Darktrace Reviews

We deployed Darktrace for one of the biggest telecommunications companies in Latin America. It is deployed on-premise, but it is more like a service because we don't care about the appliances. Even though it works with appliances, it is more related to the services to the connections that the solution can handle. Because of that, it is on-premise, but it also has a component with sensors that works for remote instances, almost like a cloud solution. 

Some of the clients, especially in the security area, think that this appliance will replace a firewall or a prevention system solution, but it doesn't replace them. It actually complements them because the firewall decides to allow or deny a connection, and a prevention system is designed to avoid any type of risks to the connection or intrusion on the network. Darktrace allows you to find the unknown threats inside the network and identify them by using some artificial intelligence. It can do all the tracking inside or outside the network.

It is connected directly to the core switch, and in the first stage, it probably takes about a month to learn the behavior of the network and the users. With that, it starts to know what type of information is correct inside the network, and what type of information probably would be a risky connection or risky data moving from one site to another. It then starts doing the alerting. After the first stage or the learning stage is complete, we can find the size of the network. The second stage is the use of a different model inside the solution called Antigena. It works like the antibodies inside our body. Once it detects something that is wrong inside the network, it not only does the alerting but also takes the decision to block that type of connection in order to avoid any information leak or any possible risky connection. If somebody is doing some data mining, it disables connection to the engine that is doing the data mining.

We have been giving results not only to the security or compliance area inside of a company but also to the legal department. If someone is doing something wrong in terms of compliance, they can take directly take action against the person or group doing that.

We also give results to the infrastructure people and the network people. Based on our experience, most of the customers don't really know the size of their network. With this type of solution, we can know the complete network. We can know the real size, and how many resources are connected to the network and the internet. For example, one customer said to us, "I only have 18,000 connections on the network." We did the sizing with 18,000, and when we started the deployment, this customer had one thousand and twenty hundred connections. They didn't realize that until we arrived.

It is very easy to work with Darktrace once you know how it works and the type of permissions that you need to get related to the security over a network. The interface is awesome. I'm sure that you have seen Ironman, and you know Jarvis, the computer of Tony Stark. The interface of Darktrace is very similar, and you can see in 3D, like a hologram, the whole network, traffic, and all the traces inside the network. The interface is awesome, and it provides a lot of information. At least for us, it is very easy to handle this interface, get the reports, and do the interpretation of those reports.

Darktrace also provides mobile monitoring. With an app on your mobile phone, you can view the information live, which is very useful for area directors and field engineers. Darktrace can be also correlated with any type of big data solution, such as Splunk.

It would be good if they can include some endpoint protection for remote workers. Nowadays, most people are working remotely. Therefore, they should include some type of sensors that can be installed on the endpoint in order to directly report the main usage and protect remotely. Phone protection will also be a great feature to add to Darktrace.

I have been working with Darktrace for at least four years. I recommend and sell it to customers. A long time ago, I used to be a technical guy. Now I am on the sales side. Our technical crew and sales crew are certified for this solution.

For the past four years, I have only seen two crashes in two appliances. That was because the customer sent more traffic than what the solution or that specific appliance could handle. It was solved by using another appliance to do the appropriate balancing. The second crash was because it was a human error and somebody by mistake disconnected the cable and connected it to a different interface.

It is very easy to scale. When you need more appliances to support the infrastructure, you can use them as LEGOS. In order to place them, the only thing that you need to have is a rack, and you can start connecting them to the switch, and that's it. Once that you have it on the main console, you just assign the role to every single appliance, and that's it.

We're very focused on big companies, but we also have medium customers. The reason why we don't sell it to the small companies is that this type of solution is very expensive for them to finance. So, probably the assets that they have are very important, but based on the budget that small companies have in Latin America, they cannot afford a solution like this.

The support that we have in Latin America is very good. It is a very good company to work with. They have offices here. I would rate them a ten out of ten.

It is very easy. The setup of the solution takes probably half an hour. The only thing that we need to place Darktrace on a customer site is a connection on the core switch with a mirror port. We need to have some space on the rack, and then we connect the appliance to the core switch, and that's it. We go back to the customer a week later to see what Darktrace is catching and start sharing with the customer our discovery inside the network.

The biggest deployment that we have done took about two months, but it was in 26 different sites. The main challenge was the transport. We had to take care of all the logistics to transport all the appliances and find the appropriate time to run all the appliances because most of the customers do not allow to rack them at any time. Therefore, it needs to be done at midnight when almost nobody is using the network. That was our main challenge, but it is very easy to set up.

The pricing is very flexible for Darktrace. Sometimes, a customer does not have the appropriate budget, but Darktrace can handle that. They offer monthly payments, so the customer can acquire the solution very easily.

Over the past years, I have seen some customers say, "No, I have Endpoint protection. I have intrusion prevention. I have a firewall. I don't need anything like that." My advice is that first of all, open your mind to new solutions because this type of solution will catch everything that the rest of the solutions that you have won't catch. That's the first thing. The second thing is that do not limit the work of the people who work with Darktrace by saying that you know your network because we can assure you that you don't know your network and the threats that are inside and outside the network and the size of the network.

We always start with Darktrace Enterprise Immune System, which is the first model. The reason for this is that it is easier to adopt the Antigena model at the second stage because the solution by itself needs to learn inside of the network and what is good and what is bad. When we place Antigena, the deployment stages are exactly the same as when you first deploy the Enterprise Immune System in order to let it learn. After the solution starts learning, it will take at least a couple of months or probably three months to deploy Antigena. Therefore, it doesn't make sense to make customers spend more money on a solution in the initial stages and go for a solution that they would not be using initially. This also provides the appropriate sizing of the network. Most of the time, the customer needs to acquire more services from us in order to support all the infrastructure that they have.

I would rate Darktrace a ten out of ten. I am a very happy user and a happy seller of Darktrace.

Darktrace is used for cybersecurity, you can buy it as a physical appliance or solution as a service on the cloud. I tried the on-premises solution to detect any threat over our network.

Darktrace played an important role in the security detection strategy by reducing the time lost in detecting, analyzing, and incident resolving. This is due to its friendly user interface that shows you in simple graphs and analytics the output for any log over your network whether it is computer, device, switch, access point, etc...

I have found the most valuable features to be artificial intelligence for cybersecurity, advanced machine learning capabilities, enterprise Immune System, Antigena Network, and Antigena Email. The way the solution detects the threat over the network before it spreads is very good. It notifies you of what the threat is exactly doing and gives you all the details about the execution of that application that had created the threat over your network.

There is an included library of threat detections, not only locally, but threats being experienced all around the world. It is similar to a database of all the threats and what is done by cybersecurity administrators across the internet. By collecting events and information all around the world makes Darktrace more proactive in dealing with threat notifications and cybersecurity detection. The service is very comprehensive and can cover all security areas.

It has simple tracking capabilities and a graphical interface that can assist you with coding, you do not need to be a guru. The dashboards are user-friendly and you do not need an application to access your work, it is all done through any browser. Additionally, there is a mobile application that is one of the best features because you can see any threats from your phone. There is a playbook that can give you instructions. For example, if you see your network servers are being injected by ransomware you can stop the session and be notified of which person on what computer triggered the threat.

The solution is very professional. Everybody would like to have an application on their phone to be more proactive about security anywhere and this solution delivers.

In an upcoming release, there could be more customizable playbooks or a library of playbooks to choose from. Since it is collecting all scenarios that might happen from any threat, new playbooks may be discovered and customers will have the privilege to use them in their environment. Other than that, Darktrace is leading in every aspect.

I have been using this solution for one month.

Very Stable

We have a number of employees using the solution in my organization which includes administrators and management.

Technical support is excellent. You can communicate with them by sending an email, WhatsApp messages, or other types of communication. They have their support in many places around the world so what ever your time zone is, they are available.

The support you do receive is excellent.

I have used other solutions previously but non had this intelligence,

The installation is very easy. I was shocked by the simplicity of the management, implementation, and dashboards. 

I have implemented it using Darktrace Team who were very professional.

The price of the solution is not cheap. It is not a one-time purchase, there is a subscription that needs to be paid every one to five years depending on your choice. It is expensive but you can reduce the price by only using the services that you want. There is some flexibility, for example, if you only want to have email inspections, network inspections, endpoint inspections, or brief analytics of the reports and controls over your infrastructure, can reduce the prices accordingly. Not choosing all the features can reduce the price. When comparing this solution to competitors in the market it is expensive. However, you are paying for a valuable solution with plenty of features. Their artificial and cyber intelligence is working extremely well. I am a consultant and work with a variety of solutions by myself, attend training, and understand people who are working with these solutions.

I need to know the advantage, disadvantages, weaknesses, and what makes the solution better than the others. Darktrace proves at some point that the value of money you are paying for the solution is reasonable for the advanced technology you are receiving as it covers many solutions that can cost much  much more than darktrace where as i you bought Darktrace you reducing all the complexity to one simple solution. 

I have evaluated many other solutions.

My advice to those wanting to implement this solution is if they want to experience artificial intelligence, advanced cybersecurity, and high-level detection, this solution is the one. 

I rate Darktrace a nine out of ten.

I'm currently heading cybersecurity for 1,500 entities. Some of them have deployed Vectra, and some of them have deployed Darktrace. Darktrace has been in the UK market for a while, whereas Vectra is a not-so-old player in the UK market.

We are using the latest version of Darktrace but not their latest offering. They are now also providing email security over the Darktrace platform, but we have not been utilizing that. We have been utilizing their network detection and response and some part of automated incident response (IR) capability.

We have a hybrid infrastructure. Some centers are deployed in the cloud, and some centers are deployed on-prem. The management platform is currently on-prem, but the plan is to move it to SaaS.

In terms of features, the data or information they collect and unsupervised machine learning are very valuable. Its unsupervised machine learning has reduced our team's effort. Both Darktrace and Vectra work on unsupervised machine learning that learns the behavior or develops a profile on its own, which allows our security team to do some other tasks rather than spending time on Darktrace or Vectra. 

Because of unsupervised machine learning, its detection capability is quite good. Along with that, if we utilize the integration feature properly, the automated incident response capability of Darktrace is quite useful.

In terms of improvements, fine-tuning is the area where we have to spend some time because it works on unsupervised machine learning. It would be good if they can improve their algorithm or technical functionality to reduce the fine-tuning effort. 

They can also come up with something at the endpoint level. So far, Darktrace has been a network detection response (NDR) solution. It does not offer much at the endpoint level or on user-client devices or servers. There should be more visibility at the endpoint level. It would be good to have the detection and response at the endpoint level by Darktrace.

It should also have integration with an agile environment so that we can have continuous development and continuous integration in the application development environment. This is currently not there. It should also have internet-facing platform visibility, which is currently missing. 

They also need to improve the reporting and management dashboards. Currently, these are not so easy for a non-technical person. All these features would make Darktrace much better, and they would also be helpful in selling more solutions.

I have been using this solution for maybe six or seven years. At my previous workplace, we were one of the early adopters of Darktrace's unsupervised machine learning technology.

Its stability is fine. We are utilizing a mix of their deployment capability. We have appliance-based and sensor-based deployments. Performance-wise, sensor-based ones are slower than appliance-based ones. An appliance also has dedicated hardware.

In terms of scalability, it is fine. We have deployed Darktrace for around 7,000 to 8,000 users for one part of an entity, and it has been working fine. I don't see any issue in terms of its scalability. 

Currently, it has around 7,000 to 8,000 users, but it is getting extended. We are in the process of extending the Darktrace capability to other entities. We are talking about 1,500 entities and 120,000 users in different dispersed and segregated environments. 

They've been quite okay in their responses. This solution is definitely complex, so sometimes we don't get the expected level of information or answer straight away, but they have been okay in responding and following up. I would rate them a seven out of ten.

From the initial deployment perspective, it was quite straightforward. We just need to make some configuration changes and then Darktrace works on spanning. It gets a copy of all the data from the network, and it starts building the profile. It has a pretty straightforward deployment.

I would rate Darktrace a seven out of ten. It is a good solution, but it requires some improvements. 

We're using it in a complete security solution yet still within a different product that Darktrace has that's related to the network or email.

The most valuable aspect of the product would be that it's a product that is quite easy to integrate. It's quite easy to start working with it, which is working well. The concept of artificial intelligence that is behind the solution is the most interesting feature for us.

The sense of detection and monitoring and topics within security is good.

It was easy to set up the product.

We have found the product to be stable and issue-free.

It is scalable. 

We need them to ensure they will detect new attacks and pick up anomalies.

We, of course, would love more threat intelligence, and more integration with vulnerability scanners. We'd like threat hunting, and we'd like to see a global solution that can automate vulnerability scans. I know it is something they are working on. 

They're working in different modules that could be related to threat intelligence and to the tech vulnerabilities or functionalities related to EDR.

We've been working with the solution for the last couple of years. 

We've had no issues with stability. It's reliable. There are no bugs or glitches. It doesn't crash or freeze.

It is scalable and easily expands. 

The whole of the organization leverages the product, however, I do not have a clear picture of how many people we are working it. That said, we have a company of 2,000.

I've dealt with technical support in the past. I found them to be helpful. 

Positive

We did previously use a different solution. That said, I don't remember what it was called. 

The product is easy to set up.

After deployment, we spent three months, which is the time that this solution needs to learn about what's happening in our network. In one day, once we had defined all the configurations and once they have been seen on the appliance, we were able to start running it.

It's an easy product to maintain. 

We handled the initial setup ourselves. We did not need any outside assistance from integrators or consultants. 

The pricing is okay. I'd rate it seven out of ten in terms of affordability.

You have different modules which you have to pay for. If you want to expand functionality, it ends up costing more. 

Looked at Microsoft, Proofpoint, and Minecraft when we were looking into Darktrace. We decided on this product based on the available features. 

We are using the last version of the solution, although I don't know the exact version number. We plan to upgrade in the next couple of weeks. We might be on version five, with the latest being six.

This is something that is really easy to implement in an organization. It gives us good visibility about what is happening in our networks, and on the system. We like the transparency available within our infrastructure now. We can also personalize it to fit our needs. You can either choose plug and play or you can go deeper. They have artificial intelligence you can start working with. You can define more by leveraging modules. Overall, it's very interesting. 

I'd rate the solution eight out of ten.

We were trying to justify Darktrace, and I was starting to do an analysis of the different solutions. We did a POC and haven't made a decision as to if we will use it or not.

We were just trying to validate their claims of AI-driven preventive network issues. They showed us a number of things, and we were able to show or verify that, yes, the things that they pointed out we were glad they caught. Nothing turned out to be a true intrusion, however, the stuff that they showed us were things that we were happy to see on our network. They discovered traffic on our network that was anomalous. We were just looking to see if they could point us to anomalous traffic, and they did.

We liked their approach to identifying intrusions or network anomalies using AI.

We liked their interface and the graphics that they deployed to present the information. It was really good, and we were happy with the overall quality of the product, which was very, very robust.

The implementation was easy.

We didn't really notice any downsides to the product. We were very impressed with it. It was a matter of timing and cost. Upper management wasn't sold on the value proposition.

We had demoed Darktrace for a few months.

It ran pretty fast. Its interface was quick, and it did not impact our network traffic. It didn't slow down anything on our network. It was stable. 

We had a sense that it was going to handle our network without many problems. We have a few hundred endpoints of all types, and there was no problem. We had three users on the solution. 

Since we weren't really entirely familiar with the product we were, I'd say we were probably using 10% to 20% of its capabilities.

When we originally initially configured and set it up, we used some support, and we were happy with them. We thought they were very confident and good.

We haven't demoed anything else before or since. 

The initial setup was actually pretty easy, as I recall. The hardest thing was finding space on our rack. That said, once we had that up and running, it was pretty straightforward.

We needed one or two people to deploy the solution. Two and a half people were on the deployment full-time. 

We did the deployment on our own, with Dartrace assisting us remotely. 

We only demoed the solution for a few months and therefore did not witness an ROI. 

The cost was reasonable. They were pitching us a five-year contract at a fairly reduced rate annually. The product cost was on the lower side. I'd rate it a two or three out of five in terms of the expense involved. There were no hidden or extra fees involved. 

We started looking at some other things yet didn't really dig very deep. When we were initially looking at Darktrace, they were the only game in town for us. They seemed to be unique after the fact.

We were end-users. 

I'd rate the solution an eight out of ten.

We use Darktrace to analyze our network traffic.

Darktrace is a good product, although it depends on how much time you put into it.

The models, triggers, and alerts are customizable.

The initial setup is more complex and time-consuming than some solutions.

I have been working with Darktrace for more than a year.

Darktrace is quite stable, but potentially expensive.

The vendor has different options for scaling. I use the appliance; they also offer a cloud service but I prefer the appliance. I put it between the router and the core switch and it picks up all of the traffic.

The technical support is better than Check Point. They respond more quickly.

I am currently using Darktrace and Vectra in addition to Check Point. I've been using all three and I find that Check Point is the one where I get the most information from. I will stop using Vectra this year but I will retain Darktrace, as long as they keep it at a certain price.

Darktrace requires a lot more configuration; unlike Check Point, there are a lot more changes that need to be made. In general, it's more sophisticated. As far as getting the settings and the configuration and the models that you want, it would help if you spent some time on that. We're a small team. It's beneficial to me and I can see that with more time and energy put into optimizing it and personalizing the unit, it can be much more powerful than the way I am using it now. That said, it's my secondary device. We're working on a lot of different projects, so I haven't assigned any of my guys to it yet. Ultimately, when it's fully integrated, it may end up being as useful as the Check Point.

The reason I keep all three is that they all give me a different kind of view. They all give me different information. If they gave the same information, it'd be useless to keep them.

With respect to similar security products, I have demoed CrowdStrike and worked with Symantec.

You have to customize it to the way you want, in order for it to work best for your environment. Definitely take time to train while you can during deployment.

Some things do work well, out of the box. However, this would be better suited for somebody that can take the time to configure it correctly during deployment.

Prior to negotiating, Darktrace offered their appliance and service for $80,000 per year.

I suggest negotiating either at the end of their fiscal year or at the end of every quarter. At the end of the quarter, they have an incentive to lower the prices to sell as many units as possible in order to meet their end-of-quarter quota.

My advice for anybody who is implementing Darktrace is that you definitely need to take your time. Sit down and understand how to use the model breach customization. They use models and if something hits that model, it triggers an alert.

I would rate this solution a six out of ten.

We use it to protect IoT devices. Darktrace does network traffic analysis. So, by analyzing all traffic patterns in your environment, you can detect any type of anomalous activity, as far as the network is concerned. 

I have been using its latest version. Its deployment depends on the environment. It can do sensors in the cloud, and it can also do on-prem.

It provided a higher level of threat detection.

The Antigena feature is most valuable. Once it learns your environment, Antigena can step in and block a denial of service attack, a ransomware attack, or just about anything that doesn't belong in the environment. It can detect any type of attack that hits the environment because it understands what normal looks like for the network. It is very useful for an autonomous response. 

They just need to make it a little bit more accurate as far as their alerts are concerned. It does generate some false positives that you have to tune. You have to do a lot of tuning when you first get it because of the false positives, but once it is all tuned up and ready to go, it will do its thing from there. 

I used it for about a year.

It is a very stable product. We didn't have any issues.

It has sensors that you can install. So, it can scale on-prem and off-prem in the cloud.

It is being used extensively. We have 2,000 employees. We use it to protect IoT devices. We also use it to protect Windows servers, desktops, and laptops. Its usage would increase if the net grows, but it's probably not going to grow too much bigger than 2,000 employees.

The support from Darktrace is very helpful.

We didn't use any other solution previously. 

It was pretty straightforward. You just monitor everything from your core switch. It monitors everything in and out.

We got it up in half an hour, but it still has to learn. You still have to give it some time to learn about the environment, and that's usually going to be at least two weeks.

We brought in their guy to the site. In terms of maintenance, it is automatically set up to reach out to their website and pull down updates and stuff. We don't have to worry about that too much.

It was $3,600 a month or $2,000 plus or so. I am not sure. 

Its licensing is pretty simple.

We were thinking about getting another solution called Vector, but we didn't. We brought Darktrace in.

Darktrace is a pretty good company. The only thing that they need to really work on is just being able to get rid of some of those false positives. Once the solution is tuned up, it pretty much just runs.

I would advise making sure that you do a really good PoC of the product so that you can be sure that it makes sense in your environment.

I would rate it a nine out of 10. 

We have Antigena on the email, and we also use the network monitoring capabilities. We are using the latest version of the Antigena Email and AI analytics platform. 

I particularly like Antigena and the analytics around the real-time monitoring of our network. I also like its reporting because it has got a seven-day reporting period within the system. Every time you run the reports, it gives you the data about the previous seven days. I like that because it is in real-time. I enjoy reading those reports and getting a very clear and decisive idea of what's happening on my network on a real-time basis. I like the actual real-time monitoring of spoofing and things like that. I also like the user monitoring as well as the network logging capabilities. 

One thing that I would like to look at going forward is to have a fully automated network infrastructure that is monitored automatically real-time, and that gives me this kind of capability where I would be able to look at my network at any given time and see the state of my network. With Darktrace, at the moment, I have to almost put in a date and tell them that want you to give me data from this date to this date. I don't want that. I want a fast solution in which it doesn't matter when I log into the application. Whenever I log in, I must be able to see my network and run a report. In other words, if I go in now and I say, "Give me a full report of what happened today, it must be able to give me that. It mustn't just be limited to a seven-day period, for argument's sake. It must be able to give me real-time and day-to-day tracking of what has happened within my network.

We have been using Darktrace for two years.

There were a couple of times when we needed some of the expertise, and the guys were not available at the time when we needed them. Subsequently, they've managed to improve.

In terms of our organization, we are a massive IT organization or financial services company. We've got a very small ITP, but we've got a lot of data. We are not sure about Darktrace in terms of its capacity to deal with huge data, but it is probably too early for me to give some sort of indication of what is not big.

At the moment, they are delivering on the set objective in terms of what I want to achieve as a CIO, and I'm quite happy with some of the deliverables that are coming through at the moment. In terms of what our requirements were and what we expect in terms of what we want them to deliver, they have delivered. Within the next two to three years, I would probably be able to provide a different perspective after we've matured within the Darktrace environment. At the moment, they've delivered the actual scope of work. There is nothing really that they're not delivering on as promised. So, at the moment, I'm quite happy with where we are.

I would rate Darktrace a nine out of ten.