Darktrace Reviews

Darktrace makes up part of our security solution and it is able to operate without intervention from IT staff. Antigena feature for automatic response is awesome.

You can have a one-person IT team and with Darktrace, you can get notification of potential threats that are incoming or are already happening on the network.

I like the Antigena feature in Darktrace, as it offers immediate response and is helpful.

This product collects more data than your traditional type of software, which is useful for us.

Darktrace picks up anomalies as soon as they arise.

The interface is too mathematical and it should be simplified. If you are a seasoned user then you would know where to go, but you have to learn it first. The terminologies being used are mostly numbers. In general, it could be more user-friendly. The GUI can be more simplified and the sections on the interface can be better organised. Usability and visibility of features can improve the skills of administrators and the product will be a preferred solution and ratings will increase.

My experience with Darktrace is short because we are just implementing it now.

The stability of Darktrace is fine.

We do not intend to scale. Scalability is more of a contract issue that comes into play if you want to add nodes to the system. We are opting for a specific number of nodes or endpoints, which we would be able to keep for quite a number of years. I don't expect that we will expand that much, so scalability should not be an issue.

We have been in contact with technical support using different platforms. We have dealt with them using Microsoft Teams, Zoom, WhatsApp and via email.

Positive

No

The initial setup was quite simple and straightforward, taking about an hour to complete. After that, the port modeling took perhaps an hour or two.

Vendor Team

If you consider the features and the cost of market leaders, we are satisfied with the pricing.

Snode

I would rate this solution an eight out of ten.

Darktrace just scans the entire network and documentation. We then automatically evaluate which behaviors are normal and which are not normal. You can determine what possible risks are in the network.

The most valuable feature of Darktrace and the most valuable feature is the artificial intelligence module because that is the tool that determines automatically if there is any risk or not in the network.

You don't need a human operator to be involved. The tool can operate by itself... By itself. That's the best and the most important feature because that reduces the amount of time that a person needs to spend on the tool.

The solution is powerful and very useful, it has the ability to avert many attacks.

The tool does almost 95 percent of the work and you only need to run some features to obtain reports.

The module can improve so that every time it's more intelligent.

I have been using Darktrace for approximately three years.

The stability of Darktrace is good.

Darktrace is a scalable solution.

The support from Darktrace is very good, it is perfect.

Darktrace is installed in an appliance and that appliance is installed in the network. 

We have one engineer that does the maintenance of Darktrace. They do the implementation and scanning of the network.

The solution does not require a lot of maintenance, it does most of the operations automatically.

We provide technical services.

The cost of the solution is expensive for smaller businesses. They will not be able to afford it or might not need this type of security solution.

The license is by device,  if you have 1,000 devices, then the cost is going to be high.

My advice to others is for them to try to determine what are their costs in security. Then they can determine the benefit of Darktrace. They need to first acknowledge what their costs are and then they can start pricing what solution would be best.

I rate Darktrace a ten out of ten.

We use Darktrace for security, and to give us better visibility.

If a user is exfiltrating data, normally we don't have the tools to detect it. With Darktrace, it detects this data. Also, if there is any command-and-control then this solution will highlight that.

The most valuable feature is that it gives us visibility of rogue traffic that is on the network.

The detection capabilities are good.

This product needs more in terms of prevention. The detection capabilities work well but once a threat has been detected, Darktrace should work to prevent it from doing anything malicious.

Integration with SOAR systems may be helpful, depending on the SOAR.

Stability-wise, Darktrace is very good. It runs in the background 24/7.

The scalability is good because it covers our whole network.

We have 1,000 business and IT users and for our environment, the scalability is very good. 

The technical support is good. I would rate them an eight out of ten.

We did not use another similar solution prior to Darktrace.

The initial setup was very straightforward. It took approximately two months to complete the implementation and deployment.

We used a consultant to assist us with the implementation.

One person is enough for the deployment and maintenance.

There may have been others that we looked at but this is the main one we evaluated.

My advice for anybody who is looking into implementing Darktrace is to do a proof of concept first. Try to out because it's quite useful for providing visibility in the network.

Overall, this is a good product that seems to be working well.

I would rate this solution an eight out of ten.

Darktrace is a platform that is used to check all infrastructures. They check the compartmental in the network.

It is a very good platform for understanding what is going on in your network or in your environment because it checks all the activities. This is the same when I use activities on the device, server, network, and web, it checks it all.

The platform has many modules, and each module examines a different situation in the behavior.

It's a very complex platform.

I have been working with Darktrace for approximately one year.

Darktrace is a stable product.

It's a scalable platform.

The technical support is not very good.  I believe that the support must be very quick and operational. Support will need to grow in Italy, but I'm not sure about the other side.

It's an expensive solution.

While it is complex, and difficult to use, once you understand the correct way to use it, it's a very good platform. I would rate Darktrace a nine out of ten.

I have used multiple solutions, but its graphical user interface is quite interesting and quite descriptive. There are a lot of video animations, and we can easily see how the data is transferred between various points. That's something really interesting. It is also quite easy to understand for a new user.

Its documentation is not up to the mark. At times, I have a lot of trouble finding a solution. Even when I posted questions on the community chats, it took a lot of time for me to get answers. That's something that can be improved. Darktrace can focus on creating a more interactive community. If there are more people from Darktrace to focus on community chats, it would be better.

It has been close to two months, and I am probably using the latest version.

It is definitely stable.

So far, we haven't had any problems. It is definitely scalable.

We don't have more than 12 people who use this solution.

I never had any technical support problems. It is up to the mark.

I have worked with Elastic SIEM and QRadar. Elastic SIEM is entirely different, so there is no one-to-one comparison. It is like comparing apples with oranges, but overall, Darktrace is quite interesting. A new user can easily learn it without much help.

I never did any setup. I'm just an end-user.

My advice is to always go for a PoC before implementing Darktrace. That's because Darktrace can get a lot of personally-identified information, which may not be a good thing for some companies. So, before going for this technology, you should do a PoC, and once everything is compliant with the rules and regulations of the company, you can go for it.

I would rate it an eight out of 10.

We have Antigena on the email, and we also use the network monitoring capabilities. We are using the latest version of the Antigena Email and AI analytics platform. 

I particularly like Antigena and the analytics around the real-time monitoring of our network. I also like its reporting because it has got a seven-day reporting period within the system. Every time you run the reports, it gives you the data about the previous seven days. I like that because it is in real-time. I enjoy reading those reports and getting a very clear and decisive idea of what's happening on my network on a real-time basis. I like the actual real-time monitoring of spoofing and things like that. I also like the user monitoring as well as the network logging capabilities. 

One thing that I would like to look at going forward is to have a fully automated network infrastructure that is monitored automatically real-time, and that gives me this kind of capability where I would be able to look at my network at any given time and see the state of my network. With Darktrace, at the moment, I have to almost put in a date and tell them that want you to give me data from this date to this date. I don't want that. I want a fast solution in which it doesn't matter when I log into the application. Whenever I log in, I must be able to see my network and run a report. In other words, if I go in now and I say, "Give me a full report of what happened today, it must be able to give me that. It mustn't just be limited to a seven-day period, for argument's sake. It must be able to give me real-time and day-to-day tracking of what has happened within my network.

We have been using Darktrace for two years.

There were a couple of times when we needed some of the expertise, and the guys were not available at the time when we needed them. Subsequently, they've managed to improve.

In terms of our organization, we are a massive IT organization or financial services company. We've got a very small ITP, but we've got a lot of data. We are not sure about Darktrace in terms of its capacity to deal with huge data, but it is probably too early for me to give some sort of indication of what is not big.

At the moment, they are delivering on the set objective in terms of what I want to achieve as a CIO, and I'm quite happy with some of the deliverables that are coming through at the moment. In terms of what our requirements were and what we expect in terms of what we want them to deliver, they have delivered. Within the next two to three years, I would probably be able to provide a different perspective after we've matured within the Darktrace environment. At the moment, they've delivered the actual scope of work. There is nothing really that they're not delivering on as promised. So, at the moment, I'm quite happy with where we are.

I would rate Darktrace a nine out of ten.

I'm currently heading cybersecurity for 1,500 entities. Some of them have deployed Vectra, and some of them have deployed Darktrace. Darktrace has been in the UK market for a while, whereas Vectra is a not-so-old player in the UK market.

We are using the latest version of Darktrace but not their latest offering. They are now also providing email security over the Darktrace platform, but we have not been utilizing that. We have been utilizing their network detection and response and some part of automated incident response (IR) capability.

We have a hybrid infrastructure. Some centers are deployed in the cloud, and some centers are deployed on-prem. The management platform is currently on-prem, but the plan is to move it to SaaS.

In terms of features, the data or information they collect and unsupervised machine learning are very valuable. Its unsupervised machine learning has reduced our team's effort. Both Darktrace and Vectra work on unsupervised machine learning that learns the behavior or develops a profile on its own, which allows our security team to do some other tasks rather than spending time on Darktrace or Vectra. 

Because of unsupervised machine learning, its detection capability is quite good. Along with that, if we utilize the integration feature properly, the automated incident response capability of Darktrace is quite useful.

In terms of improvements, fine-tuning is the area where we have to spend some time because it works on unsupervised machine learning. It would be good if they can improve their algorithm or technical functionality to reduce the fine-tuning effort. 

They can also come up with something at the endpoint level. So far, Darktrace has been a network detection response (NDR) solution. It does not offer much at the endpoint level or on user-client devices or servers. There should be more visibility at the endpoint level. It would be good to have the detection and response at the endpoint level by Darktrace.

It should also have integration with an agile environment so that we can have continuous development and continuous integration in the application development environment. This is currently not there. It should also have internet-facing platform visibility, which is currently missing. 

They also need to improve the reporting and management dashboards. Currently, these are not so easy for a non-technical person. All these features would make Darktrace much better, and they would also be helpful in selling more solutions.

I have been using this solution for maybe six or seven years. At my previous workplace, we were one of the early adopters of Darktrace's unsupervised machine learning technology.

Its stability is fine. We are utilizing a mix of their deployment capability. We have appliance-based and sensor-based deployments. Performance-wise, sensor-based ones are slower than appliance-based ones. An appliance also has dedicated hardware.

In terms of scalability, it is fine. We have deployed Darktrace for around 7,000 to 8,000 users for one part of an entity, and it has been working fine. I don't see any issue in terms of its scalability. 

Currently, it has around 7,000 to 8,000 users, but it is getting extended. We are in the process of extending the Darktrace capability to other entities. We are talking about 1,500 entities and 120,000 users in different dispersed and segregated environments. 

They've been quite okay in their responses. This solution is definitely complex, so sometimes we don't get the expected level of information or answer straight away, but they have been okay in responding and following up. I would rate them a seven out of ten.

From the initial deployment perspective, it was quite straightforward. We just need to make some configuration changes and then Darktrace works on spanning. It gets a copy of all the data from the network, and it starts building the profile. It has a pretty straightforward deployment.

I would rate Darktrace a seven out of ten. It is a good solution, but it requires some improvements. 

Our primary use case of this solution is for visibility. We try to get the global view of our network from an audit perspective on any given day, and figure out how that will impact our business. I'm a project coordinator and we are customers of Darktrace. 

The primary feature we are using is the artificial intelligence and machine learning functionality for reviewing and predicting network traffic and network attacks. Although we're not yet fully using the product, I like the Antigena feature which is their proactive or reactive feature, depending on the deployed antivirus center. Darktrace is for people who understand network security very well, and who have probably been in that scene for quite some time. If you're inclined towards mathematical machine learning, artificial intelligence, and to some degree, data science, this is definitely a tool for you.

It's sometimes a challenge getting logs from different sources. I would probably want to see if there was a way to improve that, to enable gathering of more information.

We've been using this solution for close to four months. 

Full deployment took around two weeks, mainly because the solution takes a little time to learn about your network.

The technical support is excellent. They walk you through the process and do a great job. 

The initial setup was quite simple; plug in two or three cables, they give you the requirements that you need and off you go. The configuration and learning how to tweak it is a little more complicated and involved, but the initial setup was easy. Deployment took around two to three weeks because the solution sat on the network for about 14 days doing some variable analysis and trending.

It's a good solution. I would suggest that if it's suitable for your requirements, get it. 

I would rate this solution a nine out of 10.