Darktrace Reviews

I'm a customer data security manager and we are looking at replacing our current solution, McAfee, with something like Darktrace or CrowdStrike which will provide the same visibility with the endpoint protection aspect. 

The Ability to drill right down into an event that has been identified as something of interest so that you can be assured if it is a valid event and therefore not suffer from loads of false positives. Once that initial assurance and confidence was there, you could easily rely on the dashboard and minimise the risk of constantly drilling into each and every event but pick the ones with most risk.

The product is automated to a certain degree, but I think this could be improved. I'm looking for a way of being able to react to threats that are detected based on risk. Aside from that, there is nothing really that they could improve on, it's a product more suited to organizations with an SOC, security operations center, or a company with an IT team of network security members because it relies on constantly monitoring it to see information based on the risks of events.

In our case, we have a small IT team, which means that a large amount of time would have been spent drilling into it. If something did happen on the network, we'd ideally be responding to it reactively instead of proactively. Some of the other products we tested did that so that if something was detected, it would block that device by means of an endpoint, which halts the process and gives you time to check it out. Darktrace would tell you, for example, if there was a ransomware attack, but it wouldn't stop the attack. Other products would identify it as a ransomware attack and stop the network card on the endpoint, giving time to react to the alert, and proceed to cleanse or investigate the machine that's had a problem. That was our issue with Darktrace.

The only reason that it looks like we are going down a different route is because of the endpoint protection issue. The product doesn't have an endpoint agent that can react to outcomes or triggers that are set on the device, otherwise, it would be great. 

We tested the solution for one month. 

Stability is fine, we had no issues with it whatsoever. 

We didn't need to scale the solution, but you could scale it without any issue. The only thing that I think you had to keep an eye on was network traffic through your switches because effectively, you're capturing all the traffic on your network on a port that goes to this device.

The support was fantastic, really good. We were in touch with the guy who I believe was the accounts manager.

Initial setup was easy. We just had to configure a switch port into what's called promiscuous mode and then plug in the device and give it an IP address and leave it. We deployed with our own technical team. It took a day to setup, maybe even less than that. Once installed they activated the license on it. We left it at baseline to look at the network for a week. It just looked at existing traffic and worked out what was typical traffic and what was interesting traffic.

For out of the box it is licensed per device or node that it connects to. I think for services there were some additional licensing fees. 

We evaluated other options and Darktrace had really good dashboards and graphics, but other devices like CrowdStrike, for example, had the endpoint protection we're looking for as well as the features that Darktrace has. The difference is in functionality.

I would suggest to anyone considering this option to identify if this is going to be a monitoring tool to supplement an existing system or if this is going to be another product in your existing security suite of tools.

I would rate this product an eight out of 10. 

Generally, we use Darktrace for behavioral analytics. We use it in the inner-network and the outside network for malicious connectivity. Darktrace gives us support with networks. We follow all the notifications and sometimes we block malicious IPs from the firewall.

Its most valuable feature is its ability to identify malicious connected IPs from outside and the attacks that get through to the inside.

Darktrace needs to simplify most of the positive reports. We have to field all the positive reports, false positives, too. Sometimes we need to check false positives manually. We have to filter false positives. After that, we configure it again. Then, we want to analyze these false positives. That's the main thing. If we are assessing features, this should be easier to handle.

Darktrace needs to automate the reports of false positives, botnets, and everything.

So far, I think the solution is good. Not excellent, good.

I'm using Darktrace about two years.

The stability of the solution is fine.

In terms of scalability, it is ok.

It's a behavioral analysis solution, so we are not actively using it. We analyze all the user traffic from the Darktrace. That's the main thing. 

There are about 3,000 users. All the 3,000 user traffic is going through Darktrace.

We don't do the maintenance for Darktrace. My vendor is maintaining it since we got the product from them.

We are analyzing attempts to connect to them. After that, if you want reports, they provide them. We have a service and everything with the vendor. Then, if we have any requirements, they do it for us. The solution is working all day and my team is analyzing two hours for that.

In terms of technical support, if you raise some complaints, they tend to everything with user traffic within three or four hours. They provide the solution then we implement it.

Before using Darktrace I was using FireEye, but I switched because FireEye is very expensive and they do the same thing. It provides the same thing, except that DarkTrace has a different solution for the firewall, email filtering and everything else, and Darktrace is doing everything in a single box.

The initial setup is simple. It only takes three or four days. But we need to identify one to three traffic behavioral analysis, after that we can find the lead.

My team handled the deployment. They did everything. After that, they give me a report, which I then go through.

We are doing a monthly cost-basis. It's about 500,000 NKR because we are the first to implement it in Sri Lanka. We worked out direct pricing from Darktrace UK. After that, we selected a vendor in Sri Lanka. But the thing is, we are the first implementation here. I think they are actually undercharging and giving us the solution first because they want a reference from us since we are a bank in Sri Lanka. That's why they are doing it like that.

There are no additional costs besides the license, except the 15% rate to the Sri Lanka government.

Based on our experience with DarkTrace, I would advise that if they are comparing prices, ROI and everything, I think Darktrace is better than FireEye.

On a scale of 1 to 10 I can rate it a 6. I give it a 6 because it's been a year learning everything, and technology, attacks and patents are changing everyday.

It has improved our monitoring capabilities. 

The most valuable feature is the alerts. The alerts are meaningful. The event rolls up into meaningful and actionable alerts rather than just being noise. 

The products is designed to monitor traffic sent and received via the corporate egress /network points.

I would be interested to see further integration or development of a capability to obtain visibility of mobile devices such as Laptops and Mobiles, which operate outside of the network and may communicate specifically when off the corporate network.  

The stability isn't good but I like the product. It's a good product but we need to look into other similar products that operate in the same zone: user behavior analysis and user detection. We need it to be good in comparison. 

We currently have an inner network. We don't have a full-scale deployment. It is on network segment where there are around 5,000 users. The full company would be around 9,000 users if we deployed it across all the subsidiaries. 

Their technical support is good. 

This is the first solution of this type that we've used. During the initial three month trial, we saw a lot of stuff from the product that we were unable to see through the conventional tooling technologies that we had in place. 

The setup was straightforward. It was a matter of hours. It took around two to three hours. 

My advice to someone considering this solution is to install it, conduct a pilot, and see. You need to see how easy it is to implement and you need to add it to install. You need to see what kinds of results it provides and compare it to your existing tool kit. The product demonstrates its actual capabilities when it's actually working. It's difficult to comprehend what it can actually do but it does give you an added level of visibility. 

It has good capabilities. I would rate it an eight out of ten. 

Cross-correlation with the endpoint based activities would be useful, like the ability to look at the deep supervised learning engine of the artificial intelligence unit and being able to take input data from the endpoints in order to apply the rules. It works on supervised learning and rules but I would like to be able to do things on different feeds as well. 

It has a very good graphical user interface. The ability to get a console on the mobile phone and being able to respond and do basic incident response capabilities remotely is also a good feature. 

We use the solution for email, network and cloud security.

The network security and AR response are the main things.

The product is expensive, but it is a very good product. The user interface is also good.

I have been using Darktrace for two years.

The product is stable.

I rate the solution’s stability a nine out of ten.

The solution’s scalability is pretty straightforward. We’ve around 3500 users using this solution.

I rate the solution’s scalability an eight out of ten.

I contact technical support on occasion and ask questions, and they are responsive. I can get them on call or email. I’m very happy with the support.

Positive

The initial setup was quick and painless.

The product is very expensive.

The product is expensive, but it is a quality product. If you look apart from the cost, it's a good product followed by very good support. If you're willing to spend the money, it is worth consideration.

Overall, I rate the solution an eight out of ten.

Darktrace just scans the entire network and documentation. We then automatically evaluate which behaviors are normal and which are not normal. You can determine what possible risks are in the network.

The most valuable feature of Darktrace and the most valuable feature is the artificial intelligence module because that is the tool that determines automatically if there is any risk or not in the network.

You don't need a human operator to be involved. The tool can operate by itself... By itself. That's the best and the most important feature because that reduces the amount of time that a person needs to spend on the tool.

The solution is powerful and very useful, it has the ability to avert many attacks.

The tool does almost 95 percent of the work and you only need to run some features to obtain reports.

The module can improve so that every time it's more intelligent.

I have been using Darktrace for approximately three years.

The stability of Darktrace is good.

Darktrace is a scalable solution.

The support from Darktrace is very good, it is perfect.

Darktrace is installed in an appliance and that appliance is installed in the network. 

We have one engineer that does the maintenance of Darktrace. They do the implementation and scanning of the network.

The solution does not require a lot of maintenance, it does most of the operations automatically.

We provide technical services.

The cost of the solution is expensive for smaller businesses. They will not be able to afford it or might not need this type of security solution.

The license is by device,  if you have 1,000 devices, then the cost is going to be high.

My advice to others is for them to try to determine what are their costs in security. Then they can determine the benefit of Darktrace. They need to first acknowledge what their costs are and then they can start pricing what solution would be best.

I rate Darktrace a ten out of ten.

We are primarily using the solution for network monitoring as well as cybersecurity.

The ability to detect activity on the network is very useful to us. Even if it's not necessarily an illegal activity, if it is abnormal activity, it is able to detect it and notify us.

The solution is stable.

The product scales well within a network.

The initial setup is pretty simple.

The solution isn't too expensive.

The solution could be easier to use.

The user interface is a bit too detailed. They should work to pare it down and simplify it. They seemed to have designed it for an expert user and not a layman. If there are some system administrators who are not experts and they just want to just get sensors reports and escalate, it should be easier for them to do so.

I've been using the solution for three years at this point.

The solution is very stable. As far as we've been using it, we've not had any major issues. It doesn't crash or freeze. There are no bugs or glitches. It's reliable.

The solution is scalable within the network. If a company needs to expand it, it can do so.

For our particular office, we have around 100 users.

I cannot say if we will increase usage. We have many offices and decisions in relation to usage increases would come from our UK office.

Technical support is great. They are very responsive and helpful. We are very satisfied with the level of support they provide to us.

We did not previously use a different solution. For cybersecurity, this is our first product. We were using the traditional endpoint protection as well, and we still do. For that, we use Sophos.

The installation was straightforward, from what I understand. I didn't actually handle ht process. That was done by a consultant. 

The deployment was fast. In less than an hour, everything was up and running.

I handle the maintenance myself.

We had a consultant that assisted us with the implementation. They made the process very easy.

We typically do yearly or three-year licensing, however, I can't speak to the exact costs or arrangements.

It's not too expensive. The price is good for what it offers.

We're just a customer and an end-user.

Overall, I'd rate the solution at an eight out of ten. We've mostly been quite happy with the product.

I'd recommend it to other users and organizations.

Darktrace is a cybersecurity solution that is essentially an AI-driven ecosystem. Call it network monitoring with telemetry SaaS cloud connections.

It provides a comprehensive cybersecurity solution that monitors my cloud accounts as well as my local network. It monitors local network traffic, VPN's and it connects to my firewalls, allowing me to see what's going on in my environment. I have visibility into pretty much everything that's going on now.

The active threat dashboard is the most valuable feature of this solution. 

The licensing model has room for improvement. The license by IP rather than node or device, even if it's a single Mac address. If I have three people who are constantly in three different locations, they want to charge you three licenses. My only criticism of the product is that its licensing model isn't flexible.

I would like to see a Darktrace EDR client, a true EDR client that integrates into it, and not a third-party EDR.

I have been working with Darktrace for six months. 

We are working with the most recent version.

Darktrace is very stable. It's very reliable.

Darktrace is a very scalable solution.

We have 650 users in our organization.

It's extensively used.

I give them five stars from the sale cycle to the support cycle.

I considered other options, but this is the one I chose, because of the flexibility and the ease of use.

The initial set is very simple and intuitive. With the instructions provided, it took about 10 minutes to set up.

It requires no maintenance. It is managed by Darktrace, they push down the updates. I don't have to do anything with it.

I think it's mostly the licensing on the network monitoring piece that I don't like. All of the other modules, such as the licensing modules, are on par. It's one for one.

I evaluated Endpoint protection solutions, such as CrowdStrike Falcon, Darktrace, and SentinelOne. We decided on Darktrace.

I'm a partner with Darktrace.

I would advise them to engage with their sales team and their sales engineering team to make sure they understand the license model.

It's very intuitive. It's a fantastic product, and the only reason they don't get a 10 is because of their licensing. I believe their network monitoring device licensing module could use some improvement.

I would rate Darktrace an eight out of ten.

I have used multiple solutions, but its graphical user interface is quite interesting and quite descriptive. There are a lot of video animations, and we can easily see how the data is transferred between various points. That's something really interesting. It is also quite easy to understand for a new user.

Its documentation is not up to the mark. At times, I have a lot of trouble finding a solution. Even when I posted questions on the community chats, it took a lot of time for me to get answers. That's something that can be improved. Darktrace can focus on creating a more interactive community. If there are more people from Darktrace to focus on community chats, it would be better.

It has been close to two months, and I am probably using the latest version.

It is definitely stable.

So far, we haven't had any problems. It is definitely scalable.

We don't have more than 12 people who use this solution.

I never had any technical support problems. It is up to the mark.

I have worked with Elastic SIEM and QRadar. Elastic SIEM is entirely different, so there is no one-to-one comparison. It is like comparing apples with oranges, but overall, Darktrace is quite interesting. A new user can easily learn it without much help.

I never did any setup. I'm just an end-user.

My advice is to always go for a PoC before implementing Darktrace. That's because Darktrace can get a lot of personally-identified information, which may not be a good thing for some companies. So, before going for this technology, you should do a PoC, and once everything is compliant with the rules and regulations of the company, you can go for it.

I would rate it an eight out of 10.