Try our new research platform with insights from 80,000+ expert users

Corelight vs Darktrace comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Jun 15, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Corelight
Ranking in Network Traffic Analysis (NTA)
6th
Ranking in Network Detection and Response (NDR)
19th
Average Rating
9.0
Reviews Sentiment
7.6
Number of Reviews
5
Ranking in other categories
No ranking in other categories
Darktrace
Ranking in Network Traffic Analysis (NTA)
1st
Ranking in Network Detection and Response (NDR)
1st
Average Rating
8.2
Reviews Sentiment
7.2
Number of Reviews
82
Ranking in other categories
Email Security (9th), Intrusion Detection and Prevention Software (IDPS) (1st), Extended Detection and Response (XDR) (6th), Cloud Security Posture Management (CSPM) (15th), Cloud-Native Application Protection Platforms (CNAPP) (11th), Attack Surface Management (ASM) (4th), AI-Powered Cybersecurity Platforms (2nd)
 

Mindshare comparison

As of July 2025, in the Network Detection and Response (NDR) category, the mindshare of Corelight is 4.6%, down from 5.3% compared to the previous year. The mindshare of Darktrace is 23.6%, down from 25.5% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Network Detection and Response (NDR)
 

Featured Reviews

Dan Jeske - PeerSpot reviewer
An open-source solution that gave us insight into our clients' network traffic flow
We use the solution for packet capture sampling. We offer it as part of our managed service. It's so we can identify east-west traffic on a customer's network Corelight is low-cost and made on open-source, and the code is Zeek. It's an easy way for us to get visibility in a client's environment.…
Malebo Lethoba Group - PeerSpot reviewer
Have found the AI analyst and detection functions highly valuable for network operations while managing complexity in initial setup
The functions I find most valuable in Darktrace ( /products/darktrace-reviews ) are the AI analyst as well as the detection.The autonomous response capabilities of Darktrace are not crucial for me because it doesn't work in a network where there are no core switches. In a modern network, the autonomous response doesn't work, especially when sitting in a shared data center.If I'm running a traditional network where I am not in a shared data center with a layer two dedicated for my resources, then it can work for me. However, if I am in a data center where I don't have layer two, it becomes an issue because the autonomous response is reliant on sending spoofed TCP resets to my core switch to block traffic, which is a major issue.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"It's easy to create additional dashboards specific to supporting specific tasks."
"It's an easy way for us to get visibility in a client's environment."
"Corelight is easy to use."
"It is easy to deploy and easy to handle."
"The most valuable feature is the embedded IDS from Suricata."
"AI analytics are built directly into the product."
"Darktrace is very flexible."
"The most valuable feature of Darktrace is its ability to detect and counter threats before they occur."
"The most valuable feature of Darktrace is its ability to detect and counter threats before they occur."
"The Antigena feature is most valuable. Once it learns your environment, Antigena can step in and block a denial of service attack, a ransomware attack, or just about anything that doesn't belong in the environment. It can detect any type of attack that hits the environment because it understands what normal looks like for the network. It is very useful for an autonomous response."
"The most valuable feature is the alerts. The alerts are meaningful. The event rolls up into meaningful and actionable alerts rather than just being noise."
"It's a very stable product."
"I have found the most valuable features to be artificial intelligence for cybersecurity, advanced machine learning capabilities, enterprise Immune System, Antigena Network, and Antigena Email. The way the solution detects the threat over the network before it spreads is very good. It notifies you of what the threat is exactly doing and gives you all the details about the execution of that application that had created the threat over your network."
 

Cons

"Corelight hasn’t added features in a long time."
"The solution’s architecture is complex and difficult to understand. There are multiple machines and VMs."
"They can enhance the interface of the product. They can make it more interactive and also easier to use for feature access."
"Machine learning could be a good improvement, but it's very costly."
"In the next release, building a graphical user interface would be helpful."
"I think there is some MSSP missing."
"The price point for the product was too high for what our possible use case could be."
"One thing that I would like to look at going forward is to have a fully automated network infrastructure that is monitored automatically real-time, and that gives me this kind of capability where I would be able to look at my network at any given time and see the state of my network. With Darktrace, at the moment, I have to almost put in a date and tell them that want you to give me data from this date to this date. I don't want that. I want a fast solution in which it doesn't matter when I log into the application. Whenever I log in, I must be able to see my network and run a report. In other words, if I go in now and I say, "Give me a full report of what happened today, it must be able to give me that. It mustn't just be limited to a seven-day period, for argument's sake. It must be able to give me real-time and day-to-day tracking of what has happened within my network."
"The one downside is the pricing, which is quite high."
"The pricing needs improvement."
"I would like to see more protection in the endpoint. Especially because we have a lot of people using VPNs. If they would improve end point security, it would give more control there."
"I would like to see a feature where the tool ingests information from an anti-malware product that is present at the endpoint."
"The product doesn't have an endpoint agent that can react to triggers set on the device,"
 

Pricing and Cost Advice

"It's a yearly fee and depends on what you are looking for."
"It was $3,600 a month or $2,000 plus or so. I am not sure. Its licensing is pretty simple."
"This solution is expensive."
"If you consider the features and the cost of market leaders, we are satisfied with the pricing."
"The cost is moderate."
"They are too expensive compared with other vendors."
"The product is expensive."
"I am using a demo of Darktrace for deployment and testing which is free."
"The cost of the solution can be reduced to make it more appealing to customers."
report
Use our free recommendation engine to learn which Network Detection and Response (NDR) solutions are best for your needs.
861,803 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
15%
Computer Software Company
12%
Government
12%
Manufacturing Company
7%
Computer Software Company
13%
Manufacturing Company
8%
Financial Services Firm
8%
Government
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
No data available
 

Questions from the Community

What is the biggest difference between Corelight and Vectra AI?
The two platforms take a fundamentally different approach to NDR. Corelight is limited to use cases that require the eventual forwarding of events and parsed data logs to a security team’s SIEM or ...
What do you like most about Corelight?
It's easy to create additional dashboards specific to supporting specific tasks.
What is your experience regarding pricing and costs for Corelight?
The solution is too expensive compared to others. If you have the technical knowledge, it's good. Corelight is a very big gap between you and others if you’re new.
How does Crowdstrike Falcon compare with Darktrace?
Both of these products perform similarly and have many outstanding attributes. CrowdStrike Falcon offers an amazing user interface that makes setup easy and seamless. CrowdStrike Falcon offers a cl...
Which is better - SentinelOne or Darktrace?
Which solution is better depends on which is more suitable specifically for your company. Darktrace, for example, is meant for smaller to medium-sized businesses. It is also a good option for organ...
What do you like most about Darktrace?
A very useful feature in Darktrace for real-time threat analysis is the packet inspection that analyzes the packet traffic in real time.
 

Comparisons

 

Overview

 

Sample Customers

Education First
Irwin Mitchell, Open Energi, Wellcome Trust, FirstGroup plc, Virgin Trains, Drax, QUI! Group, DNK, CreaCard, Macrosynergy, Sisley, William Hill plc, Toyota Canada, Royal British Legion, Vitol, Allianz, KKR, AIRBUS, dpd, Billabong, Mclaren Group.
Find out what your peers are saying about Corelight vs. Darktrace and other solutions. Updated: June 2025.
861,803 professionals have used our research since 2012.