped my organization?
Darktrace has helped our organization by troubleshooting a few issues that were happening in the environment. It was able to see the traffic between the two network components.
What is most valuable?
Darktrace's most valuable features are that it understands the network environment and is able to trace the traffic and alert on anomalies.
What needs improvement?
I did not use the AI features because they should make it more user-friendly which would be a benefit. Additionally, the solution could integrate with more SIEM or SOAR tools.
For how long have I used the solution?
I have been using Darktrace for approximately two and a have years.
What do I think about the stability of the solution?
Darktrace is stable. We had it set up to where it was redundant. If one sensor went offline, we had another sensor that was constantly monitoring, and it worked well for us.
What do I think about the scalability of the solution?
The scalability of Darktrace was very good.
We had a license for five users, but we had two that were working on it on a daily basis.
How are customer service and support?
We used Darktrace's technical support to help with the setup and with implementation.
I rate the support from Darktrace a four out of five.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I did not use a similar solution prior to Darktrace.
How was the initial setup?
The initial setup of Darktrace was straightforward, but we used professional services to do it.
What about the implementation team?
We used professional services for the implementation of Darktrace.
What was our ROI?
We received a return on investment using Darktrace.
Which other solutions did I evaluate?
We evaluated other solutions prior to using Darktrace.
What other advice do I have?
My advice to others is they have to understand that the solution is looking for behavioral anomalies, and it is going to take tuning to achieve this. It's not a set-it-and-forget-it solution. You have to monitor, update, and optimize it for your environment.
I rate Darktrace an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Engineer at a real estate/law firm with 1,001-5,000 employees
Provides a higher level of threat detection, detects any type of attack, and very useful for an autonomous response
Pros and Cons
- "The Antigena feature is most valuable. Once it learns your environment, Antigena can step in and block a denial of service attack, a ransomware attack, or just about anything that doesn't belong in the environment. It can detect any type of attack that hits the environment because it understands what normal looks like for the network. It is very useful for an autonomous response."
- "They just need to make it a little bit more accurate as far as their alerts are concerned. It does generate some false positives that you have to tune. You have to do a lot of tuning when you first get it because of the false positives, but once it is all tuned up and ready to go, it will do its thing from there."
What is our primary use case?
We use it to protect IoT devices. Darktrace does network traffic analysis. So, by analyzing all traffic patterns in your environment, you can detect any type of anomalous activity, as far as the network is concerned.
I have been using its latest version. Its deployment depends on the environment. It can do sensors in the cloud, and it can also do on-prem.
How has it helped my organization?
It provided a higher level of threat detection.
What is most valuable?
The Antigena feature is most valuable. Once it learns your environment, Antigena can step in and block a denial of service attack, a ransomware attack, or just about anything that doesn't belong in the environment. It can detect any type of attack that hits the environment because it understands what normal looks like for the network. It is very useful for an autonomous response.
What needs improvement?
They just need to make it a little bit more accurate as far as their alerts are concerned. It does generate some false positives that you have to tune. You have to do a lot of tuning when you first get it because of the false positives, but once it is all tuned up and ready to go, it will do its thing from there.
For how long have I used the solution?
I used it for about a year.
What do I think about the stability of the solution?
It is a very stable product. We didn't have any issues.
What do I think about the scalability of the solution?
It has sensors that you can install. So, it can scale on-prem and off-prem in the cloud.
It is being used extensively. We have 2,000 employees. We use it to protect IoT devices. We also use it to protect Windows servers, desktops, and laptops. Its usage would increase if the net grows, but it's probably not going to grow too much bigger than 2,000 employees.
How are customer service and technical support?
The support from Darktrace is very helpful.
Which solution did I use previously and why did I switch?
We didn't use any other solution previously.
How was the initial setup?
It was pretty straightforward. You just monitor everything from your core switch. It monitors everything in and out.
We got it up in half an hour, but it still has to learn. You still have to give it some time to learn about the environment, and that's usually going to be at least two weeks.
What about the implementation team?
We brought in their guy to the site. In terms of maintenance, it is automatically set up to reach out to their website and pull down updates and stuff. We don't have to worry about that too much.
What's my experience with pricing, setup cost, and licensing?
It was $3,600 a month or $2,000 plus or so. I am not sure.
Its licensing is pretty simple.
Which other solutions did I evaluate?
We were thinking about getting another solution called Vector, but we didn't. We brought Darktrace in.
What other advice do I have?
Darktrace is a pretty good company. The only thing that they need to really work on is just being able to get rid of some of those false positives. Once the solution is tuned up, it pretty much just runs.
I would advise making sure that you do a really good PoC of the product so that you can be sure that it makes sense in your environment.
I would rate it a nine out of 10.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Enhanced security with automation offers proactive threat mitigation
Pros and Cons
- "The investigative part of Darktrace is valuable, especially the automation features. It allows setting up checks and provides guidance on mitigating situations, which is very useful. There are different modules that you can add to the console for protection."
- "The Darktrace Mobile app needs improvement as it's currently limited in functionality, and the learning AI takes a while to adapt to new devices, flagging new users as threats for up to a month before recognizing them as regular network users."
What is our primary use case?
Normally, when we have a setup, and I log in with any guest, Darktrace blocks us from remotely logging in from within the office network. It ensures that we cannot remote log in anywhere. It is a security system that identifies hacking attempts. Darktrace also integrates with VirusTotal for verification. Additionally, we use the email protection feature.
How has it helped my organization?
Darktrace ensures that we do not have breaches on our systems, and it helps improve our security status before breaches can even reach our system.
What is most valuable?
The investigative part of Darktrace is valuable, especially the automation features. It allows setting up checks and provides guidance on mitigating situations, which is very useful. There are different modules that you can add to the console for protection.
What needs improvement?
The Darktrace Mobile app needs improvement as it's currently limited in functionality, and the learning AI takes a while to adapt to new devices, flagging new users as threats for up to a month before recognizing them as regular network users.
For how long have I used the solution?
I have been using Darktrace for almost a year now.
What do I think about the stability of the solution?
Darktrace is very stable. I can reliably check logs and track what is happening within the system.
What do I think about the scalability of the solution?
The scalability isn't a high priority for us as it mostly deals with system security. It provides necessary features for security enhancement whenever needed.
How are customer service and support?
The support provided by Darktrace is very good. We had issues with Darktrace Mobile, and they assisted us with a solution, even allowing us to test new features.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I joined the current company after Darktrace was already in use, so I do not have information on previous solutions.
How was the initial setup?
The initial setup can be rated as a seven out of ten because it involves going into the console and ensuring that the network settings are correctly configured.
What about the implementation team?
Two people are enough for deployment, provided they know the network settings and configurations.
What was our ROI?
By using Darktrace alongside Mimecast, it has helped improve our security posture by preventing breaches before they reach our system.
What's my experience with pricing, setup cost, and licensing?
I do not have any experience regarding the pricing or setup costs as it was managed by the company administration.
Which other solutions did I evaluate?
I did not have any information on other solutions evaluated prior to Darktrace as they were in use before I joined the company.
What other advice do I have?
Darktrace is a good product to invest in if you can afford it. It provides excellent security features.
I'd rate the solution eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Oct 16, 2024
Flag as inappropriateManager, Information Technology at Coulisse BV
Autonomous response enhances security but interface requires enhancements
Pros and Cons
- "The scalability of Darktrace is very high."
- "The management user interface needs improvement."
What is our primary use case?
We use Darktrace for standard network security, mail security, and SaaS security.
What is most valuable?
NTG is now autonomous response.
What needs improvement?
The management user interface needs improvement. More insights are necessary, and deeper technical experience and knowledge are required to pinpoint actions, breaches, or behavior.
For how long have I used the solution?
We have been using Darktrace for three years.
What do I think about the stability of the solution?
I would rate the stability of the solution as nine.
What do I think about the scalability of the solution?
The scalability of Darktrace is very high. I would rate it eight out of ten.
How are customer service and support?
Technical support is rated at nine out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We used more standard antivirus solutions and firewalling. However, these cannot be compared to an EDR or HDR like Darktrace.
How was the initial setup?
The setup was straightforward and not a problem, even for someone not very technical.
What about the implementation team?
Our service provider did some support there.
What's my experience with pricing, setup cost, and licensing?
The pricing is rated at eight, implying it's considered expensive.
Which other solutions did I evaluate?
We evaluated other options, but they were more like standard antivirus and firewalling, not comparable to Darktrace.
What other advice do I have?
I recommend Darktrace to others if they can afford it.
I'd rate the solution eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Oct 8, 2024
Flag as inappropriateBuyer's Guide
Download our free Darktrace Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Product Categories
Extended Detection and Response (XDR) Email Security Intrusion Detection and Prevention Software (IDPS) Network Traffic Analysis (NTA) Network Detection and Response (NDR) AI-Powered Chatbots Cloud Security Posture Management (CSPM) Cloud-Native Application Protection Platforms (CNAPP) Attack Surface Management (ASM) AI-Powered Cybersecurity PlatformsPopular Comparisons
CrowdStrike Falcon
Microsoft Defender for Endpoint
Cloudflare
Wazuh
Microsoft Defender for Office 365
SentinelOne Singularity Complete
Prisma Cloud by Palo Alto Networks
Microsoft Defender for Cloud
Cortex XDR by Palo Alto Networks
Commvault Cloud
Qualys VMDR
Cisco Secure Email
Proofpoint Email Protection
Tenable Security Center
Buyer's Guide
Download our free Darktrace Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- I'm building a next-gen AI powered threat intelligence platform. What's missing from existing solutions?
- Which is better - SentinelOne or Darktrace?
- What are the pros and cons of Darktrace vs CrowdStrike Falcon vs alternative EPP solutions?
- Which alternative solutions (other than Darktrace) do you recommend for an SMB?
- How does Crowdstrike Falcon compare with Darktrace?
- What is the best EDR or XDR product for a company with 9000 employees?
- When evaluating Extended Detection and Response (XDR), what aspect do you think is the most important to look for?
- How do you decide about the alert severity in your Security Operations Center (SOC)?
- Which is better for Endpoint Security: EDR or XDR solutions?
- What are the main differences between XDR and SIEM?