Darktrace Reviews

We deployed Darktrace for one of the biggest telecommunications companies in Latin America. It is deployed on-premise, but it is more like a service because we don't care about the appliances. Even though it works with appliances, it is more related to the services to the connections that the solution can handle. Because of that, it is on-premise, but it also has a component with sensors that works for remote instances, almost like a cloud solution. 

Some of the clients, especially in the security area, think that this appliance will replace a firewall or a prevention system solution, but it doesn't replace them. It actually complements them because the firewall decides to allow or deny a connection, and a prevention system is designed to avoid any type of risks to the connection or intrusion on the network. Darktrace allows you to find the unknown threats inside the network and identify them by using some artificial intelligence. It can do all the tracking inside or outside the network.

It is connected directly to the core switch, and in the first stage, it probably takes about a month to learn the behavior of the network and the users. With that, it starts to know what type of information is correct inside the network, and what type of information probably would be a risky connection or risky data moving from one site to another. It then starts doing the alerting. After the first stage or the learning stage is complete, we can find the size of the network. The second stage is the use of a different model inside the solution called Antigena. It works like the antibodies inside our body. Once it detects something that is wrong inside the network, it not only does the alerting but also takes the decision to block that type of connection in order to avoid any information leak or any possible risky connection. If somebody is doing some data mining, it disables connection to the engine that is doing the data mining.

We have been giving results not only to the security or compliance area inside of a company but also to the legal department. If someone is doing something wrong in terms of compliance, they can take directly take action against the person or group doing that.

We also give results to the infrastructure people and the network people. Based on our experience, most of the customers don't really know the size of their network. With this type of solution, we can know the complete network. We can know the real size, and how many resources are connected to the network and the internet. For example, one customer said to us, "I only have 18,000 connections on the network." We did the sizing with 18,000, and when we started the deployment, this customer had one thousand and twenty hundred connections. They didn't realize that until we arrived.

It is very easy to work with Darktrace once you know how it works and the type of permissions that you need to get related to the security over a network. The interface is awesome. I'm sure that you have seen Ironman, and you know Jarvis, the computer of Tony Stark. The interface of Darktrace is very similar, and you can see in 3D, like a hologram, the whole network, traffic, and all the traces inside the network. The interface is awesome, and it provides a lot of information. At least for us, it is very easy to handle this interface, get the reports, and do the interpretation of those reports.

Darktrace also provides mobile monitoring. With an app on your mobile phone, you can view the information live, which is very useful for area directors and field engineers. Darktrace can be also correlated with any type of big data solution, such as Splunk.

It would be good if they can include some endpoint protection for remote workers. Nowadays, most people are working remotely. Therefore, they should include some type of sensors that can be installed on the endpoint in order to directly report the main usage and protect remotely. Phone protection will also be a great feature to add to Darktrace.

I have been working with Darktrace for at least four years. I recommend and sell it to customers. A long time ago, I used to be a technical guy. Now I am on the sales side. Our technical crew and sales crew are certified for this solution.

For the past four years, I have only seen two crashes in two appliances. That was because the customer sent more traffic than what the solution or that specific appliance could handle. It was solved by using another appliance to do the appropriate balancing. The second crash was because it was a human error and somebody by mistake disconnected the cable and connected it to a different interface.

It is very easy to scale. When you need more appliances to support the infrastructure, you can use them as LEGOS. In order to place them, the only thing that you need to have is a rack, and you can start connecting them to the switch, and that's it. Once that you have it on the main console, you just assign the role to every single appliance, and that's it.

We're very focused on big companies, but we also have medium customers. The reason why we don't sell it to the small companies is that this type of solution is very expensive for them to finance. So, probably the assets that they have are very important, but based on the budget that small companies have in Latin America, they cannot afford a solution like this.

The support that we have in Latin America is very good. It is a very good company to work with. They have offices here. I would rate them a ten out of ten.

It is very easy. The setup of the solution takes probably half an hour. The only thing that we need to place Darktrace on a customer site is a connection on the core switch with a mirror port. We need to have some space on the rack, and then we connect the appliance to the core switch, and that's it. We go back to the customer a week later to see what Darktrace is catching and start sharing with the customer our discovery inside the network.

The biggest deployment that we have done took about two months, but it was in 26 different sites. The main challenge was the transport. We had to take care of all the logistics to transport all the appliances and find the appropriate time to run all the appliances because most of the customers do not allow to rack them at any time. Therefore, it needs to be done at midnight when almost nobody is using the network. That was our main challenge, but it is very easy to set up.

The pricing is very flexible for Darktrace. Sometimes, a customer does not have the appropriate budget, but Darktrace can handle that. They offer monthly payments, so the customer can acquire the solution very easily.

Over the past years, I have seen some customers say, "No, I have Endpoint protection. I have intrusion prevention. I have a firewall. I don't need anything like that." My advice is that first of all, open your mind to new solutions because this type of solution will catch everything that the rest of the solutions that you have won't catch. That's the first thing. The second thing is that do not limit the work of the people who work with Darktrace by saying that you know your network because we can assure you that you don't know your network and the threats that are inside and outside the network and the size of the network.

We always start with Darktrace Enterprise Immune System, which is the first model. The reason for this is that it is easier to adopt the Antigena model at the second stage because the solution by itself needs to learn inside of the network and what is good and what is bad. When we place Antigena, the deployment stages are exactly the same as when you first deploy the Enterprise Immune System in order to let it learn. After the solution starts learning, it will take at least a couple of months or probably three months to deploy Antigena. Therefore, it doesn't make sense to make customers spend more money on a solution in the initial stages and go for a solution that they would not be using initially. This also provides the appropriate sizing of the network. Most of the time, the customer needs to acquire more services from us in order to support all the infrastructure that they have.

I would rate Darktrace a ten out of ten. I am a very happy user and a happy seller of Darktrace.

Primarily we use the solution to spot problems that cannot be found by other solutions. 

Darktrace has improved our knowledge of abnormal phenomenen which could have potentially be hazardous for the organization.You have to be vigilant with GDPR compliance rules in Europe 

The most valuable aspect of the solution is that you can see all the process mistakes. You can see all the different types of unusualcsituations that you usually don't see in a traffic solution.

The solution would benefit from automation. Currently, you have to know what you are searching for.

I've been using the solution for one month.

The solution is stable. We've never had any problems with it.

The solution is scalable. So far, we have 12 networks done. We have about 500 users on it currently.

I haven't had too much interaction with technical support. Technical support was in France but the experts were in England. It's good generally, but we haven't used the solution for too long.

We didn't previously use a different solution.

When you have an expert, the initial setup is easy, but if you do it on your own, it could be complex. Deployment takes at least a month.

We didn't evaluate another solution. We met the solution's team in Cannes for an IT meeting and decided to pursue discussions with implementation.

We use the on-premises deployment model.

It's a quite clever solution. It has a lot of potential, but I'd advise those considering to hold off implementing the solution until after a newer version is released.

I'd rate the solution seven out of ten. If they added automation and included it in the price, I'd rate it higher.

Our primary use case is incident response.

One thing I appreciate is Antigena Email, which is for email protection.

One of the most valuable features is Behavior analytics.

One thing I would like is for Darktrace to flag SMB traffic more accurately. Currently, it only flags that SMB traffic has occurred, but it doesn't specify which file was being transferred. This makes it difficult to investigate incidents involving SMB traffic, as we don't have concrete evidence of what was being sent.

For example, if a user is sent an unauthorized file via SMB, Darktrace would only flag that SMB traffic occurred between the two users. It wouldn't be able to tell us which file was sent, so we would have to manually investigate the incident to determine what happened.

It would be helpful if Darktrace could flag the specific file that was being transferred in SMB traffic incidents. This would make it much easier to investigate these incidents and take appropriate action.

In future releases, I would like to see more playbooks.

I have been using this solution for a year now. 

I would rate the stability a ten out of ten. 

I would rate the scalability an eight out of ten. There are five end users in our analyst team. 

The customer service and support are really good. That's one of the things that I've come to appreciate about Darktrace. 

Any concern that you give to them, they come on board and arrange a meeting where you could possibly do some practical work with them. They would take on the incident, and they would say, "Okay. Let's set this incident together."

Positive

We used Sophos. We chose Darktrace because of its reliability. Unlike other solutions that rely heavily on signature-based logins, Darktrace operates by learning the behavior of individual users. This means that what may seem normal to me could be considered abnormal for someone else, and Darktrace can effectively block such anomalies. This feature has proven to be immensely helpful.

The initial setup is very easy. I would rate my experience with the initial setup a ten out of ten, where one is difficult and ten is easy to set up. 

It took around an hour to set up. 

The deployment process is pretty self-sufficient. It handles network closure and device discovery.

One person is sufficient for the deployment process. 

The solution is quite expensive. I would rate the licensing model an eight out of ten. 

I would recommend it based on its excellent behavior analytics and AI implementation.

Overall, I would rate the solution an eight out of ten. 

We use the solution for email, network and cloud security.

The network security and AR response are the main things.

The product is expensive, but it is a very good product. The user interface is also good.

I have been using Darktrace for two years.

The product is stable.

I rate the solution’s stability a nine out of ten.

The solution’s scalability is pretty straightforward. We’ve around 3500 users using this solution.

I rate the solution’s scalability an eight out of ten.

I contact technical support on occasion and ask questions, and they are responsive. I can get them on call or email. I’m very happy with the support.

Positive

The initial setup was quick and painless.

The product is very expensive.

The product is expensive, but it is a quality product. If you look apart from the cost, it's a good product followed by very good support. If you're willing to spend the money, it is worth consideration.

Overall, I rate the solution an eight out of ten.

Darktrace is used for network security.

Darktrace has helped our organization be secure from network spam and attacks.

The most valuable features of Darktrace are the tracing of unusual external emails and monitoring the local network.

Darktrace could improve its features, such as monitoring and detecting ransomware. 

I have been using Darktrace for approximately three months.

Darktrace is a stable solution.

The scalability of Darktrace is good.

We have four companies that are using this solution.

I have not used the support from Darktrace.

The initial setup of Darktrace was simple. The deployment of Darktrace took approximately two weeks.

I am using a demo of Darktrace for deployment and testing which is free.

My company chose Darktrace because it helped other companies that needed some help with metrics monitoring and spam monitoring.

I would recommend this solution to others.

I rate Darktrace a ten out of ten.

Darktrace makes up part of our security solution and it is able to operate without intervention from IT staff. Antigena feature for automatic response is awesome.

You can have a one-person IT team and with Darktrace, you can get notification of potential threats that are incoming or are already happening on the network.

I like the Antigena feature in Darktrace, as it offers immediate response and is helpful.

This product collects more data than your traditional type of software, which is useful for us.

Darktrace picks up anomalies as soon as they arise.

The interface is too mathematical and it should be simplified. If you are a seasoned user then you would know where to go, but you have to learn it first. The terminologies being used are mostly numbers. In general, it could be more user-friendly. The GUI can be more simplified and the sections on the interface can be better organised. Usability and visibility of features can improve the skills of administrators and the product will be a preferred solution and ratings will increase.

My experience with Darktrace is short because we are just implementing it now.

The stability of Darktrace is fine.

We do not intend to scale. Scalability is more of a contract issue that comes into play if you want to add nodes to the system. We are opting for a specific number of nodes or endpoints, which we would be able to keep for quite a number of years. I don't expect that we will expand that much, so scalability should not be an issue.

We have been in contact with technical support using different platforms. We have dealt with them using Microsoft Teams, Zoom, WhatsApp and via email.

Positive

No

The initial setup was quite simple and straightforward, taking about an hour to complete. After that, the port modeling took perhaps an hour or two.

Vendor Team

If you consider the features and the cost of market leaders, we are satisfied with the pricing.

Snode

I would rate this solution an eight out of ten.

The solution is used as an anti-phishing tool.

The AI-based pattern is the most valuable feature. The AI monitors users' patterns in how they draft and send emails, so if there is a change in the pattern the email is flagged.

There is a high ratio of false positive information. For example, AI capabilities can sometimes make it difficult to distinguish between a legitimate email and a phishing email. This is one of the features that need to be manually sorted out and aligned. We need to improve this feature by putting DNS into the micro.

I have been using the solution for three years.

The solution is stable.

The solution is scalable.

The technical support team is good and they provide support on a priority level.

Positive

The initial setup is easy.

The cost is moderate.

I give the solution an eight out of ten.

Our organization chose Darktrace because of its phishing capabilities.

Darktrace is the best way to secure a gateway and I recommend the solution to others.

We are a financial Institute and make use of the IDS solution. We have the SIM called QRadar. We analyze all the traffic clouds with Darktrace and SIM.

The most valuable feature has been the behavioral analytics that allows us to monitor all the traffic.

Sometimes the solution gives some false positives which could be improved. The dashboard and reporting for this solution could be improved as it is currently complex. The GUI for this solution could also be improved. 

I have been using this solution for three years. 

This is a stable solution. 

This is a scalable solution. 

The technical support is very good but we would like to get some information from APAC because we are in APAC region.

We considered McAfee and other solutions but based on budget and features, we decided to go with Darktrace.

The initial setup is straightforward and so is the maintenance. 

The deployment was done in-house.

I would rate this solution a seven out of ten.