Darktrace Reviews

We were testing the solution to see its network detection response capabilities. 

We had an okay experience with the product and didn't really have any issues. 

The Antigena feature is very useful.

It is stable. 

The product can scale. 

Support so far has been helpful and responsive. 

I don't have any specific issues with the solution. We are still in the early phase of analyzing the product.

The cost is a bit on the higher side. We'd like it to be less expensive. 

We were using the solution. In the past month, we stopped using it. We used it for three months.

We're just trying the solution. We had meetings. We were testing it. Nothing is finalized.

The solution is stable and reliable. There are no bugs or glitches. It doesn't crash or freeze. 

It is scalable. However, it varies on a case-by-case basis. 

We have four people working with the solution in our company right now. They are in the IT department. 

We did speak to technical support and found them to be very helpful and responsive. 

I did not handle the setup process. We had a vendor come in and set it up and handle the whole process. 

The vendor set the solution up with us. 

The cost is a little high.

We've budgeted about 50,000 Kuwaiti dinars for the solution. That is a yearly operating cost.

We're busy with some different projects and we wanted to evaluate different products as well on the same technology. We looked into, for example, Check Point EDR and options like Crowdstrike.

We're a potential end-user. We tested the solution. We just tried different scenarios to see what would suit us. We were testing it and will still go ahead with testing. The testing is not yet complete. We've put it on hold for now; however, we will still continue testing in the coming days.

I'd rate the solution eight out of ten.

I'd advise potential new users that they should definitely give it a try; however, the price is on the higher side. Darktrace has to consider lowering its price.

We use Darktrace to analyze our network traffic.

Darktrace is a good product, although it depends on how much time you put into it.

The models, triggers, and alerts are customizable.

The initial setup is more complex and time-consuming than some solutions.

I have been working with Darktrace for more than a year.

Darktrace is quite stable, but potentially expensive.

The vendor has different options for scaling. I use the appliance; they also offer a cloud service but I prefer the appliance. I put it between the router and the core switch and it picks up all of the traffic.

The technical support is better than Check Point. They respond more quickly.

I am currently using Darktrace and Vectra in addition to Check Point. I've been using all three and I find that Check Point is the one where I get the most information from. I will stop using Vectra this year but I will retain Darktrace, as long as they keep it at a certain price.

Darktrace requires a lot more configuration; unlike Check Point, there are a lot more changes that need to be made. In general, it's more sophisticated. As far as getting the settings and the configuration and the models that you want, it would help if you spent some time on that. We're a small team. It's beneficial to me and I can see that with more time and energy put into optimizing it and personalizing the unit, it can be much more powerful than the way I am using it now. That said, it's my secondary device. We're working on a lot of different projects, so I haven't assigned any of my guys to it yet. Ultimately, when it's fully integrated, it may end up being as useful as the Check Point.

The reason I keep all three is that they all give me a different kind of view. They all give me different information. If they gave the same information, it'd be useless to keep them.

With respect to similar security products, I have demoed CrowdStrike and worked with Symantec.

You have to customize it to the way you want, in order for it to work best for your environment. Definitely take time to train while you can during deployment.

Some things do work well, out of the box. However, this would be better suited for somebody that can take the time to configure it correctly during deployment.

Prior to negotiating, Darktrace offered their appliance and service for $80,000 per year.

I suggest negotiating either at the end of their fiscal year or at the end of every quarter. At the end of the quarter, they have an incentive to lower the prices to sell as many units as possible in order to meet their end-of-quarter quota.

My advice for anybody who is implementing Darktrace is that you definitely need to take your time. Sit down and understand how to use the model breach customization. They use models and if something hits that model, it triggers an alert.

I would rate this solution a six out of ten.

Darktrace is a cybersecurity solution that is essentially an AI-driven ecosystem. Call it network monitoring with telemetry SaaS cloud connections.

It provides a comprehensive cybersecurity solution that monitors my cloud accounts as well as my local network. It monitors local network traffic, VPN's and it connects to my firewalls, allowing me to see what's going on in my environment. I have visibility into pretty much everything that's going on now.

The active threat dashboard is the most valuable feature of this solution. 

The licensing model has room for improvement. The license by IP rather than node or device, even if it's a single Mac address. If I have three people who are constantly in three different locations, they want to charge you three licenses. My only criticism of the product is that its licensing model isn't flexible.

I would like to see a Darktrace EDR client, a true EDR client that integrates into it, and not a third-party EDR.

I have been working with Darktrace for six months. 

We are working with the most recent version.

Darktrace is very stable. It's very reliable.

Darktrace is a very scalable solution.

We have 650 users in our organization.

It's extensively used.

I give them five stars from the sale cycle to the support cycle.

I considered other options, but this is the one I chose, because of the flexibility and the ease of use.

The initial set is very simple and intuitive. With the instructions provided, it took about 10 minutes to set up.

It requires no maintenance. It is managed by Darktrace, they push down the updates. I don't have to do anything with it.

I think it's mostly the licensing on the network monitoring piece that I don't like. All of the other modules, such as the licensing modules, are on par. It's one for one.

I evaluated Endpoint protection solutions, such as CrowdStrike Falcon, Darktrace, and SentinelOne. We decided on Darktrace.

I'm a partner with Darktrace.

I would advise them to engage with their sales team and their sales engineering team to make sure they understand the license model.

It's very intuitive. It's a fantastic product, and the only reason they don't get a 10 is because of their licensing. I believe their network monitoring device licensing module could use some improvement.

I would rate Darktrace an eight out of ten.

Normally, when we have a setup, and I log in with any guest, Darktrace blocks us from remotely logging in from within the office network. It ensures that we cannot remote log in anywhere. It is a security system that identifies hacking attempts. Darktrace also integrates with VirusTotal for verification. Additionally, we use the email protection feature.

Darktrace ensures that we do not have breaches on our systems, and it helps improve our security status before breaches can even reach our system.

The investigative part of Darktrace is valuable, especially the automation features. It allows setting up checks and provides guidance on mitigating situations, which is very useful. There are different modules that you can add to the console for protection.

The Darktrace Mobile app needs improvement as it's currently limited in functionality, and the learning AI takes a while to adapt to new devices, flagging new users as threats for up to a month before recognizing them as regular network users.

I have been using Darktrace for almost a year now.

Darktrace is very stable. I can reliably check logs and track what is happening within the system.

The scalability isn't a high priority for us as it mostly deals with system security. It provides necessary features for security enhancement whenever needed.

The support provided by Darktrace is very good. We had issues with Darktrace Mobile, and they assisted us with a solution, even allowing us to test new features.

Positive

I joined the current company after Darktrace was already in use, so I do not have information on previous solutions.

The initial setup can be rated as a seven out of ten because it involves going into the console and ensuring that the network settings are correctly configured.

Two people are enough for deployment, provided they know the network settings and configurations.

By using Darktrace alongside Mimecast, it has helped improve our security posture by preventing breaches before they reach our system.

I do not have any experience regarding the pricing or setup costs as it was managed by the company administration.

I did not have any information on other solutions evaluated prior to Darktrace as they were in use before I joined the company.

Darktrace is a good product to invest in if you can afford it. It provides excellent security features.

I'd rate the solution eight out of ten.

We're part of our regional hospital group in Northwestern Ontario. One of our group members was using the DarkTrace product suite. It was brought forward that other hospitals within the group may want to try it. A couple of us did a demo, which basically involved getting the appliance installed in our data center and routing all the traffic through it. 

We basically had the product running for a company, however, it really didn't pop up or offered anything that we were not already aware of. 

It has a very detailed interface - almost too detailed. It was pretty as far as the granularity of what you were getting out of it. 

The solution is very detailed. It has lots of fancy graphics that don't necessarily lead to a good outcome regarding knowing what's going on.

The only problem with these kinds of demos is that unless something actually goes wrong or you have something in the data center already; you don't see any difference. However, no news is good news.

The price point for the product was too high for what our possible use case could be. The demo might have gone more favorably in their direction if something had actually occurred during the demo. However, nothing did, and management decided that it was not worth the very high price.

The interface didn't really give you a whole bunch of insight into actually what was going on.

They did have some AI that they claimed could tell if traffic was malicious or what the intent of the traffic was. We never got to see that actually do anything. They identified some traffic. They said it was malicious. However, it turns out it was a known traffic that we had occurring, and it wasn't malicious. So there were a few missteps that way.

The UI is too dark.

We ultimately didn't find any value in the product.

We did a demo for two or three months. We did not use the solution for a very long time. 

In terms of scalability, you would need a separate device for every location. For our particular hospital, we actually have three or four main facilities, or what we would consider main facilities. You'd actually need to have a physical box for every deployment in order for traffic to be efficiently detected. They did say that we could route the traffic from the site through the box. However, essentially, that would be doubling the traffic load, which didn't really seem like it was a wise decision. As far as scalability, the box that we had was very capable of handling the traffic load that we were producing. I would say we are probably using maybe ten percent of it at the most at peak levels.

We had some interactions with them during setup and during the demo. They were fine.

Neutral

The initial setup depends on the network. We had a mature infrastructure which made it a bit more challenging.

It took us a few hours to set everything up and make sure it was capturing everything it needed to. 

If you had a straightforward Cisco environment where you could easily forward traffic and CDP needed, it would be pretty easy. 

I'd rate the pricing two or three out of ten. It is pretty expensive. For us, it just wasn't worth it. 

We are customers and end-users. 

I'd rate the solution five out of ten. It's an interesting maturing market. They do have potential, however, they do need to work a fair bit on their AI models and their interface.

The product is a type of intrusion detection and prevention software. It is for network traffic monitoring.

We are able to detect a lot of things, actually, and see what is happening in our network.

It offers good protection.

The deployment is quick. 

It's good as a solution, however, for me, it's quite complicated. They've got a lot of features there. You need a lot of time to learn it.

It's quite expensive to have.

I've used the solution for around a year.

The core is stable. There are no bugs or glitches and it doesn't crash or freeze. 

It's not high on scalability, in the box itself. You don't need scalability to scale out the server like that. 

There is one that is able to monitor the entire network. Our entire IT department is on the product. We have a three-person technical team. We may expand usage later this year. 

Technical support is quite good. Every quarter, they will contact us for a meeting, however, any issue actually is reported online and their response is quite fast.

The deployment was very fast. They just put the appliance in and connect our call switch and do everything else that is needed. It's all very fast.

We used the SI to help us with the implementation. 

The pricing is expensive. It costs over $100,000 a year. There are no additional costs beyond the price of the license. 

I'm currently exploring other solutions as a comparison. We are looking for Sangfor Cyber Command.

We're a customer and end-user.

It's my understanding that we are on version five.

I'd advise users that it's a good solution, however, they need to be prepared for a large learning curve. 

I'd rate the solution eight out of ten.

I'm currently heading cybersecurity for 1,500 entities. Some of them have deployed Vectra, and some of them have deployed Darktrace. Darktrace has been in the UK market for a while, whereas Vectra is a not-so-old player in the UK market.

We are using the latest version of Darktrace but not their latest offering. They are now also providing email security over the Darktrace platform, but we have not been utilizing that. We have been utilizing their network detection and response and some part of automated incident response (IR) capability.

We have a hybrid infrastructure. Some centers are deployed in the cloud, and some centers are deployed on-prem. The management platform is currently on-prem, but the plan is to move it to SaaS.

In terms of features, the data or information they collect and unsupervised machine learning are very valuable. Its unsupervised machine learning has reduced our team's effort. Both Darktrace and Vectra work on unsupervised machine learning that learns the behavior or develops a profile on its own, which allows our security team to do some other tasks rather than spending time on Darktrace or Vectra. 

Because of unsupervised machine learning, its detection capability is quite good. Along with that, if we utilize the integration feature properly, the automated incident response capability of Darktrace is quite useful.

In terms of improvements, fine-tuning is the area where we have to spend some time because it works on unsupervised machine learning. It would be good if they can improve their algorithm or technical functionality to reduce the fine-tuning effort. 

They can also come up with something at the endpoint level. So far, Darktrace has been a network detection response (NDR) solution. It does not offer much at the endpoint level or on user-client devices or servers. There should be more visibility at the endpoint level. It would be good to have the detection and response at the endpoint level by Darktrace.

It should also have integration with an agile environment so that we can have continuous development and continuous integration in the application development environment. This is currently not there. It should also have internet-facing platform visibility, which is currently missing. 

They also need to improve the reporting and management dashboards. Currently, these are not so easy for a non-technical person. All these features would make Darktrace much better, and they would also be helpful in selling more solutions.

I have been using this solution for maybe six or seven years. At my previous workplace, we were one of the early adopters of Darktrace's unsupervised machine learning technology.

Its stability is fine. We are utilizing a mix of their deployment capability. We have appliance-based and sensor-based deployments. Performance-wise, sensor-based ones are slower than appliance-based ones. An appliance also has dedicated hardware.

In terms of scalability, it is fine. We have deployed Darktrace for around 7,000 to 8,000 users for one part of an entity, and it has been working fine. I don't see any issue in terms of its scalability. 

Currently, it has around 7,000 to 8,000 users, but it is getting extended. We are in the process of extending the Darktrace capability to other entities. We are talking about 1,500 entities and 120,000 users in different dispersed and segregated environments. 

They've been quite okay in their responses. This solution is definitely complex, so sometimes we don't get the expected level of information or answer straight away, but they have been okay in responding and following up. I would rate them a seven out of ten.

From the initial deployment perspective, it was quite straightforward. We just need to make some configuration changes and then Darktrace works on spanning. It gets a copy of all the data from the network, and it starts building the profile. It has a pretty straightforward deployment.

I would rate Darktrace a seven out of ten. It is a good solution, but it requires some improvements. 

We are primarily using the solution for network monitoring as well as cybersecurity.

The ability to detect activity on the network is very useful to us. Even if it's not necessarily an illegal activity, if it is abnormal activity, it is able to detect it and notify us.

The solution is stable.

The product scales well within a network.

The initial setup is pretty simple.

The solution isn't too expensive.

The solution could be easier to use.

The user interface is a bit too detailed. They should work to pare it down and simplify it. They seemed to have designed it for an expert user and not a layman. If there are some system administrators who are not experts and they just want to just get sensors reports and escalate, it should be easier for them to do so.

I've been using the solution for three years at this point.

The solution is very stable. As far as we've been using it, we've not had any major issues. It doesn't crash or freeze. There are no bugs or glitches. It's reliable.

The solution is scalable within the network. If a company needs to expand it, it can do so.

For our particular office, we have around 100 users.

I cannot say if we will increase usage. We have many offices and decisions in relation to usage increases would come from our UK office.

Technical support is great. They are very responsive and helpful. We are very satisfied with the level of support they provide to us.

We did not previously use a different solution. For cybersecurity, this is our first product. We were using the traditional endpoint protection as well, and we still do. For that, we use Sophos.

The installation was straightforward, from what I understand. I didn't actually handle ht process. That was done by a consultant. 

The deployment was fast. In less than an hour, everything was up and running.

I handle the maintenance myself.

We had a consultant that assisted us with the implementation. They made the process very easy.

We typically do yearly or three-year licensing, however, I can't speak to the exact costs or arrangements.

It's not too expensive. The price is good for what it offers.

We're just a customer and an end-user.

Overall, I'd rate the solution at an eight out of ten. We've mostly been quite happy with the product.

I'd recommend it to other users and organizations.