Darktrace Reviews

We use it to deploy to enterprise customers to provide them with a complete, reliable and intelligent threat detection and response system.

It helps us to reliably serve our customers with quick deployment of a durable, effective and intelligent product.

The most valuable part of the product is the whole package. The features included in the Enterprise Immune System are complete and effective. Its detection engine is ridiculously good.

It is hard to really address what needs to be improved in the respect that it does everything I would expect of a superior solution. It is simple enough to use because the interface is quite simple, the setup is quick and painless — in only an hour the product is installed. Users can train on the system in less than three hours. When the configuration is complete they will already know what to do and they can just go on and use the product.

I think that the price is quite good compared to other, similar products. They already have a plugin that you can use to set up integration with virtually any other product. 

Maybe it could come with a few more built-in integrations, such as adding ServiceNow. They already have built-in integration with Antigena Cyber AI Response Modules for the clouds and for the network (AWS & Azure), and they did Office 365 (email), and SaaS applications as well.

I guess a few more options and opportunities like this built-in would be nice. It is not a big thing.

The stability of the product is really very good. Clients who have had us do the implementations say it is fantastic after they've tried it.

The product is definitely scalable and can grow with your enterprise business.

In terms of customer support, it is really rare that you need them to do anything because the product is really good. You turn it on and it just works. Really anyone can run it. So a level ten tech, a level five tech or a level one tech can use it. It makes everyone competent. It's like driving an automatic car because the gears shift for you. You still have to be a good driver and take the wheel and press the gas. But you can switch it back to manual if you want a different level of control. It's up to you. But everybody with different skill levels and different purposes for the deployment can use it.

When we have contacted the technical support they have been very good.

It's simple enough to install and it does exactly as the product says: "installed in about an hour." With only an hour to install initially and with being able to train people to use it in just a few hours, it is very quick to do the initial setup. Very straightforward. It's a jog in the park. 

Normally, once you deploy, for a normal site it's about two weeks time to set up configurations for the network, but then it is optimized and processing even faster. It's faster with fewer features and, usually, I use is about half of what it is capable of doing based on the client need. And once you do that configuration, you're ready to go. All that in less than two weeks and you can start getting threat intelligence reports from the network with intelligent tools. It's fantastic.

We are the ones who do the implementations and we have done many, so we are very good at it.

Our return on investment is as a reseller and consultant because we make returns on servicing the customers.

I think that the price is quite fair and very good for this type of product and the features that the product provides. 

My advice to people and organizations considering this as a solution is: go buy it. They shouldn't waste their time fussing and looking around at other solutions. It works. I've done administrating for several years, and this is the one solution that works. It complements what you have, whatever that is. It is like a plug-and-play component. There is no solution that does what it does. You even have some excellent systems like Cisco's Stealthwatch — these are just the three packet analysis technologies. Darktrace is actually DPI (Deep Packet Inspection), which in my markets is now called the threat level buttons. It is really an advanced product and everything just works ridiculously well.

If I had to rate the product on a scale of one to ten (ten is the best) I'd give it an actual ten. It is the only product I use that I would give a full ten. It's hard to achieve a ten as you have to be better than everything and everyone else. It does deliver on what it says it can do.

We are a consulting company and sell Darktrace to our customers. Our company is in West Africa. I'm the company CEO.

Darktrace can observe networks and respond to those observations. It provides great network protection, is innovative and flexible.

I think Darktrace needs to improve its collaboration with local partners. That would include training and improving the technical skills of vendors. Desktop and mobile device protection could also be improved. 

We've been selling this solution for two years. 

The solution is stable. 

Our customers report that the technical support is very good. 

Positive

The initial setup is reasonably straightforward although the process requires some preparation beforehand. The size of deployment varies greatly, we've deployed in companies ranging in size from 200 up to 5,000 users. 

Licensing costs are expensive, although I think the high cost is partly a currency issue because we're based in West Africa. 

I rate this solution eight out of 10. 

Darktrace is a very good solution.

Darktrace is very useful for us because it has a large number of models for detecting threats.

There are numerous false positives.

Darktrace requires numerous configurations. It would be beneficial if the configuration could be made simpler.

I have been using Darktrace for three years.

Darktrace is very stable.

Darktrace is easy to scale. It's a scalable solution.

Technical support is good.

The initial setup is difficult.

It took three or four months to deploy.

People must first examine the network architecture in order to make the best implementation.

Darktrace is a very good solution, I would rate it a nine out of ten.

I'm currently heading cybersecurity for 1,500 entities. Some of them have deployed Vectra, and some of them have deployed Darktrace. Darktrace has been in the UK market for a while, whereas Vectra is a not-so-old player in the UK market.

We are using the latest version of Darktrace but not their latest offering. They are now also providing email security over the Darktrace platform, but we have not been utilizing that. We have been utilizing their network detection and response and some part of automated incident response (IR) capability.

We have a hybrid infrastructure. Some centers are deployed in the cloud, and some centers are deployed on-prem. The management platform is currently on-prem, but the plan is to move it to SaaS.

In terms of features, the data or information they collect and unsupervised machine learning are very valuable. Its unsupervised machine learning has reduced our team's effort. Both Darktrace and Vectra work on unsupervised machine learning that learns the behavior or develops a profile on its own, which allows our security team to do some other tasks rather than spending time on Darktrace or Vectra. 

Because of unsupervised machine learning, its detection capability is quite good. Along with that, if we utilize the integration feature properly, the automated incident response capability of Darktrace is quite useful.

In terms of improvements, fine-tuning is the area where we have to spend some time because it works on unsupervised machine learning. It would be good if they can improve their algorithm or technical functionality to reduce the fine-tuning effort. 

They can also come up with something at the endpoint level. So far, Darktrace has been a network detection response (NDR) solution. It does not offer much at the endpoint level or on user-client devices or servers. There should be more visibility at the endpoint level. It would be good to have the detection and response at the endpoint level by Darktrace.

It should also have integration with an agile environment so that we can have continuous development and continuous integration in the application development environment. This is currently not there. It should also have internet-facing platform visibility, which is currently missing. 

They also need to improve the reporting and management dashboards. Currently, these are not so easy for a non-technical person. All these features would make Darktrace much better, and they would also be helpful in selling more solutions.

I have been using this solution for maybe six or seven years. At my previous workplace, we were one of the early adopters of Darktrace's unsupervised machine learning technology.

Its stability is fine. We are utilizing a mix of their deployment capability. We have appliance-based and sensor-based deployments. Performance-wise, sensor-based ones are slower than appliance-based ones. An appliance also has dedicated hardware.

In terms of scalability, it is fine. We have deployed Darktrace for around 7,000 to 8,000 users for one part of an entity, and it has been working fine. I don't see any issue in terms of its scalability. 

Currently, it has around 7,000 to 8,000 users, but it is getting extended. We are in the process of extending the Darktrace capability to other entities. We are talking about 1,500 entities and 120,000 users in different dispersed and segregated environments. 

They've been quite okay in their responses. This solution is definitely complex, so sometimes we don't get the expected level of information or answer straight away, but they have been okay in responding and following up. I would rate them a seven out of ten.

From the initial deployment perspective, it was quite straightforward. We just need to make some configuration changes and then Darktrace works on spanning. It gets a copy of all the data from the network, and it starts building the profile. It has a pretty straightforward deployment.

I would rate Darktrace a seven out of ten. It is a good solution, but it requires some improvements. 

We deployed Darktrace for one of the biggest telecommunications companies in Latin America. It is deployed on-premise, but it is more like a service because we don't care about the appliances. Even though it works with appliances, it is more related to the services to the connections that the solution can handle. Because of that, it is on-premise, but it also has a component with sensors that works for remote instances, almost like a cloud solution. 

Some of the clients, especially in the security area, think that this appliance will replace a firewall or a prevention system solution, but it doesn't replace them. It actually complements them because the firewall decides to allow or deny a connection, and a prevention system is designed to avoid any type of risks to the connection or intrusion on the network. Darktrace allows you to find the unknown threats inside the network and identify them by using some artificial intelligence. It can do all the tracking inside or outside the network.

It is connected directly to the core switch, and in the first stage, it probably takes about a month to learn the behavior of the network and the users. With that, it starts to know what type of information is correct inside the network, and what type of information probably would be a risky connection or risky data moving from one site to another. It then starts doing the alerting. After the first stage or the learning stage is complete, we can find the size of the network. The second stage is the use of a different model inside the solution called Antigena. It works like the antibodies inside our body. Once it detects something that is wrong inside the network, it not only does the alerting but also takes the decision to block that type of connection in order to avoid any information leak or any possible risky connection. If somebody is doing some data mining, it disables connection to the engine that is doing the data mining.

We have been giving results not only to the security or compliance area inside of a company but also to the legal department. If someone is doing something wrong in terms of compliance, they can take directly take action against the person or group doing that.

We also give results to the infrastructure people and the network people. Based on our experience, most of the customers don't really know the size of their network. With this type of solution, we can know the complete network. We can know the real size, and how many resources are connected to the network and the internet. For example, one customer said to us, "I only have 18,000 connections on the network." We did the sizing with 18,000, and when we started the deployment, this customer had one thousand and twenty hundred connections. They didn't realize that until we arrived.

It is very easy to work with Darktrace once you know how it works and the type of permissions that you need to get related to the security over a network. The interface is awesome. I'm sure that you have seen Ironman, and you know Jarvis, the computer of Tony Stark. The interface of Darktrace is very similar, and you can see in 3D, like a hologram, the whole network, traffic, and all the traces inside the network. The interface is awesome, and it provides a lot of information. At least for us, it is very easy to handle this interface, get the reports, and do the interpretation of those reports.

Darktrace also provides mobile monitoring. With an app on your mobile phone, you can view the information live, which is very useful for area directors and field engineers. Darktrace can be also correlated with any type of big data solution, such as Splunk.

It would be good if they can include some endpoint protection for remote workers. Nowadays, most people are working remotely. Therefore, they should include some type of sensors that can be installed on the endpoint in order to directly report the main usage and protect remotely. Phone protection will also be a great feature to add to Darktrace.

I have been working with Darktrace for at least four years. I recommend and sell it to customers. A long time ago, I used to be a technical guy. Now I am on the sales side. Our technical crew and sales crew are certified for this solution.

For the past four years, I have only seen two crashes in two appliances. That was because the customer sent more traffic than what the solution or that specific appliance could handle. It was solved by using another appliance to do the appropriate balancing. The second crash was because it was a human error and somebody by mistake disconnected the cable and connected it to a different interface.

It is very easy to scale. When you need more appliances to support the infrastructure, you can use them as LEGOS. In order to place them, the only thing that you need to have is a rack, and you can start connecting them to the switch, and that's it. Once that you have it on the main console, you just assign the role to every single appliance, and that's it.

We're very focused on big companies, but we also have medium customers. The reason why we don't sell it to the small companies is that this type of solution is very expensive for them to finance. So, probably the assets that they have are very important, but based on the budget that small companies have in Latin America, they cannot afford a solution like this.

The support that we have in Latin America is very good. It is a very good company to work with. They have offices here. I would rate them a ten out of ten.

It is very easy. The setup of the solution takes probably half an hour. The only thing that we need to place Darktrace on a customer site is a connection on the core switch with a mirror port. We need to have some space on the rack, and then we connect the appliance to the core switch, and that's it. We go back to the customer a week later to see what Darktrace is catching and start sharing with the customer our discovery inside the network.

The biggest deployment that we have done took about two months, but it was in 26 different sites. The main challenge was the transport. We had to take care of all the logistics to transport all the appliances and find the appropriate time to run all the appliances because most of the customers do not allow to rack them at any time. Therefore, it needs to be done at midnight when almost nobody is using the network. That was our main challenge, but it is very easy to set up.

The pricing is very flexible for Darktrace. Sometimes, a customer does not have the appropriate budget, but Darktrace can handle that. They offer monthly payments, so the customer can acquire the solution very easily.

Over the past years, I have seen some customers say, "No, I have Endpoint protection. I have intrusion prevention. I have a firewall. I don't need anything like that." My advice is that first of all, open your mind to new solutions because this type of solution will catch everything that the rest of the solutions that you have won't catch. That's the first thing. The second thing is that do not limit the work of the people who work with Darktrace by saying that you know your network because we can assure you that you don't know your network and the threats that are inside and outside the network and the size of the network.

We always start with Darktrace Enterprise Immune System, which is the first model. The reason for this is that it is easier to adopt the Antigena model at the second stage because the solution by itself needs to learn inside of the network and what is good and what is bad. When we place Antigena, the deployment stages are exactly the same as when you first deploy the Enterprise Immune System in order to let it learn. After the solution starts learning, it will take at least a couple of months or probably three months to deploy Antigena. Therefore, it doesn't make sense to make customers spend more money on a solution in the initial stages and go for a solution that they would not be using initially. This also provides the appropriate sizing of the network. Most of the time, the customer needs to acquire more services from us in order to support all the infrastructure that they have.

I would rate Darktrace a ten out of ten. I am a very happy user and a happy seller of Darktrace.

We are a system integrator and we pose solutions, including this one, to our clients.

It is mainly used to reinforce response capabilities with respect to network security.

I find it very good in the way that they show the past events, including the attack history. You are able to visualize all of the attack paths and connectivity to see what's happened.

The GUI interface is very good.

They are using the best machine learning and AI at the moment.

The need to simplify the analysis from a user perspective. In a few cases, you have to be a specialist in order to understand what's happening. It would be helpful if they could recognize incidents and simplify the customer's challenge to identify what is happening.

I was been working with Darktrace for two years.

Stability-wise, we have not had any issues and it has been quite good.

We haven't had any trouble with scalability.

We have had contact with technical support and help was quite straightforward. Our feedback for them is good.

We work with a variety of products in the security space including Darktrace, Splunk, Elastic, and others.

The initial setup is really simple. This product is normally deployed as an on-premises appliance and it normally takes less than one day. It depends on how complex the network is, but it's usually quite simple.

Our customers feel that the price of Darktrace is quite high compared to other solutions. However, I feel that they are one of the top solutions in this space and they want to be paid for that.

They are currently working on improving their interface by including AI to help simplify things, but it does not work on real-time data. Rather, it works on historical events.

This is definitely a product that I can recommend, although I would probably be using it together with a SOC service or somebody else who can manage it properly.

I would rate this solution a seven out of ten.

Once installed, it starts picking up and learning the network very well because it's got a powerful AI integrated into it.

The user interface is very intuitive.

The Dynamic Threat Dashboard is very nice, as it lists all of your threats and rates them, and then you can choose whether to investigate further.

This solution has some good features for customization in terms of how you're tagging your network, which basically makes it easier to identify what is actually happening. You can see where the traffic is going, where it is coming from, and that sort of thing.

Darktrace has quite a few inbuilt features such as its own packet analysis module, which is an offshoot of Wireshark.

This solution has some powerful APIs, although we do not use that functionality at the moment.

This is quite an expensive product so the pricing is something that can be improved.

I have been using Darktrace for between two and three years.

We've seen no major problems between the master and slave devices in our architecture.

Darktrace is definitely scalable. We started off with a single device monitoring a single site and we progressively added more sites with different devices in a master/slave architecture. The more we've added, we've had to re-think a little bit, but overall the scalability is excellent.

We have ten security analysts who are using this solution.

The Darktrace technical support is very good.

We started off with Darktrace. It was based on a decision from somebody in the business who had previously used it.

Personally, I have used a few other solutions and with respect to the interface, you probably couldn't get more intuitive than Darktrace.

Darktrace is very easy to set up. Even our basic technical people are able to do it. It's almost like plug and play. There is some basic configuration to do, but it's nothing major.

I would say that most technical people can do the majority of the setup.

We were granted access to all of the documentation and information from Darktrace, so we did the implementation ourselves. There may have been one or two areas that we had to go back to Darktrace directly to get clarification on, but there was no third-party partner or reseller involved.

We're very pleased with Darktrace so it is a bit difficult to pinpoint areas for improvement. It covers all of our needs and from what I can see, it does the basics very well. There are many advanced features, also.

This is a solution that I definitely recommend. It offers a proof of value rather than a proof of concept, where they run the tool in your network, let it learn and then catch any vulnerabilities. Then you will actually see the value of the solution, either potentially blocking any exploitive threats or not, but its a really good thing to go through. To do this, I think that you have to go through an actual partner unless you're in a location where Darktrace has a physical office. In any event, I strongly recommend going through the proof of value to see if you like it. If there is a charge then it is definitely worth it.

I would rate this solution an eight out of ten.

Overall, I like the system. The product offers us a very good user interface and we've found the network visibility to be very good so far. The solution has one window and shows all networks.

The solution comes in multiple languages, including English and Arab options.

The solution is stable.

We've found that technical support is helpful and available to assist us if we need them.

There are some automation capabilities, however, they could be presented better.

The manual is difficult to follow. While it presents some use cases, it's not very clear. There may also be some language barriers, as it's not available in my language.

Some aspects of the initial setup are complex. 

It would be useful if there was a way to check to see if there are certain devices that are not in sync with the solution. I'm not sure if this is an option or not. 

The cost of the solution is quite high.

I'm very interested in ISO 27001 and these processes. I'd like to better understand how it supports this kind of workflow.

I haven't used the solution for very long. It may only be about 20 hours or so. It's very, very new. 

The solution is mostly stable. I found that, during the POC, sometimes my rights would do off and I would have to reinstate them, however, other than that, it was very stable. The performance was good. 

I've only used the solution for a short amount of time. I can't really speak to the scalability. There were different models that I tried, however, I can't speak about how different models affect the scalability. I've only used it for a very short amount of time.

There are maybe three or four people on the solution, now that we've tested it. 

I haven't really interacted so much with technical support, however, there is a person available to us that could help us troubleshoot or answer our questions if we need assistance. 

There are aspects of the initial setup that are not very straightforward. there is some complexity. I needed to keep going back to the manual to check things at certain points. 

We are still currently in the test period. Within the year, we will have to invest in the cost of licensing. We have not done that yet.

The solution itself is quite expensive. 

We did look at other solutions, however, I can't speak to which solutions we actually looked at.

We are a partner.

I'm not sure which version of the solution we're using. My understanding is that it is version 5.

I would recommend the solution to others. However, it's important to ensure you use the solution in order to set up your processes correctly and to the benefit of the organization.

So far, I would rate the solution at an eight out of ten.