Darktrace Reviews

We have Antigena on the email, and we also use the network monitoring capabilities. We are using the latest version of the Antigena Email and AI analytics platform. 

I particularly like Antigena and the analytics around the real-time monitoring of our network. I also like its reporting because it has got a seven-day reporting period within the system. Every time you run the reports, it gives you the data about the previous seven days. I like that because it is in real-time. I enjoy reading those reports and getting a very clear and decisive idea of what's happening on my network on a real-time basis. I like the actual real-time monitoring of spoofing and things like that. I also like the user monitoring as well as the network logging capabilities. 

One thing that I would like to look at going forward is to have a fully automated network infrastructure that is monitored automatically real-time, and that gives me this kind of capability where I would be able to look at my network at any given time and see the state of my network. With Darktrace, at the moment, I have to almost put in a date and tell them that want you to give me data from this date to this date. I don't want that. I want a fast solution in which it doesn't matter when I log into the application. Whenever I log in, I must be able to see my network and run a report. In other words, if I go in now and I say, "Give me a full report of what happened today, it must be able to give me that. It mustn't just be limited to a seven-day period, for argument's sake. It must be able to give me real-time and day-to-day tracking of what has happened within my network.

We have been using Darktrace for two years.

There were a couple of times when we needed some of the expertise, and the guys were not available at the time when we needed them. Subsequently, they've managed to improve.

In terms of our organization, we are a massive IT organization or financial services company. We've got a very small ITP, but we've got a lot of data. We are not sure about Darktrace in terms of its capacity to deal with huge data, but it is probably too early for me to give some sort of indication of what is not big.

At the moment, they are delivering on the set objective in terms of what I want to achieve as a CIO, and I'm quite happy with some of the deliverables that are coming through at the moment. In terms of what our requirements were and what we expect in terms of what we want them to deliver, they have delivered. Within the next two to three years, I would probably be able to provide a different perspective after we've matured within the Darktrace environment. At the moment, they've delivered the actual scope of work. There is nothing really that they're not delivering on as promised. So, at the moment, I'm quite happy with where we are.

I would rate Darktrace a nine out of ten.

We mostly use it for investigating cases. It is deployed on-premises. We have some new projects for this year to extend Darktrace to the cloud.

It is a stable solution.

It can have more integration with orchestration or event management solutions. They can provide more knowledge or research information for analysts for investigating cases and detecting anomalies in networks. 

I have been using this solution for a year. 

It is a stable solution. We don't have any problems with that.

It has got good scalability, but you need to buy many appliances to scale it. We have ten users of this solution from the incident response team.

We don't directly raise tickets with Darktrace. We use a local partner for support.

We didn't use any other solution previously. We are trying to introduce ExtraHop. The main difference is the capacity and the ability to see encrypted traffic.

It is not a complex setup, but it requires a lot of time. It took two or three months the first time, but it was a very smart installation.

We have a partner.

It is expensive. I don't have the price for other competitors.

I would recommend this solution. You need to have a good plan for its initial installation. It requires a lot of work in the network.

I would rate Darktrace an eight out of ten.

Darktrace is used for network security.

Darktrace has helped our organization be secure from network spam and attacks.

The most valuable features of Darktrace are the tracing of unusual external emails and monitoring the local network.

Darktrace could improve its features, such as monitoring and detecting ransomware. 

I have been using Darktrace for approximately three months.

Darktrace is a stable solution.

The scalability of Darktrace is good.

We have four companies that are using this solution.

I have not used the support from Darktrace.

The initial setup of Darktrace was simple. The deployment of Darktrace took approximately two weeks.

I am using a demo of Darktrace for deployment and testing which is free.

My company chose Darktrace because it helped other companies that needed some help with metrics monitoring and spam monitoring.

I would recommend this solution to others.

I rate Darktrace a ten out of ten.

We are a financial Institute and make use of the IDS solution. We have the SIM called QRadar. We analyze all the traffic clouds with Darktrace and SIM.

The most valuable feature has been the behavioral analytics that allows us to monitor all the traffic.

Sometimes the solution gives some false positives which could be improved. The dashboard and reporting for this solution could be improved as it is currently complex. The GUI for this solution could also be improved. 

I have been using this solution for three years. 

This is a stable solution. 

This is a scalable solution. 

The technical support is very good but we would like to get some information from APAC because we are in APAC region.

We considered McAfee and other solutions but based on budget and features, we decided to go with Darktrace.

The initial setup is straightforward and so is the maintenance. 

The deployment was done in-house.

I would rate this solution a seven out of ten. 

Darktrace is a cybersecurity solution that is essentially an AI-driven ecosystem. Call it network monitoring with telemetry SaaS cloud connections.

It provides a comprehensive cybersecurity solution that monitors my cloud accounts as well as my local network. It monitors local network traffic, VPN's and it connects to my firewalls, allowing me to see what's going on in my environment. I have visibility into pretty much everything that's going on now.

The active threat dashboard is the most valuable feature of this solution. 

The licensing model has room for improvement. The license by IP rather than node or device, even if it's a single Mac address. If I have three people who are constantly in three different locations, they want to charge you three licenses. My only criticism of the product is that its licensing model isn't flexible.

I would like to see a Darktrace EDR client, a true EDR client that integrates into it, and not a third-party EDR.

I have been working with Darktrace for six months. 

We are working with the most recent version.

Darktrace is very stable. It's very reliable.

Darktrace is a very scalable solution.

We have 650 users in our organization.

It's extensively used.

I give them five stars from the sale cycle to the support cycle.

I considered other options, but this is the one I chose, because of the flexibility and the ease of use.

The initial set is very simple and intuitive. With the instructions provided, it took about 10 minutes to set up.

It requires no maintenance. It is managed by Darktrace, they push down the updates. I don't have to do anything with it.

I think it's mostly the licensing on the network monitoring piece that I don't like. All of the other modules, such as the licensing modules, are on par. It's one for one.

I evaluated Endpoint protection solutions, such as CrowdStrike Falcon, Darktrace, and SentinelOne. We decided on Darktrace.

I'm a partner with Darktrace.

I would advise them to engage with their sales team and their sales engineering team to make sure they understand the license model.

It's very intuitive. It's a fantastic product, and the only reason they don't get a 10 is because of their licensing. I believe their network monitoring device licensing module could use some improvement.

I would rate Darktrace an eight out of ten.

Primarily we use the solution to spot problems that cannot be found by other solutions. 

Darktrace has improved our knowledge of abnormal phenomenen which could have potentially be hazardous for the organization.You have to be vigilant with GDPR compliance rules in Europe 

The most valuable aspect of the solution is that you can see all the process mistakes. You can see all the different types of unusualcsituations that you usually don't see in a traffic solution.

The solution would benefit from automation. Currently, you have to know what you are searching for.

I've been using the solution for one month.

The solution is stable. We've never had any problems with it.

The solution is scalable. So far, we have 12 networks done. We have about 500 users on it currently.

I haven't had too much interaction with technical support. Technical support was in France but the experts were in England. It's good generally, but we haven't used the solution for too long.

We didn't previously use a different solution.

When you have an expert, the initial setup is easy, but if you do it on your own, it could be complex. Deployment takes at least a month.

We didn't evaluate another solution. We met the solution's team in Cannes for an IT meeting and decided to pursue discussions with implementation.

We use the on-premises deployment model.

It's a quite clever solution. It has a lot of potential, but I'd advise those considering to hold off implementing the solution until after a newer version is released.

I'd rate the solution seven out of ten. If they added automation and included it in the price, I'd rate it higher.

I'm a customer data security manager and we are looking at replacing our current solution, McAfee, with something like Darktrace or CrowdStrike which will provide the same visibility with the endpoint protection aspect. 

The Ability to drill right down into an event that has been identified as something of interest so that you can be assured if it is a valid event and therefore not suffer from loads of false positives. Once that initial assurance and confidence was there, you could easily rely on the dashboard and minimise the risk of constantly drilling into each and every event but pick the ones with most risk.

The product is automated to a certain degree, but I think this could be improved. I'm looking for a way of being able to react to threats that are detected based on risk. Aside from that, there is nothing really that they could improve on, it's a product more suited to organizations with an SOC, security operations center, or a company with an IT team of network security members because it relies on constantly monitoring it to see information based on the risks of events.

In our case, we have a small IT team, which means that a large amount of time would have been spent drilling into it. If something did happen on the network, we'd ideally be responding to it reactively instead of proactively. Some of the other products we tested did that so that if something was detected, it would block that device by means of an endpoint, which halts the process and gives you time to check it out. Darktrace would tell you, for example, if there was a ransomware attack, but it wouldn't stop the attack. Other products would identify it as a ransomware attack and stop the network card on the endpoint, giving time to react to the alert, and proceed to cleanse or investigate the machine that's had a problem. That was our issue with Darktrace.

The only reason that it looks like we are going down a different route is because of the endpoint protection issue. The product doesn't have an endpoint agent that can react to outcomes or triggers that are set on the device, otherwise, it would be great. 

We tested the solution for one month. 

Stability is fine, we had no issues with it whatsoever. 

We didn't need to scale the solution, but you could scale it without any issue. The only thing that I think you had to keep an eye on was network traffic through your switches because effectively, you're capturing all the traffic on your network on a port that goes to this device.

The support was fantastic, really good. We were in touch with the guy who I believe was the accounts manager.

Initial setup was easy. We just had to configure a switch port into what's called promiscuous mode and then plug in the device and give it an IP address and leave it. We deployed with our own technical team. It took a day to setup, maybe even less than that. Once installed they activated the license on it. We left it at baseline to look at the network for a week. It just looked at existing traffic and worked out what was typical traffic and what was interesting traffic.

For out of the box it is licensed per device or node that it connects to. I think for services there were some additional licensing fees. 

We evaluated other options and Darktrace had really good dashboards and graphics, but other devices like CrowdStrike, for example, had the endpoint protection we're looking for as well as the features that Darktrace has. The difference is in functionality.

I would suggest to anyone considering this option to identify if this is going to be a monitoring tool to supplement an existing system or if this is going to be another product in your existing security suite of tools.

I would rate this product an eight out of 10. 

I have used multiple solutions, but its graphical user interface is quite interesting and quite descriptive. There are a lot of video animations, and we can easily see how the data is transferred between various points. That's something really interesting. It is also quite easy to understand for a new user.

Its documentation is not up to the mark. At times, I have a lot of trouble finding a solution. Even when I posted questions on the community chats, it took a lot of time for me to get answers. That's something that can be improved. Darktrace can focus on creating a more interactive community. If there are more people from Darktrace to focus on community chats, it would be better.

It has been close to two months, and I am probably using the latest version.

It is definitely stable.

So far, we haven't had any problems. It is definitely scalable.

We don't have more than 12 people who use this solution.

I never had any technical support problems. It is up to the mark.

I have worked with Elastic SIEM and QRadar. Elastic SIEM is entirely different, so there is no one-to-one comparison. It is like comparing apples with oranges, but overall, Darktrace is quite interesting. A new user can easily learn it without much help.

I never did any setup. I'm just an end-user.

My advice is to always go for a PoC before implementing Darktrace. That's because Darktrace can get a lot of personally-identified information, which may not be a good thing for some companies. So, before going for this technology, you should do a PoC, and once everything is compliant with the rules and regulations of the company, you can go for it.

I would rate it an eight out of 10.