In terms of improvement for Darktrace, pricing is the main concern. Pricing bothers me and this is one of the major factors when choosing a solution. When we get feedback from customers, that's the only felt need. When we factor in Darktrace, we do it only limited. We put it on where the perimeters and connections are, but still, some gray areas are left out, especially if we have multiple branches. We need Darktrace on each branch to get the data out, and I suggest having some kind of a centralized product that gets data from multiple sources to aggregate and provide the data.

View full review »

I am uncertain what would make Darktrace better because of the autonomous response issue. In a shared environment, it doesn't work, and there are still some integration issues. They say they can integrate with most firewalls, but when we did an integration with Meraki MX firewalls, that integration didn't work and still doesn't work to this day. View full review »

Even before I think about any improvements, Darktrace is proactive by bringing out updates and new features every quarter. 

However, the one downside is the pricing, which is quite high. 

View full review »

I feel that Darktrace could be improved, particularly in the support aspect which is currently very poor. We need to chase Darktrace instead of them being proactive with us.

The support is the main problem, though there are some other issues as.

View full review »

I have observed a product called LinkShadow, which has more modules of integration and consolidates everything into one dashboard, such as authentication monitoring. Darktrace could improve by integrating with email security gateways like Mimecast or Ironscales. In LinkShadow, this is referred to as mesh technology. Additionally, the Darktrace dashboards are not easy to navigate until one becomes familiar with them. View full review »

The management dashboards and the meter dashboards should be more user-friendly and simple to use for easy management.

View full review »

Since security products are trying to expand 360 degrees in the enterprise, if Darktrace comes forward with more automation and integrations with other security monitoring tools, it would really benefit CISOs and CIOs to better understand automation and have better visibility into what's happening in our environment.

View full review »

There are still some issues with the network capturing or blocking traffic even after implementing exceptions. It requires more learning in this area.

View full review »

Updates keep coming, which is great, but I prefer a unified UI experience. The intelligence section and the incident view should be seamlessly connected in one view to avoid jumping between pages. This integration would make incident management more intuitive. View full review »

The presence of sales representatives in my country needs improvement. There is no dedicated salesperson in Egypt, and having one would help to improve focus on this market.

View full review »

Darktrace needs significant improvement in its notification capabilities. While it does notify administrators, the old approach of having admins directly police users is outdated. Users now prefer automated, impersonal responses rather than being confronted by IT staff, which can lead to concerns about privacy violations. We've requested Darktrace to develop a feature that notifies users directly when it detects potential data exfiltration. Darktrace doesn't differentiate between personal and work data uploaded to Google Drive or OneDrive. It flags it as exfiltration and expects the IT team to investigate further.

Human policing is a thing of the past; what’s needed now are automated responses, user awareness, and behavior warnings, areas where Darktrace falls short. In contrast, Egress, an email security solution, excels in this regard. It intuitively detects potential risks, even flagging first-time email recipients and integrating data classification. We’ve encouraged Darktrace to adopt this level of functionality, transforming it from just identifying exfiltration to a more comprehensive data leak prevention tool. However, as of now, Darktrace is still limited to identifying when a node is transferring data without distinguishing the nature of that data.

Darktrace could improve by enabling user heat maps or risk profiles, a feature that many other EDR and cybersecurity products already effectively provide. It would be beneficial for us if they could offer this functionality without requiring the purchase of an additional email security solution.

On the plus side, Darktrace integrates with CrowdStrike, allowing it to monitor CrowdStrike agent actions. This integration helps us achieve a unified view of our security landscape since we route Darktrace, CrowdStrike, FortiGate, and other tools through SecureWorks, our centrally managed security platform.

View full review »

One area for improvement is the alerting system, which generates too many alerts and becomes labor-intensive for organizations not equipped with enough personnel in their SOC. Aside from that, I am quite fond of Darktrace.

View full review »

The solution's user interface and stability could be improved.

View full review »

Darktrace is quite expensive, which can be a significant factor for organizations with budget constraints. The pricing needs improvement. 

View full review »

We need more integrations with other customers and other platforms. For example, we need integrations with the major players. We'd like to see them integrate with Sophos and integrate with other vendors.

The pricing is a bit high for the region. 

View full review »

Pricing could be cheaper.

View full review »

Darktrace could improve by being more user-friendly.

View full review »

The management user interface needs improvement. More insights are necessary, and deeper technical experience and knowledge are required to pinpoint actions, breaches, or behavior.

View full review »

Darktrace is a closed technology, meaning we know very little about how it works, including the architecture, which is significant. As a result, when we implement the system and find we're getting many false positives, we have minimal insight into why it's happening and what we can do to fix it. We don't know how the solution is configured, the criteria for threats to be determined, or the product's inner workings. We understand that they have to ensure privacy and their copyright, but we want to see some documentation or public research into the security Darktrace provides.

A relatively new module called Darktrace PREVENT provides digital protection to the company from the internet. However, the protection doesn't extend to the dark web, which limits its depth. PREVENT also offers phishing awareness training in the form of dummy attacks and some penetration testing, but it is very limited from my point of view.

The AI and Darktrace breach model must be enhanced to minimize false positives, as they can give our customers a negative impression of the solution. Some of them come to us and say they aren't getting what they expect from it, especially after a significant investment.

View full review »

We didn't really notice any downsides to the product. We were very impressed with it. It was a matter of timing and cost. Upper management wasn't sold on the value proposition.

View full review »

I was under impression that Darktrace's automatic blocking would be an out-of-the-box feature, but we had to integrate it with our firewall to get it to block automatically. The salesperson should be upfront and explain that you need to integrate it with your network. I would also like to see more reporting on risk. Banks in my region want to see at a glance the risk level of various assets.

View full review »

Although we haven't detected any network threats since implementing Darktrace, we are unsure of its efficacy. It would be beneficial if the solution could offer additional details to the user regarding any potential or prevented threats. Additionally, there could be better search tools and integration.

View full review »

I did not use the AI features because they should make it more user-friendly which would be a benefit. Additionally, the solution could integrate with more SIEM or SOAR tools.

View full review »

We need them to ensure they will detect new attacks and pick up anomalies.

We, of course, would love more threat intelligence, and more integration with vulnerability scanners. We'd like threat hunting, and we'd like to see a global solution that can automate vulnerability scans. I know it is something they are working on. 

They're working in different modules that could be related to threat intelligence and to the tech vulnerabilities or functionalities related to EDR.

View full review »

The Darktrace Mobile app needs improvement as it's currently limited in functionality, and the learning AI takes a while to adapt to new devices, flagging new users as threats for up to a month before recognizing them as regular network users.

View full review »

The main portal needs improvement as it is difficult to use. But it's straightforward to follow compared to other VPN portals, for example, Azure. You don't have to bug the customer support team quite often.

They can add the EDR and follow-up options in the next release. For instance, if something happens, we get a notification. If a follow-up option is available, we can create a case and then understand how to record the evidence.

View full review »

I don't have any specific issues with the solution. We are still in the early phase of analyzing the product.

The cost is a bit on the higher side. We'd like it to be less expensive. 

View full review »

Darkforce could be improved in the range of the interface; how to interact with the actions it's taking or not taking.

View full review »

The initial setup is a bit complex. 

It's quite a good product. However, I'd love them to see maybe covering the cloud a bit more. We'd like a cloud version. For example, FortiGate firewalls now have virtual firewalls that you can just install, as well as the cloud. They can drive it with Microsoft, and Microsoft can maybe provide technology that would allow Darktrace to work seamlessly in the cloud. 

View full review »

The solution can improve the reporting. Currently, it only runs weekly and the reporting is complex. It is more of a network monitoring system, basically AI.

View full review »

The initial setup is more complex and time-consuming than some solutions.

View full review »

Darktrace could expand into EDR (endpoint detection and response) and combine it with its network detection. They could thereby have a more holistic knowledge of the system through network information or through visibility into the operating system of the endpoints.

View full review »

The only problem with these kinds of demos is that unless something actually goes wrong or you have something in the data center already; you don't see any difference. However, no news is good news.

The price point for the product was too high for what our possible use case could be. The demo might have gone more favorably in their direction if something had actually occurred during the demo. However, nothing did, and management decided that it was not worth the very high price.

The interface didn't really give you a whole bunch of insight into actually what was going on.

They did have some AI that they claimed could tell if traffic was malicious or what the intent of the traffic was. We never got to see that actually do anything. They identified some traffic. They said it was malicious. However, it turns out it was a known traffic that we had occurring, and it wasn't malicious. So there were a few missteps that way.

The UI is too dark.

We ultimately didn't find any value in the product.

View full review »

It takes time to go through the interface and pick up things. If it were a more straightforward interface, then it would free up time.

View full review »

It's good as a solution, however, for me, it's quite complicated. They've got a lot of features there. You need a lot of time to learn it.

It's quite expensive to have.

View full review »

The licensing model has room for improvement. The license by IP rather than node or device, even if it's a single Mac address. If I have three people who are constantly in three different locations, they want to charge you three licenses. My only criticism of the product is that its licensing model isn't flexible.

I would like to see a Darktrace EDR client, a true EDR client that integrates into it, and not a third-party EDR.

View full review »

They just need to work on their price. In terms of features, we are trying to understand all the features that we have. We're still exploring everything that we have so that we can fully utilize it. At this point in time, it is not about the features. It is more about utilization. We're just trying to utilize everything to full capacity.

View full review »

They just need to make it a little bit more accurate as far as their alerts are concerned. It does generate some false positives that you have to tune. You have to do a lot of tuning when you first get it because of the false positives, but once it is all tuned up and ready to go, it will do its thing from there. 

View full review »

In an upcoming release, there could be more customizable playbooks or a library of playbooks to choose from. Since it is collecting all scenarios that might happen from any threat, new playbooks may be discovered and customers will have the privilege to use them in their environment. Other than that, Darktrace is leading in every aspect.

View full review »

The solution could be easier to use.

The user interface is a bit too detailed. They should work to pare it down and simplify it. They seemed to have designed it for an expert user and not a layman. If there are some system administrators who are not experts and they just want to just get sensors reports and escalate, it should be easier for them to do so.

View full review »

The product is expensive, but it is a very good product. The user interface is also good.

View full review »

One thing I would like is for Darktrace to flag SMB traffic more accurately. Currently, it only flags that SMB traffic has occurred, but it doesn't specify which file was being transferred. This makes it difficult to investigate incidents involving SMB traffic, as we don't have concrete evidence of what was being sent.

For example, if a user is sent an unauthorized file via SMB, Darktrace would only flag that SMB traffic occurred between the two users. It wouldn't be able to tell us which file was sent, so we would have to manually investigate the incident to determine what happened.

It would be helpful if Darktrace could flag the specific file that was being transferred in SMB traffic incidents. This would make it much easier to investigate these incidents and take appropriate action.

In future releases, I would like to see more playbooks.

View full review »

It should be easier to access the Darktrace portal and its documentation. Only the customer can access their portal and support. It could be cheaper. 

View full review »

There is a high ratio of false positive information. For example, AI capabilities can sometimes make it difficult to distinguish between a legitimate email and a phishing email. This is one of the features that need to be manually sorted out and aligned. We need to improve this feature by putting DNS into the micro.

View full review »

The level of tracking within the network from the transmission level up to the machine level can use improvement.

The solution works similarly to an intrusion prevention system at the network level. It would be a nice improvement to have an add-on that can act at the post level.

The cost of the solution can be reduced to make it more appealing to customers.

View full review »

Darktrace could improve its features, such as monitoring and detecting ransomware. 

View full review »

Sometimes the solution gives some false positives which could be improved. The dashboard and reporting for this solution could be improved as it is currently complex. The GUI for this solution could also be improved. 

View full review »

It can always improve here and there, however, in general, it's already quite complete. 

The solution could have better integration capabilities. There aren't so many third-party vendor platforms natively integrated with the platform. 

They need a better-automated response setup.

View full review »

The interface is too mathematical and it should be simplified. If you are a seasoned user then you would know where to go, but you have to learn it first. The terminologies being used are mostly numbers. In general, it could be more user-friendly. The GUI can be more simplified and the sections on the interface can be better organised. Usability and visibility of features can improve the skills of administrators and the product will be a preferred solution and ratings will increase.

View full review »

The module can improve so that every time it's more intelligent.

View full review »

This product needs more in terms of prevention. The detection capabilities work well but once a threat has been detected, Darktrace should work to prevent it from doing anything malicious.

Integration with SOAR systems may be helpful, depending on the SOAR.

View full review »

It's a very complex platform.

View full review »

Its documentation is not up to the mark. At times, I have a lot of trouble finding a solution. Even when I posted questions on the community chats, it took a lot of time for me to get answers. That's something that can be improved. Darktrace can focus on creating a more interactive community. If there are more people from Darktrace to focus on community chats, it would be better.

View full review »

One thing that I would like to look at going forward is to have a fully automated network infrastructure that is monitored automatically real-time, and that gives me this kind of capability where I would be able to look at my network at any given time and see the state of my network. With Darktrace, at the moment, I have to almost put in a date and tell them that want you to give me data from this date to this date. I don't want that. I want a fast solution in which it doesn't matter when I log into the application. Whenever I log in, I must be able to see my network and run a report. In other words, if I go in now and I say, "Give me a full report of what happened today, it must be able to give me that. It mustn't just be limited to a seven-day period, for argument's sake. It must be able to give me real-time and day-to-day tracking of what has happened within my network.

View full review »

In terms of improvements, fine-tuning is the area where we have to spend some time because it works on unsupervised machine learning. It would be good if they can improve their algorithm or technical functionality to reduce the fine-tuning effort. 

They can also come up with something at the endpoint level. So far, Darktrace has been a network detection response (NDR) solution. It does not offer much at the endpoint level or on user-client devices or servers. There should be more visibility at the endpoint level. It would be good to have the detection and response at the endpoint level by Darktrace.

It should also have integration with an agile environment so that we can have continuous development and continuous integration in the application development environment. This is currently not there. It should also have internet-facing platform visibility, which is currently missing. 

They also need to improve the reporting and management dashboards. Currently, these are not so easy for a non-technical person. All these features would make Darktrace much better, and they would also be helpful in selling more solutions.

View full review »

It's sometimes a challenge getting logs from different sources. I would probably want to see if there was a way to improve that, to enable gathering of more information.

View full review »

It can have more integration with orchestration or event management solutions. They can provide more knowledge or research information for analysts for investigating cases and detecting anomalies in networks. 

View full review »

It would be good if they can include some endpoint protection for remote workers. Nowadays, most people are working remotely. Therefore, they should include some type of sensors that can be installed on the endpoint in order to directly report the main usage and protect remotely. Phone protection will also be a great feature to add to Darktrace.

View full review »

I am just a manager and I do not really have a technical viewpoint. The tool really suits me perfectly for now for all my basic security needs and what I expect it to do. It does not need any major changes right now to do what I need it to do. It is not missing anything.  

If I am thinking about improvement, everything can be improved somewhat. Maybe the interface and dashboards could be better. I would be glad if they could make these easier from the point of view of management. It could save some time.  

The price is also a little high and could be more enticing.  

View full review »

The product is really excellent all around and I can not fault it. The only thing that I can think of that would improve it would be if they had a better visualization and a reporting portal.  

What I mean by better visualization is it could help map our services and endpoints in a better way. At the moment it is fairly complex in the way that it represents our network devices. It would help if there was in a slightly more logical way of visualizing the assets as opposed to the way it is currently being done.  

We are talking to Dartrace at the moment about putting in a reporting portal so we can have technical reports separate from management reports. Some of our management gets information in reports that they do not need to see. When they see it they will not understand what it means. Targeting — or customizing — the reports that we make can allow us to have the content fit what the recipient needs to see without distracting extras.  

Apart from those potential additions, this product is absolutely excellent. It has given us everything we have wanted. Darktrace, as a company, has been really good. Our account manager is totally responsive. The support teams have been really conscientious.  

Fingers crossed. So far Darktrace has proven to be a great asset.  

View full review »

The product is automated to a certain degree, but I think this could be improved. I'm looking for a way of being able to react to threats that are detected based on risk. Aside from that, there is nothing really that they could improve on, it's a product more suited to organizations with an SOC, security operations center, or a company with an IT team of network security members because it relies on constantly monitoring it to see information based on the risks of events.

In our case, we have a small IT team, which means that a large amount of time would have been spent drilling into it. If something did happen on the network, we'd ideally be responding to it reactively instead of proactively. Some of the other products we tested did that so that if something was detected, it would block that device by means of an endpoint, which halts the process and gives you time to check it out. Darktrace would tell you, for example, if there was a ransomware attack, but it wouldn't stop the attack. Other products would identify it as a ransomware attack and stop the network card on the endpoint, giving time to react to the alert, and proceed to cleanse or investigate the machine that's had a problem. That was our issue with Darktrace.

The only reason that it looks like we are going down a different route is because of the endpoint protection issue. The product doesn't have an endpoint agent that can react to outcomes or triggers that are set on the device, otherwise, it would be great. 

View full review »

Darktrace needs to simplify most of the positive reports. We have to field all the positive reports, false positives, too. Sometimes we need to check false positives manually. We have to filter false positives. After that, we configure it again. Then, we want to analyze these false positives. That's the main thing. If we are assessing features, this should be easier to handle.

Darktrace needs to automate the reports of false positives, botnets, and everything.

So far, I think the solution is good. Not excellent, good.

View full review »

The products is designed to monitor traffic sent and received via the corporate egress /network points.

I would be interested to see further integration or development of a capability to obtain visibility of mobile devices such as Laptops and Mobiles, which operate outside of the network and may communicate specifically when off the corporate network.  

View full review »

I would like to see a feature where the tool ingests information from an anti-malware product that is present at the endpoint. 

View full review »

I think Darktrace needs to improve its collaboration with local partners. That would include training and improving the technical skills of vendors. Desktop and mobile device protection could also be improved. 

View full review »

There are numerous false positives.

Darktrace requires numerous configurations. It would be beneficial if the configuration could be made simpler.

View full review »

There are some automation capabilities, however, they could be presented better.

The manual is difficult to follow. While it presents some use cases, it's not very clear. There may also be some language barriers, as it's not available in my language.

Some aspects of the initial setup are complex. 

It would be useful if there was a way to check to see if there are certain devices that are not in sync with the solution. I'm not sure if this is an option or not. 

The cost of the solution is quite high.

I'm very interested in ISO 27001 and these processes. I'd like to better understand how it supports this kind of workflow.

View full review »

Firstly, the integration should be improved. 

In terms of what additional features I would like included in the next release of Darktrace, I would like to see more protection in the endpoint. Especially because we have a lot of people using VPNs. If they would improve end point security, it would give more control there.

View full review »

Its threat analyzer could be better. It should also have agents. They should improve this product by installing agents for the machine to get more visibility. Currently, they are monitoring only the network. They should also monitor the agents from inside.

It should also have a better pricing plan because it is an expensive product.

View full review »

The user interface and the configuration are a bit complex and should be improved or simplified. 

It's user-friendly, but it could be easier.

The pricing could be better and the scalability should be simplified for the customers.

The integration could be better, as it's not that interactive. They could make it more interactive for the customer's daily use.

View full review »

The need to simplify the analysis from a user perspective. In a few cases, you have to be a specialist in order to understand what's happening. It would be helpful if they could recognize incidents and simplify the customer's challenge to identify what is happening.

View full review »

The solution would benefit from automation. Currently, you have to know what you are searching for.

View full review »

This is quite an expensive product so the pricing is something that can be improved.

View full review »

It is hard to really address what needs to be improved in the respect that it does everything I would expect of a superior solution. It is simple enough to use because the interface is quite simple, the setup is quick and painless — in only an hour the product is installed. Users can train on the system in less than three hours. When the configuration is complete they will already know what to do and they can just go on and use the product.

I think that the price is quite good compared to other, similar products. They already have a plugin that you can use to set up integration with virtually any other product. 

Maybe it could come with a few more built-in integrations, such as adding ServiceNow. They already have built-in integration with Antigena Cyber AI Response Modules for the clouds and for the network (AWS & Azure), and they did Office 365 (email), and SaaS applications as well.

I guess a few more options and opportunities like this built-in would be nice. It is not a big thing.

View full review »

Darktrace does not have any capabilities to configure. So I would like to see supervised machines and capabilities in the next version.

View full review »

The pricing is based on the number of endpoints, so the program is rather expensive. I would like to see something that will fit my clients' budget. That is something they can work on to improve.

Secondly, I would like to see my entire network, structurally and architecturally, on a single screen or in one single dashboard. Right now you have to keep going through different clippings to see everything.

View full review »

Block attack capabilities or integration with other SIEM solutions such as IBM QRadar.             

View full review »

I would like to see some additional enhancements and the price adjusted because it is expensive.

View full review »

I don't have any thoughts on where there might be a need for improvement. 

In the next version, I'd like to see penetration testing. They already have that coming up, so it'll be good to see that.

View full review »

It is expensive, but everything else has been great so far. It is fine for now for what we need it to do.

View full review »

I think there is some MSSP missing. The market as a whole needs to enhance this area. Some additional integration would be helpful. They need to focus on having additional tools based on how competitive the market currently is.

View full review »