Our primary use case is incident response.
Information Security Analyst at INFRATEL CORPORATION ZAMBIA LIMITED
Efficient behaviour analytics features and offers high stability
Pros and Cons
- "One thing I appreciate is Antigena Email, which is for email protection."
- "One thing I would like is for Darktrace to flag SMB traffic more accurately. Currently, it only flags that SMB traffic has occurred, but it doesn't specify which file was being transferred. This makes it difficult to investigate incidents involving SMB traffic, as we don't have concrete evidence of what was being sent."
What is our primary use case?
How has it helped my organization?
One thing I appreciate is Antigena Email, which is for email protection.
What is most valuable?
One of the most valuable features is Behavior analytics.
What needs improvement?
One thing I would like is for Darktrace to flag SMB traffic more accurately. Currently, it only flags that SMB traffic has occurred, but it doesn't specify which file was being transferred. This makes it difficult to investigate incidents involving SMB traffic, as we don't have concrete evidence of what was being sent.
For example, if a user is sent an unauthorized file via SMB, Darktrace would only flag that SMB traffic occurred between the two users. It wouldn't be able to tell us which file was sent, so we would have to manually investigate the incident to determine what happened.
It would be helpful if Darktrace could flag the specific file that was being transferred in SMB traffic incidents. This would make it much easier to investigate these incidents and take appropriate action.
In future releases, I would like to see more playbooks.
Buyer's Guide
Darktrace
December 2024
Learn what your peers think about Darktrace. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
For how long have I used the solution?
I have been using this solution for a year now.
What do I think about the stability of the solution?
I would rate the stability a ten out of ten.
What do I think about the scalability of the solution?
I would rate the scalability an eight out of ten. There are five end users in our analyst team.
How are customer service and support?
The customer service and support are really good. That's one of the things that I've come to appreciate about Darktrace.
Any concern that you give to them, they come on board and arrange a meeting where you could possibly do some practical work with them. They would take on the incident, and they would say, "Okay. Let's set this incident together."
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We used Sophos. We chose Darktrace because of its reliability. Unlike other solutions that rely heavily on signature-based logins, Darktrace operates by learning the behavior of individual users. This means that what may seem normal to me could be considered abnormal for someone else, and Darktrace can effectively block such anomalies. This feature has proven to be immensely helpful.
How was the initial setup?
The initial setup is very easy. I would rate my experience with the initial setup a ten out of ten, where one is difficult and ten is easy to set up.
It took around an hour to set up.
What about the implementation team?
The deployment process is pretty self-sufficient. It handles network closure and device discovery.
One person is sufficient for the deployment process.
What's my experience with pricing, setup cost, and licensing?
The solution is quite expensive. I would rate the licensing model an eight out of ten.
What other advice do I have?
I would recommend it based on its excellent behavior analytics and AI implementation.
Overall, I would rate the solution an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Cyber Security Engineer at Natica IT Consulting at Natica IT Consulting
A user-friendly cyber defense solution with useful dashboards
Pros and Cons
- "I like the dashboards, which are cool. They are more user-friendly, in my experience. Its learning capabilities are really good."
- "It should be easier to access the Darktrace portal and its documentation. Only the customer can access their portal and support. It could be cheaper."
What is our primary use case?
Our customers use Darktrace to monitor network traffic.
What is most valuable?
I like the dashboards, which are cool. They are more user-friendly, in my experience. Its learning capabilities are really good.
What needs improvement?
It should be easier to access the Darktrace portal and its documentation. Only the customer can access their portal and support. It could be cheaper.
What do I think about the stability of the solution?
Darktrace is relatively stable.
What do I think about the scalability of the solution?
Darktrace is scalable. It's very good. We have two big banks in Turkey using this solution.
How was the initial setup?
The initial setup is straightforward. It takes me about half an hour to deploy this solution.
What about the implementation team?
We implement this solution.
What's my experience with pricing, setup cost, and licensing?
Darktrace is expensive. You can pay for the license yearly.
What other advice do I have?
I would recommend this solution to potential users. But the cloud solution is challenging to use in Turkey.
On a scale from one to ten, I would give Darktrace an eight.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Buyer's Guide
Darktrace
December 2024
Learn what your peers think about Darktrace. Get advice and tips from experienced pros sharing their opinions. Updated: December 2024.
824,067 professionals have used our research since 2012.
Team Lead - Cyber Security & Compliance at Al Tuwairqi Group
Easy to deploy, stable, and scalable
Pros and Cons
- "The AI-based pattern is the most valuable feature."
- "There is a high ratio of false positive information."
What is our primary use case?
The solution is used as an anti-phishing tool.
What is most valuable?
The AI-based pattern is the most valuable feature. The AI monitors users' patterns in how they draft and send emails, so if there is a change in the pattern the email is flagged.
What needs improvement?
There is a high ratio of false positive information. For example, AI capabilities can sometimes make it difficult to distinguish between a legitimate email and a phishing email. This is one of the features that need to be manually sorted out and aligned. We need to improve this feature by putting DNS into the micro.
For how long have I used the solution?
I have been using the solution for three years.
What do I think about the stability of the solution?
The solution is stable.
What do I think about the scalability of the solution?
The solution is scalable.
How are customer service and support?
The technical support team is good and they provide support on a priority level.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup is easy.
What's my experience with pricing, setup cost, and licensing?
The cost is moderate.
What other advice do I have?
I give the solution an eight out of ten.
Our organization chose Darktrace because of its phishing capabilities.
Darktrace is the best way to secure a gateway and I recommend the solution to others.
Which deployment model are you using for this solution?
Private Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Amazon Web Services (AWS)
Disclosure: My company has a business relationship with this vendor other than being a customer:
Chief Information Security Officer at a consultancy with 201-500 employees
The solution's reports are intuitive and informative
Pros and Cons
- "The most valuable feature is the solution's ability to trim out the false positives and point your attention to the real important stuff."
- "The level of tracking within the network from the transmission level up to the machine level can use improvement."
What is most valuable?
The most valuable feature is the solution's ability to trim out the false positives and point your attention to the real important stuff.
What needs improvement?
The level of tracking within the network from the transmission level up to the machine level can use improvement.
The solution works similarly to an intrusion prevention system at the network level. It would be a nice improvement to have an add-on that can act at the post level.
The cost of the solution can be reduced to make it more appealing to customers.
For how long have I used the solution?
I have been using the solution for two and a half years.
What do I think about the stability of the solution?
The solution is stable.
What do I think about the scalability of the solution?
The solution is scalable but costly to do.
How are customer service and support?
The customer support team is responsive and tries to resolve the issue proactively.
How was the initial setup?
The setup is straightforward and easy to integrate.
What's my experience with pricing, setup cost, and licensing?
The setup cost for the entry-level is pricy.
What other advice do I have?
I rate the solution a nine out of ten.
It takes a team of five to maintain the solution.
This solution can reduce the resources required to run a security operation center by two-thirds.
The solution's reports are intuitive and informative.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Group IT Manager at a manufacturing company with 1,001-5,000 employees
Advanced Cybersecurity Artificial Intelligence, plenty of features, and impressive threat detection
Pros and Cons
- "I have found the most valuable features to be artificial intelligence for cybersecurity, advanced machine learning capabilities, enterprise Immune System, Antigena Network, and Antigena Email. The way the solution detects the threat over the network before it spreads is very good. It notifies you of what the threat is exactly doing and gives you all the details about the execution of that application that had created the threat over your network."
- "In an upcoming release, there could be more customizable playbooks or a library of playbooks to choose from."
What is our primary use case?
Darktrace is used for cybersecurity, you can buy it as a physical appliance or solution as a service on the cloud. I tried the on-premises solution to detect any threat over our network.
How has it helped my organization?
Darktrace played an important role in the security detection strategy by reducing the time lost in detecting, analyzing, and incident resolving. This is due to its friendly user interface that shows you in simple graphs and analytics the output for any log over your network whether it is computer, device, switch, access point, etc...
What is most valuable?
I have found the most valuable features to be artificial intelligence for cybersecurity, advanced machine learning capabilities, enterprise Immune System, Antigena Network, and Antigena Email. The way the solution detects the threat over the network before it spreads is very good. It notifies you of what the threat is exactly doing and gives you all the details about the execution of that application that had created the threat over your network.
There is an included library of threat detections, not only locally, but threats being experienced all around the world. It is similar to a database of all the threats and what is done by cybersecurity administrators across the internet. By collecting events and information all around the world makes Darktrace more proactive in dealing with threat notifications and cybersecurity detection. The service is very comprehensive and can cover all security areas.
It has simple tracking capabilities and a graphical interface that can assist you with coding, you do not need to be a guru. The dashboards are user-friendly and you do not need an application to access your work, it is all done through any browser. Additionally, there is a mobile application that is one of the best features because you can see any threats from your phone. There is a playbook that can give you instructions. For example, if you see your network servers are being injected by ransomware you can stop the session and be notified of which person on what computer triggered the threat.
The solution is very professional. Everybody would like to have an application on their phone to be more proactive about security anywhere and this solution delivers.
What needs improvement?
In an upcoming release, there could be more customizable playbooks or a library of playbooks to choose from. Since it is collecting all scenarios that might happen from any threat, new playbooks may be discovered and customers will have the privilege to use them in their environment. Other than that, Darktrace is leading in every aspect.
For how long have I used the solution?
I have been using this solution for one month.
What do I think about the stability of the solution?
Very Stable
What do I think about the scalability of the solution?
We have a number of employees using the solution in my organization which includes administrators and management.
How are customer service and technical support?
Technical support is excellent. You can communicate with them by sending an email, WhatsApp messages, or other types of communication. They have their support in many places around the world so what ever your time zone is, they are available.
The support you do receive is excellent.
Which solution did I use previously and why did I switch?
I have used other solutions previously but non had this intelligence,
How was the initial setup?
The installation is very easy. I was shocked by the simplicity of the management, implementation, and dashboards.
What about the implementation team?
I have implemented it using Darktrace Team who were very professional.
What's my experience with pricing, setup cost, and licensing?
The price of the solution is not cheap. It is not a one-time purchase, there is a subscription that needs to be paid every one to five years depending on your choice. It is expensive but you can reduce the price by only using the services that you want. There is some flexibility, for example, if you only want to have email inspections, network inspections, endpoint inspections, or brief analytics of the reports and controls over your infrastructure, can reduce the prices accordingly. Not choosing all the features can reduce the price. When comparing this solution to competitors in the market it is expensive. However, you are paying for a valuable solution with plenty of features. Their artificial and cyber intelligence is working extremely well. I am a consultant and work with a variety of solutions by myself, attend training, and understand people who are working with these solutions.
I need to know the advantage, disadvantages, weaknesses, and what makes the solution better than the others. Darktrace proves at some point that the value of money you are paying for the solution is reasonable for the advanced technology you are receiving as it covers many solutions that can cost much much more than darktrace where as i you bought Darktrace you reducing all the complexity to one simple solution.
Which other solutions did I evaluate?
I have evaluated many other solutions.
What other advice do I have?
My advice to those wanting to implement this solution is if they want to experience artificial intelligence, advanced cybersecurity, and high-level detection, this solution is the one.
I rate Darktrace a nine out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Chief Operating Officer at Winstarbel Communications Limited
Quickly identifies threats and has good stability
Pros and Cons
- "What I like about Darktrace, is that you can quickly identify threats."
- "The program is quite expensive."
What is our primary use case?
Our primary use case of this solution is for endpoint data and we've had good results with Darktrace.
What is most valuable?
What I like about Darktrace is that you can quickly identify threats. I did a trial where I injected a small malware to see how long it takes for the program to identify it and to see that there is an anomaly. The response was good and it took the program less than a minute to detect it. The fast response time is definitely a plus.
What needs improvement?
The pricing is based on the number of endpoints, so the program is rather expensive. I would like to see something that will fit my clients' budget. That is something they can work on to improve.
Secondly, I would like to see my entire network, structurally and architecturally, on a single screen or in one single dashboard. Right now you have to keep going through different clippings to see everything.
For how long have I used the solution?
I've been using Darktrace for three months now.
What do I think about the stability of the solution?
The solution is stable enough for what we use it for.
What do I think about the scalability of the solution?
We haven't been using the program long enough to know how scalable it is. I also know that it will depend on the amount of traffic on your server. But I saw in the demo that it can scale up to thousands and thousands of endpoints.
How was the initial setup?
The initial setup was quite straightforward but it gets harder if you have a lot of traffic on your server. With the right knowledge, you would be able to work around that with ease and do the configuration yourself. Because it's more deployment, so it's not that complex so far. I may have to contact their technical team once we get a bigger deployment.
Which other solutions did I evaluate?
We evaluated several other options like McAfee. One reason why I chose Darktrace, in the end, was because of the difference in price, what we intend to achieve with the program and other costs.
What other advice do I have?
My advice to others is always to keep an open mind and to find out as much as you can about the program to see if it offers what you are looking for. I rate Darktrace eight out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
Manager, Information Security at a manufacturing company with 1,001-5,000 employees
A hybrid quality solution for email, network and cloud security
What is our primary use case?
We use the solution for email, network and cloud security.
What is most valuable?
The network security and AR response are the main things.
What needs improvement?
The product is expensive, but it is a very good product. The user interface is also good.
For how long have I used the solution?
I have been using Darktrace for two years.
What do I think about the stability of the solution?
The product is stable.
I rate the solution’s stability a nine out of ten.
What do I think about the scalability of the solution?
The solution’s scalability is pretty straightforward. We’ve around 3500 users using this solution.
I rate the solution’s scalability an eight out of ten.
How are customer service and support?
I contact technical support on occasion and ask questions, and they are responsive. I can get them on call or email. I’m very happy with the support.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup was quick and painless.
What's my experience with pricing, setup cost, and licensing?
The product is very expensive.
What other advice do I have?
The product is expensive, but it is a quality product. If you look apart from the cost, it's a good product followed by very good support. If you're willing to spend the money, it is worth consideration.
Overall, I rate the solution an eight out of ten.
Which deployment model are you using for this solution?
Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Chief ICT Officer at Barbados Public Workers Cooperative Credit Union Ltd
Helps us with network traffic visibility
Pros and Cons
- "I am impressed with the product's ability to give insights into network traffic."
- "I would like to see a feature where the tool ingests information from an anti-malware product that is present at the endpoint."
What is our primary use case?
The tool offers us visibility into network traffic.
How has it helped my organization?
The tool gives us alerts whenever an admin is trying to connect.
What is most valuable?
I am impressed with the product's ability to give insights into network traffic.
What needs improvement?
I would like to see a feature where the tool ingests information from an anti-malware product that is present at the endpoint.
For how long have I used the solution?
I am using the product since September.
What do I think about the stability of the solution?
The solution is stable.
How was the initial setup?
The tool's deployment is easy.
What's my experience with pricing, setup cost, and licensing?
The tool's pricing is costly.
What other advice do I have?
I would rate the tool a nine out of ten. You need to use the tool on a trial basis so that you can get comfortable with it.
Which deployment model are you using for this solution?
On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Buyer's Guide
Download our free Darktrace Report and get advice and tips from experienced pros
sharing their opinions.
Updated: December 2024
Product Categories
Extended Detection and Response (XDR) Email Security Intrusion Detection and Prevention Software (IDPS) Network Traffic Analysis (NTA) Network Detection and Response (NDR) AI-Powered Chatbots Cloud Security Posture Management (CSPM) Cloud-Native Application Protection Platforms (CNAPP) Attack Surface Management (ASM) AI-Powered Cybersecurity PlatformsPopular Comparisons
CrowdStrike Falcon
Wazuh
SentinelOne Singularity Complete
Cortex XDR by Palo Alto Networks
Vectra AI
Trend Vision One
Cynet
Rapid7 InsightIDR
NetWitness NDR
Stellar Cyber Open XDR
Fidelis Elevate
Adlumin Cybersecurity
LogRhythm UEBA
Secureworks Taegis XDR
Buyer's Guide
Download our free Darktrace Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- I'm building a next-gen AI powered threat intelligence platform. What's missing from existing solutions?
- Which is better - SentinelOne or Darktrace?
- What are the pros and cons of Darktrace vs CrowdStrike Falcon vs alternative EPP solutions?
- Which alternative solutions (other than Darktrace) do you recommend for an SMB?
- How does Crowdstrike Falcon compare with Darktrace?
- What is the best EDR or XDR product for a company with 9000 employees?
- When evaluating Extended Detection and Response (XDR), what aspect do you think is the most important to look for?
- How do you decide about the alert severity in your Security Operations Center (SOC)?
- Which is better for Endpoint Security: EDR or XDR solutions?
- What are the main differences between XDR and SIEM?