Darktrace Reviews

Darktrace is used for detecting network-based threats like ransomware in the early stage or illicit communications with external endpoints.

A very useful feature in Darktrace for real-time threat analysis is the packet inspection that analyzes the packet traffic in real time. Data acquisition is the source rather than tapping the data downstream after some processing.

Darktrace could expand into EDR (endpoint detection and response) and combine it with its network detection. They could thereby have a more holistic knowledge of the system through network information or through visibility into the operating system of the endpoints.

I have been working with Darktrace for four years.

Darktrace is a very stable solution.

Darktrace is a very scalable solution. Our clients for Darktrace are enterprise customers.

The solution’s technical support is very good.

Positive

The solution’s initial setup is very straightforward.

The solution's deployment time depends on the complexity of the network. For some huge networks, you need to tap the right resources and measure the system to acquire all the required traffic. The deployment is very straightforward in smaller networks where you have to connect to only one switch.

Darktrace is quite an expensive solution. Users need to pay a yearly licensing fee for the solution.

Darktrace has improved our client's organization's threat detection and response capabilities. Darktrace has helped users intercept and stop ransomware attack attempts in the very early stage, within a couple of minutes of its detection Autonomous response is a very good and useful feature that differentiates Darktrace from other solutions.

One person can easily maintain the solution. Darktrace easily integrates with our client's IT infrastructure solutions, like Microsoft 365, CrowdStrike, and Palo Alto firewalls. Darktrace has impacted our clients' incident response time to be very quick.

Darktrace is an autonomous solution. Users have to ensure they present all the traffic to the tool so it can intercept threats and not have hidden spots in their networks.

Overall, I rate Darktrace a nine out of ten.

I work for a Managed Security Service Provider (MSSP), and we provide the solution for our clients to improve their security posture in both IT and OT. The deployments are typically hybrid. 

The solution is outstanding from a monitoring perspective. 

All of the features are valuable and provide excellent capability in the field.

Darktrace is a closed technology, meaning we know very little about how it works, including the architecture, which is significant. As a result, when we implement the system and find we're getting many false positives, we have minimal insight into why it's happening and what we can do to fix it. We don't know how the solution is configured, the criteria for threats to be determined, or the product's inner workings. We understand that they have to ensure privacy and their copyright, but we want to see some documentation or public research into the security Darktrace provides.

A relatively new module called Darktrace PREVENT provides digital protection to the company from the internet. However, the protection doesn't extend to the dark web, which limits its depth. PREVENT also offers phishing awareness training in the form of dummy attacks and some penetration testing, but it is very limited from my point of view.

The AI and Darktrace breach model must be enhanced to minimize false positives, as they can give our customers a negative impression of the solution. Some of them come to us and say they aren't getting what they expect from it, especially after a significant investment.

I initially used the product in 2016, then returned to it in 2022 and have been using it for about a year. Over the years, the extension to the Darktrace portfolio has been tremendous, and they have made improvements in many areas, including reporting and autonomous response.

The stability is very good; I rate the solution eight out of ten here. 

The solution is scalable; I rate it eight out of ten for scalability.

Darktrace tech support is helpful, but there is room for improvement, especially around assistance for complex deployments. I rate them seven out of ten. 

Neutral

The deployment is straightforward. However, a complex network, such as one in the cloud and a DOCSIS ecosystem, can become extremely difficult. Generally, though, the deployment is straightforward, and in our case, we completed the whole setup in three to four hours.

Specifically, large, complex MPLS networks are exceedingly tricky when deploying Darktrace. We may need more experience or training, but it would be good to see some improvements here.

Our InfoSec team uses the solution, consisting of two to three staff members. Regarding endpoints protected by the product, there were around 400 in my old position and 2000 in my current organization.

I'm unfamiliar with the exact cost, but we have a yearly license and had to pay for Darktrace's services before the deployment. The product is very expensive, so some organizations can't afford to pay the total amount directly, meaning they often seek a partner or pay in installments, which increases the price more.

Darktrace requires direct billing to London, which isn't possible for organizations in Qatar, so they have to go through processes that increase the price even further. If they had an office in Dubai or Qatar, that could solve this payment issue.

I rate the solution eight out of ten and highly recommend it.

From a technological perspective, Darktrace is an excellent company, and the rate at which they improved and continue to improve their product is impressive.

All the data is on the appliance on the customers' premises, and we have to open back doors to the analysts in London to access the devices, who have complete visibility into what's happening on the customer side. This is a significant negative point for Darktrace. They also have complete visibility into our email, which is a privacy concern for us. 

We were trying to justify Darktrace, and I was starting to do an analysis of the different solutions. We did a POC and haven't made a decision as to if we will use it or not.

We were just trying to validate their claims of AI-driven preventive network issues. They showed us a number of things, and we were able to show or verify that, yes, the things that they pointed out we were glad they caught. Nothing turned out to be a true intrusion, however, the stuff that they showed us were things that we were happy to see on our network. They discovered traffic on our network that was anomalous. We were just looking to see if they could point us to anomalous traffic, and they did.

We liked their approach to identifying intrusions or network anomalies using AI.

We liked their interface and the graphics that they deployed to present the information. It was really good, and we were happy with the overall quality of the product, which was very, very robust.

The implementation was easy.

We didn't really notice any downsides to the product. We were very impressed with it. It was a matter of timing and cost. Upper management wasn't sold on the value proposition.

We had demoed Darktrace for a few months.

It ran pretty fast. Its interface was quick, and it did not impact our network traffic. It didn't slow down anything on our network. It was stable. 

We had a sense that it was going to handle our network without many problems. We have a few hundred endpoints of all types, and there was no problem. We had three users on the solution. 

Since we weren't really entirely familiar with the product we were, I'd say we were probably using 10% to 20% of its capabilities.

When we originally initially configured and set it up, we used some support, and we were happy with them. We thought they were very confident and good.

We haven't demoed anything else before or since. 

The initial setup was actually pretty easy, as I recall. The hardest thing was finding space on our rack. That said, once we had that up and running, it was pretty straightforward.

We needed one or two people to deploy the solution. Two and a half people were on the deployment full-time. 

We did the deployment on our own, with Dartrace assisting us remotely. 

We only demoed the solution for a few months and therefore did not witness an ROI. 

The cost was reasonable. They were pitching us a five-year contract at a fairly reduced rate annually. The product cost was on the lower side. I'd rate it a two or three out of five in terms of the expense involved. There were no hidden or extra fees involved. 

We started looking at some other things yet didn't really dig very deep. When we were initially looking at Darktrace, they were the only game in town for us. They seemed to be unique after the fact.

We were end-users. 

I'd rate the solution an eight out of ten.

We use Darktrace to monitor our network and block URLs from certain countries. Darktrace is integrated with our firewall, so the blocking is automatic. 

We allow customers to access our Wi-Fi as guests, and some of them were going to restricted sites. Darktrace showed us what they were doing so we could block them. 

Darktrace blocks any new scanning tools that are detected on your system. 

I was under impression that Darktrace's automatic blocking would be an out-of-the-box feature, but we had to integrate it with our firewall to get it to block automatically. The salesperson should be upfront and explain that you need to integrate it with your network. I would also like to see more reporting on risk. Banks in my region want to see at a glance the risk level of various assets.

We have used Darktrace for about six months.

Darktrace is highly stable. We haven't had any downtime except for a power outage last year. 

We reported one case, and Darktrace support responded right away.  They assigned us an account executive who contacts us at least once monthly to discuss any outstanding issues. 

Setting up Darktrace was pretty straightforward. We had to open the port that is plugged into the switch. The whole process was done in under five minutes. You plug in the device and turn it on. 

Darktrace has helped us identify gaps in our system.

Darktrace is pricey, but the price is reasonable for what the solution does, and it's comparable to other products.

I rate Darktrace 8.5 out of 10. I recommend doing a proof of concept to see what you're getting. We got good results. During the POC, Darktrace showed us lots of things we didn't know about. 

Darktrace is used for network security.

The solution can be deployed in the cloud and on-premise.

The most valuable feature of Darktrace is the AI that detects abnormal network activity.

Although we haven't detected any network threats since implementing Darktrace, we are unsure of its efficacy. It would be beneficial if the solution could offer additional details to the user regarding any potential or prevented threats. Additionally, there could be better search tools and integration.

I have been using Darktrace for approximately three years.

The stability has been good in my usage.

I rate the stability of Darktrace an eight out of ten.

We have serval engineers that use Darktrace.

I rate the scalability of Darktrace an eight out of ten.

The support has been good. When we contacted them we received a helpful response.

I rate the support of Darktrace an eight out of ten.

We have used many similar solutions before Darktrace. We choose Darktrace because of the AI. We can develop many use cases with the solution.

The initial setup of Darktrace is straightforward. We are using Slunk and the implementation is simple.

We used a third party for parts of the implementation of Darktrace.

There is an annual license to use Darktrace.

One person can handle the maintenance of Darktrace.

I recommend the solution to others.

I rate Darktrace an eight out of ten.

Darktrace is used for lateral entry investigations, lateral movement investigations, behavioral anomalies from end users, and endpoint detection.

Darktrace has helped our organization by troubleshooting a few issues that were happening in the environment. It was able to see the traffic between the two network components.

Darktrace's most valuable features are that it understands the network environment and is able to trace the traffic and alert on anomalies.

I did not use the AI features because they should make it more user-friendly which would be a benefit. Additionally, the solution could integrate with more SIEM or SOAR tools.

I have been using Darktrace for approximately two and a have years.

Darktrace is stable. We had it set up to where it was redundant. If one sensor went offline, we had another sensor that was constantly monitoring, and it worked well for us.

The scalability of Darktrace was very good.

We had a license for five users, but we had two that were working on it on a daily basis.

We used Darktrace's technical support to help with the setup and with implementation.

I rate the support from Darktrace a four out of five.

Positive

I did not use a similar solution prior to Darktrace.

The initial setup of Darktrace was straightforward, but we used professional services to do it.

We used professional services for the implementation of Darktrace.

We received a return on investment using Darktrace.

We evaluated other solutions prior to using Darktrace.

My advice to others is they have to understand that the solution is looking for behavioral anomalies, and it is going to take tuning to achieve this. It's not a set-it-and-forget-it solution. You have to monitor, update, and optimize it for your environment.

I rate Darktrace an eight out of ten.

Normally, when we have a setup, and I log in with any guest, Darktrace blocks us from remotely logging in from within the office network. It ensures that we cannot remote log in anywhere. It is a security system that identifies hacking attempts. Darktrace also integrates with VirusTotal for verification. Additionally, we use the email protection feature.

Darktrace ensures that we do not have breaches on our systems, and it helps improve our security status before breaches can even reach our system.

The investigative part of Darktrace is valuable, especially the automation features. It allows setting up checks and provides guidance on mitigating situations, which is very useful. There are different modules that you can add to the console for protection.

The Darktrace Mobile app needs improvement as it's currently limited in functionality, and the learning AI takes a while to adapt to new devices, flagging new users as threats for up to a month before recognizing them as regular network users.

I have been using Darktrace for almost a year now.

Darktrace is very stable. I can reliably check logs and track what is happening within the system.

The scalability isn't a high priority for us as it mostly deals with system security. It provides necessary features for security enhancement whenever needed.

The support provided by Darktrace is very good. We had issues with Darktrace Mobile, and they assisted us with a solution, even allowing us to test new features.

Positive

I joined the current company after Darktrace was already in use, so I do not have information on previous solutions.

The initial setup can be rated as a seven out of ten because it involves going into the console and ensuring that the network settings are correctly configured.

Two people are enough for deployment, provided they know the network settings and configurations.

By using Darktrace alongside Mimecast, it has helped improve our security posture by preventing breaches before they reach our system.

I do not have any experience regarding the pricing or setup costs as it was managed by the company administration.

I did not have any information on other solutions evaluated prior to Darktrace as they were in use before I joined the company.

Darktrace is a good product to invest in if you can afford it. It provides excellent security features.

I'd rate the solution eight out of ten.

Darktrace learns patterns and can identify malicious behavior based on that learning. It learns what tasks users perform, what data they access, and similar activities. Unlike an EDR, which uses patterns and signatures to identify existing threats, Darktrace uses AI to learn and recognize patterns. This provides a different approach to monitoring and detecting anomalies. 

Pricing could be cheaper.

I have been using Darktrace as an end user for three years.

I rate the solution’s scalability a ten out of ten.

The initial setup is straightforward and takes a couple of hours.

We did in-house because we've got skill levels, but differently depending from time to time, depending on

The benefit is the security. You probably have a security case, an alarm system, and one or two locks. You don't rely on one security device; you have different layers. Darktrace is just one of those layers.

It is very expensive.

I rate the product’s pricing a ten out of ten, where one is cheap and ten is expensive.

I am the sole administrator and monitor of Darktrace because we have a small IT team. However, Darktrace monitors our entire organization. In a larger company with many IT departments, multiple people might monitor Darktrace and engage with it. Our finance company has a small IT department.

Darktrace adapted to the evolving landscape of cybersecurity threats by leveraging proprietary technology and machine learning algorithms. Their unique approach and cutting-edge solutions have established them as a leading company.

It's difficult to gauge the effectiveness of Darktrace because we don't fully understand how it operates; we only see the alerts it generates. If we create an event on the network, Darktrace will alert us so we know it works in those scenarios. If something new and unknown happens on the network, it's unclear whether Darktrace will detect it. We're paying a lot of money, hoping it does, as Darktrace is a proprietary technology. It might work, or it might not detect some threats. We don't have full visibility or a map of its coverage.

Darktrace can be expensive, depending on the use case. It's like comparing different types of cars: some people need a two-seater, while others need a ten-seater. Darktrace is more like a seven-seater—very specific and not suitable for everyone. 

Overall, I rate the solution an eight out of ten.