I'm a customer data security manager and we are looking at replacing our current solution, McAfee, with something like Darktrace or CrowdStrike which will provide the same visibility with the endpoint protection aspect.
Data Security Manager at Leeds United FC
Has the ability to see events and have access to exactly what traffic or website a device had tried connecting to
Pros and Cons
- "Ability to see events and exactly what traffic or website the device had tried to connect to that raised the alert or issue."
- "The product doesn't have an endpoint agent that can react to triggers set on the device,"
What is our primary use case?
What is most valuable?
The Ability to drill right down into an event that has been identified as something of interest so that you can be assured if it is a valid event and therefore not suffer from loads of false positives. Once that initial assurance and confidence was there, you could easily rely on the dashboard and minimise the risk of constantly drilling into each and every event but pick the ones with most risk.
What needs improvement?
The product is automated to a certain degree, but I think this could be improved. I'm looking for a way of being able to react to threats that are detected based on risk. Aside from that, there is nothing really that they could improve on, it's a product more suited to organizations with an SOC, security operations center, or a company with an IT team of network security members because it relies on constantly monitoring it to see information based on the risks of events.
In our case, we have a small IT team, which means that a large amount of time would have been spent drilling into it. If something did happen on the network, we'd ideally be responding to it reactively instead of proactively. Some of the other products we tested did that so that if something was detected, it would block that device by means of an endpoint, which halts the process and gives you time to check it out. Darktrace would tell you, for example, if there was a ransomware attack, but it wouldn't stop the attack. Other products would identify it as a ransomware attack and stop the network card on the endpoint, giving time to react to the alert, and proceed to cleanse or investigate the machine that's had a problem. That was our issue with Darktrace.
The only reason that it looks like we are going down a different route is because of the endpoint protection issue. The product doesn't have an endpoint agent that can react to outcomes or triggers that are set on the device, otherwise, it would be great.
For how long have I used the solution?
We tested the solution for one month.
Buyer's Guide
Darktrace
November 2024
Learn what your peers think about Darktrace. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.
What do I think about the stability of the solution?
Stability is fine, we had no issues with it whatsoever.
What do I think about the scalability of the solution?
We didn't need to scale the solution, but you could scale it without any issue. The only thing that I think you had to keep an eye on was network traffic through your switches because effectively, you're capturing all the traffic on your network on a port that goes to this device.
How are customer service and support?
The support was fantastic, really good. We were in touch with the guy who I believe was the accounts manager.
How was the initial setup?
Initial setup was easy. We just had to configure a switch port into what's called promiscuous mode and then plug in the device and give it an IP address and leave it. We deployed with our own technical team. It took a day to setup, maybe even less than that. Once installed they activated the license on it. We left it at baseline to look at the network for a week. It just looked at existing traffic and worked out what was typical traffic and what was interesting traffic.
What's my experience with pricing, setup cost, and licensing?
For out of the box it is licensed per device or node that it connects to. I think for services there were some additional licensing fees.
Which other solutions did I evaluate?
We evaluated other options and Darktrace had really good dashboards and graphics, but other devices like CrowdStrike, for example, had the endpoint protection we're looking for as well as the features that Darktrace has. The difference is in functionality.
What other advice do I have?
I would suggest to anyone considering this option to identify if this is going to be a monitoring tool to supplement an existing system or if this is going to be another product in your existing security suite of tools.
I would rate this product an eight out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Head of Security at DFCC
Strong cyber-security solution but it has too many false positives
Pros and Cons
- "Its most valuable feature is its ability to identify malicious connected IPs from outside and the attacks that get through to the inside."
- "Darktrace needs to automate the reports of false positives, botnets and everything."
What is our primary use case?
Generally, we use Darktrace for behavioral analytics. We use it in the inner-network and the outside network for malicious connectivity. Darktrace gives us support with networks. We follow all the notifications and sometimes we block malicious IPs from the firewall.
What is most valuable?
Its most valuable feature is its ability to identify malicious connected IPs from outside and the attacks that get through to the inside.
What needs improvement?
Darktrace needs to simplify most of the positive reports. We have to field all the positive reports, false positives, too. Sometimes we need to check false positives manually. We have to filter false positives. After that, we configure it again. Then, we want to analyze these false positives. That's the main thing. If we are assessing features, this should be easier to handle.
Darktrace needs to automate the reports of false positives, botnets, and everything.
So far, I think the solution is good. Not excellent, good.
For how long have I used the solution?
I'm using Darktrace about two years.
What do I think about the stability of the solution?
The stability of the solution is fine.
What do I think about the scalability of the solution?
In terms of scalability, it is ok.
It's a behavioral analysis solution, so we are not actively using it. We analyze all the user traffic from the Darktrace. That's the main thing.
There are about 3,000 users. All the 3,000 user traffic is going through Darktrace.
We don't do the maintenance for Darktrace. My vendor is maintaining it since we got the product from them.
We are analyzing attempts to connect to them. After that, if you want reports, they provide them. We have a service and everything with the vendor. Then, if we have any requirements, they do it for us. The solution is working all day and my team is analyzing two hours for that.
How are customer service and technical support?
In terms of technical support, if you raise some complaints, they tend to everything with user traffic within three or four hours. They provide the solution then we implement it.
Which solution did I use previously and why did I switch?
Before using Darktrace I was using FireEye, but I switched because FireEye is very expensive and they do the same thing. It provides the same thing, except that DarkTrace has a different solution for the firewall, email filtering and everything else, and Darktrace is doing everything in a single box.
How was the initial setup?
The initial setup is simple. It only takes three or four days. But we need to identify one to three traffic behavioral analysis, after that we can find the lead.
What about the implementation team?
My team handled the deployment. They did everything. After that, they give me a report, which I then go through.
What's my experience with pricing, setup cost, and licensing?
We are doing a monthly cost-basis. It's about 500,000 NKR because we are the first to implement it in Sri Lanka. We worked out direct pricing from Darktrace UK. After that, we selected a vendor in Sri Lanka. But the thing is, we are the first implementation here. I think they are actually undercharging and giving us the solution first because they want a reference from us since we are a bank in Sri Lanka. That's why they are doing it like that.
There are no additional costs besides the license, except the 15% rate to the Sri Lanka government.
What other advice do I have?
Based on our experience with DarkTrace, I would advise that if they are comparing prices, ROI and everything, I think Darktrace is better than FireEye.
On a scale of 1 to 10 I can rate it a 6. I give it a 6 because it's been a year learning everything, and technology, attacks and patents are changing everyday.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Darktrace
November 2024
Learn what your peers think about Darktrace. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
816,406 professionals have used our research since 2012.
Group CISO/CTO at Gulf Based Private Conglermate
Improved our monitoring capabilities and has a good graphical user interface
Pros and Cons
- "The most valuable feature is the alerts. The alerts are meaningful. The event rolls up into meaningful and actionable alerts rather than just being noise."
- "I would like for the product to work on the endpoints as well. I would like to see enhanced visibility into the endpoints and network but this solution only sits on the network itself."
How has it helped my organization?
It has improved our monitoring capabilities.
What is most valuable?
The most valuable feature is the alerts. The alerts are meaningful. The event rolls up into meaningful and actionable alerts rather than just being noise.
What needs improvement?
The products is designed to monitor traffic sent and received via the corporate egress /network points.
I would be interested to see further integration or development of a capability to obtain visibility of mobile devices such as Laptops and Mobiles, which operate outside of the network and may communicate specifically when off the corporate network.
For how long have I used the solution?
We have done pilots with this solution and have used it for around three months.
What do I think about the stability of the solution?
The stability isn't good but I like the product. It's a good product but we need to look into other similar products that operate in the same zone: user behavior analysis and user detection. We need it to be good in comparison.
What do I think about the scalability of the solution?
We currently have an inner network. We don't have a full-scale deployment. It is on network segment where there are around 5,000 users. The full company would be around 9,000 users if we deployed it across all the subsidiaries.
How are customer service and technical support?
Their technical support is good.
Which solution did I use previously and why did I switch?
This is the first solution of this type that we've used. During the initial three month trial, we saw a lot of stuff from the product that we were unable to see through the conventional tooling technologies that we had in place.
How was the initial setup?
The setup was straightforward. It was a matter of hours. It took around two to three hours.
What other advice do I have?
My advice to someone considering this solution is to install it, conduct a pilot, and see. You need to see how easy it is to implement and you need to add it to install. You need to see what kinds of results it provides and compare it to your existing tool kit. The product demonstrates its actual capabilities when it's actually working. It's difficult to comprehend what it can actually do but it does give you an added level of visibility.
It has good capabilities. I would rate it an eight out of ten.
Cross-correlation with the endpoint based activities would be useful, like the ability to look at the deep supervised learning engine of the artificial intelligence unit and being able to take input data from the endpoints in order to apply the rules. It works on supervised learning and rules but I would like to be able to do things on different feeds as well.
It has a very good graphical user interface. The ability to get a console on the mobile phone and being able to respond and do basic incident response capabilities remotely is also a good feature.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Manager, Information Security at a manufacturing company with 1,001-5,000 employees
A hybrid quality solution for email, network and cloud security
What is our primary use case?
We use the solution for email, network and cloud security.
What is most valuable?
The network security and AR response are the main things.
What needs improvement?
The product is expensive, but it is a very good product. The user interface is also good.
For how long have I used the solution?
I have been using Darktrace for two years.
What do I think about the stability of the solution?
The product is stable.
I rate the solution’s stability a nine out of ten.
What do I think about the scalability of the solution?
The solution’s scalability is pretty straightforward. We’ve around 3500 users using this solution.
I rate the solution’s scalability an eight out of ten.
How are customer service and support?
I contact technical support on occasion and ask questions, and they are responsive. I can get them on call or email. I’m very happy with the support.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup was quick and painless.
What's my experience with pricing, setup cost, and licensing?
The product is very expensive.
What other advice do I have?
The product is expensive, but it is a quality product. If you look apart from the cost, it's a good product followed by very good support. If you're willing to spend the money, it is worth consideration.
Overall, I rate the solution an eight out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Customer Solution Manager at a tech services company with 51-200 employees
Beneficial artificial intelligence module, high quality support, and powerful
Pros and Cons
- "The most valuable feature of Darktrace and the most valuable feature is the artificial intelligence module because that is the tool that determines automatically if there is any risk or not in the network."
- "The module can improve so that every time it's more intelligent."
What is our primary use case?
Darktrace just scans the entire network and documentation. We then automatically evaluate which behaviors are normal and which are not normal. You can determine what possible risks are in the network.
What is most valuable?
The most valuable feature of Darktrace and the most valuable feature is the artificial intelligence module because that is the tool that determines automatically if there is any risk or not in the network.
You don't need a human operator to be involved. The tool can operate by itself... By itself. That's the best and the most important feature because that reduces the amount of time that a person needs to spend on the tool.
The solution is powerful and very useful, it has the ability to avert many attacks.
The tool does almost 95 percent of the work and you only need to run some features to obtain reports.
What needs improvement?
The module can improve so that every time it's more intelligent.
For how long have I used the solution?
I have been using Darktrace for approximately three years.
What do I think about the stability of the solution?
The stability of Darktrace is good.
What do I think about the scalability of the solution?
Darktrace is a scalable solution.
How are customer service and support?
The support from Darktrace is very good, it is perfect.
How was the initial setup?
Darktrace is installed in an appliance and that appliance is installed in the network.
What about the implementation team?
We have one engineer that does the maintenance of Darktrace. They do the implementation and scanning of the network.
The solution does not require a lot of maintenance, it does most of the operations automatically.
We provide technical services.
What's my experience with pricing, setup cost, and licensing?
The cost of the solution is expensive for smaller businesses. They will not be able to afford it or might not need this type of security solution.
The license is by device, if you have 1,000 devices, then the cost is going to be high.
What other advice do I have?
My advice to others is for them to try to determine what are their costs in security. Then they can determine the benefit of Darktrace. They need to first acknowledge what their costs are and then they can start pricing what solution would be best.
I rate Darktrace a ten out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
System Administrator at Finlays
Reasonably prices, stable, and straightforward to set up
Pros and Cons
- "The ability to detect activity on the network is very useful to us. Even if it's not necessarily an illegal activity, if it is abnormal activity, it is able to detect it and notify us."
- "The solution could be easier to use."
What is our primary use case?
We are primarily using the solution for network monitoring as well as cybersecurity.
What is most valuable?
The ability to detect activity on the network is very useful to us. Even if it's not necessarily an illegal activity, if it is abnormal activity, it is able to detect it and notify us.
The solution is stable.
The product scales well within a network.
The initial setup is pretty simple.
The solution isn't too expensive.
What needs improvement?
The solution could be easier to use.
The user interface is a bit too detailed. They should work to pare it down and simplify it. They seemed to have designed it for an expert user and not a layman. If there are some system administrators who are not experts and they just want to just get sensors reports and escalate, it should be easier for them to do so.
For how long have I used the solution?
I've been using the solution for three years at this point.
What do I think about the stability of the solution?
The solution is very stable. As far as we've been using it, we've not had any major issues. It doesn't crash or freeze. There are no bugs or glitches. It's reliable.
What do I think about the scalability of the solution?
The solution is scalable within the network. If a company needs to expand it, it can do so.
For our particular office, we have around 100 users.
I cannot say if we will increase usage. We have many offices and decisions in relation to usage increases would come from our UK office.
How are customer service and technical support?
Technical support is great. They are very responsive and helpful. We are very satisfied with the level of support they provide to us.
Which solution did I use previously and why did I switch?
We did not previously use a different solution. For cybersecurity, this is our first product. We were using the traditional endpoint protection as well, and we still do. For that, we use Sophos.
How was the initial setup?
The installation was straightforward, from what I understand. I didn't actually handle ht process. That was done by a consultant.
The deployment was fast. In less than an hour, everything was up and running.
I handle the maintenance myself.
What about the implementation team?
We had a consultant that assisted us with the implementation. They made the process very easy.
What's my experience with pricing, setup cost, and licensing?
We typically do yearly or three-year licensing, however, I can't speak to the exact costs or arrangements.
It's not too expensive. The price is good for what it offers.
What other advice do I have?
We're just a customer and an end-user.
Overall, I'd rate the solution at an eight out of ten. We've mostly been quite happy with the product.
I'd recommend it to other users and organizations.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Director Of Information Technology at a computer software company with 501-1,000 employees
Intuitive, has excellent technical support, and has good visibility
Pros and Cons
- "The active threat dashboard is the most valuable feature of this solution."
- "I believe their network monitoring device licensing module could use some improvement."
What is our primary use case?
Darktrace is a cybersecurity solution that is essentially an AI-driven ecosystem. Call it network monitoring with telemetry SaaS cloud connections.
How has it helped my organization?
It provides a comprehensive cybersecurity solution that monitors my cloud accounts as well as my local network. It monitors local network traffic, VPN's and it connects to my firewalls, allowing me to see what's going on in my environment. I have visibility into pretty much everything that's going on now.
What is most valuable?
The active threat dashboard is the most valuable feature of this solution.
What needs improvement?
The licensing model has room for improvement. The license by IP rather than node or device, even if it's a single Mac address. If I have three people who are constantly in three different locations, they want to charge you three licenses. My only criticism of the product is that its licensing model isn't flexible.
I would like to see a Darktrace EDR client, a true EDR client that integrates into it, and not a third-party EDR.
For how long have I used the solution?
I have been working with Darktrace for six months.
We are working with the most recent version.
What do I think about the stability of the solution?
Darktrace is very stable. It's very reliable.
What do I think about the scalability of the solution?
Darktrace is a very scalable solution.
We have 650 users in our organization.
It's extensively used.
How are customer service and support?
I give them five stars from the sale cycle to the support cycle.
Which solution did I use previously and why did I switch?
I considered other options, but this is the one I chose, because of the flexibility and the ease of use.
How was the initial setup?
The initial set is very simple and intuitive. With the instructions provided, it took about 10 minutes to set up.
It requires no maintenance. It is managed by Darktrace, they push down the updates. I don't have to do anything with it.
What's my experience with pricing, setup cost, and licensing?
I think it's mostly the licensing on the network monitoring piece that I don't like. All of the other modules, such as the licensing modules, are on par. It's one for one.
Which other solutions did I evaluate?
I evaluated Endpoint protection solutions, such as CrowdStrike Falcon, Darktrace, and SentinelOne. We decided on Darktrace.
What other advice do I have?
I'm a partner with Darktrace.
I would advise them to engage with their sales team and their sales engineering team to make sure they understand the license model.
It's very intuitive. It's a fantastic product, and the only reason they don't get a 10 is because of their licensing. I believe their network monitoring device licensing module could use some improvement.
I would rate Darktrace an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Parnter
Consultant at a computer software company with 5,001-10,000 employees
Descriptive GUI, stable, and easy to understand for new users
Pros and Cons
- "I have used multiple solutions, but its graphical user interface is quite interesting and quite descriptive. There are a lot of video animations, and we can easily see how the data is transferred between various points. That's something really interesting. It is also quite easy to understand for a new user."
- "Its documentation is not up to the mark. At times, I have a lot of trouble finding a solution. Even when I posted questions on the community chats, it took a lot of time for me to get answers. That's something that can be improved. Darktrace can focus on creating a more interactive community. If there are more people from Darktrace to focus on community chats, it would be better."
What is most valuable?
I have used multiple solutions, but its graphical user interface is quite interesting and quite descriptive. There are a lot of video animations, and we can easily see how the data is transferred between various points. That's something really interesting. It is also quite easy to understand for a new user.
What needs improvement?
Its documentation is not up to the mark. At times, I have a lot of trouble finding a solution. Even when I posted questions on the community chats, it took a lot of time for me to get answers. That's something that can be improved. Darktrace can focus on creating a more interactive community. If there are more people from Darktrace to focus on community chats, it would be better.
For how long have I used the solution?
It has been close to two months, and I am probably using the latest version.
What do I think about the stability of the solution?
It is definitely stable.
What do I think about the scalability of the solution?
So far, we haven't had any problems. It is definitely scalable.
We don't have more than 12 people who use this solution.
How are customer service and support?
I never had any technical support problems. It is up to the mark.
Which solution did I use previously and why did I switch?
I have worked with Elastic SIEM and QRadar. Elastic SIEM is entirely different, so there is no one-to-one comparison. It is like comparing apples with oranges, but overall, Darktrace is quite interesting. A new user can easily learn it without much help.
How was the initial setup?
I never did any setup. I'm just an end-user.
What other advice do I have?
My advice is to always go for a PoC before implementing Darktrace. That's because Darktrace can get a lot of personally-identified information, which may not be a good thing for some companies. So, before going for this technology, you should do a PoC, and once everything is compliant with the rules and regulations of the company, you can go for it.
I would rate it an eight out of 10.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Darktrace Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Product Categories
Extended Detection and Response (XDR) Email Security Intrusion Detection and Prevention Software (IDPS) Network Traffic Analysis (NTA) Network Detection and Response (NDR) AI-Powered Chatbots Cloud Security Posture Management (CSPM) Cloud-Native Application Protection Platforms (CNAPP) Attack Surface Management (ASM) AI-Powered Cybersecurity PlatformsPopular Comparisons
CrowdStrike Falcon
Wazuh
SentinelOne Singularity Complete
Cortex XDR by Palo Alto Networks
Vectra AI
Trend Vision One
Cynet
Rapid7 InsightIDR
NetWitness NDR
Stellar Cyber Open XDR
Fidelis Elevate
LogRhythm UEBA
Adlumin Cybersecurity
Bitdefender GravityZone Extended Detection and Response (XDR)
Buyer's Guide
Download our free Darktrace Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- I'm building a next-gen AI powered threat intelligence platform. What's missing from existing solutions?
- Which is better - SentinelOne or Darktrace?
- What are the pros and cons of Darktrace vs CrowdStrike Falcon vs alternative EPP solutions?
- Which alternative solutions (other than Darktrace) do you recommend for an SMB?
- How does Crowdstrike Falcon compare with Darktrace?
- What is the best EDR or XDR product for a company with 9000 employees?
- When evaluating Extended Detection and Response (XDR), what aspect do you think is the most important to look for?
- How do you decide about the alert severity in your Security Operations Center (SOC)?
- Which is better for Endpoint Security: EDR or XDR solutions?
- What are the main differences between XDR and SIEM?