Darktrace Reviews

We're part of our regional hospital group in Northwestern Ontario. One of our group members was using the DarkTrace product suite. It was brought forward that other hospitals within the group may want to try it. A couple of us did a demo, which basically involved getting the appliance installed in our data center and routing all the traffic through it. 

We basically had the product running for a company, however, it really didn't pop up or offered anything that we were not already aware of. 

It has a very detailed interface - almost too detailed. It was pretty as far as the granularity of what you were getting out of it. 

The solution is very detailed. It has lots of fancy graphics that don't necessarily lead to a good outcome regarding knowing what's going on.

The only problem with these kinds of demos is that unless something actually goes wrong or you have something in the data center already; you don't see any difference. However, no news is good news.

The price point for the product was too high for what our possible use case could be. The demo might have gone more favorably in their direction if something had actually occurred during the demo. However, nothing did, and management decided that it was not worth the very high price.

The interface didn't really give you a whole bunch of insight into actually what was going on.

They did have some AI that they claimed could tell if traffic was malicious or what the intent of the traffic was. We never got to see that actually do anything. They identified some traffic. They said it was malicious. However, it turns out it was a known traffic that we had occurring, and it wasn't malicious. So there were a few missteps that way.

The UI is too dark.

We ultimately didn't find any value in the product.

We did a demo for two or three months. We did not use the solution for a very long time. 

In terms of scalability, you would need a separate device for every location. For our particular hospital, we actually have three or four main facilities, or what we would consider main facilities. You'd actually need to have a physical box for every deployment in order for traffic to be efficiently detected. They did say that we could route the traffic from the site through the box. However, essentially, that would be doubling the traffic load, which didn't really seem like it was a wise decision. As far as scalability, the box that we had was very capable of handling the traffic load that we were producing. I would say we are probably using maybe ten percent of it at the most at peak levels.

We had some interactions with them during setup and during the demo. They were fine.

Neutral

The initial setup depends on the network. We had a mature infrastructure which made it a bit more challenging.

It took us a few hours to set everything up and make sure it was capturing everything it needed to. 

If you had a straightforward Cisco environment where you could easily forward traffic and CDP needed, it would be pretty easy. 

I'd rate the pricing two or three out of ten. It is pretty expensive. For us, it just wasn't worth it. 

We are customers and end-users. 

I'd rate the solution five out of ten. It's an interesting maturing market. They do have potential, however, they do need to work a fair bit on their AI models and their interface.

We have a layered approach to our cyber security. We have unified threat management and use several solutions such as Kaspersky, FortiGate, and Mimecast. However, we felt that we needed something on top of all of these and decided to go with Darktrace. We only have one in-house IT security person and were looking for a solution like Darktrace that was more automated.

I have found the automation and AI features to be valuable. If someone were to come in to the office at midnight and log in, Darktrace would flag it.

It takes time to go through the interface and pick up things. If it were a more straightforward interface, then it would free up time.

We did a proof of concept with Darktrace for a year.

It is a scalable solution.

Darktrace's technical support staff were responsive. We did not have to wait long for feedback on anything.

We were able to deploy it in half a day. One person can handle the maintenance of the solution.

We implemented the solution with the help of Darktrace representatives.

We had an issue with pricing initially and had to cancel some of the features of the projects to fit the budget. I would like to see pricing that is not broken up into parts so that we can buy the whole package once.

Darktrace is more expensive than an average solution, but it's functionality won't match that of an average solution.

I would rate Darktrace at nine out of ten. It is a growing product that helps with an ever changing threat landscape. Traditional endpoint antivirus solutions will not be able to keep up.

We were testing the solution to see its network detection response capabilities. 

We had an okay experience with the product and didn't really have any issues. 

The Antigena feature is very useful.

It is stable. 

The product can scale. 

Support so far has been helpful and responsive. 

I don't have any specific issues with the solution. We are still in the early phase of analyzing the product.

The cost is a bit on the higher side. We'd like it to be less expensive. 

We were using the solution. In the past month, we stopped using it. We used it for three months.

We're just trying the solution. We had meetings. We were testing it. Nothing is finalized.

The solution is stable and reliable. There are no bugs or glitches. It doesn't crash or freeze. 

It is scalable. However, it varies on a case-by-case basis. 

We have four people working with the solution in our company right now. They are in the IT department. 

We did speak to technical support and found them to be very helpful and responsive. 

I did not handle the setup process. We had a vendor come in and set it up and handle the whole process. 

The vendor set the solution up with us. 

The cost is a little high.

We've budgeted about 50,000 Kuwaiti dinars for the solution. That is a yearly operating cost.

We're busy with some different projects and we wanted to evaluate different products as well on the same technology. We looked into, for example, Check Point EDR and options like Crowdstrike.

We're a potential end-user. We tested the solution. We just tried different scenarios to see what would suit us. We were testing it and will still go ahead with testing. The testing is not yet complete. We've put it on hold for now; however, we will still continue testing in the coming days.

I'd rate the solution eight out of ten.

I'd advise potential new users that they should definitely give it a try; however, the price is on the higher side. Darktrace has to consider lowering its price.

Our use cases for Darktrace are intrusion detection in the complete network, including for all the devices connected, detection, emails, email spoofing, and supply chain attacks.

The most valuable Darktrace feature is the cloud protection for all the cloud services, OneDrive, and all the things related to that.

Darkforce could be improved in the range of the interface; how to interact with the actions it's taking or not taking.

I have been using Darktrace for about a year now. 

Darktrace is stable. 

Darktrace is scalable.

The initial setup was quite straightforward. It took us between two and six months. We got shipped an appliance and installed it in the data center. It then started collecting data. We had a few reviews of what it was collecting and what it would do. There was a test phase after which we enabled it, part by part, following a series of reviews.

Right now, 350 users are affected by Darkforce in our organization. It exists in the background, so they are not actively using it.

One member of staff is enough for deployment and maintenance because Darkforce is AI-driven. It does a lot of things by itself. You need to review what it's doing every now and then. You may, for example, need to release an email that was blocked for some reason, but it's quite low maintenance overall.

You do not need an engineer to manage it. It can be managed by a manager as doing so is not super technical. You always have access to Darktrace support, which means their engineers are available help you with the more complex stuff.

Our deployment was done by Darktrace themselves, but they have some partners that also do it. Once you are up and running, you can deploy any additional appliances by yourself.

This is a difficult question and one that was asked of us by the higher ups, but you have to compare the cost with what would happen if there was a breach. It is difficult to articulate a return on investment in hard numbers, but I can see that Darkforce deflects typical attacks and protects users.

I cannot be completely sure what the license cost but it is on a per-user basis. I handle the technical side, so I do not have insight into how much we are paying for it exactly.

I would surely recommend Darkforce. The price might be quite high, but it is really worth it.

We primarily use the solution for network detection and response.

Antigena is the most valuable due to the reduction in terms of the mean time to respond.

The solution can scale.

It's reliable and stable. 

Technical support is great.

The pricing is good. 

The initial setup is a bit complex. 

It's quite a good product. However, I'd love them to see maybe covering the cloud a bit more. We'd like a cloud version. For example, FortiGate firewalls now have virtual firewalls that you can just install, as well as the cloud. They can drive it with Microsoft, and Microsoft can maybe provide technology that would allow Darktrace to work seamlessly in the cloud. 

I've used the solution for almost two and a half years. 

The solution is stable. It's reliable. 

The solution is very scalable. You can also install it in a Citrix environment very easily.

The whole security team has access to it. That said, I have the most hands on in terms of the product. Five or six people use the solution.

Technical support is great. They come from the UK and they came out to Africa to meet us personally. The engineers are always available. Their resellers are supportive. Even to this day we still run through weekly meetings.

We consume quite a lot of products from Darktrace, so we have a few. We got that Darktrace Network, Antigena, Cloud Sales, and AIS integrations, et cetera.

This is my first time working with an NDR that has AI and machine learning.

From a networking perspective, it is a bit complex since we sort of have to keep an end tab on the network for network log ingestion, flow ingestion, and all of that.

The implementation took about two months or so.

We did the implementation with the help of a technician from Darktrace and a reseller. I'd rate their assistance a ten out of ten. They were great.

The pricing is reasonable. I'm not sure of the exact costs. However, they are not that expensive. We pay annually.

I did not compare the solution to other options, although I did look into Cisco Secure Network Analytics.

I'm an end-user.

It's quite a good tool. They've worked hard to be the top security control in terms of AI and machine learning, and their product works well. Cisco would not match up. Maybe Palo Alto Cortex could do what they do. Cisco is not a security house, even though they have the networking knowledge and all of that. Most of their products are only now catching up to cybersecurity.

I'd rate Darktrace ten out of ten.

Darktrace is used for lateral entry investigations, lateral movement investigations, behavioral anomalies from end users, and endpoint detection.

Darktrace has helped our organization by troubleshooting a few issues that were happening in the environment. It was able to see the traffic between the two network components.

Darktrace's most valuable features are that it understands the network environment and is able to trace the traffic and alert on anomalies.

I did not use the AI features because they should make it more user-friendly which would be a benefit. Additionally, the solution could integrate with more SIEM or SOAR tools.

I have been using Darktrace for approximately two and a have years.

Darktrace is stable. We had it set up to where it was redundant. If one sensor went offline, we had another sensor that was constantly monitoring, and it worked well for us.

The scalability of Darktrace was very good.

We had a license for five users, but we had two that were working on it on a daily basis.

We used Darktrace's technical support to help with the setup and with implementation.

I rate the support from Darktrace a four out of five.

Positive

I did not use a similar solution prior to Darktrace.

The initial setup of Darktrace was straightforward, but we used professional services to do it.

We used professional services for the implementation of Darktrace.

We received a return on investment using Darktrace.

We evaluated other solutions prior to using Darktrace.

My advice to others is they have to understand that the solution is looking for behavioral anomalies, and it is going to take tuning to achieve this. It's not a set-it-and-forget-it solution. You have to monitor, update, and optimize it for your environment.

I rate Darktrace an eight out of ten.

We're using it in a complete security solution yet still within a different product that Darktrace has that's related to the network or email.

The most valuable aspect of the product would be that it's a product that is quite easy to integrate. It's quite easy to start working with it, which is working well. The concept of artificial intelligence that is behind the solution is the most interesting feature for us.

The sense of detection and monitoring and topics within security is good.

It was easy to set up the product.

We have found the product to be stable and issue-free.

It is scalable. 

We need them to ensure they will detect new attacks and pick up anomalies.

We, of course, would love more threat intelligence, and more integration with vulnerability scanners. We'd like threat hunting, and we'd like to see a global solution that can automate vulnerability scans. I know it is something they are working on. 

They're working in different modules that could be related to threat intelligence and to the tech vulnerabilities or functionalities related to EDR.

We've been working with the solution for the last couple of years. 

We've had no issues with stability. It's reliable. There are no bugs or glitches. It doesn't crash or freeze.

It is scalable and easily expands. 

The whole of the organization leverages the product, however, I do not have a clear picture of how many people we are working it. That said, we have a company of 2,000.

I've dealt with technical support in the past. I found them to be helpful. 

Positive

We did previously use a different solution. That said, I don't remember what it was called. 

The product is easy to set up.

After deployment, we spent three months, which is the time that this solution needs to learn about what's happening in our network. In one day, once we had defined all the configurations and once they have been seen on the appliance, we were able to start running it.

It's an easy product to maintain. 

We handled the initial setup ourselves. We did not need any outside assistance from integrators or consultants. 

The pricing is okay. I'd rate it seven out of ten in terms of affordability.

You have different modules which you have to pay for. If you want to expand functionality, it ends up costing more. 

Looked at Microsoft, Proofpoint, and Minecraft when we were looking into Darktrace. We decided on this product based on the available features. 

We are using the last version of the solution, although I don't know the exact version number. We plan to upgrade in the next couple of weeks. We might be on version five, with the latest being six.

This is something that is really easy to implement in an organization. It gives us good visibility about what is happening in our networks, and on the system. We like the transparency available within our infrastructure now. We can also personalize it to fit our needs. You can either choose plug and play or you can go deeper. They have artificial intelligence you can start working with. You can define more by leveraging modules. Overall, it's very interesting. 

I'd rate the solution eight out of ten.

We use Darktrace to analyze our network traffic.

Darktrace is a good product, although it depends on how much time you put into it.

The models, triggers, and alerts are customizable.

The initial setup is more complex and time-consuming than some solutions.

I have been working with Darktrace for more than a year.

Darktrace is quite stable, but potentially expensive.

The vendor has different options for scaling. I use the appliance; they also offer a cloud service but I prefer the appliance. I put it between the router and the core switch and it picks up all of the traffic.

The technical support is better than Check Point. They respond more quickly.

I am currently using Darktrace and Vectra in addition to Check Point. I've been using all three and I find that Check Point is the one where I get the most information from. I will stop using Vectra this year but I will retain Darktrace, as long as they keep it at a certain price.

Darktrace requires a lot more configuration; unlike Check Point, there are a lot more changes that need to be made. In general, it's more sophisticated. As far as getting the settings and the configuration and the models that you want, it would help if you spent some time on that. We're a small team. It's beneficial to me and I can see that with more time and energy put into optimizing it and personalizing the unit, it can be much more powerful than the way I am using it now. That said, it's my secondary device. We're working on a lot of different projects, so I haven't assigned any of my guys to it yet. Ultimately, when it's fully integrated, it may end up being as useful as the Check Point.

The reason I keep all three is that they all give me a different kind of view. They all give me different information. If they gave the same information, it'd be useless to keep them.

With respect to similar security products, I have demoed CrowdStrike and worked with Symantec.

You have to customize it to the way you want, in order for it to work best for your environment. Definitely take time to train while you can during deployment.

Some things do work well, out of the box. However, this would be better suited for somebody that can take the time to configure it correctly during deployment.

Prior to negotiating, Darktrace offered their appliance and service for $80,000 per year.

I suggest negotiating either at the end of their fiscal year or at the end of every quarter. At the end of the quarter, they have an incentive to lower the prices to sell as many units as possible in order to meet their end-of-quarter quota.

My advice for anybody who is implementing Darktrace is that you definitely need to take your time. Sit down and understand how to use the model breach customization. They use models and if something hits that model, it triggers an alert.

I would rate this solution a six out of ten.