We mostly use it for investigating cases. It is deployed on-premises. We have some new projects for this year to extend Darktrace to the cloud.
Cybersecurity Architecture Manager at Banco de Chile
A stable and scalable solution for investigating cases
Pros and Cons
- "It is a stable solution."
- "It can have more integration with orchestration or event management solutions. They can provide more knowledge or research information for analysts for investigating cases and detecting anomalies in networks."
What is our primary use case?
What is most valuable?
It is a stable solution.
What needs improvement?
It can have more integration with orchestration or event management solutions. They can provide more knowledge or research information for analysts for investigating cases and detecting anomalies in networks.
For how long have I used the solution?
I have been using this solution for a year.
Buyer's Guide
Darktrace
December 2024
Learn what your peers think about Darktrace. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
What do I think about the stability of the solution?
It is a stable solution. We don't have any problems with that.
What do I think about the scalability of the solution?
It has got good scalability, but you need to buy many appliances to scale it. We have ten users of this solution from the incident response team.
How are customer service and support?
We don't directly raise tickets with Darktrace. We use a local partner for support.
Which solution did I use previously and why did I switch?
We didn't use any other solution previously. We are trying to introduce ExtraHop. The main difference is the capacity and the ability to see encrypted traffic.
How was the initial setup?
It is not a complex setup, but it requires a lot of time. It took two or three months the first time, but it was a very smart installation.
What about the implementation team?
We have a partner.
What's my experience with pricing, setup cost, and licensing?
It is expensive. I don't have the price for other competitors.
What other advice do I have?
I would recommend this solution. You need to have a good plan for its initial installation. It requires a lot of work in the network.
I would rate Darktrace an eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Enhanced security with automation offers proactive threat mitigation
Pros and Cons
- "The investigative part of Darktrace is valuable, especially the automation features. It allows setting up checks and provides guidance on mitigating situations, which is very useful. There are different modules that you can add to the console for protection."
- "The Darktrace Mobile app needs improvement as it's currently limited in functionality, and the learning AI takes a while to adapt to new devices, flagging new users as threats for up to a month before recognizing them as regular network users."
What is our primary use case?
Normally, when we have a setup, and I log in with any guest, Darktrace blocks us from remotely logging in from within the office network. It ensures that we cannot remote log in anywhere. It is a security system that identifies hacking attempts. Darktrace also integrates with VirusTotal for verification. Additionally, we use the email protection feature.
How has it helped my organization?
Darktrace ensures that we do not have breaches on our systems, and it helps improve our security status before breaches can even reach our system.
What is most valuable?
The investigative part of Darktrace is valuable, especially the automation features. It allows setting up checks and provides guidance on mitigating situations, which is very useful. There are different modules that you can add to the console for protection.
What needs improvement?
The Darktrace Mobile app needs improvement as it's currently limited in functionality, and the learning AI takes a while to adapt to new devices, flagging new users as threats for up to a month before recognizing them as regular network users.
For how long have I used the solution?
I have been using Darktrace for almost a year now.
What do I think about the stability of the solution?
Darktrace is very stable. I can reliably check logs and track what is happening within the system.
What do I think about the scalability of the solution?
The scalability isn't a high priority for us as it mostly deals with system security. It provides necessary features for security enhancement whenever needed.
How are customer service and support?
The support provided by Darktrace is very good. We had issues with Darktrace Mobile, and they assisted us with a solution, even allowing us to test new features.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I joined the current company after Darktrace was already in use, so I do not have information on previous solutions.
How was the initial setup?
The initial setup can be rated as a seven out of ten because it involves going into the console and ensuring that the network settings are correctly configured.
What about the implementation team?
Two people are enough for deployment, provided they know the network settings and configurations.
What was our ROI?
By using Darktrace alongside Mimecast, it has helped improve our security posture by preventing breaches before they reach our system.
What's my experience with pricing, setup cost, and licensing?
I do not have any experience regarding the pricing or setup costs as it was managed by the company administration.
Which other solutions did I evaluate?
I did not have any information on other solutions evaluated prior to Darktrace as they were in use before I joined the company.
What other advice do I have?
Darktrace is a good product to invest in if you can afford it. It provides excellent security features.
I'd rate the solution eight out of ten.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Oct 16, 2024
Flag as inappropriateBuyer's Guide
Darktrace
December 2024
Learn what your peers think about Darktrace. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
Manager, Information Technology at Coulisse BV
Autonomous response enhances security but interface requires enhancements
Pros and Cons
- "The scalability of Darktrace is very high."
- "The management user interface needs improvement."
What is our primary use case?
We use Darktrace for standard network security, mail security, and SaaS security.
What is most valuable?
NTG is now autonomous response.
What needs improvement?
The management user interface needs improvement. More insights are necessary, and deeper technical experience and knowledge are required to pinpoint actions, breaches, or behavior.
For how long have I used the solution?
We have been using Darktrace for three years.
What do I think about the stability of the solution?
I would rate the stability of the solution as nine.
What do I think about the scalability of the solution?
The scalability of Darktrace is very high. I would rate it eight out of ten.
How are customer service and support?
Technical support is rated at nine out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We used more standard antivirus solutions and firewalling. However, these cannot be compared to an EDR or HDR like Darktrace.
How was the initial setup?
The setup was straightforward and not a problem, even for someone not very technical.
What about the implementation team?
Our service provider did some support there.
What's my experience with pricing, setup cost, and licensing?
The pricing is rated at eight, implying it's considered expensive.
Which other solutions did I evaluate?
We evaluated other options, but they were more like standard antivirus and firewalling, not comparable to Darktrace.
What other advice do I have?
I recommend Darktrace to others if they can afford it.
I'd rate the solution eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Last updated: Oct 8, 2024
Flag as inappropriateVice President | Head of Information Systems & Manufacturing Engineering at a manufacturing company with 51-200 employees
Self-maintaining, works autonomously, and prevents data excavation
Pros and Cons
- "The most valuable feature is that it works autonomously."
- "The solution can improve the reporting."
What is our primary use case?
The solution automatically monitors everything on the network to prevent anti-phishing by monitoring, responding, and restoring the system. It prevents data excavation.
What is most valuable?
The most valuable feature is that it works autonomously. So you only need to look at the exceptions.
What needs improvement?
The solution can improve the reporting. Currently, it only runs weekly and the reporting is complex. It is more of a network monitoring system, basically AI.
For how long have I used the solution?
I have been using the solution for four years.
What do I think about the stability of the solution?
The solution is stable and solid.
What do I think about the scalability of the solution?
The solution is scalable and designed to be enterprise-wide.
Which solution did I use previously and why did I switch?
Previously we used Intercept X which is more at the virus level endpoint, but Darktrace is an overall network and phishing solution.
How was the initial setup?
The initial setup did not appear complex.
What about the implementation team?
The implementation was completed by a vendor technician. The setup was simple and took a couple of hours.
What's my experience with pricing, setup cost, and licensing?
The solution is about $6,000 per quarter.
What other advice do I have?
I give the solution ten out of ten.
Our organization has about 50 nodes and there is no maintenance involved because it is self-maintaining. I recommend the solution, it is better than SIM.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Director Of Information Technology at a security firm with 1-10 employees
Responsive support, good alerting, but the initial setup is complex and time-consuming
Pros and Cons
- "The models, triggers, and alerts are customizable."
- "The initial setup is more complex and time-consuming than some solutions."
What is our primary use case?
We use Darktrace to analyze our network traffic.
What is most valuable?
Darktrace is a good product, although it depends on how much time you put into it.
The models, triggers, and alerts are customizable.
What needs improvement?
The initial setup is more complex and time-consuming than some solutions.
For how long have I used the solution?
I have been working with Darktrace for more than a year.
What do I think about the stability of the solution?
Darktrace is quite stable, but potentially expensive.
What do I think about the scalability of the solution?
The vendor has different options for scaling. I use the appliance; they also offer a cloud service but I prefer the appliance. I put it between the router and the core switch and it picks up all of the traffic.
How are customer service and support?
The technical support is better than Check Point. They respond more quickly.
Which solution did I use previously and why did I switch?
I am currently using Darktrace and Vectra in addition to Check Point. I've been using all three and I find that Check Point is the one where I get the most information from. I will stop using Vectra this year but I will retain Darktrace, as long as they keep it at a certain price.
Darktrace requires a lot more configuration; unlike Check Point, there are a lot more changes that need to be made. In general, it's more sophisticated. As far as getting the settings and the configuration and the models that you want, it would help if you spent some time on that. We're a small team. It's beneficial to me and I can see that with more time and energy put into optimizing it and personalizing the unit, it can be much more powerful than the way I am using it now. That said, it's my secondary device. We're working on a lot of different projects, so I haven't assigned any of my guys to it yet. Ultimately, when it's fully integrated, it may end up being as useful as the Check Point.
The reason I keep all three is that they all give me a different kind of view. They all give me different information. If they gave the same information, it'd be useless to keep them.
With respect to similar security products, I have demoed CrowdStrike and worked with Symantec.
How was the initial setup?
You have to customize it to the way you want, in order for it to work best for your environment. Definitely take time to train while you can during deployment.
Some things do work well, out of the box. However, this would be better suited for somebody that can take the time to configure it correctly during deployment.
What's my experience with pricing, setup cost, and licensing?
Prior to negotiating, Darktrace offered their appliance and service for $80,000 per year.
I suggest negotiating either at the end of their fiscal year or at the end of every quarter. At the end of the quarter, they have an incentive to lower the prices to sell as many units as possible in order to meet their end-of-quarter quota.
What other advice do I have?
My advice for anybody who is implementing Darktrace is that you definitely need to take your time. Sit down and understand how to use the model breach customization. They use models and if something hits that model, it triggers an alert.
I would rate this solution a six out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IT Manager at SJ Securities Sdn Bhd
Quick to deploy with great detection capabilities and quick-responding support
Pros and Cons
- "We are able to detect a lot of things, actually, and see what is happening in our network."
- "It's quite expensive to have."
What is our primary use case?
The product is a type of intrusion detection and prevention software. It is for network traffic monitoring.
What is most valuable?
We are able to detect a lot of things, actually, and see what is happening in our network.
It offers good protection.
The deployment is quick.
What needs improvement?
It's good as a solution, however, for me, it's quite complicated. They've got a lot of features there. You need a lot of time to learn it.
It's quite expensive to have.
For how long have I used the solution?
I've used the solution for around a year.
What do I think about the stability of the solution?
The core is stable. There are no bugs or glitches and it doesn't crash or freeze.
What do I think about the scalability of the solution?
It's not high on scalability, in the box itself. You don't need scalability to scale out the server like that.
There is one that is able to monitor the entire network. Our entire IT department is on the product. We have a three-person technical team. We may expand usage later this year.
How are customer service and support?
Technical support is quite good. Every quarter, they will contact us for a meeting, however, any issue actually is reported online and their response is quite fast.
How was the initial setup?
The deployment was very fast. They just put the appliance in and connect our call switch and do everything else that is needed. It's all very fast.
What about the implementation team?
We used the SI to help us with the implementation.
What's my experience with pricing, setup cost, and licensing?
The pricing is expensive. It costs over $100,000 a year. There are no additional costs beyond the price of the license.
Which other solutions did I evaluate?
I'm currently exploring other solutions as a comparison. We are looking for Sangfor Cyber Command.
What other advice do I have?
We're a customer and end-user.
It's my understanding that we are on version five.
I'd advise users that it's a good solution, however, they need to be prepared for a large learning curve.
I'd rate the solution eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Administrator at a healthcare company with 501-1,000 employees
Detailed interface and good granularity but too expensive
Pros and Cons
- "t was pretty as far as the granularity of what you were getting out of it."
- "The price point for the product was too high for what our possible use case could be."
What is our primary use case?
We're part of our regional hospital group in Northwestern Ontario. One of our group members was using the DarkTrace product suite. It was brought forward that other hospitals within the group may want to try it. A couple of us did a demo, which basically involved getting the appliance installed in our data center and routing all the traffic through it.
We basically had the product running for a company, however, it really didn't pop up or offered anything that we were not already aware of.
What is most valuable?
It has a very detailed interface - almost too detailed. It was pretty as far as the granularity of what you were getting out of it.
The solution is very detailed. It has lots of fancy graphics that don't necessarily lead to a good outcome regarding knowing what's going on.
What needs improvement?
The only problem with these kinds of demos is that unless something actually goes wrong or you have something in the data center already; you don't see any difference. However, no news is good news.
The price point for the product was too high for what our possible use case could be. The demo might have gone more favorably in their direction if something had actually occurred during the demo. However, nothing did, and management decided that it was not worth the very high price.
The interface didn't really give you a whole bunch of insight into actually what was going on.
They did have some AI that they claimed could tell if traffic was malicious or what the intent of the traffic was. We never got to see that actually do anything. They identified some traffic. They said it was malicious. However, it turns out it was a known traffic that we had occurring, and it wasn't malicious. So there were a few missteps that way.
The UI is too dark.
We ultimately didn't find any value in the product.
For how long have I used the solution?
We did a demo for two or three months. We did not use the solution for a very long time.
What do I think about the scalability of the solution?
In terms of scalability, you would need a separate device for every location. For our particular hospital, we actually have three or four main facilities, or what we would consider main facilities. You'd actually need to have a physical box for every deployment in order for traffic to be efficiently detected. They did say that we could route the traffic from the site through the box. However, essentially, that would be doubling the traffic load, which didn't really seem like it was a wise decision. As far as scalability, the box that we had was very capable of handling the traffic load that we were producing. I would say we are probably using maybe ten percent of it at the most at peak levels.
How are customer service and support?
We had some interactions with them during setup and during the demo. They were fine.
How would you rate customer service and support?
Neutral
How was the initial setup?
The initial setup depends on the network. We had a mature infrastructure which made it a bit more challenging.
It took us a few hours to set everything up and make sure it was capturing everything it needed to.
If you had a straightforward Cisco environment where you could easily forward traffic and CDP needed, it would be pretty easy.
What's my experience with pricing, setup cost, and licensing?
I'd rate the pricing two or three out of ten. It is pretty expensive. For us, it just wasn't worth it.
What other advice do I have?
We are customers and end-users.
I'd rate the solution five out of ten. It's an interesting maturing market. They do have potential, however, they do need to work a fair bit on their AI models and their interface.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Security Manager at Yarix S.r.l.
Simple to set up with an excellent Enterprise Immune System and Cyber AI Analyst
Pros and Cons
- "The initial setup is simple."
- "There aren't so many third-party vendor platforms natively integrated with the platform."
What is our primary use case?
We primarily use the solution for network traffic analysis, to identify potential threats running on our customers' ICP environment, and to generate alerts to our SOC.
What is most valuable?
The Enterprise Immune System, Cyber Artificial Intelligence Analyst, and Antigena technology are all very useful aspects of the product.
The solution is quite stable.
The scalability is great.
The initial setup is simple.
What needs improvement?
It can always improve here and there, however, in general, it's already quite complete.
The solution could have better integration capabilities. There aren't so many third-party vendor platforms natively integrated with the platform.
They need a better-automated response setup.
For how long have I used the solution?
I've been using the solution for a few years at this point.
What do I think about the stability of the solution?
The solution is stable. There are no bugs or glitches. it doesn't crash or freeze. It's reliable.
What do I think about the scalability of the solution?
I've found the solution's scalability to be very good. It can scale from one endpoint to many thousands of endpoints. We have a lot of implementations that are quite sizable for our customers.
We have 20 to 30 clients on the solution at this time.
How are customer service and support?
Technical support is fine. That said, we are very skilled and therefore we don't require the help of technical support all that often.
How was the initial setup?
We find the implementation process to be quite painless. We only had to identify the right place in which put the appliances, and then they start learning.
We were able to deploy same day. it's a pretty fast process.
We have a team dedicated to the delivery that manages Darktrace and other technical solutions and they are in charge of implementation in the customers' ICP environment. More or less, we have more than ten people handling this.
What about the implementation team?
We are capable of handling implementations for our clients.
What's my experience with pricing, setup cost, and licensing?
Our clients pay a yearly licensing fee. I can't speak to the exact costs involved. We have a variety of clients who have licenses with Darktrace.
What other advice do I have?
We are partners of Darktrace.
We utilize both cloud and on-premises deployments.
I would recommend the solution to other companies and clients.
I'd rate the product at a ten out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
Download our free Darktrace Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Product Categories
Extended Detection and Response (XDR) Email Security Intrusion Detection and Prevention Software (IDPS) Network Traffic Analysis (NTA) Network Detection and Response (NDR) AI-Powered Chatbots Cloud Security Posture Management (CSPM) Cloud-Native Application Protection Platforms (CNAPP) Attack Surface Management (ASM) AI-Powered Cybersecurity PlatformsPopular Comparisons
CrowdStrike Falcon
Wazuh
SentinelOne Singularity Complete
Cortex XDR by Palo Alto Networks
Vectra AI
Trend Vision One
Cynet
Rapid7 InsightIDR
NetWitness NDR
Stellar Cyber Open XDR
Fidelis Elevate
Adlumin Cybersecurity
LogRhythm UEBA
Secureworks Taegis XDR
Buyer's Guide
Download our free Darktrace Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- I'm building a next-gen AI powered threat intelligence platform. What's missing from existing solutions?
- Which is better - SentinelOne or Darktrace?
- What are the pros and cons of Darktrace vs CrowdStrike Falcon vs alternative EPP solutions?
- Which alternative solutions (other than Darktrace) do you recommend for an SMB?
- How does Crowdstrike Falcon compare with Darktrace?
- What is the best EDR or XDR product for a company with 9000 employees?
- When evaluating Extended Detection and Response (XDR), what aspect do you think is the most important to look for?
- How do you decide about the alert severity in your Security Operations Center (SOC)?
- Which is better for Endpoint Security: EDR or XDR solutions?
- What are the main differences between XDR and SIEM?