Darktrace Reviews

I am a distributor for several vendors and act as a trusted adviser. Although I do not have an official relationship with Darktrace, I know the product and vendor from working with some organizations in the Netherlands. My clients vary from two hundred fifty seats to fifteen hundred.

The product features automated response capabilities that clients find beneficial as they look for solutions that feel secure and require less labor. The customers appreciate that the tooling does its work automatically, contributing to a more secure environment.

The most valuable feature is the endpoint protection. The autonomous response capabilities are also highly regarded by the market.

One area for improvement is the alerting system, which generates too many alerts and becomes labor-intensive for organizations not equipped with enough personnel in their SOC. Aside from that, I am quite fond of Darktrace.

I have been working with Darktrace for two years now.

Darktrace is perfectly stable.

Darktrace is perfectly scalable, and I would rate it an eight or nine out of ten in terms of scalability.

I have experience with other solutions such as Morphisec Endpoint Protection, DeepInStink, Darktrace, Check Point, Defender, Veronis, ForcePoints, Odyxx, and SALT API security.

The initial setup is straightforward. It is easy to install, and it does what it needs to do.

The pricing of Darktrace is perfectly fine and competitive.

I would recommend Darktrace to organizations that have an efficient SOC in place, as the alerting can be a disadvantage for those who are not adequately staffed.

I'd rate the solution seven out of ten.

We use Darktrace primarily as a network detection device to monitor our network points and nodes. We fully utilize its capabilities, including Antigena, for post-work hours remediation and blocking potentially risky ports. We chose not to use its email security features, as the user interface was less responsive. We opted for network detection instead, which aligns better with our needs.

Darktrace provides better visibility into network risks, allowing you to take preemptive action against risky user behavior. It helps prevent sensitive data leaks to some extent, based on user actions on specific network ports. The tool can create user-based risk profiles with its email capability, but since we don't use that feature, it only identifies each user as a node without a detailed profile. While a user heat map could offer more insights into user activity on devices and the network, a limitation is that the appliance doesn't monitor anything once the user leaves the office, leaving a coverage gap.

Darktrace provides extensive information on data exfiltration, though it isn't a competent DLP tool. It can identify when a device uploads data outside the network, offering an initial alert on potential exfiltration. This feature helps us understand network activity and user behavior. We expected it to provide risk profiles and generate a heat map of users based on their activities.

They have a tool called Antigena for automated responses, but we limit its use to very specific actions, primarily during off-hours when the team isn't available.

Darktrace needs significant improvement in its notification capabilities. While it does notify administrators, the old approach of having admins directly police users is outdated. Users now prefer automated, impersonal responses rather than being confronted by IT staff, which can lead to concerns about privacy violations. We've requested Darktrace to develop a feature that notifies users directly when it detects potential data exfiltration. Darktrace doesn't differentiate between personal and work data uploaded to Google Drive or OneDrive. It flags it as exfiltration and expects the IT team to investigate further.

Human policing is a thing of the past; what’s needed now are automated responses, user awareness, and behavior warnings, areas where Darktrace falls short. In contrast, Egress, an email security solution, excels in this regard. It intuitively detects potential risks, even flagging first-time email recipients and integrating data classification. We’ve encouraged Darktrace to adopt this level of functionality, transforming it from just identifying exfiltration to a more comprehensive data leak prevention tool. However, as of now, Darktrace is still limited to identifying when a node is transferring data without distinguishing the nature of that data.

Darktrace could improve by enabling user heat maps or risk profiles, a feature that many other EDR and cybersecurity products already effectively provide. It would be beneficial for us if they could offer this functionality without requiring the purchase of an additional email security solution.

On the plus side, Darktrace integrates with CrowdStrike, allowing it to monitor CrowdStrike agent actions. This integration helps us achieve a unified view of our security landscape since we route Darktrace, CrowdStrike, FortiGate, and other tools through SecureWorks, our centrally managed security platform.

I have been using Darktrace for two years.

The product is stable.

I rate the solution’s stability a nine out of ten.

It has a better cost-per-user value for an enterprise.

I rate the solution’s scalability a six out of ten.

The initial setup is very easy. You must deploy it within your network because it's an NDR tool, meaning it must be installed as an on-premise appliance. During COVID, however, it became apparent that this setup had limitations since it couldn’t monitor remote users, rendering the investment less effective when employees worked from home.

To address this, Darktrace offers an agent that can be deployed on individual devices at an additional licensing cost. For our maritime business, with numerous vessels, deploying small devices or agents on each one isn't practical—it would be like adding a firewall box and a Darktrace box to every boat.

It would be more efficient if Darktrace developed a cloud-based solution similar to Meraki's approach. This would reduce the hardware footprint on remote devices and locations, making it more feasible for businesses like ours.

We evaluated Vectra AI alongside Darktrace as a potential network NDR solution, but other competitors are in the market. Trellix also offers an NDR solution, and any cybersecurity product with strong NDR capabilities competes with Darktrace. Since Vectra AI was relatively new and not yet stable at that time. Metrix also offers an NDR solution, but its product lineup is too complex, requiring the purchase of multiple components to access NDR capabilities. This didn’t align with our approach of selecting best-in-class products for specific functions rather than opting for an all-in-one solution.

Darktrace claims that AI powers threat detection, but it often feels more like a program or algorithm than intuitive or engaging AI. We haven’t observed the advanced AI capabilities expected from their claims. It may use AI in the backend to assess and evaluate risks, possibly through sophisticated algorithms. However, Darktrace lacks those capabilities regarding AI engaging directly with customers or providing intuitive interactions. The AI’s role seems to be more focused on risk evaluation rather than engaging or interacting with users meaningfully.

The core product is impressive. Darktrace's appliance performs well, quickly evaluating all nodes and establishing a solid baseline. While our environment had few threats, I've heard that visibility can be challenging for IT and cybersecurity teams in large enterprises. The appliance offers a rapid overview of your network environment.

Darktrace’s approach to deploying POC first is a strong point. It provides immediate insight into potential threats and risks, helping to build a compelling business case for its use. The device is reliable, with minimal downtime and performance issues, and is quick to set up.

Overall, I rate the solution a seven out of ten.

We use Darktrace for threat monitoring in the finance industry.

Darktrace's most valuable features are its dashboards and its ability to summarize huge amounts of information about threats and suspicious traffic. The solution summarizes suspicious traffic in all our networks, allowing us to focus our efforts on the most vulnerable points in our network.

The solution's user interface and stability could be improved.

I have been using Darktrace for one year.

I rate the solution’s stability a six out of ten.

I rate the solution’s scalability an eight out of ten.

The solution's technical support team was very proficient and useful.

Positive

We previously used Cisco's EDR and traffic monitor.

The solution's initial setup is very complex. It's not easy to set up Darktrace. The solution was deployed in three months by a team consisting of ten networking engineers.

The solution improved our visibility. Earlier, we couldn't visualize some threats on the internal network level. With Darktrace, we were able to spot some deficiencies and certain vulnerabilities.

Before choosing Darktrace, we evaluated Palo Alto and Cisco. Palo Alto needed some integration with other Palo Alto and Cisco products. It was mostly focused on network traffic anomalies rather than cybersecurity threats.

Darktrace is a very complex product. It's not like a commodity because we're not talking about licenses but mostly about traffic, which is a complex matter. Darktrace's AI technology could be improved because it requires a huge amount of manual work to work properly.

Overall, I rate the solution an eight out of ten.

Darktrace is an appliance that has been installed in our network, and it is connected to the database SaaS applications and they're collecting the data from there.

We are using Darktrace for tracking our network and if any suspicious activity happens, we will be notified or we can check it on our tenant.

The most valuable features of Darktrace are its full capabilities. You have visibility of everything.

Darktrace could improve by being more user-friendly.

I have been using Darktrace for approximately six months.

Darktrace is stable.

The scalability of Darktrace is good.

We have approximately 350 users using the solution in my company. Everyone is using it.

The support from Darktrace is responsive and speedy.

I rate the support of Darktrace a nine out of ten.

Darktrace is simple to install and the full process took approximately three weeks.

The deployment of Darktrace was done by the vendor.

The price of Darktrace is high and could be reduced. We pay approximately $30,000 to $54,000 annually.

The cost of the solution is high making it an issue for smaller companies. We are a small organization and it is difficult to afford. We are not a large organization. For this reason, the solution's price must be reduced. Having 350 users is not a large organization. It's a small organization and paying approximately $30,000 to $54,000 annually, is a lot. However, sometimes we had too many services to have more visibility and be secure, this is the idea why we went with Darktrace without negotiating the prices.

I recommend Darktrace to others, it is a helpful service you will have full visibility of what's happening on your network, emails, and SaaS applications.

I rate Darktrace an eight out of ten.

We use the product to collect and monitor my environment. It models my traffic and sends me reports. Additionally, I have the response module in place to handle critical breaches by quarantining devices. I utilize it for generating reports and analyzing data to leverage threat intelligence.

The product's most valuable features are the response module and email protection.

Darktrace is quite expensive, which can be a significant factor for organizations with budget constraints. The pricing needs improvement. 

I have been working with Darktrace for around four to five years now.

It is a stable solution. I rate the stability an eight. 

I rate the platform scalability a ten. It supports a wide range of devices and is highly scalable.

The technical support services are reliable.

Positive

With the support from Darktrace and its partners, the setup process was user-friendly and easy.

The deployment took less than a week, although the learning phase for the environment can take some additional time.

Darktrace generates an ROI by effectively mitigating threats and avoiding costs related to downtime and other issues.

The product is expensive.

Darktrace provides real-time alarms for any anomalies in my network, which I utilize for incident response. It has significantly improved our reporting capabilities and response times once we set the parameters for identifying critical threats.

The response capability is beneficial because it autonomously responds to identified threats without manual intervention, ensuring that alerts are addressed 24/7. This includes quarantining devices as needed, which adds resilience to our security operations.

There have been improvements in incident response times. Before using the response functionality, we experienced a breach last year. Now, reports highlight and address incidents more effectively, reducing response times.

Its AI technology supports cybersecurity by learning my environment and accurately responding to threats. It reduces false positives and provides accurate threat detection by understanding the behavior of my network.

It is a tool worth trying, but the pricing aspect should be considered. I rate an eight out of ten.

We were trying to justify Darktrace, and I was starting to do an analysis of the different solutions. We did a POC and haven't made a decision as to if we will use it or not.

We were just trying to validate their claims of AI-driven preventive network issues. They showed us a number of things, and we were able to show or verify that, yes, the things that they pointed out we were glad they caught. Nothing turned out to be a true intrusion, however, the stuff that they showed us were things that we were happy to see on our network. They discovered traffic on our network that was anomalous. We were just looking to see if they could point us to anomalous traffic, and they did.

We liked their approach to identifying intrusions or network anomalies using AI.

We liked their interface and the graphics that they deployed to present the information. It was really good, and we were happy with the overall quality of the product, which was very, very robust.

The implementation was easy.

We didn't really notice any downsides to the product. We were very impressed with it. It was a matter of timing and cost. Upper management wasn't sold on the value proposition.

We had demoed Darktrace for a few months.

It ran pretty fast. Its interface was quick, and it did not impact our network traffic. It didn't slow down anything on our network. It was stable. 

We had a sense that it was going to handle our network without many problems. We have a few hundred endpoints of all types, and there was no problem. We had three users on the solution. 

Since we weren't really entirely familiar with the product we were, I'd say we were probably using 10% to 20% of its capabilities.

When we originally initially configured and set it up, we used some support, and we were happy with them. We thought they were very confident and good.

We haven't demoed anything else before or since. 

The initial setup was actually pretty easy, as I recall. The hardest thing was finding space on our rack. That said, once we had that up and running, it was pretty straightforward.

We needed one or two people to deploy the solution. Two and a half people were on the deployment full-time. 

We did the deployment on our own, with Dartrace assisting us remotely. 

We only demoed the solution for a few months and therefore did not witness an ROI. 

The cost was reasonable. They were pitching us a five-year contract at a fairly reduced rate annually. The product cost was on the lower side. I'd rate it a two or three out of five in terms of the expense involved. There were no hidden or extra fees involved. 

We started looking at some other things yet didn't really dig very deep. When we were initially looking at Darktrace, they were the only game in town for us. They seemed to be unique after the fact.

We were end-users. 

I'd rate the solution an eight out of ten.

The solution is a security cover for our on-premises solution to improve our security rating. Also, we want to protect our emails.

It has helped the organization to detect any malware affecting the machines. For example, if any phishing email creates a factory view bug or some of the workstations have some weird activities, or if someone downloaded malware from the internet, then Darktrace sends us a warning notification to look into the details so that our machine does not get involved with the malware. This function has helped our organization.

The network monitoring and the email monitoring features are very valuable for us.

The main portal needs improvement as it is difficult to use. But it's straightforward to follow compared to other VPN portals, for example, Azure. You don't have to bug the customer support team quite often.

They can add the EDR and follow-up options in the next release. For instance, if something happens, we get a notification. If a follow-up option is available, we can create a case and then understand how to record the evidence.

I have been using Darktrace for one year.

It is a stable solution. I rate it nine out of ten.

It is a scalable solution. I rate it a nine out of ten. Presently, 150 users are using the solution, and we wish to increase the number of users in the future.

The technical support team is slow, but not that bad. I rate it eight out of ten.

Positive

I do not know much about it, as an engineer from Darktrace did the setup for us.

The engineer from Darktrace set it up about two years ago.

There has been a return on investment using the product.

We pay 8,000 a year. The pricing is reasonable.

If any company has enough budget to put another layer between the internet and the on-prem device, they should consider Darktrace.

I rate the product a nine and a half out of ten.

I work for a Managed Security Service Provider (MSSP), and we provide the solution for our clients to improve their security posture in both IT and OT. The deployments are typically hybrid. 

The solution is outstanding from a monitoring perspective. 

All of the features are valuable and provide excellent capability in the field.

Darktrace is a closed technology, meaning we know very little about how it works, including the architecture, which is significant. As a result, when we implement the system and find we're getting many false positives, we have minimal insight into why it's happening and what we can do to fix it. We don't know how the solution is configured, the criteria for threats to be determined, or the product's inner workings. We understand that they have to ensure privacy and their copyright, but we want to see some documentation or public research into the security Darktrace provides.

A relatively new module called Darktrace PREVENT provides digital protection to the company from the internet. However, the protection doesn't extend to the dark web, which limits its depth. PREVENT also offers phishing awareness training in the form of dummy attacks and some penetration testing, but it is very limited from my point of view.

The AI and Darktrace breach model must be enhanced to minimize false positives, as they can give our customers a negative impression of the solution. Some of them come to us and say they aren't getting what they expect from it, especially after a significant investment.

I initially used the product in 2016, then returned to it in 2022 and have been using it for about a year. Over the years, the extension to the Darktrace portfolio has been tremendous, and they have made improvements in many areas, including reporting and autonomous response.

The stability is very good; I rate the solution eight out of ten here. 

The solution is scalable; I rate it eight out of ten for scalability.

Darktrace tech support is helpful, but there is room for improvement, especially around assistance for complex deployments. I rate them seven out of ten. 

Neutral

The deployment is straightforward. However, a complex network, such as one in the cloud and a DOCSIS ecosystem, can become extremely difficult. Generally, though, the deployment is straightforward, and in our case, we completed the whole setup in three to four hours.

Specifically, large, complex MPLS networks are exceedingly tricky when deploying Darktrace. We may need more experience or training, but it would be good to see some improvements here.

Our InfoSec team uses the solution, consisting of two to three staff members. Regarding endpoints protected by the product, there were around 400 in my old position and 2000 in my current organization.

I'm unfamiliar with the exact cost, but we have a yearly license and had to pay for Darktrace's services before the deployment. The product is very expensive, so some organizations can't afford to pay the total amount directly, meaning they often seek a partner or pay in installments, which increases the price more.

Darktrace requires direct billing to London, which isn't possible for organizations in Qatar, so they have to go through processes that increase the price even further. If they had an office in Dubai or Qatar, that could solve this payment issue.

I rate the solution eight out of ten and highly recommend it.

From a technological perspective, Darktrace is an excellent company, and the rate at which they improved and continue to improve their product is impressive.

All the data is on the appliance on the customers' premises, and we have to open back doors to the analysts in London to access the devices, who have complete visibility into what's happening on the customer side. This is a significant negative point for Darktrace. They also have complete visibility into our email, which is a privacy concern for us.