Darktrace Reviews

We are primarily using the solution for network monitoring as well as cybersecurity.

The ability to detect activity on the network is very useful to us. Even if it's not necessarily an illegal activity, if it is abnormal activity, it is able to detect it and notify us.

The solution is stable.

The product scales well within a network.

The initial setup is pretty simple.

The solution isn't too expensive.

The solution could be easier to use.

The user interface is a bit too detailed. They should work to pare it down and simplify it. They seemed to have designed it for an expert user and not a layman. If there are some system administrators who are not experts and they just want to just get sensors reports and escalate, it should be easier for them to do so.

I've been using the solution for three years at this point.

The solution is very stable. As far as we've been using it, we've not had any major issues. It doesn't crash or freeze. There are no bugs or glitches. It's reliable.

The solution is scalable within the network. If a company needs to expand it, it can do so.

For our particular office, we have around 100 users.

I cannot say if we will increase usage. We have many offices and decisions in relation to usage increases would come from our UK office.

Technical support is great. They are very responsive and helpful. We are very satisfied with the level of support they provide to us.

We did not previously use a different solution. For cybersecurity, this is our first product. We were using the traditional endpoint protection as well, and we still do. For that, we use Sophos.

The installation was straightforward, from what I understand. I didn't actually handle ht process. That was done by a consultant. 

The deployment was fast. In less than an hour, everything was up and running.

I handle the maintenance myself.

We had a consultant that assisted us with the implementation. They made the process very easy.

We typically do yearly or three-year licensing, however, I can't speak to the exact costs or arrangements.

It's not too expensive. The price is good for what it offers.

We're just a customer and an end-user.

Overall, I'd rate the solution at an eight out of ten. We've mostly been quite happy with the product.

I'd recommend it to other users and organizations.

I'm currently heading cybersecurity for 1,500 entities. Some of them have deployed Vectra, and some of them have deployed Darktrace. Darktrace has been in the UK market for a while, whereas Vectra is a not-so-old player in the UK market.

We are using the latest version of Darktrace but not their latest offering. They are now also providing email security over the Darktrace platform, but we have not been utilizing that. We have been utilizing their network detection and response and some part of automated incident response (IR) capability.

We have a hybrid infrastructure. Some centers are deployed in the cloud, and some centers are deployed on-prem. The management platform is currently on-prem, but the plan is to move it to SaaS.

In terms of features, the data or information they collect and unsupervised machine learning are very valuable. Its unsupervised machine learning has reduced our team's effort. Both Darktrace and Vectra work on unsupervised machine learning that learns the behavior or develops a profile on its own, which allows our security team to do some other tasks rather than spending time on Darktrace or Vectra. 

Because of unsupervised machine learning, its detection capability is quite good. Along with that, if we utilize the integration feature properly, the automated incident response capability of Darktrace is quite useful.

In terms of improvements, fine-tuning is the area where we have to spend some time because it works on unsupervised machine learning. It would be good if they can improve their algorithm or technical functionality to reduce the fine-tuning effort. 

They can also come up with something at the endpoint level. So far, Darktrace has been a network detection response (NDR) solution. It does not offer much at the endpoint level or on user-client devices or servers. There should be more visibility at the endpoint level. It would be good to have the detection and response at the endpoint level by Darktrace.

It should also have integration with an agile environment so that we can have continuous development and continuous integration in the application development environment. This is currently not there. It should also have internet-facing platform visibility, which is currently missing. 

They also need to improve the reporting and management dashboards. Currently, these are not so easy for a non-technical person. All these features would make Darktrace much better, and they would also be helpful in selling more solutions.

I have been using this solution for maybe six or seven years. At my previous workplace, we were one of the early adopters of Darktrace's unsupervised machine learning technology.

Its stability is fine. We are utilizing a mix of their deployment capability. We have appliance-based and sensor-based deployments. Performance-wise, sensor-based ones are slower than appliance-based ones. An appliance also has dedicated hardware.

In terms of scalability, it is fine. We have deployed Darktrace for around 7,000 to 8,000 users for one part of an entity, and it has been working fine. I don't see any issue in terms of its scalability. 

Currently, it has around 7,000 to 8,000 users, but it is getting extended. We are in the process of extending the Darktrace capability to other entities. We are talking about 1,500 entities and 120,000 users in different dispersed and segregated environments. 

They've been quite okay in their responses. This solution is definitely complex, so sometimes we don't get the expected level of information or answer straight away, but they have been okay in responding and following up. I would rate them a seven out of ten.

From the initial deployment perspective, it was quite straightforward. We just need to make some configuration changes and then Darktrace works on spanning. It gets a copy of all the data from the network, and it starts building the profile. It has a pretty straightforward deployment.

I would rate Darktrace a seven out of ten. It is a good solution, but it requires some improvements. 

Our primary use case of this solution is for visibility. We try to get the global view of our network from an audit perspective on any given day, and figure out how that will impact our business. I'm a project coordinator and we are customers of Darktrace. 

The primary feature we are using is the artificial intelligence and machine learning functionality for reviewing and predicting network traffic and network attacks. Although we're not yet fully using the product, I like the Antigena feature which is their proactive or reactive feature, depending on the deployed antivirus center. Darktrace is for people who understand network security very well, and who have probably been in that scene for quite some time. If you're inclined towards mathematical machine learning, artificial intelligence, and to some degree, data science, this is definitely a tool for you.

It's sometimes a challenge getting logs from different sources. I would probably want to see if there was a way to improve that, to enable gathering of more information.

We've been using this solution for close to four months. 

Full deployment took around two weeks, mainly because the solution takes a little time to learn about your network.

The technical support is excellent. They walk you through the process and do a great job. 

The initial setup was quite simple; plug in two or three cables, they give you the requirements that you need and off you go. The configuration and learning how to tweak it is a little more complicated and involved, but the initial setup was easy. Deployment took around two to three weeks because the solution sat on the network for about 14 days doing some variable analysis and trending.

It's a good solution. I would suggest that if it's suitable for your requirements, get it. 

I would rate this solution a nine out of 10. 

We mostly use it for investigating cases. It is deployed on-premises. We have some new projects for this year to extend Darktrace to the cloud.

It is a stable solution.

It can have more integration with orchestration or event management solutions. They can provide more knowledge or research information for analysts for investigating cases and detecting anomalies in networks. 

I have been using this solution for a year. 

It is a stable solution. We don't have any problems with that.

It has got good scalability, but you need to buy many appliances to scale it. We have ten users of this solution from the incident response team.

We don't directly raise tickets with Darktrace. We use a local partner for support.

We didn't use any other solution previously. We are trying to introduce ExtraHop. The main difference is the capacity and the ability to see encrypted traffic.

It is not a complex setup, but it requires a lot of time. It took two or three months the first time, but it was a very smart installation.

We have a partner.

It is expensive. I don't have the price for other competitors.

I would recommend this solution. You need to have a good plan for its initial installation. It requires a lot of work in the network.

I would rate Darktrace an eight out of ten.

We deployed Darktrace for one of the biggest telecommunications companies in Latin America. It is deployed on-premise, but it is more like a service because we don't care about the appliances. Even though it works with appliances, it is more related to the services to the connections that the solution can handle. Because of that, it is on-premise, but it also has a component with sensors that works for remote instances, almost like a cloud solution. 

Some of the clients, especially in the security area, think that this appliance will replace a firewall or a prevention system solution, but it doesn't replace them. It actually complements them because the firewall decides to allow or deny a connection, and a prevention system is designed to avoid any type of risks to the connection or intrusion on the network. Darktrace allows you to find the unknown threats inside the network and identify them by using some artificial intelligence. It can do all the tracking inside or outside the network.

It is connected directly to the core switch, and in the first stage, it probably takes about a month to learn the behavior of the network and the users. With that, it starts to know what type of information is correct inside the network, and what type of information probably would be a risky connection or risky data moving from one site to another. It then starts doing the alerting. After the first stage or the learning stage is complete, we can find the size of the network. The second stage is the use of a different model inside the solution called Antigena. It works like the antibodies inside our body. Once it detects something that is wrong inside the network, it not only does the alerting but also takes the decision to block that type of connection in order to avoid any information leak or any possible risky connection. If somebody is doing some data mining, it disables connection to the engine that is doing the data mining.

We have been giving results not only to the security or compliance area inside of a company but also to the legal department. If someone is doing something wrong in terms of compliance, they can take directly take action against the person or group doing that.

We also give results to the infrastructure people and the network people. Based on our experience, most of the customers don't really know the size of their network. With this type of solution, we can know the complete network. We can know the real size, and how many resources are connected to the network and the internet. For example, one customer said to us, "I only have 18,000 connections on the network." We did the sizing with 18,000, and when we started the deployment, this customer had one thousand and twenty hundred connections. They didn't realize that until we arrived.

It is very easy to work with Darktrace once you know how it works and the type of permissions that you need to get related to the security over a network. The interface is awesome. I'm sure that you have seen Ironman, and you know Jarvis, the computer of Tony Stark. The interface of Darktrace is very similar, and you can see in 3D, like a hologram, the whole network, traffic, and all the traces inside the network. The interface is awesome, and it provides a lot of information. At least for us, it is very easy to handle this interface, get the reports, and do the interpretation of those reports.

Darktrace also provides mobile monitoring. With an app on your mobile phone, you can view the information live, which is very useful for area directors and field engineers. Darktrace can be also correlated with any type of big data solution, such as Splunk.

It would be good if they can include some endpoint protection for remote workers. Nowadays, most people are working remotely. Therefore, they should include some type of sensors that can be installed on the endpoint in order to directly report the main usage and protect remotely. Phone protection will also be a great feature to add to Darktrace.

I have been working with Darktrace for at least four years. I recommend and sell it to customers. A long time ago, I used to be a technical guy. Now I am on the sales side. Our technical crew and sales crew are certified for this solution.

For the past four years, I have only seen two crashes in two appliances. That was because the customer sent more traffic than what the solution or that specific appliance could handle. It was solved by using another appliance to do the appropriate balancing. The second crash was because it was a human error and somebody by mistake disconnected the cable and connected it to a different interface.

It is very easy to scale. When you need more appliances to support the infrastructure, you can use them as LEGOS. In order to place them, the only thing that you need to have is a rack, and you can start connecting them to the switch, and that's it. Once that you have it on the main console, you just assign the role to every single appliance, and that's it.

We're very focused on big companies, but we also have medium customers. The reason why we don't sell it to the small companies is that this type of solution is very expensive for them to finance. So, probably the assets that they have are very important, but based on the budget that small companies have in Latin America, they cannot afford a solution like this.

The support that we have in Latin America is very good. It is a very good company to work with. They have offices here. I would rate them a ten out of ten.

It is very easy. The setup of the solution takes probably half an hour. The only thing that we need to place Darktrace on a customer site is a connection on the core switch with a mirror port. We need to have some space on the rack, and then we connect the appliance to the core switch, and that's it. We go back to the customer a week later to see what Darktrace is catching and start sharing with the customer our discovery inside the network.

The biggest deployment that we have done took about two months, but it was in 26 different sites. The main challenge was the transport. We had to take care of all the logistics to transport all the appliances and find the appropriate time to run all the appliances because most of the customers do not allow to rack them at any time. Therefore, it needs to be done at midnight when almost nobody is using the network. That was our main challenge, but it is very easy to set up.

The pricing is very flexible for Darktrace. Sometimes, a customer does not have the appropriate budget, but Darktrace can handle that. They offer monthly payments, so the customer can acquire the solution very easily.

Over the past years, I have seen some customers say, "No, I have Endpoint protection. I have intrusion prevention. I have a firewall. I don't need anything like that." My advice is that first of all, open your mind to new solutions because this type of solution will catch everything that the rest of the solutions that you have won't catch. That's the first thing. The second thing is that do not limit the work of the people who work with Darktrace by saying that you know your network because we can assure you that you don't know your network and the threats that are inside and outside the network and the size of the network.

We always start with Darktrace Enterprise Immune System, which is the first model. The reason for this is that it is easier to adopt the Antigena model at the second stage because the solution by itself needs to learn inside of the network and what is good and what is bad. When we place Antigena, the deployment stages are exactly the same as when you first deploy the Enterprise Immune System in order to let it learn. After the solution starts learning, it will take at least a couple of months or probably three months to deploy Antigena. Therefore, it doesn't make sense to make customers spend more money on a solution in the initial stages and go for a solution that they would not be using initially. This also provides the appropriate sizing of the network. Most of the time, the customer needs to acquire more services from us in order to support all the infrastructure that they have.

I would rate Darktrace a ten out of ten. I am a very happy user and a happy seller of Darktrace.

The primary use case for Darktrace is for tracking intruders and alerting for network threats.  

The most valuable feature in Darktrace is that it gives me a comprehensive, detailed view of my network and whatever is happening inside it. It is a very good tool for me that helps me to remain aware of security vulnerabilities. I know what is happening on my network in real-time and it responds quickly. It is really very useful.  

I am just a manager and I do not really have a technical viewpoint. The tool really suits me perfectly for now for all my basic security needs and what I expect it to do. It does not need any major changes right now to do what I need it to do. It is not missing anything.  

If I am thinking about improvement, everything can be improved somewhat. Maybe the interface and dashboards could be better. I would be glad if they could make these easier from the point of view of management. It could save some time.  

The price is also a little high and could be more enticing.  

We have been using Darktrace for about two years.  

Darktrace is very stable. It provides 99.9% of our security needs and it does not have downtime. It is a very good, stable solution.  

We did not have the opportunity to test the scalability because our organization has not grown much over the period of time that we have been using the product. I think that scalability is built into the product, but for now, we have not experienced how scaling the product works firsthand.  

I am not so satisfied with the pricing model for Darktrace. The price is a little bit high compared to other solutions. The pricing model should be more flexible.  

On a scale from one to ten where one is the worst and ten is the best, I would rate Darktrace as an eight-out-of-ten.  

I am working with Darktrace in concert with F5, Tufin, and SAP security products.  

One of the things I like most about Darktrace is the fact that it has AI analytics built into it. That merger allows us to have a look at the way that things are working within our company. The fact that it is self-learning is a benefit that has given me 100% visibility across the cloud, my SaaS (Software as a Service) providers, my Office 365 services, within my data center, and also on-premises.  

We are also working with Darktrace on their alpha and beta testing for endpoint security. That is a model that we are thinking about incorporating later. 

Another thing I really like is that it is a very simple product to use. It is very logical and it works beautifully.  

The product is really excellent all around and I can not fault it. The only thing that I can think of that would improve it would be if they had a better visualization and a reporting portal.  

What I mean by better visualization is it could help map our services and endpoints in a better way. At the moment it is fairly complex in the way that it represents our network devices. It would help if there was in a slightly more logical way of visualizing the assets as opposed to the way it is currently being done.  

We are talking to Dartrace at the moment about putting in a reporting portal so we can have technical reports separate from management reports. Some of our management gets information in reports that they do not need to see. When they see it they will not understand what it means. Targeting — or customizing — the reports that we make can allow us to have the content fit what the recipient needs to see without distracting extras.  

Apart from those potential additions, this product is absolutely excellent. It has given us everything we have wanted. Darktrace, as a company, has been really good. Our account manager is totally responsive. The support teams have been really conscientious.  

Fingers crossed. So far Darktrace has proven to be a great asset.  

We have been using Darktrace for about four-and-a-half years now.  

The scalability of Darktrace is excellent. If we want to increase the IP count it is just a matter of negotiating the licenses. We have already upgraded to the largest model of their hardware, and scaling is nice and simple in that situation.  

The technical support people have been good. They understand exactly what we need every time. So I am very happy about that.  

If you ask a question and support can not answer straight away, they will say that they will be back to you within 'X' number of hours. Then they actually do it, which is not something that you get a lot of in technical support teams. Normally people do not stick to what they say they are going to do.  

Our deployment took probably the best part of three months. But the amount of time was more a matter of our constraints, not a problem with Darktrace and the difficulty of deployment. We are operating in 13 countries and it was the scale of it that took additional time. Smaller deployments will take less time.  

If someone asked me for advice about the product I would definitely highly recommend it to those who need this type of solution. It is really good. It has given us a view of our company and it has actually caught a couple of people that were doing data exfiltration and stealing data from our company. We caught them doing it in the act in live time, which is just incredible.  

On the scale from one to ten where one is the worst and ten is the best, I would definitely rate this product at the moment as a ten. It is a perfect solution for our needs.  

I'm a customer data security manager and we are looking at replacing our current solution, McAfee, with something like Darktrace or CrowdStrike which will provide the same visibility with the endpoint protection aspect. 

The Ability to drill right down into an event that has been identified as something of interest so that you can be assured if it is a valid event and therefore not suffer from loads of false positives. Once that initial assurance and confidence was there, you could easily rely on the dashboard and minimise the risk of constantly drilling into each and every event but pick the ones with most risk.

The product is automated to a certain degree, but I think this could be improved. I'm looking for a way of being able to react to threats that are detected based on risk. Aside from that, there is nothing really that they could improve on, it's a product more suited to organizations with an SOC, security operations center, or a company with an IT team of network security members because it relies on constantly monitoring it to see information based on the risks of events.

In our case, we have a small IT team, which means that a large amount of time would have been spent drilling into it. If something did happen on the network, we'd ideally be responding to it reactively instead of proactively. Some of the other products we tested did that so that if something was detected, it would block that device by means of an endpoint, which halts the process and gives you time to check it out. Darktrace would tell you, for example, if there was a ransomware attack, but it wouldn't stop the attack. Other products would identify it as a ransomware attack and stop the network card on the endpoint, giving time to react to the alert, and proceed to cleanse or investigate the machine that's had a problem. That was our issue with Darktrace.

The only reason that it looks like we are going down a different route is because of the endpoint protection issue. The product doesn't have an endpoint agent that can react to outcomes or triggers that are set on the device, otherwise, it would be great. 

We tested the solution for one month. 

Stability is fine, we had no issues with it whatsoever. 

We didn't need to scale the solution, but you could scale it without any issue. The only thing that I think you had to keep an eye on was network traffic through your switches because effectively, you're capturing all the traffic on your network on a port that goes to this device.

The support was fantastic, really good. We were in touch with the guy who I believe was the accounts manager.

Initial setup was easy. We just had to configure a switch port into what's called promiscuous mode and then plug in the device and give it an IP address and leave it. We deployed with our own technical team. It took a day to setup, maybe even less than that. Once installed they activated the license on it. We left it at baseline to look at the network for a week. It just looked at existing traffic and worked out what was typical traffic and what was interesting traffic.

For out of the box it is licensed per device or node that it connects to. I think for services there were some additional licensing fees. 

We evaluated other options and Darktrace had really good dashboards and graphics, but other devices like CrowdStrike, for example, had the endpoint protection we're looking for as well as the features that Darktrace has. The difference is in functionality.

I would suggest to anyone considering this option to identify if this is going to be a monitoring tool to supplement an existing system or if this is going to be another product in your existing security suite of tools.

I would rate this product an eight out of 10.