Our primary use case is incident response.
Information Security Analyst at INFRATEL CORPORATION ZAMBIA LIMITED
Efficient behaviour analytics features and offers high stability
Pros and Cons
- "One thing I appreciate is Antigena Email, which is for email protection."
- "One thing I would like is for Darktrace to flag SMB traffic more accurately. Currently, it only flags that SMB traffic has occurred, but it doesn't specify which file was being transferred. This makes it difficult to investigate incidents involving SMB traffic, as we don't have concrete evidence of what was being sent."
What is our primary use case?
How has it helped my organization?
One thing I appreciate is Antigena Email, which is for email protection.
What is most valuable?
One of the most valuable features is Behavior analytics.
What needs improvement?
One thing I would like is for Darktrace to flag SMB traffic more accurately. Currently, it only flags that SMB traffic has occurred, but it doesn't specify which file was being transferred. This makes it difficult to investigate incidents involving SMB traffic, as we don't have concrete evidence of what was being sent.
For example, if a user is sent an unauthorized file via SMB, Darktrace would only flag that SMB traffic occurred between the two users. It wouldn't be able to tell us which file was sent, so we would have to manually investigate the incident to determine what happened.
It would be helpful if Darktrace could flag the specific file that was being transferred in SMB traffic incidents. This would make it much easier to investigate these incidents and take appropriate action.
In future releases, I would like to see more playbooks.
Buyer's Guide
Darktrace
November 2024
Learn what your peers think about Darktrace. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,763 professionals have used our research since 2012.
For how long have I used the solution?
I have been using this solution for a year now.
What do I think about the stability of the solution?
I would rate the stability a ten out of ten.
What do I think about the scalability of the solution?
I would rate the scalability an eight out of ten. There are five end users in our analyst team.
How are customer service and support?
The customer service and support are really good. That's one of the things that I've come to appreciate about Darktrace.
Any concern that you give to them, they come on board and arrange a meeting where you could possibly do some practical work with them. They would take on the incident, and they would say, "Okay. Let's set this incident together."
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We used Sophos. We chose Darktrace because of its reliability. Unlike other solutions that rely heavily on signature-based logins, Darktrace operates by learning the behavior of individual users. This means that what may seem normal to me could be considered abnormal for someone else, and Darktrace can effectively block such anomalies. This feature has proven to be immensely helpful.
How was the initial setup?
The initial setup is very easy. I would rate my experience with the initial setup a ten out of ten, where one is difficult and ten is easy to set up.
It took around an hour to set up.
What about the implementation team?
The deployment process is pretty self-sufficient. It handles network closure and device discovery.
One person is sufficient for the deployment process.
What's my experience with pricing, setup cost, and licensing?
The solution is quite expensive. I would rate the licensing model an eight out of ten.
What other advice do I have?
I would recommend it based on its excellent behavior analytics and AI implementation.
Overall, I would rate the solution an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Cyber Security Engineer at Natica IT Consulting at Natica IT Consulting
A user-friendly cyber defense solution with useful dashboards
Pros and Cons
- "I like the dashboards, which are cool. They are more user-friendly, in my experience. Its learning capabilities are really good."
- "It should be easier to access the Darktrace portal and its documentation. Only the customer can access their portal and support. It could be cheaper."
What is our primary use case?
Our customers use Darktrace to monitor network traffic.
What is most valuable?
I like the dashboards, which are cool. They are more user-friendly, in my experience. Its learning capabilities are really good.
What needs improvement?
It should be easier to access the Darktrace portal and its documentation. Only the customer can access their portal and support. It could be cheaper.
What do I think about the stability of the solution?
Darktrace is relatively stable.
What do I think about the scalability of the solution?
Darktrace is scalable. It's very good. We have two big banks in Turkey using this solution.
How was the initial setup?
The initial setup is straightforward. It takes me about half an hour to deploy this solution.
What about the implementation team?
We implement this solution.
What's my experience with pricing, setup cost, and licensing?
Darktrace is expensive. You can pay for the license yearly.
What other advice do I have?
I would recommend this solution to potential users. But the cloud solution is challenging to use in Turkey.
On a scale from one to ten, I would give Darktrace an eight.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
Darktrace
November 2024
Learn what your peers think about Darktrace. Get advice and tips from experienced pros sharing their opinions. Updated: November 2024.
814,763 professionals have used our research since 2012.
Team Lead - Cyber Security & Compliance at Al Tuwairqi Group
Easy to deploy, stable, and scalable
Pros and Cons
- "The AI-based pattern is the most valuable feature."
- "There is a high ratio of false positive information."
What is our primary use case?
The solution is used as an anti-phishing tool.
What is most valuable?
The AI-based pattern is the most valuable feature. The AI monitors users' patterns in how they draft and send emails, so if there is a change in the pattern the email is flagged.
What needs improvement?
There is a high ratio of false positive information. For example, AI capabilities can sometimes make it difficult to distinguish between a legitimate email and a phishing email. This is one of the features that need to be manually sorted out and aligned. We need to improve this feature by putting DNS into the micro.
For how long have I used the solution?
I have been using the solution for three years.
What do I think about the stability of the solution?
The solution is stable.
What do I think about the scalability of the solution?
The solution is scalable.
How are customer service and support?
The technical support team is good and they provide support on a priority level.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup is easy.
What's my experience with pricing, setup cost, and licensing?
The cost is moderate.
What other advice do I have?
I give the solution an eight out of ten.
Our organization chose Darktrace because of its phishing capabilities.
Darktrace is the best way to secure a gateway and I recommend the solution to others.
Which deployment model are you using for this solution?
Private Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Disclosure: My company has a business relationship with this vendor other than being a customer:
Chief Information Security Officer at a consultancy with 201-500 employees
The solution's reports are intuitive and informative
Pros and Cons
- "The most valuable feature is the solution's ability to trim out the false positives and point your attention to the real important stuff."
- "The level of tracking within the network from the transmission level up to the machine level can use improvement."
What is most valuable?
The most valuable feature is the solution's ability to trim out the false positives and point your attention to the real important stuff.
What needs improvement?
The level of tracking within the network from the transmission level up to the machine level can use improvement.
The solution works similarly to an intrusion prevention system at the network level. It would be a nice improvement to have an add-on that can act at the post level.
The cost of the solution can be reduced to make it more appealing to customers.
For how long have I used the solution?
I have been using the solution for two and a half years.
What do I think about the stability of the solution?
The solution is stable.
What do I think about the scalability of the solution?
The solution is scalable but costly to do.
How are customer service and support?
The customer support team is responsive and tries to resolve the issue proactively.
How was the initial setup?
The setup is straightforward and easy to integrate.
What's my experience with pricing, setup cost, and licensing?
The setup cost for the entry-level is pricy.
What other advice do I have?
I rate the solution a nine out of ten.
It takes a team of five to maintain the solution.
This solution can reduce the resources required to run a security operation center by two-thirds.
The solution's reports are intuitive and informative.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Chief Operating Officer at Winstarbel Communications Limited
Quickly identifies threats and has good stability
Pros and Cons
- "What I like about Darktrace, is that you can quickly identify threats."
- "The program is quite expensive."
What is our primary use case?
Our primary use case of this solution is for endpoint data and we've had good results with Darktrace.
What is most valuable?
What I like about Darktrace is that you can quickly identify threats. I did a trial where I injected a small malware to see how long it takes for the program to identify it and to see that there is an anomaly. The response was good and it took the program less than a minute to detect it. The fast response time is definitely a plus.
What needs improvement?
The pricing is based on the number of endpoints, so the program is rather expensive. I would like to see something that will fit my clients' budget. That is something they can work on to improve.
Secondly, I would like to see my entire network, structurally and architecturally, on a single screen or in one single dashboard. Right now you have to keep going through different clippings to see everything.
For how long have I used the solution?
I've been using Darktrace for three months now.
What do I think about the stability of the solution?
The solution is stable enough for what we use it for.
What do I think about the scalability of the solution?
We haven't been using the program long enough to know how scalable it is. I also know that it will depend on the amount of traffic on your server. But I saw in the demo that it can scale up to thousands and thousands of endpoints.
How was the initial setup?
The initial setup was quite straightforward but it gets harder if you have a lot of traffic on your server. With the right knowledge, you would be able to work around that with ease and do the configuration yourself. Because it's more deployment, so it's not that complex so far. I may have to contact their technical team once we get a bigger deployment.
Which other solutions did I evaluate?
We evaluated several other options like McAfee. One reason why I chose Darktrace, in the end, was because of the difference in price, what we intend to achieve with the program and other costs.
What other advice do I have?
My advice to others is always to keep an open mind and to find out as much as you can about the program to see if it offers what you are looking for. I rate Darktrace eight out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
Chief ICT Officer at Barbados Public Workers Cooperative Credit Union Ltd
Helps us with network traffic visibility
Pros and Cons
- "I am impressed with the product's ability to give insights into network traffic."
- "I would like to see a feature where the tool ingests information from an anti-malware product that is present at the endpoint."
What is our primary use case?
The tool offers us visibility into network traffic.
How has it helped my organization?
The tool gives us alerts whenever an admin is trying to connect.
What is most valuable?
I am impressed with the product's ability to give insights into network traffic.
What needs improvement?
I would like to see a feature where the tool ingests information from an anti-malware product that is present at the endpoint.
For how long have I used the solution?
I am using the product since September.
What do I think about the stability of the solution?
The solution is stable.
How was the initial setup?
The tool's deployment is easy.
What's my experience with pricing, setup cost, and licensing?
The tool's pricing is costly.
What other advice do I have?
I would rate the tool a nine out of ten. You need to use the tool on a trial basis so that you can get comfortable with it.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Project Co-Ordinator at Ministry of Innovation, Science and Smart Technology
Excellent AI and machine learning functionalities for reviewing and predicting network attacks
Pros and Cons
- "Artificial intelligence and machine learning functionalities are valuable."
- "Getting logs from different sources can be a challenge."
What is our primary use case?
Our primary use case of this solution is for visibility. We try to get the global view of our network from an audit perspective on any given day, and figure out how that will impact our business. I'm a project coordinator and we are customers of Darktrace.
What is most valuable?
The primary feature we are using is the artificial intelligence and machine learning functionality for reviewing and predicting network traffic and network attacks. Although we're not yet fully using the product, I like the Antigena feature which is their proactive or reactive feature, depending on the deployed antivirus center. Darktrace is for people who understand network security very well, and who have probably been in that scene for quite some time. If you're inclined towards mathematical machine learning, artificial intelligence, and to some degree, data science, this is definitely a tool for you.
What needs improvement?
It's sometimes a challenge getting logs from different sources. I would probably want to see if there was a way to improve that, to enable gathering of more information.
For how long have I used the solution?
We've been using this solution for close to four months.
What do I think about the scalability of the solution?
Full deployment took around two weeks, mainly because the solution takes a little time to learn about your network.
How are customer service and technical support?
The technical support is excellent. They walk you through the process and do a great job.
How was the initial setup?
The initial setup was quite simple; plug in two or three cables, they give you the requirements that you need and off you go. The configuration and learning how to tweak it is a little more complicated and involved, but the initial setup was easy. Deployment took around two to three weeks because the solution sat on the network for about 14 days doing some variable analysis and trending.
What other advice do I have?
It's a good solution. I would suggest that if it's suitable for your requirements, get it.
I would rate this solution a nine out of 10.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
CTO at CyberSecur, Lda
Get a comprehensive view of your network and whatever is happening inside it in real-time
Pros and Cons
- "It provides a comprehensive, detailed view of network activity and whatever is happening inside it."
- "It is a stable solution without downtime."
- "The pricing model is a little too high and could be more flexible."
- "The interface and dashboards could be improved for ease-of-use."
What is our primary use case?
The primary use case for Darktrace is for tracking intruders and alerting for network threats.
What is most valuable?
The most valuable feature in Darktrace is that it gives me a comprehensive, detailed view of my network and whatever is happening inside it. It is a very good tool for me that helps me to remain aware of security vulnerabilities. I know what is happening on my network in real-time and it responds quickly. It is really very useful.
What needs improvement?
I am just a manager and I do not really have a technical viewpoint. The tool really suits me perfectly for now for all my basic security needs and what I expect it to do. It does not need any major changes right now to do what I need it to do. It is not missing anything.
If I am thinking about improvement, everything can be improved somewhat. Maybe the interface and dashboards could be better. I would be glad if they could make these easier from the point of view of management. It could save some time.
The price is also a little high and could be more enticing.
For how long have I used the solution?
We have been using Darktrace for about two years.
What do I think about the stability of the solution?
Darktrace is very stable. It provides 99.9% of our security needs and it does not have downtime. It is a very good, stable solution.
What do I think about the scalability of the solution?
We did not have the opportunity to test the scalability because our organization has not grown much over the period of time that we have been using the product. I think that scalability is built into the product, but for now, we have not experienced how scaling the product works firsthand.
What's my experience with pricing, setup cost, and licensing?
I am not so satisfied with the pricing model for Darktrace. The price is a little bit high compared to other solutions. The pricing model should be more flexible.
What other advice do I have?
On a scale from one to ten where one is the worst and ten is the best, I would rate Darktrace as an eight-out-of-ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
Buyer's Guide
Download our free Darktrace Report and get advice and tips from experienced pros
sharing their opinions.
Updated: November 2024
Product Categories
Extended Detection and Response (XDR) Email Security Intrusion Detection and Prevention Software (IDPS) Network Traffic Analysis (NTA) Network Detection and Response (NDR) AI-Powered Chatbots Cloud Security Posture Management (CSPM) Cloud-Native Application Protection Platforms (CNAPP) Attack Surface Management (ASM) AI-Powered Cybersecurity PlatformsPopular Comparisons
CrowdStrike Falcon
Microsoft Defender for Endpoint
Cloudflare
Wazuh
Microsoft Defender for Office 365
SentinelOne Singularity Complete
Prisma Cloud by Palo Alto Networks
Microsoft Defender for Cloud
Cortex XDR by Palo Alto Networks
Commvault Cloud
Qualys VMDR
Cisco Secure Email
Proofpoint Email Protection
Tenable Security Center
Buyer's Guide
Download our free Darktrace Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- I'm building a next-gen AI powered threat intelligence platform. What's missing from existing solutions?
- Which is better - SentinelOne or Darktrace?
- What are the pros and cons of Darktrace vs CrowdStrike Falcon vs alternative EPP solutions?
- Which alternative solutions (other than Darktrace) do you recommend for an SMB?
- How does Crowdstrike Falcon compare with Darktrace?
- What is the best EDR or XDR product for a company with 9000 employees?
- When evaluating Extended Detection and Response (XDR), what aspect do you think is the most important to look for?
- How do you decide about the alert severity in your Security Operations Center (SOC)?
- Which is better for Endpoint Security: EDR or XDR solutions?
- What are the main differences between XDR and SIEM?