Darktrace Reviews

I am working with Darktrace in concert with F5, Tufin, and SAP security products.  

One of the things I like most about Darktrace is the fact that it has AI analytics built into it. That merger allows us to have a look at the way that things are working within our company. The fact that it is self-learning is a benefit that has given me 100% visibility across the cloud, my SaaS (Software as a Service) providers, my Office 365 services, within my data center, and also on-premises.  

We are also working with Darktrace on their alpha and beta testing for endpoint security. That is a model that we are thinking about incorporating later. 

Another thing I really like is that it is a very simple product to use. It is very logical and it works beautifully.  

The product is really excellent all around and I can not fault it. The only thing that I can think of that would improve it would be if they had a better visualization and a reporting portal.  

What I mean by better visualization is it could help map our services and endpoints in a better way. At the moment it is fairly complex in the way that it represents our network devices. It would help if there was in a slightly more logical way of visualizing the assets as opposed to the way it is currently being done.  

We are talking to Dartrace at the moment about putting in a reporting portal so we can have technical reports separate from management reports. Some of our management gets information in reports that they do not need to see. When they see it they will not understand what it means. Targeting — or customizing — the reports that we make can allow us to have the content fit what the recipient needs to see without distracting extras.  

Apart from those potential additions, this product is absolutely excellent. It has given us everything we have wanted. Darktrace, as a company, has been really good. Our account manager is totally responsive. The support teams have been really conscientious.  

Fingers crossed. So far Darktrace has proven to be a great asset.  

We have been using Darktrace for about four-and-a-half years now.  

The scalability of Darktrace is excellent. If we want to increase the IP count it is just a matter of negotiating the licenses. We have already upgraded to the largest model of their hardware, and scaling is nice and simple in that situation.  

The technical support people have been good. They understand exactly what we need every time. So I am very happy about that.  

If you ask a question and support can not answer straight away, they will say that they will be back to you within 'X' number of hours. Then they actually do it, which is not something that you get a lot of in technical support teams. Normally people do not stick to what they say they are going to do.  

Our deployment took probably the best part of three months. But the amount of time was more a matter of our constraints, not a problem with Darktrace and the difficulty of deployment. We are operating in 13 countries and it was the scale of it that took additional time. Smaller deployments will take less time.  

If someone asked me for advice about the product I would definitely highly recommend it to those who need this type of solution. It is really good. It has given us a view of our company and it has actually caught a couple of people that were doing data exfiltration and stealing data from our company. We caught them doing it in the act in live time, which is just incredible.  

On the scale from one to ten where one is the worst and ten is the best, I would definitely rate this product at the moment as a ten. It is a perfect solution for our needs.  

I'm a customer data security manager and we are looking at replacing our current solution, McAfee, with something like Darktrace or CrowdStrike which will provide the same visibility with the endpoint protection aspect. 

The Ability to drill right down into an event that has been identified as something of interest so that you can be assured if it is a valid event and therefore not suffer from loads of false positives. Once that initial assurance and confidence was there, you could easily rely on the dashboard and minimise the risk of constantly drilling into each and every event but pick the ones with most risk.

The product is automated to a certain degree, but I think this could be improved. I'm looking for a way of being able to react to threats that are detected based on risk. Aside from that, there is nothing really that they could improve on, it's a product more suited to organizations with an SOC, security operations center, or a company with an IT team of network security members because it relies on constantly monitoring it to see information based on the risks of events.

In our case, we have a small IT team, which means that a large amount of time would have been spent drilling into it. If something did happen on the network, we'd ideally be responding to it reactively instead of proactively. Some of the other products we tested did that so that if something was detected, it would block that device by means of an endpoint, which halts the process and gives you time to check it out. Darktrace would tell you, for example, if there was a ransomware attack, but it wouldn't stop the attack. Other products would identify it as a ransomware attack and stop the network card on the endpoint, giving time to react to the alert, and proceed to cleanse or investigate the machine that's had a problem. That was our issue with Darktrace.

The only reason that it looks like we are going down a different route is because of the endpoint protection issue. The product doesn't have an endpoint agent that can react to outcomes or triggers that are set on the device, otherwise, it would be great. 

We tested the solution for one month. 

Stability is fine, we had no issues with it whatsoever. 

We didn't need to scale the solution, but you could scale it without any issue. The only thing that I think you had to keep an eye on was network traffic through your switches because effectively, you're capturing all the traffic on your network on a port that goes to this device.

The support was fantastic, really good. We were in touch with the guy who I believe was the accounts manager.

Initial setup was easy. We just had to configure a switch port into what's called promiscuous mode and then plug in the device and give it an IP address and leave it. We deployed with our own technical team. It took a day to setup, maybe even less than that. Once installed they activated the license on it. We left it at baseline to look at the network for a week. It just looked at existing traffic and worked out what was typical traffic and what was interesting traffic.

For out of the box it is licensed per device or node that it connects to. I think for services there were some additional licensing fees. 

We evaluated other options and Darktrace had really good dashboards and graphics, but other devices like CrowdStrike, for example, had the endpoint protection we're looking for as well as the features that Darktrace has. The difference is in functionality.

I would suggest to anyone considering this option to identify if this is going to be a monitoring tool to supplement an existing system or if this is going to be another product in your existing security suite of tools.

I would rate this product an eight out of 10. 

Generally, we use Darktrace for behavioral analytics. We use it in the inner-network and the outside network for malicious connectivity. Darktrace gives us support with networks. We follow all the notifications and sometimes we block malicious IPs from the firewall.

Its most valuable feature is its ability to identify malicious connected IPs from outside and the attacks that get through to the inside.

Darktrace needs to simplify most of the positive reports. We have to field all the positive reports, false positives, too. Sometimes we need to check false positives manually. We have to filter false positives. After that, we configure it again. Then, we want to analyze these false positives. That's the main thing. If we are assessing features, this should be easier to handle.

Darktrace needs to automate the reports of false positives, botnets, and everything.

So far, I think the solution is good. Not excellent, good.

I'm using Darktrace about two years.

The stability of the solution is fine.

In terms of scalability, it is ok.

It's a behavioral analysis solution, so we are not actively using it. We analyze all the user traffic from the Darktrace. That's the main thing. 

There are about 3,000 users. All the 3,000 user traffic is going through Darktrace.

We don't do the maintenance for Darktrace. My vendor is maintaining it since we got the product from them.

We are analyzing attempts to connect to them. After that, if you want reports, they provide them. We have a service and everything with the vendor. Then, if we have any requirements, they do it for us. The solution is working all day and my team is analyzing two hours for that.

In terms of technical support, if you raise some complaints, they tend to everything with user traffic within three or four hours. They provide the solution then we implement it.

Before using Darktrace I was using FireEye, but I switched because FireEye is very expensive and they do the same thing. It provides the same thing, except that DarkTrace has a different solution for the firewall, email filtering and everything else, and Darktrace is doing everything in a single box.

The initial setup is simple. It only takes three or four days. But we need to identify one to three traffic behavioral analysis, after that we can find the lead.

My team handled the deployment. They did everything. After that, they give me a report, which I then go through.

We are doing a monthly cost-basis. It's about 500,000 NKR because we are the first to implement it in Sri Lanka. We worked out direct pricing from Darktrace UK. After that, we selected a vendor in Sri Lanka. But the thing is, we are the first implementation here. I think they are actually undercharging and giving us the solution first because they want a reference from us since we are a bank in Sri Lanka. That's why they are doing it like that.

There are no additional costs besides the license, except the 15% rate to the Sri Lanka government.

Based on our experience with DarkTrace, I would advise that if they are comparing prices, ROI and everything, I think Darktrace is better than FireEye.

On a scale of 1 to 10 I can rate it a 6. I give it a 6 because it's been a year learning everything, and technology, attacks and patents are changing everyday.

The tool offers us visibility into network traffic. 

The tool gives us alerts whenever an admin is trying to connect.

I am impressed with the product's ability to give insights into network traffic. 

I would like to see a feature where the tool ingests information from an anti-malware product that is present at the endpoint. 

I am using the product since September. 

The solution is stable. 

The tool's deployment is easy. 

The tool's pricing is costly. 

I would rate the tool a nine out of ten. You need to use the tool on a trial basis so that you can get comfortable with it. 

We are a consulting company and sell Darktrace to our customers. Our company is in West Africa. I'm the company CEO.

Darktrace can observe networks and respond to those observations. It provides great network protection, is innovative and flexible.

I think Darktrace needs to improve its collaboration with local partners. That would include training and improving the technical skills of vendors. Desktop and mobile device protection could also be improved. 

We've been selling this solution for two years. 

The solution is stable. 

Our customers report that the technical support is very good. 

Positive

The initial setup is reasonably straightforward although the process requires some preparation beforehand. The size of deployment varies greatly, we've deployed in companies ranging in size from 200 up to 5,000 users. 

Licensing costs are expensive, although I think the high cost is partly a currency issue because we're based in West Africa. 

I rate this solution eight out of 10. 

Darktrace is used for network security.

Darktrace has helped our organization be secure from network spam and attacks.

The most valuable features of Darktrace are the tracing of unusual external emails and monitoring the local network.

Darktrace could improve its features, such as monitoring and detecting ransomware. 

I have been using Darktrace for approximately three months.

Darktrace is a stable solution.

The scalability of Darktrace is good.

We have four companies that are using this solution.

I have not used the support from Darktrace.

The initial setup of Darktrace was simple. The deployment of Darktrace took approximately two weeks.

I am using a demo of Darktrace for deployment and testing which is free.

My company chose Darktrace because it helped other companies that needed some help with metrics monitoring and spam monitoring.

I would recommend this solution to others.

I rate Darktrace a ten out of ten.

Darktrace makes up part of our security solution and it is able to operate without intervention from IT staff. Antigena feature for automatic response is awesome.

You can have a one-person IT team and with Darktrace, you can get notification of potential threats that are incoming or are already happening on the network.

I like the Antigena feature in Darktrace, as it offers immediate response and is helpful.

This product collects more data than your traditional type of software, which is useful for us.

Darktrace picks up anomalies as soon as they arise.

The interface is too mathematical and it should be simplified. If you are a seasoned user then you would know where to go, but you have to learn it first. The terminologies being used are mostly numbers. In general, it could be more user-friendly. The GUI can be more simplified and the sections on the interface can be better organised. Usability and visibility of features can improve the skills of administrators and the product will be a preferred solution and ratings will increase.

My experience with Darktrace is short because we are just implementing it now.

The stability of Darktrace is fine.

We do not intend to scale. Scalability is more of a contract issue that comes into play if you want to add nodes to the system. We are opting for a specific number of nodes or endpoints, which we would be able to keep for quite a number of years. I don't expect that we will expand that much, so scalability should not be an issue.

We have been in contact with technical support using different platforms. We have dealt with them using Microsoft Teams, Zoom, WhatsApp and via email.

Positive

No

The initial setup was quite simple and straightforward, taking about an hour to complete. After that, the port modeling took perhaps an hour or two.

Vendor Team

If you consider the features and the cost of market leaders, we are satisfied with the pricing.

Snode

I would rate this solution an eight out of ten.

Darktrace is a very good solution.

Darktrace is very useful for us because it has a large number of models for detecting threats.

There are numerous false positives.

Darktrace requires numerous configurations. It would be beneficial if the configuration could be made simpler.

I have been using Darktrace for three years.

Darktrace is very stable.

Darktrace is easy to scale. It's a scalable solution.

Technical support is good.

The initial setup is difficult.

It took three or four months to deploy.

People must first examine the network architecture in order to make the best implementation.

Darktrace is a very good solution, I would rate it a nine out of ten.