Darktrace Reviews

Darktrace is used for lateral entry investigations, lateral movement investigations, behavioral anomalies from end users, and endpoint detection.

Darktrace has helped our organization by troubleshooting a few issues that were happening in the environment. It was able to see the traffic between the two network components.

Darktrace's most valuable features are that it understands the network environment and is able to trace the traffic and alert on anomalies.

I did not use the AI features because they should make it more user-friendly which would be a benefit. Additionally, the solution could integrate with more SIEM or SOAR tools.

I have been using Darktrace for approximately two and a have years.

Darktrace is stable. We had it set up to where it was redundant. If one sensor went offline, we had another sensor that was constantly monitoring, and it worked well for us.

The scalability of Darktrace was very good.

We had a license for five users, but we had two that were working on it on a daily basis.

We used Darktrace's technical support to help with the setup and with implementation.

I rate the support from Darktrace a four out of five.

Positive

I did not use a similar solution prior to Darktrace.

The initial setup of Darktrace was straightforward, but we used professional services to do it.

We used professional services for the implementation of Darktrace.

We received a return on investment using Darktrace.

We evaluated other solutions prior to using Darktrace.

My advice to others is they have to understand that the solution is looking for behavioral anomalies, and it is going to take tuning to achieve this. It's not a set-it-and-forget-it solution. You have to monitor, update, and optimize it for your environment.

I rate Darktrace an eight out of ten.

The solution automatically monitors everything on the network to prevent anti-phishing by monitoring, responding, and restoring the system. It prevents data excavation.

The most valuable feature is that it works autonomously. So you only need to look at the exceptions.

The solution can improve the reporting. Currently, it only runs weekly and the reporting is complex. It is more of a network monitoring system, basically AI.

I have been using the solution for four years.

The solution is stable and solid.

The solution is scalable and designed to be enterprise-wide.

Previously we used Intercept X which is more at the virus level endpoint, but Darktrace is an overall network and phishing solution.

The initial setup did not appear complex.  

The implementation was completed by a vendor technician. The setup was simple and took a couple of hours.

The solution is about $6,000 per quarter.

I give the solution ten out of ten.

Our organization has about 50 nodes and there is no maintenance involved because it is self-maintaining. I recommend the solution, it is better than SIM.

We mostly use it for investigating cases. It is deployed on-premises. We have some new projects for this year to extend Darktrace to the cloud.

It is a stable solution.

It can have more integration with orchestration or event management solutions. They can provide more knowledge or research information for analysts for investigating cases and detecting anomalies in networks. 

I have been using this solution for a year. 

It is a stable solution. We don't have any problems with that.

It has got good scalability, but you need to buy many appliances to scale it. We have ten users of this solution from the incident response team.

We don't directly raise tickets with Darktrace. We use a local partner for support.

We didn't use any other solution previously. We are trying to introduce ExtraHop. The main difference is the capacity and the ability to see encrypted traffic.

It is not a complex setup, but it requires a lot of time. It took two or three months the first time, but it was a very smart installation.

We have a partner.

It is expensive. I don't have the price for other competitors.

I would recommend this solution. You need to have a good plan for its initial installation. It requires a lot of work in the network.

I would rate Darktrace an eight out of ten.

I'm a customer data security manager and we are looking at replacing our current solution, McAfee, with something like Darktrace or CrowdStrike which will provide the same visibility with the endpoint protection aspect. 

The Ability to drill right down into an event that has been identified as something of interest so that you can be assured if it is a valid event and therefore not suffer from loads of false positives. Once that initial assurance and confidence was there, you could easily rely on the dashboard and minimise the risk of constantly drilling into each and every event but pick the ones with most risk.

The product is automated to a certain degree, but I think this could be improved. I'm looking for a way of being able to react to threats that are detected based on risk. Aside from that, there is nothing really that they could improve on, it's a product more suited to organizations with an SOC, security operations center, or a company with an IT team of network security members because it relies on constantly monitoring it to see information based on the risks of events.

In our case, we have a small IT team, which means that a large amount of time would have been spent drilling into it. If something did happen on the network, we'd ideally be responding to it reactively instead of proactively. Some of the other products we tested did that so that if something was detected, it would block that device by means of an endpoint, which halts the process and gives you time to check it out. Darktrace would tell you, for example, if there was a ransomware attack, but it wouldn't stop the attack. Other products would identify it as a ransomware attack and stop the network card on the endpoint, giving time to react to the alert, and proceed to cleanse or investigate the machine that's had a problem. That was our issue with Darktrace.

The only reason that it looks like we are going down a different route is because of the endpoint protection issue. The product doesn't have an endpoint agent that can react to outcomes or triggers that are set on the device, otherwise, it would be great. 

We tested the solution for one month. 

Stability is fine, we had no issues with it whatsoever. 

We didn't need to scale the solution, but you could scale it without any issue. The only thing that I think you had to keep an eye on was network traffic through your switches because effectively, you're capturing all the traffic on your network on a port that goes to this device.

The support was fantastic, really good. We were in touch with the guy who I believe was the accounts manager.

Initial setup was easy. We just had to configure a switch port into what's called promiscuous mode and then plug in the device and give it an IP address and leave it. We deployed with our own technical team. It took a day to setup, maybe even less than that. Once installed they activated the license on it. We left it at baseline to look at the network for a week. It just looked at existing traffic and worked out what was typical traffic and what was interesting traffic.

For out of the box it is licensed per device or node that it connects to. I think for services there were some additional licensing fees. 

We evaluated other options and Darktrace had really good dashboards and graphics, but other devices like CrowdStrike, for example, had the endpoint protection we're looking for as well as the features that Darktrace has. The difference is in functionality.

I would suggest to anyone considering this option to identify if this is going to be a monitoring tool to supplement an existing system or if this is going to be another product in your existing security suite of tools.

I would rate this product an eight out of 10. 

We were testing the solution to see its network detection response capabilities. 

We had an okay experience with the product and didn't really have any issues. 

The Antigena feature is very useful.

It is stable. 

The product can scale. 

Support so far has been helpful and responsive. 

I don't have any specific issues with the solution. We are still in the early phase of analyzing the product.

The cost is a bit on the higher side. We'd like it to be less expensive. 

We were using the solution. In the past month, we stopped using it. We used it for three months.

We're just trying the solution. We had meetings. We were testing it. Nothing is finalized.

The solution is stable and reliable. There are no bugs or glitches. It doesn't crash or freeze. 

It is scalable. However, it varies on a case-by-case basis. 

We have four people working with the solution in our company right now. They are in the IT department. 

We did speak to technical support and found them to be very helpful and responsive. 

I did not handle the setup process. We had a vendor come in and set it up and handle the whole process. 

The vendor set the solution up with us. 

The cost is a little high.

We've budgeted about 50,000 Kuwaiti dinars for the solution. That is a yearly operating cost.

We're busy with some different projects and we wanted to evaluate different products as well on the same technology. We looked into, for example, Check Point EDR and options like Crowdstrike.

We're a potential end-user. We tested the solution. We just tried different scenarios to see what would suit us. We were testing it and will still go ahead with testing. The testing is not yet complete. We've put it on hold for now; however, we will still continue testing in the coming days.

I'd rate the solution eight out of ten.

I'd advise potential new users that they should definitely give it a try; however, the price is on the higher side. Darktrace has to consider lowering its price.

We use Darktrace to analyze our network traffic.

Darktrace is a good product, although it depends on how much time you put into it.

The models, triggers, and alerts are customizable.

The initial setup is more complex and time-consuming than some solutions.

I have been working with Darktrace for more than a year.

Darktrace is quite stable, but potentially expensive.

The vendor has different options for scaling. I use the appliance; they also offer a cloud service but I prefer the appliance. I put it between the router and the core switch and it picks up all of the traffic.

The technical support is better than Check Point. They respond more quickly.

I am currently using Darktrace and Vectra in addition to Check Point. I've been using all three and I find that Check Point is the one where I get the most information from. I will stop using Vectra this year but I will retain Darktrace, as long as they keep it at a certain price.

Darktrace requires a lot more configuration; unlike Check Point, there are a lot more changes that need to be made. In general, it's more sophisticated. As far as getting the settings and the configuration and the models that you want, it would help if you spent some time on that. We're a small team. It's beneficial to me and I can see that with more time and energy put into optimizing it and personalizing the unit, it can be much more powerful than the way I am using it now. That said, it's my secondary device. We're working on a lot of different projects, so I haven't assigned any of my guys to it yet. Ultimately, when it's fully integrated, it may end up being as useful as the Check Point.

The reason I keep all three is that they all give me a different kind of view. They all give me different information. If they gave the same information, it'd be useless to keep them.

With respect to similar security products, I have demoed CrowdStrike and worked with Symantec.

You have to customize it to the way you want, in order for it to work best for your environment. Definitely take time to train while you can during deployment.

Some things do work well, out of the box. However, this would be better suited for somebody that can take the time to configure it correctly during deployment.

Prior to negotiating, Darktrace offered their appliance and service for $80,000 per year.

I suggest negotiating either at the end of their fiscal year or at the end of every quarter. At the end of the quarter, they have an incentive to lower the prices to sell as many units as possible in order to meet their end-of-quarter quota.

My advice for anybody who is implementing Darktrace is that you definitely need to take your time. Sit down and understand how to use the model breach customization. They use models and if something hits that model, it triggers an alert.

I would rate this solution a six out of ten.

Normally, when we have a setup, and I log in with any guest, Darktrace blocks us from remotely logging in from within the office network. It ensures that we cannot remote log in anywhere. It is a security system that identifies hacking attempts. Darktrace also integrates with VirusTotal for verification. Additionally, we use the email protection feature.

Darktrace ensures that we do not have breaches on our systems, and it helps improve our security status before breaches can even reach our system.

The investigative part of Darktrace is valuable, especially the automation features. It allows setting up checks and provides guidance on mitigating situations, which is very useful. There are different modules that you can add to the console for protection.

The Darktrace Mobile app needs improvement as it's currently limited in functionality, and the learning AI takes a while to adapt to new devices, flagging new users as threats for up to a month before recognizing them as regular network users.

I have been using Darktrace for almost a year now.

Darktrace is very stable. I can reliably check logs and track what is happening within the system.

The scalability isn't a high priority for us as it mostly deals with system security. It provides necessary features for security enhancement whenever needed.

The support provided by Darktrace is very good. We had issues with Darktrace Mobile, and they assisted us with a solution, even allowing us to test new features.

Positive

I joined the current company after Darktrace was already in use, so I do not have information on previous solutions.

The initial setup can be rated as a seven out of ten because it involves going into the console and ensuring that the network settings are correctly configured.

Two people are enough for deployment, provided they know the network settings and configurations.

By using Darktrace alongside Mimecast, it has helped improve our security posture by preventing breaches before they reach our system.

I do not have any experience regarding the pricing or setup costs as it was managed by the company administration.

I did not have any information on other solutions evaluated prior to Darktrace as they were in use before I joined the company.

Darktrace is a good product to invest in if you can afford it. It provides excellent security features.

I'd rate the solution eight out of ten.

The product is a type of intrusion detection and prevention software. It is for network traffic monitoring.

We are able to detect a lot of things, actually, and see what is happening in our network.

It offers good protection.

The deployment is quick. 

It's good as a solution, however, for me, it's quite complicated. They've got a lot of features there. You need a lot of time to learn it.

It's quite expensive to have.

I've used the solution for around a year.

The core is stable. There are no bugs or glitches and it doesn't crash or freeze. 

It's not high on scalability, in the box itself. You don't need scalability to scale out the server like that. 

There is one that is able to monitor the entire network. Our entire IT department is on the product. We have a three-person technical team. We may expand usage later this year. 

Technical support is quite good. Every quarter, they will contact us for a meeting, however, any issue actually is reported online and their response is quite fast.

The deployment was very fast. They just put the appliance in and connect our call switch and do everything else that is needed. It's all very fast.

We used the SI to help us with the implementation. 

The pricing is expensive. It costs over $100,000 a year. There are no additional costs beyond the price of the license. 

I'm currently exploring other solutions as a comparison. We are looking for Sangfor Cyber Command.

We're a customer and end-user.

It's my understanding that we are on version five.

I'd advise users that it's a good solution, however, they need to be prepared for a large learning curve. 

I'd rate the solution eight out of ten.