Darktrace Reviews

I use Darktrace for incident response and detection within my organization.

The AI analysis and AI investigation features are incredibly effective. I do not need to manually process incidents as Darktrace provides an incident summary, potential detection paths, and other details, all exportable with just a click. The tool is very powerful and saves a lot of time. The autonomous response technology eliminates the need for human intervention by automatically handling incidents even during off hours.

Updates keep coming, which is great, but I prefer a unified UI experience. The intelligence section and the incident view should be seamlessly connected in one view to avoid jumping between pages. This integration would make incident management more intuitive.

I have been working with Darktrace for one year and two months.

The technical support is excellent. Any queries I have logged are responded to efficiently, and my cases are promptly managed and resolved.

Positive

Before using Darktrace, I worked with NetWitness and RSA NetWitness.

The licensing cost is approximately eight dollars a year. The cost is reasonable considering the unique capabilities and features Darktrace provides. The support is included, and any issues I have are addressed through logged cases.

I would 100% recommend Darktrace. The product is autonomous, detecting and preventing threats effectively, unlike many competitors that are stuck only at detection. The visuals and the conceptualized views for connections greatly assist in threat analysis. My rating is eight out of ten.

On-premises

I use the solution as a network detection and response platform for security purposes.

The features that are most valuable to me include detection, response with analytics, and network detection. These features are particularly effective because they provide comprehensive security analytics. Additionally, the analytics aspect is highly appreciated for its effectiveness. 

I do not use the automation response since I have another product handling automation. Furthermore, I believe that the reporting needs enhancement for better performance.

The presence of sales representatives in my country needs improvement. There is no dedicated salesperson in Egypt, and having one would help to improve focus on this market.

I have been using the solution for almost two years.

I rate the stability as nine out of ten, indicating it is very stable.

I rate the scalability as nine out of ten, demonstrating its capacity to expand effectively.

The technical support is good. The response time and quality are satisfactory, and I am satisfied with the support provided.

Positive

The initial setup is very simple and was executed in-house by our team without requiring consultants or integrators.

The implementation was done with our own team.

The product is considered expensive compared to others. 

Vectra and Nextcloud are the main competitors. Among these, I prefer Darktrace due to its stability, security, and excellent analytics.

I highly recommend the overall solution to other users and rate it as nine out of ten.

On-premises

We use Darktrace primarily as a network detection device to monitor our network points and nodes. We fully utilize its capabilities, including Antigena, for post-work hours remediation and blocking potentially risky ports. We chose not to use its email security features, as the user interface was less responsive. We opted for network detection instead, which aligns better with our needs.

Darktrace provides better visibility into network risks, allowing you to take preemptive action against risky user behavior. It helps prevent sensitive data leaks to some extent, based on user actions on specific network ports. The tool can create user-based risk profiles with its email capability, but since we don't use that feature, it only identifies each user as a node without a detailed profile. While a user heat map could offer more insights into user activity on devices and the network, a limitation is that the appliance doesn't monitor anything once the user leaves the office, leaving a coverage gap.

Darktrace provides extensive information on data exfiltration, though it isn't a competent DLP tool. It can identify when a device uploads data outside the network, offering an initial alert on potential exfiltration. This feature helps us understand network activity and user behavior. We expected it to provide risk profiles and generate a heat map of users based on their activities.

They have a tool called Antigena for automated responses, but we limit its use to very specific actions, primarily during off-hours when the team isn't available.

Darktrace needs significant improvement in its notification capabilities. While it does notify administrators, the old approach of having admins directly police users is outdated. Users now prefer automated, impersonal responses rather than being confronted by IT staff, which can lead to concerns about privacy violations. We've requested Darktrace to develop a feature that notifies users directly when it detects potential data exfiltration. Darktrace doesn't differentiate between personal and work data uploaded to Google Drive or OneDrive. It flags it as exfiltration and expects the IT team to investigate further.

Human policing is a thing of the past; what’s needed now are automated responses, user awareness, and behavior warnings, areas where Darktrace falls short. In contrast, Egress, an email security solution, excels in this regard. It intuitively detects potential risks, even flagging first-time email recipients and integrating data classification. We’ve encouraged Darktrace to adopt this level of functionality, transforming it from just identifying exfiltration to a more comprehensive data leak prevention tool. However, as of now, Darktrace is still limited to identifying when a node is transferring data without distinguishing the nature of that data.

Darktrace could improve by enabling user heat maps or risk profiles, a feature that many other EDR and cybersecurity products already effectively provide. It would be beneficial for us if they could offer this functionality without requiring the purchase of an additional email security solution.

On the plus side, Darktrace integrates with CrowdStrike, allowing it to monitor CrowdStrike agent actions. This integration helps us achieve a unified view of our security landscape since we route Darktrace, CrowdStrike, FortiGate, and other tools through SecureWorks, our centrally managed security platform.

I have been using Darktrace for two years.

The product is stable.

I rate the solution’s stability a nine out of ten.

It has a better cost-per-user value for an enterprise.

I rate the solution’s scalability a six out of ten.

The initial setup is very easy. You must deploy it within your network because it's an NDR tool, meaning it must be installed as an on-premise appliance. During COVID, however, it became apparent that this setup had limitations since it couldn’t monitor remote users, rendering the investment less effective when employees worked from home.

To address this, Darktrace offers an agent that can be deployed on individual devices at an additional licensing cost. For our maritime business, with numerous vessels, deploying small devices or agents on each one isn't practical—it would be like adding a firewall box and a Darktrace box to every boat.

It would be more efficient if Darktrace developed a cloud-based solution similar to Meraki's approach. This would reduce the hardware footprint on remote devices and locations, making it more feasible for businesses like ours.

We evaluated Vectra AI alongside Darktrace as a potential network NDR solution, but other competitors are in the market. Trellix also offers an NDR solution, and any cybersecurity product with strong NDR capabilities competes with Darktrace. Since Vectra AI was relatively new and not yet stable at that time. Metrix also offers an NDR solution, but its product lineup is too complex, requiring the purchase of multiple components to access NDR capabilities. This didn’t align with our approach of selecting best-in-class products for specific functions rather than opting for an all-in-one solution.

Darktrace claims that AI powers threat detection, but it often feels more like a program or algorithm than intuitive or engaging AI. We haven’t observed the advanced AI capabilities expected from their claims. It may use AI in the backend to assess and evaluate risks, possibly through sophisticated algorithms. However, Darktrace lacks those capabilities regarding AI engaging directly with customers or providing intuitive interactions. The AI’s role seems to be more focused on risk evaluation rather than engaging or interacting with users meaningfully.

The core product is impressive. Darktrace's appliance performs well, quickly evaluating all nodes and establishing a solid baseline. While our environment had few threats, I've heard that visibility can be challenging for IT and cybersecurity teams in large enterprises. The appliance offers a rapid overview of your network environment.

Darktrace’s approach to deploying POC first is a strong point. It provides immediate insight into potential threats and risks, helping to build a compelling business case for its use. The device is reliable, with minimal downtime and performance issues, and is quick to set up.

Overall, I rate the solution a seven out of ten.

I am a distributor for several vendors and act as a trusted adviser. Although I do not have an official relationship with Darktrace, I know the product and vendor from working with some organizations in the Netherlands. My clients vary from two hundred fifty seats to fifteen hundred.

The product features automated response capabilities that clients find beneficial as they look for solutions that feel secure and require less labor. The customers appreciate that the tooling does its work automatically, contributing to a more secure environment.

The most valuable feature is the endpoint protection. The autonomous response capabilities are also highly regarded by the market.

One area for improvement is the alerting system, which generates too many alerts and becomes labor-intensive for organizations not equipped with enough personnel in their SOC. Aside from that, I am quite fond of Darktrace.

I have been working with Darktrace for two years now.

Darktrace is perfectly stable.

Darktrace is perfectly scalable, and I would rate it an eight or nine out of ten in terms of scalability.

I have experience with other solutions such as Morphisec Endpoint Protection, DeepInStink, Darktrace, Check Point, Defender, Veronis, ForcePoints, Odyxx, and SALT API security.

The initial setup is straightforward. It is easy to install, and it does what it needs to do.

The pricing of Darktrace is perfectly fine and competitive.

I would recommend Darktrace to organizations that have an efficient SOC in place, as the alerting can be a disadvantage for those who are not adequately staffed.

I'd rate the solution seven out of ten.

On-premises

We use Darktrace for threat monitoring in the finance industry.

Darktrace's most valuable features are its dashboards and its ability to summarize huge amounts of information about threats and suspicious traffic. The solution summarizes suspicious traffic in all our networks, allowing us to focus our efforts on the most vulnerable points in our network.

The solution's user interface and stability could be improved.

I have been using Darktrace for one year.

I rate the solution’s stability a six out of ten.

I rate the solution’s scalability an eight out of ten.

The solution's technical support team was very proficient and useful.

Positive

We previously used Cisco's EDR and traffic monitor.

The solution's initial setup is very complex. It's not easy to set up Darktrace. The solution was deployed in three months by a team consisting of ten networking engineers.

The solution improved our visibility. Earlier, we couldn't visualize some threats on the internal network level. With Darktrace, we were able to spot some deficiencies and certain vulnerabilities.

Before choosing Darktrace, we evaluated Palo Alto and Cisco. Palo Alto needed some integration with other Palo Alto and Cisco products. It was mostly focused on network traffic anomalies rather than cybersecurity threats.

Darktrace is a very complex product. It's not like a commodity because we're not talking about licenses but mostly about traffic, which is a complex matter. Darktrace's AI technology could be improved because it requires a huge amount of manual work to work properly.

Overall, I rate the solution an eight out of ten.

We use the product to collect and monitor my environment. It models my traffic and sends me reports. Additionally, I have the response module in place to handle critical breaches by quarantining devices. I utilize it for generating reports and analyzing data to leverage threat intelligence.

The product's most valuable features are the response module and email protection.

Darktrace is quite expensive, which can be a significant factor for organizations with budget constraints. The pricing needs improvement. 

I have been working with Darktrace for around four to five years now.

It is a stable solution. I rate the stability an eight. 

I rate the platform scalability a ten. It supports a wide range of devices and is highly scalable.

The technical support services are reliable.

Positive

With the support from Darktrace and its partners, the setup process was user-friendly and easy.

The deployment took less than a week, although the learning phase for the environment can take some additional time.

Darktrace generates an ROI by effectively mitigating threats and avoiding costs related to downtime and other issues.

The product is expensive.

Darktrace provides real-time alarms for any anomalies in my network, which I utilize for incident response. It has significantly improved our reporting capabilities and response times once we set the parameters for identifying critical threats.

The response capability is beneficial because it autonomously responds to identified threats without manual intervention, ensuring that alerts are addressed 24/7. This includes quarantining devices as needed, which adds resilience to our security operations.

There have been improvements in incident response times. Before using the response functionality, we experienced a breach last year. Now, reports highlight and address incidents more effectively, reducing response times.

Its AI technology supports cybersecurity by learning my environment and accurately responding to threats. It reduces false positives and provides accurate threat detection by understanding the behavior of my network.

It is a tool worth trying, but the pricing aspect should be considered. I rate an eight out of ten.

We primarily use the solution for IT. Customers use it for banks or construction sites, depending on our customers. We haven't had an OT implementation yet. However, we have interest from two companies.

The autonomous response is great. It blocks basically everything that is outside the normal, and what's happening 24/7. When we don't have anybody looking, it's great. The visibility that it gives you into any incident is great. You can see everything. I would say these two are the biggest aspects we really appreciate.

It is easy to set everything up.

The solution is stable. 

Users can scale the product.

Technical support is helpful and responsive. 

We need more integrations with other customers and other platforms. For example, we need integrations with the major players. We'd like to see them integrate with Sophos and integrate with other vendors.

The pricing is a bit high for the region. 

I started dealing with the solution about three years ago. 

This is stable. There are no bugs or glitches. It doesn't crash or freeze. 

Most of our customers are mid-level companies. 

It's scalable, depending on the size and the range. For example, if we have to change appliances, the number of devices duplicates. If we measure an appliance for 300 devices and then the customer has 600 or 1,000, then we have to see if the box is viable. If not, we have to change the box. That said, it's very much scalable in terms of capacity.

We're happy with technical support. Recently, we had an incident with a client, a customer. We contacted support, and they gave quick feedback. I'm good with the level of service.

We are basically a reseller of solutions, so we resell Darktrace, Check Point, Fortinet, and Imperva, for example.

The solution is very easy to set up. In one hour, you have everything set up and ready to run.

The solution is a little bit expensive for customers in Africa. They're not so accustomed to paying for solutions that are so costly. It's been really tricky to sell and make a margin off of the sale as a reseller.

In terms of the exact cost, it depends on the features. It also depends on the size of the customer. In the ballpark, we're talking about $30K, $50K, and up. It can even be as much as $50K or $100K.

You could have a customer that's paying $50K over three years. Then, as a reseller, you have an extra margin that you have to add.

We are not necessarily using the latest version of the solution right now. 

It's totally different from any other solution a customer may have used. You have visibility, and it will find anything that you miss with other solutions. I would advise new users to start using it as soon as possible. Buy it. It's totally better than other solutions.

I'd rate the solution nine out of ten.

On-premises

Darktrace learns patterns and can identify malicious behavior based on that learning. It learns what tasks users perform, what data they access, and similar activities. Unlike an EDR, which uses patterns and signatures to identify existing threats, Darktrace uses AI to learn and recognize patterns. This provides a different approach to monitoring and detecting anomalies. 

Pricing could be cheaper.

I have been using Darktrace as an end user for three years.

I rate the solution’s scalability a ten out of ten.

The initial setup is straightforward and takes a couple of hours.

We did in-house because we've got skill levels, but differently depending from time to time, depending on

The benefit is the security. You probably have a security case, an alarm system, and one or two locks. You don't rely on one security device; you have different layers. Darktrace is just one of those layers.

It is very expensive.

I rate the product’s pricing a ten out of ten, where one is cheap and ten is expensive.

I am the sole administrator and monitor of Darktrace because we have a small IT team. However, Darktrace monitors our entire organization. In a larger company with many IT departments, multiple people might monitor Darktrace and engage with it. Our finance company has a small IT department.

Darktrace adapted to the evolving landscape of cybersecurity threats by leveraging proprietary technology and machine learning algorithms. Their unique approach and cutting-edge solutions have established them as a leading company.

It's difficult to gauge the effectiveness of Darktrace because we don't fully understand how it operates; we only see the alerts it generates. If we create an event on the network, Darktrace will alert us so we know it works in those scenarios. If something new and unknown happens on the network, it's unclear whether Darktrace will detect it. We're paying a lot of money, hoping it does, as Darktrace is a proprietary technology. It might work, or it might not detect some threats. We don't have full visibility or a map of its coverage.

Darktrace can be expensive, depending on the use case. It's like comparing different types of cars: some people need a two-seater, while others need a ten-seater. Darktrace is more like a seven-seater—very specific and not suitable for everyone. 

Overall, I rate the solution an eight out of ten.