Darktrace Reviews

It has improved our monitoring capabilities. 

The most valuable feature is the alerts. The alerts are meaningful. The event rolls up into meaningful and actionable alerts rather than just being noise. 

The products is designed to monitor traffic sent and received via the corporate egress /network points.

I would be interested to see further integration or development of a capability to obtain visibility of mobile devices such as Laptops and Mobiles, which operate outside of the network and may communicate specifically when off the corporate network.  

The stability isn't good but I like the product. It's a good product but we need to look into other similar products that operate in the same zone: user behavior analysis and user detection. We need it to be good in comparison. 

We currently have an inner network. We don't have a full-scale deployment. It is on network segment where there are around 5,000 users. The full company would be around 9,000 users if we deployed it across all the subsidiaries. 

Their technical support is good. 

This is the first solution of this type that we've used. During the initial three month trial, we saw a lot of stuff from the product that we were unable to see through the conventional tooling technologies that we had in place. 

The setup was straightforward. It was a matter of hours. It took around two to three hours. 

My advice to someone considering this solution is to install it, conduct a pilot, and see. You need to see how easy it is to implement and you need to add it to install. You need to see what kinds of results it provides and compare it to your existing tool kit. The product demonstrates its actual capabilities when it's actually working. It's difficult to comprehend what it can actually do but it does give you an added level of visibility. 

It has good capabilities. I would rate it an eight out of ten. 

Cross-correlation with the endpoint based activities would be useful, like the ability to look at the deep supervised learning engine of the artificial intelligence unit and being able to take input data from the endpoints in order to apply the rules. It works on supervised learning and rules but I would like to be able to do things on different feeds as well. 

It has a very good graphical user interface. The ability to get a console on the mobile phone and being able to respond and do basic incident response capabilities remotely is also a good feature. 

We use Darktrace for standard network security, mail security, and SaaS security.

NTG is now autonomous response.

The management user interface needs improvement. More insights are necessary, and deeper technical experience and knowledge are required to pinpoint actions, breaches, or behavior.

We have been using Darktrace for three years.

I would rate the stability of the solution as nine.

The scalability of Darktrace is very high. I would rate it eight out of ten.

Technical support is rated at nine out of ten.

Positive

We used more standard antivirus solutions and firewalling. However, these cannot be compared to an EDR or HDR like Darktrace.

The setup was straightforward and not a problem, even for someone not very technical.

Our service provider did some support there.

The pricing is rated at eight, implying it's considered expensive.

We evaluated other options, but they were more like standard antivirus and firewalling, not comparable to Darktrace.

I recommend Darktrace to others if they can afford it.

I'd rate the solution eight out of ten.

Our use cases for Darktrace are intrusion detection in the complete network, including for all the devices connected, detection, emails, email spoofing, and supply chain attacks.

The most valuable Darktrace feature is the cloud protection for all the cloud services, OneDrive, and all the things related to that.

Darkforce could be improved in the range of the interface; how to interact with the actions it's taking or not taking.

I have been using Darktrace for about a year now. 

Darktrace is stable. 

Darktrace is scalable.

The initial setup was quite straightforward. It took us between two and six months. We got shipped an appliance and installed it in the data center. It then started collecting data. We had a few reviews of what it was collecting and what it would do. There was a test phase after which we enabled it, part by part, following a series of reviews.

Right now, 350 users are affected by Darkforce in our organization. It exists in the background, so they are not actively using it.

One member of staff is enough for deployment and maintenance because Darkforce is AI-driven. It does a lot of things by itself. You need to review what it's doing every now and then. You may, for example, need to release an email that was blocked for some reason, but it's quite low maintenance overall.

You do not need an engineer to manage it. It can be managed by a manager as doing so is not super technical. You always have access to Darktrace support, which means their engineers are available help you with the more complex stuff.

Our deployment was done by Darktrace themselves, but they have some partners that also do it. Once you are up and running, you can deploy any additional appliances by yourself.

This is a difficult question and one that was asked of us by the higher ups, but you have to compare the cost with what would happen if there was a breach. It is difficult to articulate a return on investment in hard numbers, but I can see that Darkforce deflects typical attacks and protects users.

I cannot be completely sure what the license cost but it is on a per-user basis. I handle the technical side, so I do not have insight into how much we are paying for it exactly.

I would surely recommend Darkforce. The price might be quite high, but it is really worth it.

Darktrace is used for lateral entry investigations, lateral movement investigations, behavioral anomalies from end users, and endpoint detection.

Darktrace has helped our organization by troubleshooting a few issues that were happening in the environment. It was able to see the traffic between the two network components.

Darktrace's most valuable features are that it understands the network environment and is able to trace the traffic and alert on anomalies.

I did not use the AI features because they should make it more user-friendly which would be a benefit. Additionally, the solution could integrate with more SIEM or SOAR tools.

I have been using Darktrace for approximately two and a have years.

Darktrace is stable. We had it set up to where it was redundant. If one sensor went offline, we had another sensor that was constantly monitoring, and it worked well for us.

The scalability of Darktrace was very good.

We had a license for five users, but we had two that were working on it on a daily basis.

We used Darktrace's technical support to help with the setup and with implementation.

I rate the support from Darktrace a four out of five.

Positive

I did not use a similar solution prior to Darktrace.

The initial setup of Darktrace was straightforward, but we used professional services to do it.

We used professional services for the implementation of Darktrace.

We received a return on investment using Darktrace.

We evaluated other solutions prior to using Darktrace.

My advice to others is they have to understand that the solution is looking for behavioral anomalies, and it is going to take tuning to achieve this. It's not a set-it-and-forget-it solution. You have to monitor, update, and optimize it for your environment.

I rate Darktrace an eight out of ten.

The solution automatically monitors everything on the network to prevent anti-phishing by monitoring, responding, and restoring the system. It prevents data excavation.

The most valuable feature is that it works autonomously. So you only need to look at the exceptions.

The solution can improve the reporting. Currently, it only runs weekly and the reporting is complex. It is more of a network monitoring system, basically AI.

I have been using the solution for four years.

The solution is stable and solid.

The solution is scalable and designed to be enterprise-wide.

Previously we used Intercept X which is more at the virus level endpoint, but Darktrace is an overall network and phishing solution.

The initial setup did not appear complex.  

The implementation was completed by a vendor technician. The setup was simple and took a couple of hours.

The solution is about $6,000 per quarter.

I give the solution ten out of ten.

Our organization has about 50 nodes and there is no maintenance involved because it is self-maintaining. I recommend the solution, it is better than SIM.

We primarily use the solution for network traffic analysis, to identify potential threats running on our customers' ICP environment, and to generate alerts to our SOC.

The Enterprise Immune System, Cyber Artificial Intelligence Analyst, and Antigena technology are all very useful aspects of the product.

The solution is quite stable.

The scalability is great.

The initial setup is simple.

It can always improve here and there, however, in general, it's already quite complete. 

The solution could have better integration capabilities. There aren't so many third-party vendor platforms natively integrated with the platform. 

They need a better-automated response setup.

I've been using the solution for a few years at this point. 

The solution is stable. There are no bugs or glitches. it doesn't crash or freeze. It's reliable. 

I've found the solution's scalability to be very good. It can scale from one endpoint to many thousands of endpoints. We have a lot of implementations that are quite sizable for our customers.

We have 20 to 30 clients on the solution at this time. 

Technical support is fine. That said, we are very skilled and therefore we don't require the help of technical support all that often.

We find the implementation process to be quite painless. We only had to identify the right place in which put the appliances, and then they start learning.

We were able to deploy same day. it's a pretty fast process. 

We have a team dedicated to the delivery that manages Darktrace and other technical solutions and they are in charge of implementation in the customers' ICP environment. More or less, we have more than ten people handling this.

We are capable of handling implementations for our clients. 

Our clients pay a yearly licensing fee. I can't speak to the exact costs involved. We have a variety of clients who have licenses with Darktrace.

We are partners of Darktrace.

We utilize both cloud and on-premises deployments. 

I would recommend the solution to other companies and clients.

I'd rate the product at a ten out of ten.

We mostly use it for investigating cases. It is deployed on-premises. We have some new projects for this year to extend Darktrace to the cloud.

It is a stable solution.

It can have more integration with orchestration or event management solutions. They can provide more knowledge or research information for analysts for investigating cases and detecting anomalies in networks. 

I have been using this solution for a year. 

It is a stable solution. We don't have any problems with that.

It has got good scalability, but you need to buy many appliances to scale it. We have ten users of this solution from the incident response team.

We don't directly raise tickets with Darktrace. We use a local partner for support.

We didn't use any other solution previously. We are trying to introduce ExtraHop. The main difference is the capacity and the ability to see encrypted traffic.

It is not a complex setup, but it requires a lot of time. It took two or three months the first time, but it was a very smart installation.

We have a partner.

It is expensive. I don't have the price for other competitors.

I would recommend this solution. You need to have a good plan for its initial installation. It requires a lot of work in the network.

I would rate Darktrace an eight out of ten.

I'm a customer data security manager and we are looking at replacing our current solution, McAfee, with something like Darktrace or CrowdStrike which will provide the same visibility with the endpoint protection aspect. 

The Ability to drill right down into an event that has been identified as something of interest so that you can be assured if it is a valid event and therefore not suffer from loads of false positives. Once that initial assurance and confidence was there, you could easily rely on the dashboard and minimise the risk of constantly drilling into each and every event but pick the ones with most risk.

The product is automated to a certain degree, but I think this could be improved. I'm looking for a way of being able to react to threats that are detected based on risk. Aside from that, there is nothing really that they could improve on, it's a product more suited to organizations with an SOC, security operations center, or a company with an IT team of network security members because it relies on constantly monitoring it to see information based on the risks of events.

In our case, we have a small IT team, which means that a large amount of time would have been spent drilling into it. If something did happen on the network, we'd ideally be responding to it reactively instead of proactively. Some of the other products we tested did that so that if something was detected, it would block that device by means of an endpoint, which halts the process and gives you time to check it out. Darktrace would tell you, for example, if there was a ransomware attack, but it wouldn't stop the attack. Other products would identify it as a ransomware attack and stop the network card on the endpoint, giving time to react to the alert, and proceed to cleanse or investigate the machine that's had a problem. That was our issue with Darktrace.

The only reason that it looks like we are going down a different route is because of the endpoint protection issue. The product doesn't have an endpoint agent that can react to outcomes or triggers that are set on the device, otherwise, it would be great. 

We tested the solution for one month. 

Stability is fine, we had no issues with it whatsoever. 

We didn't need to scale the solution, but you could scale it without any issue. The only thing that I think you had to keep an eye on was network traffic through your switches because effectively, you're capturing all the traffic on your network on a port that goes to this device.

The support was fantastic, really good. We were in touch with the guy who I believe was the accounts manager.

Initial setup was easy. We just had to configure a switch port into what's called promiscuous mode and then plug in the device and give it an IP address and leave it. We deployed with our own technical team. It took a day to setup, maybe even less than that. Once installed they activated the license on it. We left it at baseline to look at the network for a week. It just looked at existing traffic and worked out what was typical traffic and what was interesting traffic.

For out of the box it is licensed per device or node that it connects to. I think for services there were some additional licensing fees. 

We evaluated other options and Darktrace had really good dashboards and graphics, but other devices like CrowdStrike, for example, had the endpoint protection we're looking for as well as the features that Darktrace has. The difference is in functionality.

I would suggest to anyone considering this option to identify if this is going to be a monitoring tool to supplement an existing system or if this is going to be another product in your existing security suite of tools.

I would rate this product an eight out of 10.