Darktrace is used for lateral entry investigations, lateral movement investigations, behavioral anomalies from end users, and endpoint detection.
Information Security Program Manager at a non-profit with 11-50 employees
Useful traffic tracing, good support, and beneficial anomaly alerts
Pros and Cons
- "Darktrace's most valuable features are that it understands the network environment and is able to trace the traffic and alert on anomalies."
- "I did not use the AI features because they should make it more user-friendly which would be a benefit. Additionally, the solution could integrate with more SIEM or SOAR tools."
What is our primary use case?
How has it helped my organization?
Darktrace has helped our organization by troubleshooting a few issues that were happening in the environment. It was able to see the traffic between the two network components.
What is most valuable?
Darktrace's most valuable features are that it understands the network environment and is able to trace the traffic and alert on anomalies.
What needs improvement?
I did not use the AI features because they should make it more user-friendly which would be a benefit. Additionally, the solution could integrate with more SIEM or SOAR tools.
Buyer's Guide
Darktrace
March 2025

Learn what your peers think about Darktrace. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
844,944 professionals have used our research since 2012.
For how long have I used the solution?
I have been using Darktrace for approximately two and a have years.
What do I think about the stability of the solution?
Darktrace is stable. We had it set up to where it was redundant. If one sensor went offline, we had another sensor that was constantly monitoring, and it worked well for us.
What do I think about the scalability of the solution?
The scalability of Darktrace was very good.
We had a license for five users, but we had two that were working on it on a daily basis.
How are customer service and support?
We used Darktrace's technical support to help with the setup and with implementation.
I rate the support from Darktrace a four out of five.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I did not use a similar solution prior to Darktrace.
How was the initial setup?
The initial setup of Darktrace was straightforward, but we used professional services to do it.
What about the implementation team?
We used professional services for the implementation of Darktrace.
What was our ROI?
We received a return on investment using Darktrace.
Which other solutions did I evaluate?
We evaluated other solutions prior to using Darktrace.
What other advice do I have?
My advice to others is they have to understand that the solution is looking for behavioral anomalies, and it is going to take tuning to achieve this. It's not a set-it-and-forget-it solution. You have to monitor, update, and optimize it for your environment.
I rate Darktrace an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.

Vice President | Head of Information Systems & Manufacturing Engineering at a manufacturing company with 51-200 employees
Self-maintaining, works autonomously, and prevents data excavation
Pros and Cons
- "The most valuable feature is that it works autonomously."
- "The solution can improve the reporting."
What is our primary use case?
The solution automatically monitors everything on the network to prevent anti-phishing by monitoring, responding, and restoring the system. It prevents data excavation.
What is most valuable?
The most valuable feature is that it works autonomously. So you only need to look at the exceptions.
What needs improvement?
The solution can improve the reporting. Currently, it only runs weekly and the reporting is complex. It is more of a network monitoring system, basically AI.
For how long have I used the solution?
I have been using the solution for four years.
What do I think about the stability of the solution?
The solution is stable and solid.
What do I think about the scalability of the solution?
The solution is scalable and designed to be enterprise-wide.
Which solution did I use previously and why did I switch?
Previously we used Intercept X which is more at the virus level endpoint, but Darktrace is an overall network and phishing solution.
How was the initial setup?
The initial setup did not appear complex.
What about the implementation team?
The implementation was completed by a vendor technician. The setup was simple and took a couple of hours.
What's my experience with pricing, setup cost, and licensing?
The solution is about $6,000 per quarter.
What other advice do I have?
I give the solution ten out of ten.
Our organization has about 50 nodes and there is no maintenance involved because it is self-maintaining. I recommend the solution, it is better than SIM.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Darktrace
March 2025

Learn what your peers think about Darktrace. Get advice and tips from experienced pros sharing their opinions. Updated: March 2025.
844,944 professionals have used our research since 2012.
Cybersecurity Architecture Manager at Banco de Chile
A stable and scalable solution for investigating cases
Pros and Cons
- "It is a stable solution."
- "It can have more integration with orchestration or event management solutions. They can provide more knowledge or research information for analysts for investigating cases and detecting anomalies in networks."
What is our primary use case?
We mostly use it for investigating cases. It is deployed on-premises. We have some new projects for this year to extend Darktrace to the cloud.
What is most valuable?
It is a stable solution.
What needs improvement?
It can have more integration with orchestration or event management solutions. They can provide more knowledge or research information for analysts for investigating cases and detecting anomalies in networks.
For how long have I used the solution?
I have been using this solution for a year.
What do I think about the stability of the solution?
It is a stable solution. We don't have any problems with that.
What do I think about the scalability of the solution?
It has got good scalability, but you need to buy many appliances to scale it. We have ten users of this solution from the incident response team.
How are customer service and technical support?
We don't directly raise tickets with Darktrace. We use a local partner for support.
Which solution did I use previously and why did I switch?
We didn't use any other solution previously. We are trying to introduce ExtraHop. The main difference is the capacity and the ability to see encrypted traffic.
How was the initial setup?
It is not a complex setup, but it requires a lot of time. It took two or three months the first time, but it was a very smart installation.
What about the implementation team?
We have a partner.
What's my experience with pricing, setup cost, and licensing?
It is expensive. I don't have the price for other competitors.
What other advice do I have?
I would recommend this solution. You need to have a good plan for its initial installation. It requires a lot of work in the network.
I would rate Darktrace an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Data Security Manager at Leeds United FC
Has the ability to see events and have access to exactly what traffic or website a device had tried connecting to
Pros and Cons
- "Ability to see events and exactly what traffic or website the device had tried to connect to that raised the alert or issue."
- "The product doesn't have an endpoint agent that can react to triggers set on the device,"
What is our primary use case?
I'm a customer data security manager and we are looking at replacing our current solution, McAfee, with something like Darktrace or CrowdStrike which will provide the same visibility with the endpoint protection aspect.
What is most valuable?
The Ability to drill right down into an event that has been identified as something of interest so that you can be assured if it is a valid event and therefore not suffer from loads of false positives. Once that initial assurance and confidence was there, you could easily rely on the dashboard and minimise the risk of constantly drilling into each and every event but pick the ones with most risk.
What needs improvement?
The product is automated to a certain degree, but I think this could be improved. I'm looking for a way of being able to react to threats that are detected based on risk. Aside from that, there is nothing really that they could improve on, it's a product more suited to organizations with an SOC, security operations center, or a company with an IT team of network security members because it relies on constantly monitoring it to see information based on the risks of events.
In our case, we have a small IT team, which means that a large amount of time would have been spent drilling into it. If something did happen on the network, we'd ideally be responding to it reactively instead of proactively. Some of the other products we tested did that so that if something was detected, it would block that device by means of an endpoint, which halts the process and gives you time to check it out. Darktrace would tell you, for example, if there was a ransomware attack, but it wouldn't stop the attack. Other products would identify it as a ransomware attack and stop the network card on the endpoint, giving time to react to the alert, and proceed to cleanse or investigate the machine that's had a problem. That was our issue with Darktrace.
The only reason that it looks like we are going down a different route is because of the endpoint protection issue. The product doesn't have an endpoint agent that can react to outcomes or triggers that are set on the device, otherwise, it would be great.
For how long have I used the solution?
We tested the solution for one month.
What do I think about the stability of the solution?
Stability is fine, we had no issues with it whatsoever.
What do I think about the scalability of the solution?
We didn't need to scale the solution, but you could scale it without any issue. The only thing that I think you had to keep an eye on was network traffic through your switches because effectively, you're capturing all the traffic on your network on a port that goes to this device.
How are customer service and technical support?
The support was fantastic, really good. We were in touch with the guy who I believe was the accounts manager.
How was the initial setup?
Initial setup was easy. We just had to configure a switch port into what's called promiscuous mode and then plug in the device and give it an IP address and leave it. We deployed with our own technical team. It took a day to setup, maybe even less than that. Once installed they activated the license on it. We left it at baseline to look at the network for a week. It just looked at existing traffic and worked out what was typical traffic and what was interesting traffic.
What's my experience with pricing, setup cost, and licensing?
For out of the box it is licensed per device or node that it connects to. I think for services there were some additional licensing fees.
Which other solutions did I evaluate?
We evaluated other options and Darktrace had really good dashboards and graphics, but other devices like CrowdStrike, for example, had the endpoint protection we're looking for as well as the features that Darktrace has. The difference is in functionality.
What other advice do I have?
I would suggest to anyone considering this option to identify if this is going to be a monitoring tool to supplement an existing system or if this is going to be another product in your existing security suite of tools.
I would rate this product an eight out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Assistant Manager - Network & Security at a financial services firm with 5,001-10,000 employees
Issue-free with a helpful Antigena feature and responsive support
Pros and Cons
- "The product can scale."
- "The cost is a bit on the higher side."
What is our primary use case?
We were testing the solution to see its network detection response capabilities.
What is most valuable?
We had an okay experience with the product and didn't really have any issues.
The Antigena feature is very useful.
It is stable.
The product can scale.
Support so far has been helpful and responsive.
What needs improvement?
I don't have any specific issues with the solution. We are still in the early phase of analyzing the product.
The cost is a bit on the higher side. We'd like it to be less expensive.
For how long have I used the solution?
We were using the solution. In the past month, we stopped using it. We used it for three months.
We're just trying the solution. We had meetings. We were testing it. Nothing is finalized.
What do I think about the stability of the solution?
The solution is stable and reliable. There are no bugs or glitches. It doesn't crash or freeze.
What do I think about the scalability of the solution?
It is scalable. However, it varies on a case-by-case basis.
We have four people working with the solution in our company right now. They are in the IT department.
How are customer service and support?
We did speak to technical support and found them to be very helpful and responsive.
How was the initial setup?
I did not handle the setup process. We had a vendor come in and set it up and handle the whole process.
What about the implementation team?
The vendor set the solution up with us.
What's my experience with pricing, setup cost, and licensing?
The cost is a little high.
We've budgeted about 50,000 Kuwaiti dinars for the solution. That is a yearly operating cost.
Which other solutions did I evaluate?
We're busy with some different projects and we wanted to evaluate different products as well on the same technology. We looked into, for example, Check Point EDR and options like Crowdstrike.
What other advice do I have?
We're a potential end-user. We tested the solution. We just tried different scenarios to see what would suit us. We were testing it and will still go ahead with testing. The testing is not yet complete. We've put it on hold for now; however, we will still continue testing in the coming days.
I'd rate the solution eight out of ten.
I'd advise potential new users that they should definitely give it a try; however, the price is on the higher side. Darktrace has to consider lowering its price.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Director Of Information Technology at a security firm with 1-10 employees
Responsive support, good alerting, but the initial setup is complex and time-consuming
Pros and Cons
- "The models, triggers, and alerts are customizable."
- "The initial setup is more complex and time-consuming than some solutions."
What is our primary use case?
We use Darktrace to analyze our network traffic.
What is most valuable?
Darktrace is a good product, although it depends on how much time you put into it.
The models, triggers, and alerts are customizable.
What needs improvement?
The initial setup is more complex and time-consuming than some solutions.
For how long have I used the solution?
I have been working with Darktrace for more than a year.
What do I think about the stability of the solution?
Darktrace is quite stable, but potentially expensive.
What do I think about the scalability of the solution?
The vendor has different options for scaling. I use the appliance; they also offer a cloud service but I prefer the appliance. I put it between the router and the core switch and it picks up all of the traffic.
How are customer service and support?
The technical support is better than Check Point. They respond more quickly.
Which solution did I use previously and why did I switch?
I am currently using Darktrace and Vectra in addition to Check Point. I've been using all three and I find that Check Point is the one where I get the most information from. I will stop using Vectra this year but I will retain Darktrace, as long as they keep it at a certain price.
Darktrace requires a lot more configuration; unlike Check Point, there are a lot more changes that need to be made. In general, it's more sophisticated. As far as getting the settings and the configuration and the models that you want, it would help if you spent some time on that. We're a small team. It's beneficial to me and I can see that with more time and energy put into optimizing it and personalizing the unit, it can be much more powerful than the way I am using it now. That said, it's my secondary device. We're working on a lot of different projects, so I haven't assigned any of my guys to it yet. Ultimately, when it's fully integrated, it may end up being as useful as the Check Point.
The reason I keep all three is that they all give me a different kind of view. They all give me different information. If they gave the same information, it'd be useless to keep them.
With respect to similar security products, I have demoed CrowdStrike and worked with Symantec.
How was the initial setup?
You have to customize it to the way you want, in order for it to work best for your environment. Definitely take time to train while you can during deployment.
Some things do work well, out of the box. However, this would be better suited for somebody that can take the time to configure it correctly during deployment.
What's my experience with pricing, setup cost, and licensing?
Prior to negotiating, Darktrace offered their appliance and service for $80,000 per year.
I suggest negotiating either at the end of their fiscal year or at the end of every quarter. At the end of the quarter, they have an incentive to lower the prices to sell as many units as possible in order to meet their end-of-quarter quota.
What other advice do I have?
My advice for anybody who is implementing Darktrace is that you definitely need to take your time. Sit down and understand how to use the model breach customization. They use models and if something hits that model, it triggers an alert.
I would rate this solution a six out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Director Of Information Technology at a computer software company with 501-1,000 employees
Intuitive, has excellent technical support, and has good visibility
Pros and Cons
- "The active threat dashboard is the most valuable feature of this solution."
- "I believe their network monitoring device licensing module could use some improvement."
What is our primary use case?
Darktrace is a cybersecurity solution that is essentially an AI-driven ecosystem. Call it network monitoring with telemetry SaaS cloud connections.
How has it helped my organization?
It provides a comprehensive cybersecurity solution that monitors my cloud accounts as well as my local network. It monitors local network traffic, VPN's and it connects to my firewalls, allowing me to see what's going on in my environment. I have visibility into pretty much everything that's going on now.
What is most valuable?
The active threat dashboard is the most valuable feature of this solution.
What needs improvement?
The licensing model has room for improvement. The license by IP rather than node or device, even if it's a single Mac address. If I have three people who are constantly in three different locations, they want to charge you three licenses. My only criticism of the product is that its licensing model isn't flexible.
I would like to see a Darktrace EDR client, a true EDR client that integrates into it, and not a third-party EDR.
For how long have I used the solution?
I have been working with Darktrace for six months.
We are working with the most recent version.
What do I think about the stability of the solution?
Darktrace is very stable. It's very reliable.
What do I think about the scalability of the solution?
Darktrace is a very scalable solution.
We have 650 users in our organization.
It's extensively used.
How are customer service and support?
I give them five stars from the sale cycle to the support cycle.
Which solution did I use previously and why did I switch?
I considered other options, but this is the one I chose, because of the flexibility and the ease of use.
How was the initial setup?
The initial set is very simple and intuitive. With the instructions provided, it took about 10 minutes to set up.
It requires no maintenance. It is managed by Darktrace, they push down the updates. I don't have to do anything with it.
What's my experience with pricing, setup cost, and licensing?
I think it's mostly the licensing on the network monitoring piece that I don't like. All of the other modules, such as the licensing modules, are on par. It's one for one.
Which other solutions did I evaluate?
I evaluated Endpoint protection solutions, such as CrowdStrike Falcon, Darktrace, and SentinelOne. We decided on Darktrace.
What other advice do I have?
I'm a partner with Darktrace.
I would advise them to engage with their sales team and their sales engineering team to make sure they understand the license model.
It's very intuitive. It's a fantastic product, and the only reason they don't get a 10 is because of their licensing. I believe their network monitoring device licensing module could use some improvement.
I would rate Darktrace an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Parnter
Enhanced security with automation offers proactive threat mitigation
Pros and Cons
- "The investigative part of Darktrace is valuable, especially the automation features. It allows setting up checks and provides guidance on mitigating situations, which is very useful. There are different modules that you can add to the console for protection."
- "The Darktrace Mobile app needs improvement as it's currently limited in functionality, and the learning AI takes a while to adapt to new devices, flagging new users as threats for up to a month before recognizing them as regular network users."
What is our primary use case?
Normally, when we have a setup, and I log in with any guest, Darktrace blocks us from remotely logging in from within the office network. It ensures that we cannot remote log in anywhere. It is a security system that identifies hacking attempts. Darktrace also integrates with VirusTotal for verification. Additionally, we use the email protection feature.
How has it helped my organization?
Darktrace ensures that we do not have breaches on our systems, and it helps improve our security status before breaches can even reach our system.
What is most valuable?
The investigative part of Darktrace is valuable, especially the automation features. It allows setting up checks and provides guidance on mitigating situations, which is very useful. There are different modules that you can add to the console for protection.
What needs improvement?
The Darktrace Mobile app needs improvement as it's currently limited in functionality, and the learning AI takes a while to adapt to new devices, flagging new users as threats for up to a month before recognizing them as regular network users.
For how long have I used the solution?
I have been using Darktrace for almost a year now.
What do I think about the stability of the solution?
Darktrace is very stable. I can reliably check logs and track what is happening within the system.
What do I think about the scalability of the solution?
The scalability isn't a high priority for us as it mostly deals with system security. It provides necessary features for security enhancement whenever needed.
How are customer service and support?
The support provided by Darktrace is very good. We had issues with Darktrace Mobile, and they assisted us with a solution, even allowing us to test new features.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I joined the current company after Darktrace was already in use, so I do not have information on previous solutions.
How was the initial setup?
The initial setup can be rated as a seven out of ten because it involves going into the console and ensuring that the network settings are correctly configured.
What about the implementation team?
Two people are enough for deployment, provided they know the network settings and configurations.
What was our ROI?
By using Darktrace alongside Mimecast, it has helped improve our security posture by preventing breaches before they reach our system.
What's my experience with pricing, setup cost, and licensing?
I do not have any experience regarding the pricing or setup costs as it was managed by the company administration.
Which other solutions did I evaluate?
I did not have any information on other solutions evaluated prior to Darktrace as they were in use before I joined the company.
What other advice do I have?
Darktrace is a good product to invest in if you can afford it. It provides excellent security features.
I'd rate the solution eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Oct 16, 2024
Flag as inappropriate
Buyer's Guide
Download our free Darktrace Report and get advice and tips from experienced pros
sharing their opinions.
Updated: March 2025
Product Categories
Extended Detection and Response (XDR) Email Security Intrusion Detection and Prevention Software (IDPS) Network Traffic Analysis (NTA) Network Detection and Response (NDR) AI-Powered Chatbots Cloud Security Posture Management (CSPM) Cloud-Native Application Protection Platforms (CNAPP) Attack Surface Management (ASM) AI-Powered Cybersecurity PlatformsPopular Comparisons
CrowdStrike Falcon
Wazuh
SentinelOne Singularity Complete
Cortex XDR by Palo Alto Networks
Trend Vision One
Vectra AI
Cynet
Rapid7 InsightIDR
Stellar Cyber Open XDR
NetWitness NDR
Adlumin Cybersecurity
Fidelis Elevate
LogRhythm UEBA
Secureworks Taegis XDR
Buyer's Guide
Download our free Darktrace Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- I'm building a next-gen AI powered threat intelligence platform. What's missing from existing solutions?
- Which is better - SentinelOne or Darktrace?
- What are the pros and cons of Darktrace vs CrowdStrike Falcon vs alternative EPP solutions?
- Which alternative solutions (other than Darktrace) do you recommend for an SMB?
- How does Crowdstrike Falcon compare with Darktrace?
- What is the best EDR or XDR product for a company with 9000 employees?
- When evaluating Extended Detection and Response (XDR), what aspect do you think is the most important to look for?
- How do you decide about the alert severity in your Security Operations Center (SOC)?
- Which is better for Endpoint Security: EDR or XDR solutions?
- What are the main differences between XDR and SIEM?