We use Darktrace for standard network security, mail security, and SaaS security.
Manager, Information Technology at Coulisse BV
Autonomous response enhances security but interface requires enhancements
Pros and Cons
- "The scalability of Darktrace is very high."
- "The management user interface needs improvement."
What is our primary use case?
What is most valuable?
NTG is now autonomous response.
What needs improvement?
The management user interface needs improvement. More insights are necessary, and deeper technical experience and knowledge are required to pinpoint actions, breaches, or behavior.
For how long have I used the solution?
We have been using Darktrace for three years.
Buyer's Guide
Darktrace
August 2025

Learn what your peers think about Darktrace. Get advice and tips from experienced pros sharing their opinions. Updated: August 2025.
866,561 professionals have used our research since 2012.
What do I think about the stability of the solution?
I would rate the stability of the solution as nine.
What do I think about the scalability of the solution?
The scalability of Darktrace is very high. I would rate it eight out of ten.
How are customer service and support?
Technical support is rated at nine out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We used more standard antivirus solutions and firewalling. However, these cannot be compared to an EDR or HDR like Darktrace.
How was the initial setup?
The setup was straightforward and not a problem, even for someone not very technical.
What about the implementation team?
Our service provider did some support there.
What's my experience with pricing, setup cost, and licensing?
The pricing is rated at eight, implying it's considered expensive.
Which other solutions did I evaluate?
We evaluated other options, but they were more like standard antivirus and firewalling, not comparable to Darktrace.
What other advice do I have?
I recommend Darktrace to others if they can afford it.
I'd rate the solution eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.

Co-Founder & Managing Director at CyberOne S.A.
Used for detecting network-based threats like ransomware or illicit communications with external endpoints
Pros and Cons
- "A very useful feature in Darktrace for real-time threat analysis is the packet inspection that analyzes the packet traffic in real time."
- "Darktrace could expand into EDR (endpoint detection and response) and combine it with its network detection."
What is our primary use case?
Darktrace is used for detecting network-based threats like ransomware in the early stage or illicit communications with external endpoints.
What is most valuable?
A very useful feature in Darktrace for real-time threat analysis is the packet inspection that analyzes the packet traffic in real time. Data acquisition is the source rather than tapping the data downstream after some processing.
What needs improvement?
Darktrace could expand into EDR (endpoint detection and response) and combine it with its network detection. They could thereby have a more holistic knowledge of the system through network information or through visibility into the operating system of the endpoints.
For how long have I used the solution?
I have been working with Darktrace for four years.
What do I think about the stability of the solution?
Darktrace is a very stable solution.
What do I think about the scalability of the solution?
Darktrace is a very scalable solution. Our clients for Darktrace are enterprise customers.
How are customer service and support?
The solution’s technical support is very good.
How would you rate customer service and support?
Positive
How was the initial setup?
The solution’s initial setup is very straightforward.
What about the implementation team?
The solution's deployment time depends on the complexity of the network. For some huge networks, you need to tap the right resources and measure the system to acquire all the required traffic. The deployment is very straightforward in smaller networks where you have to connect to only one switch.
What's my experience with pricing, setup cost, and licensing?
Darktrace is quite an expensive solution. Users need to pay a yearly licensing fee for the solution.
What other advice do I have?
Darktrace has improved our client's organization's threat detection and response capabilities. Darktrace has helped users intercept and stop ransomware attack attempts in the very early stage, within a couple of minutes of its detection Autonomous response is a very good and useful feature that differentiates Darktrace from other solutions.
One person can easily maintain the solution. Darktrace easily integrates with our client's IT infrastructure solutions, like Microsoft 365, CrowdStrike, and Palo Alto firewalls. Darktrace has impacted our clients' incident response time to be very quick.
Darktrace is an autonomous solution. Users have to ensure they present all the traffic to the tool so it can intercept threats and not have hidden spots in their networks.
Overall, I rate Darktrace a nine out of ten.
Disclosure: My company has a business relationship with this vendor other than being a customer. Reseller
Buyer's Guide
Darktrace
August 2025

Learn what your peers think about Darktrace. Get advice and tips from experienced pros sharing their opinions. Updated: August 2025.
866,561 professionals have used our research since 2012.
Senior Security Architect at Meeza
A stable, scalable, and valuable tool that provides excellent network monitoring
Pros and Cons
- "The solution is outstanding from a monitoring perspective."
- "Darktrace is a closed technology, meaning we know very little about how it works, including the architecture, which is significant. As a result, when we implement the system and find we're getting many false positives, we have minimal insight into why it's happening and what we can do to fix it. We don't know how the solution is configured, the criteria for threats to be determined, or the product's inner workings. We understand that they have to ensure privacy and their copyright, but we want to see some documentation or public research into the security Darktrace provides."
What is our primary use case?
I work for a Managed Security Service Provider (MSSP), and we provide the solution for our clients to improve their security posture in both IT and OT. The deployments are typically hybrid.
What is most valuable?
The solution is outstanding from a monitoring perspective.
All of the features are valuable and provide excellent capability in the field.
What needs improvement?
Darktrace is a closed technology, meaning we know very little about how it works, including the architecture, which is significant. As a result, when we implement the system and find we're getting many false positives, we have minimal insight into why it's happening and what we can do to fix it. We don't know how the solution is configured, the criteria for threats to be determined, or the product's inner workings. We understand that they have to ensure privacy and their copyright, but we want to see some documentation or public research into the security Darktrace provides.
A relatively new module called Darktrace PREVENT provides digital protection to the company from the internet. However, the protection doesn't extend to the dark web, which limits its depth. PREVENT also offers phishing awareness training in the form of dummy attacks and some penetration testing, but it is very limited from my point of view.
The AI and Darktrace breach model must be enhanced to minimize false positives, as they can give our customers a negative impression of the solution. Some of them come to us and say they aren't getting what they expect from it, especially after a significant investment.
For how long have I used the solution?
I initially used the product in 2016, then returned to it in 2022 and have been using it for about a year. Over the years, the extension to the Darktrace portfolio has been tremendous, and they have made improvements in many areas, including reporting and autonomous response.
What do I think about the stability of the solution?
The stability is very good; I rate the solution eight out of ten here.
What do I think about the scalability of the solution?
The solution is scalable; I rate it eight out of ten for scalability.
How are customer service and support?
Darktrace tech support is helpful, but there is room for improvement, especially around assistance for complex deployments. I rate them seven out of ten.
How would you rate customer service and support?
Neutral
How was the initial setup?
The deployment is straightforward. However, a complex network, such as one in the cloud and a DOCSIS ecosystem, can become extremely difficult. Generally, though, the deployment is straightforward, and in our case, we completed the whole setup in three to four hours.
Specifically, large, complex MPLS networks are exceedingly tricky when deploying Darktrace. We may need more experience or training, but it would be good to see some improvements here.
Our InfoSec team uses the solution, consisting of two to three staff members. Regarding endpoints protected by the product, there were around 400 in my old position and 2000 in my current organization.
What's my experience with pricing, setup cost, and licensing?
I'm unfamiliar with the exact cost, but we have a yearly license and had to pay for Darktrace's services before the deployment. The product is very expensive, so some organizations can't afford to pay the total amount directly, meaning they often seek a partner or pay in installments, which increases the price more.
Darktrace requires direct billing to London, which isn't possible for organizations in Qatar, so they have to go through processes that increase the price even further. If they had an office in Dubai or Qatar, that could solve this payment issue.
What other advice do I have?
I rate the solution eight out of ten and highly recommend it.
From a technological perspective, Darktrace is an excellent company, and the rate at which they improved and continue to improve their product is impressive.
All the data is on the appliance on the customers' premises, and we have to open back doors to the analysts in London to access the devices, who have complete visibility into what's happening on the customer side. This is a significant negative point for Darktrace. They also have complete visibility into our email, which is a privacy concern for us.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Microsoft Azure
Disclosure: My company has a business relationship with this vendor other than being a customer. Partner
Manager Information Systems / Technology at Food Sciences Corporation
Easy to implement with a nice interface and very good at identifying intrusions
Pros and Cons
- "We liked their approach to identifying intrusions or network anomalies using AI."
- "Upper management wasn't sold on the value proposition."
What is our primary use case?
We were trying to justify Darktrace, and I was starting to do an analysis of the different solutions. We did a POC and haven't made a decision as to if we will use it or not.
We were just trying to validate their claims of AI-driven preventive network issues. They showed us a number of things, and we were able to show or verify that, yes, the things that they pointed out we were glad they caught. Nothing turned out to be a true intrusion, however, the stuff that they showed us were things that we were happy to see on our network. They discovered traffic on our network that was anomalous. We were just looking to see if they could point us to anomalous traffic, and they did.
What is most valuable?
We liked their approach to identifying intrusions or network anomalies using AI.
We liked their interface and the graphics that they deployed to present the information. It was really good, and we were happy with the overall quality of the product, which was very, very robust.
The implementation was easy.
What needs improvement?
We didn't really notice any downsides to the product. We were very impressed with it. It was a matter of timing and cost. Upper management wasn't sold on the value proposition.
For how long have I used the solution?
We had demoed Darktrace for a few months.
What do I think about the stability of the solution?
It ran pretty fast. Its interface was quick, and it did not impact our network traffic. It didn't slow down anything on our network. It was stable.
What do I think about the scalability of the solution?
We had a sense that it was going to handle our network without many problems. We have a few hundred endpoints of all types, and there was no problem. We had three users on the solution.
Since we weren't really entirely familiar with the product we were, I'd say we were probably using 10% to 20% of its capabilities.
How are customer service and support?
When we originally initially configured and set it up, we used some support, and we were happy with them. We thought they were very confident and good.
Which solution did I use previously and why did I switch?
We haven't demoed anything else before or since.
How was the initial setup?
The initial setup was actually pretty easy, as I recall. The hardest thing was finding space on our rack. That said, once we had that up and running, it was pretty straightforward.
We needed one or two people to deploy the solution. Two and a half people were on the deployment full-time.
What about the implementation team?
We did the deployment on our own, with Dartrace assisting us remotely.
What was our ROI?
We only demoed the solution for a few months and therefore did not witness an ROI.
What's my experience with pricing, setup cost, and licensing?
The cost was reasonable. They were pitching us a five-year contract at a fairly reduced rate annually. The product cost was on the lower side. I'd rate it a two or three out of five in terms of the expense involved. There were no hidden or extra fees involved.
Which other solutions did I evaluate?
We started looking at some other things yet didn't really dig very deep. When we were initially looking at Darktrace, they were the only game in town for us. They seemed to be unique after the fact.
What other advice do I have?
We were end-users.
I'd rate the solution an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Assistant Manager - IT and Innovation at a financial services firm with 51-200 employees
We can integrate it with our firewall to automatically block things
Pros and Cons
- "We allow customers to access our Wi-Fi as guests, and some of them were going to restricted sites. Darktrace showed us what they were doing so we could block them."
- "I was under impression that Darktrace's automatic blocking would be an out-of-the-box feature, but we had to integrate it with our firewall to get it to block automatically. The salesperson should be upfront and explain that you need to integrate it with your network. I would also like to see more reporting on risk. Banks in my region want to see at a glance the risk level of various assets."
What is our primary use case?
We use Darktrace to monitor our network and block URLs from certain countries. Darktrace is integrated with our firewall, so the blocking is automatic.
How has it helped my organization?
We allow customers to access our Wi-Fi as guests, and some of them were going to restricted sites. Darktrace showed us what they were doing so we could block them.
What is most valuable?
Darktrace blocks any new scanning tools that are detected on your system.
What needs improvement?
I was under impression that Darktrace's automatic blocking would be an out-of-the-box feature, but we had to integrate it with our firewall to get it to block automatically. The salesperson should be upfront and explain that you need to integrate it with your network. I would also like to see more reporting on risk. Banks in my region want to see at a glance the risk level of various assets.
For how long have I used the solution?
We have used Darktrace for about six months.
What do I think about the stability of the solution?
Darktrace is highly stable. We haven't had any downtime except for a power outage last year.
How are customer service and support?
We reported one case, and Darktrace support responded right away. They assigned us an account executive who contacts us at least once monthly to discuss any outstanding issues.
How was the initial setup?
Setting up Darktrace was pretty straightforward. We had to open the port that is plugged into the switch. The whole process was done in under five minutes. You plug in the device and turn it on.
What was our ROI?
Darktrace has helped us identify gaps in our system.
What's my experience with pricing, setup cost, and licensing?
Darktrace is pricey, but the price is reasonable for what the solution does, and it's comparable to other products.
What other advice do I have?
I rate Darktrace 8.5 out of 10. I recommend doing a proof of concept to see what you're getting. We got good results. During the POC, Darktrace showed us lots of things we didn't know about.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Cybersecurity Manager at DP World Australia (Holding) Pty. Ltd.
Useful AI network threat detection, highly reliable, and helpful support
Pros and Cons
- "The most valuable feature of Darktrace is the AI that detects abnormal network activity."
- "Although we haven't detected any network threats since implementing Darktrace, we are unsure of its efficacy. It would be beneficial if the solution could offer additional details to the user regarding any potential or prevented threats. Additionally, there could be better search tools and integration."
What is our primary use case?
Darktrace is used for network security.
The solution can be deployed in the cloud and on-premise.
What is most valuable?
The most valuable feature of Darktrace is the AI that detects abnormal network activity.
What needs improvement?
Although we haven't detected any network threats since implementing Darktrace, we are unsure of its efficacy. It would be beneficial if the solution could offer additional details to the user regarding any potential or prevented threats. Additionally, there could be better search tools and integration.
For how long have I used the solution?
I have been using Darktrace for approximately three years.
What do I think about the stability of the solution?
The stability has been good in my usage.
I rate the stability of Darktrace an eight out of ten.
What do I think about the scalability of the solution?
We have serval engineers that use Darktrace.
I rate the scalability of Darktrace an eight out of ten.
How are customer service and support?
The support has been good. When we contacted them we received a helpful response.
I rate the support of Darktrace an eight out of ten.
Which solution did I use previously and why did I switch?
We have used many similar solutions before Darktrace. We choose Darktrace because of the AI. We can develop many use cases with the solution.
How was the initial setup?
The initial setup of Darktrace is straightforward. We are using Slunk and the implementation is simple.
What about the implementation team?
We used a third party for parts of the implementation of Darktrace.
What's my experience with pricing, setup cost, and licensing?
There is an annual license to use Darktrace.
What other advice do I have?
One person can handle the maintenance of Darktrace.
I recommend the solution to others.
I rate Darktrace an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer.
Information Security Program Manager at a non-profit with 11-50 employees
Useful traffic tracing, good support, and beneficial anomaly alerts
Pros and Cons
- "Darktrace's most valuable features are that it understands the network environment and is able to trace the traffic and alert on anomalies."
- "I did not use the AI features because they should make it more user-friendly which would be a benefit. Additionally, the solution could integrate with more SIEM or SOAR tools."
What is our primary use case?
Darktrace is used for lateral entry investigations, lateral movement investigations, behavioral anomalies from end users, and endpoint detection.
How has it helped my organization?
Darktrace has helped our organization by troubleshooting a few issues that were happening in the environment. It was able to see the traffic between the two network components.
What is most valuable?
Darktrace's most valuable features are that it understands the network environment and is able to trace the traffic and alert on anomalies.
What needs improvement?
I did not use the AI features because they should make it more user-friendly which would be a benefit. Additionally, the solution could integrate with more SIEM or SOAR tools.
For how long have I used the solution?
I have been using Darktrace for approximately two and a have years.
What do I think about the stability of the solution?
Darktrace is stable. We had it set up to where it was redundant. If one sensor went offline, we had another sensor that was constantly monitoring, and it worked well for us.
What do I think about the scalability of the solution?
The scalability of Darktrace was very good.
We had a license for five users, but we had two that were working on it on a daily basis.
How are customer service and support?
We used Darktrace's technical support to help with the setup and with implementation.
I rate the support from Darktrace a four out of five.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I did not use a similar solution prior to Darktrace.
How was the initial setup?
The initial setup of Darktrace was straightforward, but we used professional services to do it.
What about the implementation team?
We used professional services for the implementation of Darktrace.
What was our ROI?
We received a return on investment using Darktrace.
Which other solutions did I evaluate?
We evaluated other solutions prior to using Darktrace.
What other advice do I have?
My advice to others is they have to understand that the solution is looking for behavioral anomalies, and it is going to take tuning to achieve this. It's not a set-it-and-forget-it solution. You have to monitor, update, and optimize it for your environment.
I rate Darktrace an eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.
Head of Infrastructure, Security and Communications at a construction company with 5,001-10,000 employees
Easy to set up with good integration capabilities and useful UI
Pros and Cons
- "We have found the product to be stable and issue-free."
- "We'd like threat hunting, and we'd like to see a global solution that can automate vulnerability scans. I know it is something they are working on."
What is our primary use case?
We're using it in a complete security solution yet still within a different product that Darktrace has that's related to the network or email.
What is most valuable?
The most valuable aspect of the product would be that it's a product that is quite easy to integrate. It's quite easy to start working with it, which is working well. The concept of artificial intelligence that is behind the solution is the most interesting feature for us.
The sense of detection and monitoring and topics within security is good.
It was easy to set up the product.
We have found the product to be stable and issue-free.
It is scalable.
What needs improvement?
We need them to ensure they will detect new attacks and pick up anomalies.
We, of course, would love more threat intelligence, and more integration with vulnerability scanners. We'd like threat hunting, and we'd like to see a global solution that can automate vulnerability scans. I know it is something they are working on.
They're working in different modules that could be related to threat intelligence and to the tech vulnerabilities or functionalities related to EDR.
For how long have I used the solution?
We've been working with the solution for the last couple of years.
What do I think about the stability of the solution?
We've had no issues with stability. It's reliable. There are no bugs or glitches. It doesn't crash or freeze.
What do I think about the scalability of the solution?
It is scalable and easily expands.
The whole of the organization leverages the product, however, I do not have a clear picture of how many people we are working it. That said, we have a company of 2,000.
How are customer service and support?
I've dealt with technical support in the past. I found them to be helpful.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We did previously use a different solution. That said, I don't remember what it was called.
How was the initial setup?
The product is easy to set up.
After deployment, we spent three months, which is the time that this solution needs to learn about what's happening in our network. In one day, once we had defined all the configurations and once they have been seen on the appliance, we were able to start running it.
It's an easy product to maintain.
What about the implementation team?
We handled the initial setup ourselves. We did not need any outside assistance from integrators or consultants.
What's my experience with pricing, setup cost, and licensing?
The pricing is okay. I'd rate it seven out of ten in terms of affordability.
You have different modules which you have to pay for. If you want to expand functionality, it ends up costing more.
Which other solutions did I evaluate?
Looked at Microsoft, Proofpoint, and Minecraft when we were looking into Darktrace. We decided on this product based on the available features.
What other advice do I have?
We are using the last version of the solution, although I don't know the exact version number. We plan to upgrade in the next couple of weeks. We might be on version five, with the latest being six.
This is something that is really easy to implement in an organization. It gives us good visibility about what is happening in our networks, and on the system. We like the transparency available within our infrastructure now. We can also personalize it to fit our needs. You can either choose plug and play or you can go deeper. They have artificial intelligence you can start working with. You can define more by leveraging modules. Overall, it's very interesting.
I'd rate the solution eight out of ten.
Which deployment model are you using for this solution?
On-premises
Disclosure: My company does not have a business relationship with this vendor other than being a customer.

Buyer's Guide
Download our free Darktrace Report and get advice and tips from experienced pros
sharing their opinions.
Updated: August 2025
Product Categories
Network Detection and Response (NDR) Email Security Intrusion Detection and Prevention Software (IDPS) Network Traffic Analysis (NTA) Extended Detection and Response (XDR) Cloud Security Posture Management (CSPM) Cloud-Native Application Protection Platforms (CNAPP) Attack Surface Management (ASM) AI-Powered Cybersecurity PlatformsPopular Comparisons
Cloudflare
CrowdStrike Falcon
Wazuh
Microsoft Defender for Office 365
Datadog
Microsoft Sentinel
Microsoft Defender for Cloud
Prisma Cloud by Palo Alto Networks
SentinelOne Singularity Complete
IBM Security QRadar
Cortex XDR by Palo Alto Networks
WatchGuard Firebox
Trellix Endpoint Security Platform
Cloudflare One
Buyer's Guide
Download our free Darktrace Report and get advice and tips from experienced pros
sharing their opinions.
Quick Links
Learn More: Questions:
- I'm building a next-gen AI powered threat intelligence platform. What's missing from existing solutions?
- Which is better - SentinelOne or Darktrace?
- What are the pros and cons of Darktrace vs CrowdStrike Falcon vs alternative EPP solutions?
- Which alternative solutions (other than Darktrace) do you recommend for an SMB?
- How does Crowdstrike Falcon compare with Darktrace?
- How does Network Detection and Response (NDR) Differ from SIEM?
- What aspects of network security are more concerning to small and medium-sized enterprises?
- What are the best practices for Security Operations Center (SOC)?
- What is the future of the Network Operation Center (NOC)?
- Which alternative solutions (other than Darktrace) do you recommend for an SMB?