Darktrace Reviews

The primary use case for Darktrace is to gain full visibility into the network traffic. Darktrace provides complete packet capture and metadata analysis, unlike other solutions that offer only specific metadata. This comprehensive view allows for better assessment and monitoring of the network environment.

Darktrace is valuable since it offers full packet capture and detailed metadata. This feature sets it apart from competitors, which often provide limited metadata visibility. 

Additionally, the interaction with the technical team is seamless, and communication with the account manager is flexible and easy.

The management dashboards and the meter dashboards should be more user-friendly and simple to use for easy management.

I have been using Darktrace for three months.

Darktrace is very stable, and I would rate its stability a ten out of ten.

Darktrace has high scalability, and I would rate it a nine out of ten.

The technical support from Darktrace is of high quality, and I would rate it a nine out of ten.

Positive

I previously checked with different solutions.I decided to go with Darktrace. However, it offers complete packet capture and metadata, unlike other vendors.

The initial setup was straightforward, however, there were some connection issues when deploying the VM on the cloud. Overall, the setup process was easy.

The deployment and implementation were carried out in-house by our technical team.

Darktrace initially had a high price. After negotiation, we received discounts. Despite the discounts, it is still considered expensive.

I would recommend Darktrace to others as it provides detailed metadata and full visibility of the network environment. 

I rate Darktrace a nine out of ten overall.

I am using it for network and email security. I am a systems administrator overseeing cybersecurity at Alpha International Company Limited. We have been using it for about two years, focusing on the latest version.

Implementing this solution has given us confidence that we are secure. It has improved our network security and email filtering, significantly reducing spam. Overall, it has had a positive impact on our organization's IT operations, providing a comfortable and secure environment.

The most valuable features are the AI and advanced learning tools that distinguish it from other products.

There are still some issues with the network capturing or blocking traffic even after implementing exceptions. It requires more learning in this area.

I have been using the solution for two years.

I would rate the stability as a nine out of ten. It is very stable.

The product is scalable, and I would rate it as a nine out of ten for scalability.

The customer support is good and they are responsive. I would rate them an eight out of ten.

Positive

I used Barracuda before switching to this solution.

The initial setup was straightforward.

I led the implementation within my company, with support from them. There was no third-party service involved for training or support.

Using this solution provides financial benefits by securing from server attacks, which offers indirect savings. The percentage of budget savings can range from 30% to 40% for online businesses and five to ten percent for in-house processes.

The price is competitively good, although it is a bit on the higher side. I would rate the price a seven out of ten.

We evaluated a couple of other products, however, this one suited our pricing and network flexibility.

I would recommend this product to online businesses and infrastructures with more than 250 users.

I'd rate the solution eight out of ten.

I use it for Email security and network traffic analysis.

It has a strong emphasis on machine learning (ML). In addition, they are pioneers in introducing artificial intelligence in these modules.

The detection models keep changing based on emerging threats discovered in the outside threat landscape. That is really valuable to organizations like us, small and medium-sized companies. It is also beneficial for enterprise customers when it comes to understanding the threat landscape. They design the detection models based on that.

The autonomous response is also highly designed in Darktrace. Moreover, it's not only monitored by us; their backend team also keeps on understanding that our monitoring is always on. If any sensor is down, they immediately notify us. A few of the sensors are not in contact, make it fix it to get continuous support.

Since security products are trying to expand 360 degrees in the enterprise, if Darktrace comes forward with more automation and integrations with other security monitoring tools, it would really benefit CISOs and CIOs to better understand automation and have better visibility into what's happening in our environment.

I have been using it since 2018.

It's stable. The majority of the competitors, like Vectra and others, are unable to move to other products because Darktrace gives better importance and efficiency in terms of monitoring our network services and traffic. 

The moment Darktrace implements their services to expand their detection models and focus on the threat landscape, that really makes us want to continue with Darktrace. Even recently, when we had a renewal, we explored other products, but our company still gives much importance to Darktrace.

It is easy to scale. 

Technical support is good. They always coordinate with the CISO. If any of the sensors are down, they immediately notify the CISO, since I work via the CISO as well as the chief security architect for the entire organization. 

At any moment the sensors are down or the availability of our monitoring solutions are not reachable to their security backend team, their support team immediately notifies us. Their customer support is very helpful.

Positive

I have tried different solutions for similar use cases, but their detection mechanism is limited, even though their dashboard and UI give a better picture. But that's not true in actual detection.

I have explored Vectra. The sensors they ask us to place and the mechanisms of Darktrace and Vectra are similar. But when it comes to detection models, Darktrace has higher chances to mitigate the number of emerging threats that are happening across the world.

It's pretty easy to install. The initial installation of the brain sensor takes two or three days. But the subsequent expansion of the headless sensors to branch sites may take only one day.

The maintenance of the systems is very limited. It's not like other switches, routers, or firewalls that we take care of. The majority of upgrades are handled by Darktrace backend team. The only thing we have to take care of is the network availability of these headless sensors.

For implementation, less than three people are needed, or even one person. But when it comes to monitoring, we need more people because if the branches are expanded widely across the globe, you need a continuous team to monitor it. The volume of incidents is higher when Darktrace is implemented if the environment is not hardened well.

The return on investment is really high in terms of detecting bad actors or bad threats in the organization. In addition, I have discovered that when we negotiate a bundle package with Darktrace, they are really considered as affordable.

The pricing is almost equal between Vectra and Darktrace. In fact, we are one of the pioneer customers of Darktrace in the Asia Pacific (APAC) region.

Overall, I would rate it an eight out of ten. 

We use Darktrace primarily as a network detection device to monitor our network points and nodes. We fully utilize its capabilities, including Antigena, for post-work hours remediation and blocking potentially risky ports. We chose not to use its email security features, as the user interface was less responsive. We opted for network detection instead, which aligns better with our needs.

Darktrace provides better visibility into network risks, allowing you to take preemptive action against risky user behavior. It helps prevent sensitive data leaks to some extent, based on user actions on specific network ports. The tool can create user-based risk profiles with its email capability, but since we don't use that feature, it only identifies each user as a node without a detailed profile. While a user heat map could offer more insights into user activity on devices and the network, a limitation is that the appliance doesn't monitor anything once the user leaves the office, leaving a coverage gap.

Darktrace provides extensive information on data exfiltration, though it isn't a competent DLP tool. It can identify when a device uploads data outside the network, offering an initial alert on potential exfiltration. This feature helps us understand network activity and user behavior. We expected it to provide risk profiles and generate a heat map of users based on their activities.

They have a tool called Antigena for automated responses, but we limit its use to very specific actions, primarily during off-hours when the team isn't available.

Darktrace needs significant improvement in its notification capabilities. While it does notify administrators, the old approach of having admins directly police users is outdated. Users now prefer automated, impersonal responses rather than being confronted by IT staff, which can lead to concerns about privacy violations. We've requested Darktrace to develop a feature that notifies users directly when it detects potential data exfiltration. Darktrace doesn't differentiate between personal and work data uploaded to Google Drive or OneDrive. It flags it as exfiltration and expects the IT team to investigate further.

Human policing is a thing of the past; what’s needed now are automated responses, user awareness, and behavior warnings, areas where Darktrace falls short. In contrast, Egress, an email security solution, excels in this regard. It intuitively detects potential risks, even flagging first-time email recipients and integrating data classification. We’ve encouraged Darktrace to adopt this level of functionality, transforming it from just identifying exfiltration to a more comprehensive data leak prevention tool. However, as of now, Darktrace is still limited to identifying when a node is transferring data without distinguishing the nature of that data.

Darktrace could improve by enabling user heat maps or risk profiles, a feature that many other EDR and cybersecurity products already effectively provide. It would be beneficial for us if they could offer this functionality without requiring the purchase of an additional email security solution.

On the plus side, Darktrace integrates with CrowdStrike, allowing it to monitor CrowdStrike agent actions. This integration helps us achieve a unified view of our security landscape since we route Darktrace, CrowdStrike, FortiGate, and other tools through SecureWorks, our centrally managed security platform.

I have been using Darktrace for two years.

The product is stable.

I rate the solution’s stability a nine out of ten.

It has a better cost-per-user value for an enterprise.

I rate the solution’s scalability a six out of ten.

The initial setup is very easy. You must deploy it within your network because it's an NDR tool, meaning it must be installed as an on-premise appliance. During COVID, however, it became apparent that this setup had limitations since it couldn’t monitor remote users, rendering the investment less effective when employees worked from home.

To address this, Darktrace offers an agent that can be deployed on individual devices at an additional licensing cost. For our maritime business, with numerous vessels, deploying small devices or agents on each one isn't practical—it would be like adding a firewall box and a Darktrace box to every boat.

It would be more efficient if Darktrace developed a cloud-based solution similar to Meraki's approach. This would reduce the hardware footprint on remote devices and locations, making it more feasible for businesses like ours.

We evaluated Vectra AI alongside Darktrace as a potential network NDR solution, but other competitors are in the market. Trellix also offers an NDR solution, and any cybersecurity product with strong NDR capabilities competes with Darktrace. Since Vectra AI was relatively new and not yet stable at that time. Metrix also offers an NDR solution, but its product lineup is too complex, requiring the purchase of multiple components to access NDR capabilities. This didn’t align with our approach of selecting best-in-class products for specific functions rather than opting for an all-in-one solution.

Darktrace claims that AI powers threat detection, but it often feels more like a program or algorithm than intuitive or engaging AI. We haven’t observed the advanced AI capabilities expected from their claims. It may use AI in the backend to assess and evaluate risks, possibly through sophisticated algorithms. However, Darktrace lacks those capabilities regarding AI engaging directly with customers or providing intuitive interactions. The AI’s role seems to be more focused on risk evaluation rather than engaging or interacting with users meaningfully.

The core product is impressive. Darktrace's appliance performs well, quickly evaluating all nodes and establishing a solid baseline. While our environment had few threats, I've heard that visibility can be challenging for IT and cybersecurity teams in large enterprises. The appliance offers a rapid overview of your network environment.

Darktrace’s approach to deploying POC first is a strong point. It provides immediate insight into potential threats and risks, helping to build a compelling business case for its use. The device is reliable, with minimal downtime and performance issues, and is quick to set up.

Overall, I rate the solution a seven out of ten.

I am a distributor for several vendors and act as a trusted adviser. Although I do not have an official relationship with Darktrace, I know the product and vendor from working with some organizations in the Netherlands. My clients vary from two hundred fifty seats to fifteen hundred.

The product features automated response capabilities that clients find beneficial as they look for solutions that feel secure and require less labor. The customers appreciate that the tooling does its work automatically, contributing to a more secure environment.

The most valuable feature is the endpoint protection. The autonomous response capabilities are also highly regarded by the market.

One area for improvement is the alerting system, which generates too many alerts and becomes labor-intensive for organizations not equipped with enough personnel in their SOC. Aside from that, I am quite fond of Darktrace.

I have been working with Darktrace for two years now.

Darktrace is perfectly stable.

Darktrace is perfectly scalable, and I would rate it an eight or nine out of ten in terms of scalability.

I have experience with other solutions such as Morphisec Endpoint Protection, DeepInStink, Darktrace, Check Point, Defender, Veronis, ForcePoints, Odyxx, and SALT API security.

The initial setup is straightforward. It is easy to install, and it does what it needs to do.

The pricing of Darktrace is perfectly fine and competitive.

I would recommend Darktrace to organizations that have an efficient SOC in place, as the alerting can be a disadvantage for those who are not adequately staffed.

I'd rate the solution seven out of ten.

We use Darktrace for threat monitoring in the finance industry.

Darktrace's most valuable features are its dashboards and its ability to summarize huge amounts of information about threats and suspicious traffic. The solution summarizes suspicious traffic in all our networks, allowing us to focus our efforts on the most vulnerable points in our network.

The solution's user interface and stability could be improved.

I have been using Darktrace for one year.

I rate the solution’s stability a six out of ten.

I rate the solution’s scalability an eight out of ten.

The solution's technical support team was very proficient and useful.

Positive

We previously used Cisco's EDR and traffic monitor.

The solution's initial setup is very complex. It's not easy to set up Darktrace. The solution was deployed in three months by a team consisting of ten networking engineers.

The solution improved our visibility. Earlier, we couldn't visualize some threats on the internal network level. With Darktrace, we were able to spot some deficiencies and certain vulnerabilities.

Before choosing Darktrace, we evaluated Palo Alto and Cisco. Palo Alto needed some integration with other Palo Alto and Cisco products. It was mostly focused on network traffic anomalies rather than cybersecurity threats.

Darktrace is a very complex product. It's not like a commodity because we're not talking about licenses but mostly about traffic, which is a complex matter. Darktrace's AI technology could be improved because it requires a huge amount of manual work to work properly.

Overall, I rate the solution an eight out of ten.

We use the product to collect and monitor my environment. It models my traffic and sends me reports. Additionally, I have the response module in place to handle critical breaches by quarantining devices. I utilize it for generating reports and analyzing data to leverage threat intelligence.

The product's most valuable features are the response module and email protection.

Darktrace is quite expensive, which can be a significant factor for organizations with budget constraints. The pricing needs improvement. 

I have been working with Darktrace for around four to five years now.

It is a stable solution. I rate the stability an eight. 

I rate the platform scalability a ten. It supports a wide range of devices and is highly scalable.

The technical support services are reliable.

Positive

With the support from Darktrace and its partners, the setup process was user-friendly and easy.

The deployment took less than a week, although the learning phase for the environment can take some additional time.

Darktrace generates an ROI by effectively mitigating threats and avoiding costs related to downtime and other issues.

The product is expensive.

Darktrace provides real-time alarms for any anomalies in my network, which I utilize for incident response. It has significantly improved our reporting capabilities and response times once we set the parameters for identifying critical threats.

The response capability is beneficial because it autonomously responds to identified threats without manual intervention, ensuring that alerts are addressed 24/7. This includes quarantining devices as needed, which adds resilience to our security operations.

There have been improvements in incident response times. Before using the response functionality, we experienced a breach last year. Now, reports highlight and address incidents more effectively, reducing response times.

Its AI technology supports cybersecurity by learning my environment and accurately responding to threats. It reduces false positives and provides accurate threat detection by understanding the behavior of my network.

It is a tool worth trying, but the pricing aspect should be considered. I rate an eight out of ten.

Darktrace is used for detecting network-based threats like ransomware in the early stage or illicit communications with external endpoints.

A very useful feature in Darktrace for real-time threat analysis is the packet inspection that analyzes the packet traffic in real time. Data acquisition is the source rather than tapping the data downstream after some processing.

Darktrace could expand into EDR (endpoint detection and response) and combine it with its network detection. They could thereby have a more holistic knowledge of the system through network information or through visibility into the operating system of the endpoints.

I have been working with Darktrace for four years.

Darktrace is a very stable solution.

Darktrace is a very scalable solution. Our clients for Darktrace are enterprise customers.

The solution’s technical support is very good.

Positive

The solution’s initial setup is very straightforward.

The solution's deployment time depends on the complexity of the network. For some huge networks, you need to tap the right resources and measure the system to acquire all the required traffic. The deployment is very straightforward in smaller networks where you have to connect to only one switch.

Darktrace is quite an expensive solution. Users need to pay a yearly licensing fee for the solution.

Darktrace has improved our client's organization's threat detection and response capabilities. Darktrace has helped users intercept and stop ransomware attack attempts in the very early stage, within a couple of minutes of its detection Autonomous response is a very good and useful feature that differentiates Darktrace from other solutions.

One person can easily maintain the solution. Darktrace easily integrates with our client's IT infrastructure solutions, like Microsoft 365, CrowdStrike, and Palo Alto firewalls. Darktrace has impacted our clients' incident response time to be very quick.

Darktrace is an autonomous solution. Users have to ensure they present all the traffic to the tool so it can intercept threats and not have hidden spots in their networks.

Overall, I rate Darktrace a nine out of ten.