Darktrace Reviews

We deployed Darktrace for one of the biggest telecommunications companies in Latin America. It is deployed on-premise, but it is more like a service because we don't care about the appliances. Even though it works with appliances, it is more related to the services to the connections that the solution can handle. Because of that, it is on-premise, but it also has a component with sensors that works for remote instances, almost like a cloud solution. 

Some of the clients, especially in the security area, think that this appliance will replace a firewall or a prevention system solution, but it doesn't replace them. It actually complements them because the firewall decides to allow or deny a connection, and a prevention system is designed to avoid any type of risks to the connection or intrusion on the network. Darktrace allows you to find the unknown threats inside the network and identify them by using some artificial intelligence. It can do all the tracking inside or outside the network.

It is connected directly to the core switch, and in the first stage, it probably takes about a month to learn the behavior of the network and the users. With that, it starts to know what type of information is correct inside the network, and what type of information probably would be a risky connection or risky data moving from one site to another. It then starts doing the alerting. After the first stage or the learning stage is complete, we can find the size of the network. The second stage is the use of a different model inside the solution called Antigena. It works like the antibodies inside our body. Once it detects something that is wrong inside the network, it not only does the alerting but also takes the decision to block that type of connection in order to avoid any information leak or any possible risky connection. If somebody is doing some data mining, it disables connection to the engine that is doing the data mining.

We have been giving results not only to the security or compliance area inside of a company but also to the legal department. If someone is doing something wrong in terms of compliance, they can take directly take action against the person or group doing that.

We also give results to the infrastructure people and the network people. Based on our experience, most of the customers don't really know the size of their network. With this type of solution, we can know the complete network. We can know the real size, and how many resources are connected to the network and the internet. For example, one customer said to us, "I only have 18,000 connections on the network." We did the sizing with 18,000, and when we started the deployment, this customer had one thousand and twenty hundred connections. They didn't realize that until we arrived.

It is very easy to work with Darktrace once you know how it works and the type of permissions that you need to get related to the security over a network. The interface is awesome. I'm sure that you have seen Ironman, and you know Jarvis, the computer of Tony Stark. The interface of Darktrace is very similar, and you can see in 3D, like a hologram, the whole network, traffic, and all the traces inside the network. The interface is awesome, and it provides a lot of information. At least for us, it is very easy to handle this interface, get the reports, and do the interpretation of those reports.

Darktrace also provides mobile monitoring. With an app on your mobile phone, you can view the information live, which is very useful for area directors and field engineers. Darktrace can be also correlated with any type of big data solution, such as Splunk.

It would be good if they can include some endpoint protection for remote workers. Nowadays, most people are working remotely. Therefore, they should include some type of sensors that can be installed on the endpoint in order to directly report the main usage and protect remotely. Phone protection will also be a great feature to add to Darktrace.

I have been working with Darktrace for at least four years. I recommend and sell it to customers. A long time ago, I used to be a technical guy. Now I am on the sales side. Our technical crew and sales crew are certified for this solution.

For the past four years, I have only seen two crashes in two appliances. That was because the customer sent more traffic than what the solution or that specific appliance could handle. It was solved by using another appliance to do the appropriate balancing. The second crash was because it was a human error and somebody by mistake disconnected the cable and connected it to a different interface.

It is very easy to scale. When you need more appliances to support the infrastructure, you can use them as LEGOS. In order to place them, the only thing that you need to have is a rack, and you can start connecting them to the switch, and that's it. Once that you have it on the main console, you just assign the role to every single appliance, and that's it.

We're very focused on big companies, but we also have medium customers. The reason why we don't sell it to the small companies is that this type of solution is very expensive for them to finance. So, probably the assets that they have are very important, but based on the budget that small companies have in Latin America, they cannot afford a solution like this.

The support that we have in Latin America is very good. It is a very good company to work with. They have offices here. I would rate them a ten out of ten.

It is very easy. The setup of the solution takes probably half an hour. The only thing that we need to place Darktrace on a customer site is a connection on the core switch with a mirror port. We need to have some space on the rack, and then we connect the appliance to the core switch, and that's it. We go back to the customer a week later to see what Darktrace is catching and start sharing with the customer our discovery inside the network.

The biggest deployment that we have done took about two months, but it was in 26 different sites. The main challenge was the transport. We had to take care of all the logistics to transport all the appliances and find the appropriate time to run all the appliances because most of the customers do not allow to rack them at any time. Therefore, it needs to be done at midnight when almost nobody is using the network. That was our main challenge, but it is very easy to set up.

The pricing is very flexible for Darktrace. Sometimes, a customer does not have the appropriate budget, but Darktrace can handle that. They offer monthly payments, so the customer can acquire the solution very easily.

Over the past years, I have seen some customers say, "No, I have Endpoint protection. I have intrusion prevention. I have a firewall. I don't need anything like that." My advice is that first of all, open your mind to new solutions because this type of solution will catch everything that the rest of the solutions that you have won't catch. That's the first thing. The second thing is that do not limit the work of the people who work with Darktrace by saying that you know your network because we can assure you that you don't know your network and the threats that are inside and outside the network and the size of the network.

We always start with Darktrace Enterprise Immune System, which is the first model. The reason for this is that it is easier to adopt the Antigena model at the second stage because the solution by itself needs to learn inside of the network and what is good and what is bad. When we place Antigena, the deployment stages are exactly the same as when you first deploy the Enterprise Immune System in order to let it learn. After the solution starts learning, it will take at least a couple of months or probably three months to deploy Antigena. Therefore, it doesn't make sense to make customers spend more money on a solution in the initial stages and go for a solution that they would not be using initially. This also provides the appropriate sizing of the network. Most of the time, the customer needs to acquire more services from us in order to support all the infrastructure that they have.

I would rate Darktrace a ten out of ten. I am a very happy user and a happy seller of Darktrace.

The primary use case for Darktrace is for tracking intruders and alerting for network threats.  

The most valuable feature in Darktrace is that it gives me a comprehensive, detailed view of my network and whatever is happening inside it. It is a very good tool for me that helps me to remain aware of security vulnerabilities. I know what is happening on my network in real-time and it responds quickly. It is really very useful.  

I am just a manager and I do not really have a technical viewpoint. The tool really suits me perfectly for now for all my basic security needs and what I expect it to do. It does not need any major changes right now to do what I need it to do. It is not missing anything.  

If I am thinking about improvement, everything can be improved somewhat. Maybe the interface and dashboards could be better. I would be glad if they could make these easier from the point of view of management. It could save some time.  

The price is also a little high and could be more enticing.  

We have been using Darktrace for about two years.  

Darktrace is very stable. It provides 99.9% of our security needs and it does not have downtime. It is a very good, stable solution.  

We did not have the opportunity to test the scalability because our organization has not grown much over the period of time that we have been using the product. I think that scalability is built into the product, but for now, we have not experienced how scaling the product works firsthand.  

I am not so satisfied with the pricing model for Darktrace. The price is a little bit high compared to other solutions. The pricing model should be more flexible.  

On a scale from one to ten where one is the worst and ten is the best, I would rate Darktrace as an eight-out-of-ten.  

I am working with Darktrace in concert with F5, Tufin, and SAP security products.  

One of the things I like most about Darktrace is the fact that it has AI analytics built into it. That merger allows us to have a look at the way that things are working within our company. The fact that it is self-learning is a benefit that has given me 100% visibility across the cloud, my SaaS (Software as a Service) providers, my Office 365 services, within my data center, and also on-premises.  

We are also working with Darktrace on their alpha and beta testing for endpoint security. That is a model that we are thinking about incorporating later. 

Another thing I really like is that it is a very simple product to use. It is very logical and it works beautifully.  

The product is really excellent all around and I can not fault it. The only thing that I can think of that would improve it would be if they had a better visualization and a reporting portal.  

What I mean by better visualization is it could help map our services and endpoints in a better way. At the moment it is fairly complex in the way that it represents our network devices. It would help if there was in a slightly more logical way of visualizing the assets as opposed to the way it is currently being done.  

We are talking to Dartrace at the moment about putting in a reporting portal so we can have technical reports separate from management reports. Some of our management gets information in reports that they do not need to see. When they see it they will not understand what it means. Targeting — or customizing — the reports that we make can allow us to have the content fit what the recipient needs to see without distracting extras.  

Apart from those potential additions, this product is absolutely excellent. It has given us everything we have wanted. Darktrace, as a company, has been really good. Our account manager is totally responsive. The support teams have been really conscientious.  

Fingers crossed. So far Darktrace has proven to be a great asset.  

We have been using Darktrace for about four-and-a-half years now.  

The scalability of Darktrace is excellent. If we want to increase the IP count it is just a matter of negotiating the licenses. We have already upgraded to the largest model of their hardware, and scaling is nice and simple in that situation.  

The technical support people have been good. They understand exactly what we need every time. So I am very happy about that.  

If you ask a question and support can not answer straight away, they will say that they will be back to you within 'X' number of hours. Then they actually do it, which is not something that you get a lot of in technical support teams. Normally people do not stick to what they say they are going to do.  

Our deployment took probably the best part of three months. But the amount of time was more a matter of our constraints, not a problem with Darktrace and the difficulty of deployment. We are operating in 13 countries and it was the scale of it that took additional time. Smaller deployments will take less time.  

If someone asked me for advice about the product I would definitely highly recommend it to those who need this type of solution. It is really good. It has given us a view of our company and it has actually caught a couple of people that were doing data exfiltration and stealing data from our company. We caught them doing it in the act in live time, which is just incredible.  

On the scale from one to ten where one is the worst and ten is the best, I would definitely rate this product at the moment as a ten. It is a perfect solution for our needs.  

I'm a customer data security manager and we are looking at replacing our current solution, McAfee, with something like Darktrace or CrowdStrike which will provide the same visibility with the endpoint protection aspect. 

The Ability to drill right down into an event that has been identified as something of interest so that you can be assured if it is a valid event and therefore not suffer from loads of false positives. Once that initial assurance and confidence was there, you could easily rely on the dashboard and minimise the risk of constantly drilling into each and every event but pick the ones with most risk.

The product is automated to a certain degree, but I think this could be improved. I'm looking for a way of being able to react to threats that are detected based on risk. Aside from that, there is nothing really that they could improve on, it's a product more suited to organizations with an SOC, security operations center, or a company with an IT team of network security members because it relies on constantly monitoring it to see information based on the risks of events.

In our case, we have a small IT team, which means that a large amount of time would have been spent drilling into it. If something did happen on the network, we'd ideally be responding to it reactively instead of proactively. Some of the other products we tested did that so that if something was detected, it would block that device by means of an endpoint, which halts the process and gives you time to check it out. Darktrace would tell you, for example, if there was a ransomware attack, but it wouldn't stop the attack. Other products would identify it as a ransomware attack and stop the network card on the endpoint, giving time to react to the alert, and proceed to cleanse or investigate the machine that's had a problem. That was our issue with Darktrace.

The only reason that it looks like we are going down a different route is because of the endpoint protection issue. The product doesn't have an endpoint agent that can react to outcomes or triggers that are set on the device, otherwise, it would be great. 

We tested the solution for one month. 

Stability is fine, we had no issues with it whatsoever. 

We didn't need to scale the solution, but you could scale it without any issue. The only thing that I think you had to keep an eye on was network traffic through your switches because effectively, you're capturing all the traffic on your network on a port that goes to this device.

The support was fantastic, really good. We were in touch with the guy who I believe was the accounts manager.

Initial setup was easy. We just had to configure a switch port into what's called promiscuous mode and then plug in the device and give it an IP address and leave it. We deployed with our own technical team. It took a day to setup, maybe even less than that. Once installed they activated the license on it. We left it at baseline to look at the network for a week. It just looked at existing traffic and worked out what was typical traffic and what was interesting traffic.

For out of the box it is licensed per device or node that it connects to. I think for services there were some additional licensing fees. 

We evaluated other options and Darktrace had really good dashboards and graphics, but other devices like CrowdStrike, for example, had the endpoint protection we're looking for as well as the features that Darktrace has. The difference is in functionality.

I would suggest to anyone considering this option to identify if this is going to be a monitoring tool to supplement an existing system or if this is going to be another product in your existing security suite of tools.

I would rate this product an eight out of 10. 

Generally, we use Darktrace for behavioral analytics. We use it in the inner-network and the outside network for malicious connectivity. Darktrace gives us support with networks. We follow all the notifications and sometimes we block malicious IPs from the firewall.

Its most valuable feature is its ability to identify malicious connected IPs from outside and the attacks that get through to the inside.

Darktrace needs to simplify most of the positive reports. We have to field all the positive reports, false positives, too. Sometimes we need to check false positives manually. We have to filter false positives. After that, we configure it again. Then, we want to analyze these false positives. That's the main thing. If we are assessing features, this should be easier to handle.

Darktrace needs to automate the reports of false positives, botnets, and everything.

So far, I think the solution is good. Not excellent, good.

I'm using Darktrace about two years.

The stability of the solution is fine.

In terms of scalability, it is ok.

It's a behavioral analysis solution, so we are not actively using it. We analyze all the user traffic from the Darktrace. That's the main thing. 

There are about 3,000 users. All the 3,000 user traffic is going through Darktrace.

We don't do the maintenance for Darktrace. My vendor is maintaining it since we got the product from them.

We are analyzing attempts to connect to them. After that, if you want reports, they provide them. We have a service and everything with the vendor. Then, if we have any requirements, they do it for us. The solution is working all day and my team is analyzing two hours for that.

In terms of technical support, if you raise some complaints, they tend to everything with user traffic within three or four hours. They provide the solution then we implement it.

Before using Darktrace I was using FireEye, but I switched because FireEye is very expensive and they do the same thing. It provides the same thing, except that DarkTrace has a different solution for the firewall, email filtering and everything else, and Darktrace is doing everything in a single box.

The initial setup is simple. It only takes three or four days. But we need to identify one to three traffic behavioral analysis, after that we can find the lead.

My team handled the deployment. They did everything. After that, they give me a report, which I then go through.

We are doing a monthly cost-basis. It's about 500,000 NKR because we are the first to implement it in Sri Lanka. We worked out direct pricing from Darktrace UK. After that, we selected a vendor in Sri Lanka. But the thing is, we are the first implementation here. I think they are actually undercharging and giving us the solution first because they want a reference from us since we are a bank in Sri Lanka. That's why they are doing it like that.

There are no additional costs besides the license, except the 15% rate to the Sri Lanka government.

Based on our experience with DarkTrace, I would advise that if they are comparing prices, ROI and everything, I think Darktrace is better than FireEye.

On a scale of 1 to 10 I can rate it a 6. I give it a 6 because it's been a year learning everything, and technology, attacks and patents are changing everyday.

It has improved our monitoring capabilities. 

The most valuable feature is the alerts. The alerts are meaningful. The event rolls up into meaningful and actionable alerts rather than just being noise. 

The products is designed to monitor traffic sent and received via the corporate egress /network points.

I would be interested to see further integration or development of a capability to obtain visibility of mobile devices such as Laptops and Mobiles, which operate outside of the network and may communicate specifically when off the corporate network.  

The stability isn't good but I like the product. It's a good product but we need to look into other similar products that operate in the same zone: user behavior analysis and user detection. We need it to be good in comparison. 

We currently have an inner network. We don't have a full-scale deployment. It is on network segment where there are around 5,000 users. The full company would be around 9,000 users if we deployed it across all the subsidiaries. 

Their technical support is good. 

This is the first solution of this type that we've used. During the initial three month trial, we saw a lot of stuff from the product that we were unable to see through the conventional tooling technologies that we had in place. 

The setup was straightforward. It was a matter of hours. It took around two to three hours. 

My advice to someone considering this solution is to install it, conduct a pilot, and see. You need to see how easy it is to implement and you need to add it to install. You need to see what kinds of results it provides and compare it to your existing tool kit. The product demonstrates its actual capabilities when it's actually working. It's difficult to comprehend what it can actually do but it does give you an added level of visibility. 

It has good capabilities. I would rate it an eight out of ten. 

Cross-correlation with the endpoint based activities would be useful, like the ability to look at the deep supervised learning engine of the artificial intelligence unit and being able to take input data from the endpoints in order to apply the rules. It works on supervised learning and rules but I would like to be able to do things on different feeds as well. 

It has a very good graphical user interface. The ability to get a console on the mobile phone and being able to respond and do basic incident response capabilities remotely is also a good feature. 

The tool offers us visibility into network traffic. 

The tool gives us alerts whenever an admin is trying to connect.

I am impressed with the product's ability to give insights into network traffic. 

I would like to see a feature where the tool ingests information from an anti-malware product that is present at the endpoint. 

I am using the product since September. 

The solution is stable. 

The tool's deployment is easy. 

The tool's pricing is costly. 

I would rate the tool a nine out of ten. You need to use the tool on a trial basis so that you can get comfortable with it. 

We are a consulting company and sell Darktrace to our customers. Our company is in West Africa. I'm the company CEO.

Darktrace can observe networks and respond to those observations. It provides great network protection, is innovative and flexible.

I think Darktrace needs to improve its collaboration with local partners. That would include training and improving the technical skills of vendors. Desktop and mobile device protection could also be improved. 

We've been selling this solution for two years. 

The solution is stable. 

Our customers report that the technical support is very good. 

Positive

The initial setup is reasonably straightforward although the process requires some preparation beforehand. The size of deployment varies greatly, we've deployed in companies ranging in size from 200 up to 5,000 users. 

Licensing costs are expensive, although I think the high cost is partly a currency issue because we're based in West Africa. 

I rate this solution eight out of 10.