Darktrace Valuable Features
AM
Anil M
Technical Consultant - Unix Platform Services at BITS AND BYTE IT CONSULTING PVT LTD
The features I find most effective in Darktrace include anomaly detection. The machine learning model provides accurate alerts after the learning period of 1 or 2 weeks, especially for network anomalies or something that the user is trying to access, which can include trying to visit unknown sites or botnets, and those things get detected and represented in a very good dashboard.
Darktrace positively impacts my organization by enhancing threat hunting, particularly in east-west traffic within the same subnet. Previously, we only used traditional firewalls that cannot catch this lateral traffic. After deploying Darktrace, we gain insights into machine-to-machine communication, which adds more value to the organization and is especially beneficial for the SOC team.
View full review »
The functions I find most valuable in Darktrace are the AI analyst as well as the detection.The autonomous response capabilities of Darktrace are not crucial for me because it doesn't work in a network where there are no core switches. In a modern network, the autonomous response doesn't work, especially when sitting in a shared data center.If I'm running a traditional network where I am not in a shared data center with a layer two dedicated for my resources, then it can work for me. However, if I am in a data center where I don't have layer two, it becomes an issue because the autonomous response is reliant on sending spoofed TCP resets to my core switch to block traffic, which is a major issue.
View full review »
The most valuable feature of Darktrace is its ability to detect and counter threats before they occur. The autonomous response capability is always enabled, blocking threats immediately without hesitation.
Additionally, the Darktrace email platform is a significant asset since it addresses incoming threats before they reach the network, enhancing our security measures.
Protecting the business is essential, and ensuring security through 24/7 AI monitoring is invaluable.
View full review »Buyer's Guide
Darktrace
June 2025

Learn what your peers think about Darktrace. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
860,168 professionals have used our research since 2012.
The most beneficial feature in Darktrace is identifying phishing emails with the help of the AI engine and machine learning. In case it does not identify something, we can automatically make Darktrace learn from selections and other functionalities.
Regarding the ROI, we have experienced a significant reduction in phishing emails and have utilized our time efficiently, resulting in approximately 70% ROI.
View full review »CM
ChristopherMangava
Group Cybersecurity Administrator at Tharisa
The autonomous mode, which is the Antigena AI response, is particularly valuable. It is capable of responding to lateral movement and ransomware deployment within environments where there is data exfiltration. For example, if more than 2.5 gigabytes of data have been pulled in a few minutes, it engages by blocking for one-hour intervals, alerts, and extends the block until it goes into full isolation if the violation continues.
View full review »
MA
Magdy Ali
Network & Security Section Head/Digital Transformation at City Edge
Darktrace is valuable since it offers full packet capture and detailed metadata. This feature sets it apart from competitors, which often provide limited metadata visibility.
Additionally, the interaction with the technical team is seamless, and communication with the account manager is flexible and easy.
View full review »MP
Manjunath_P
CISO at Interplex Electronics Malaysia Sdn. Bhd.
It has a strong emphasis on machine learning (ML). In addition, they are pioneers in introducing artificial intelligence in these modules.
The detection models keep changing based on emerging threats discovered in the outside threat landscape. That is really valuable to organizations like us, small and medium-sized companies. It is also beneficial for enterprise customers when it comes to understanding the threat landscape. They design the detection models based on that.
The autonomous response is also highly designed in Darktrace. Moreover, it's not only monitored by us; their backend team also keeps on understanding that our monitoring is always on. If any sensor is down, they immediately notify us. A few of the sensors are not in contact, make it fix it to get continuous support.
View full review »ZS
Zia Syed
Systems Specialist/ Administrator at ALFA International Company Limited.
The most valuable features are the AI and advanced learning tools that distinguish it from other products.
View full review »
The AI analysis and AI investigation features are incredibly effective. I do not need to manually process incidents as Darktrace provides an incident summary, potential detection paths, and other details, all exportable with just a click. The tool is very powerful and saves a lot of time. The autonomous response technology eliminates the need for human intervention by automatically handling incidents even during off hours.
View full review »
The features that are most valuable to me include detection, response with analytics, and network detection. These features are particularly effective because they provide comprehensive security analytics. Additionally, the analytics aspect is highly appreciated for its effectiveness.
I do not use the automation response since I have another product handling automation. Furthermore, I believe that the reporting needs enhancement for better performance.
View full review »Darktrace provides extensive information on data exfiltration, though it isn't a competent DLP tool. It can identify when a device uploads data outside the network, offering an initial alert on potential exfiltration. This feature helps us understand network activity and user behavior. We expected it to provide risk profiles and generate a heat map of users based on their activities.
They have a tool called Antigena for automated responses, but we limit its use to very specific actions, primarily during off-hours when the team isn't available.
View full review »The most valuable feature is the endpoint protection. The autonomous response capabilities are also highly regarded by the market.
View full review »Darktrace's most valuable features are its dashboards and its ability to summarize huge amounts of information about threats and suspicious traffic. The solution summarizes suspicious traffic in all our networks, allowing us to focus our efforts on the most vulnerable points in our network.
View full review »The product's most valuable features are the response module and email protection.
View full review »The autonomous response is great. It blocks basically everything that is outside the normal, and what's happening 24/7. When we don't have anybody looking, it's great. The visibility that it gives you into any incident is great. You can see everything. I would say these two are the biggest aspects we really appreciate.
It is easy to set everything up.
The solution is stable.
Users can scale the product.
Technical support is helpful and responsive.
View full review »Darktrace learns patterns and can identify malicious behavior based on that learning. It learns what tasks users perform, what data they access, and similar activities. Unlike an EDR, which uses patterns and signatures to identify existing threats, Darktrace uses AI to learn and recognize patterns. This provides a different approach to monitoring and detecting anomalies.
View full review »The most valuable features of Darktrace are its full capabilities. You have visibility of everything.
View full review »MP
Marc Perik
Manager, Information Technology at Coulisse BV
NTG is now autonomous response.
View full review »The solution is outstanding from a monitoring perspective.
All of the features are valuable and provide excellent capability in the field.
View full review »We liked their approach to identifying intrusions or network anomalies using AI.
We liked their interface and the graphics that they deployed to present the information. It was really good, and we were happy with the overall quality of the product, which was very, very robust.
The implementation was easy.
View full review »Darktrace blocks any new scanning tools that are detected on your system.
View full review »The most valuable feature of Darktrace is the AI that detects abnormal network activity.
View full review »Darktrace's most valuable features are that it understands the network environment and is able to trace the traffic and alert on anomalies.
View full review »The most valuable aspect of the product would be that it's a product that is quite easy to integrate. It's quite easy to start working with it, which is working well. The concept of artificial intelligence that is behind the solution is the most interesting feature for us.
The sense of detection and monitoring and topics within security is good.
It was easy to set up the product.
We have found the product to be stable and issue-free.
It is scalable.
View full review »The investigative part of Darktrace is valuable, especially the automation features. It allows setting up checks and provides guidance on mitigating situations, which is very useful. There are different modules that you can add to the console for protection.
View full review »The network monitoring and the email monitoring features are very valuable for us.
View full review »BS
Benison Shroffe
Assistant Manager - Network & Security at a financial services firm with 5,001-10,000 employees
We had an okay experience with the product and didn't really have any issues.
The Antigena feature is very useful.
It is stable.
The product can scale.
Support so far has been helpful and responsive.
View full review »The most valuable Darktrace feature is the cloud protection for all the cloud services, OneDrive, and all the things related to that.
View full review »Antigena is the most valuable due to the reduction in terms of the mean time to respond.
The solution can scale.
It's reliable and stable.
Technical support is great.
The pricing is good.
View full review »The most valuable feature is that it works autonomously. So you only need to look at the exceptions.
View full review »Darktrace is a good product, although it depends on how much time you put into it.
The models, triggers, and alerts are customizable.
View full review »A very useful feature in Darktrace for real-time threat analysis is the packet inspection that analyzes the packet traffic in real time. Data acquisition is the source rather than tapping the data downstream after some processing.
View full review »CD
Christopher Dent
Network Administrator at a healthcare company with 501-1,000 employees
It has a very detailed interface - almost too detailed. It was pretty as far as the granularity of what you were getting out of it.
The solution is very detailed. It has lots of fancy graphics that don't necessarily lead to a good outcome regarding knowing what's going on.
JC
Jan Christiaan
Network Security Engineer at Social Security Commission
I have found the automation and AI features to be valuable. If someone were to come in to the office at midnight and log in, Darktrace would flag it.
View full review »WT
Wong Soon Tai
IT Manager at SJ Securities Sdn Bhd
We are able to detect a lot of things, actually, and see what is happening in our network.
It offers good protection.
The deployment is quick.
View full review »The active threat dashboard is the most valuable feature of this solution.
View full review »The ability to see what we have not seen before is most valuable. It is very interesting to find out the most vulnerable devices in our network.
With Antigena Email, you know from where most of your spam is coming and which country is spamming you a lot.
View full review »The Antigena feature is most valuable. Once it learns your environment, Antigena can step in and block a denial of service attack, a ransomware attack, or just about anything that doesn't belong in the environment. It can detect any type of attack that hits the environment because it understands what normal looks like for the network. It is very useful for an autonomous response.
IA
Imad Awwad
Group IT Manager at a manufacturing company with 1,001-5,000 employees
I have found the most valuable features to be artificial intelligence for cybersecurity, advanced machine learning capabilities, enterprise Immune System, Antigena Network, and Antigena Email. The way the solution detects the threat over the network before it spreads is very good. It notifies you of what the threat is exactly doing and gives you all the details about the execution of that application that had created the threat over your network.
There is an included library of threat detections, not only locally, but threats being experienced all around the world. It is similar to a database of all the threats and what is done by cybersecurity administrators across the internet. By collecting events and information all around the world makes Darktrace more proactive in dealing with threat notifications and cybersecurity detection. The service is very comprehensive and can cover all security areas.
It has simple tracking capabilities and a graphical interface that can assist you with coding, you do not need to be a guru. The dashboards are user-friendly and you do not need an application to access your work, it is all done through any browser. Additionally, there is a mobile application that is one of the best features because you can see any threats from your phone. There is a playbook that can give you instructions. For example, if you see your network servers are being injected by ransomware you can stop the session and be notified of which person on what computer triggered the threat.
The solution is very professional. Everybody would like to have an application on their phone to be more proactive about security anywhere and this solution delivers.
View full review »CM
Cliff Matonda
System Administrator at Finlays
The ability to detect activity on the network is very useful to us. Even if it's not necessarily an illegal activity, if it is abnormal activity, it is able to detect it and notify us.
The solution is stable.
The product scales well within a network.
The initial setup is pretty simple.
The solution isn't too expensive.
View full review »DB
Darryn Black
Manager, Information Security at a manufacturing company with 1,001-5,000 employees
The network security and AR response are the main things.
One of the most valuable features is Behavior analytics.
View full review »I like the dashboards, which are cool. They are more user-friendly, in my experience. Its learning capabilities are really good.
View full review »The AI-based pattern is the most valuable feature. The AI monitors users' patterns in how they draft and send emails, so if there is a change in the pattern the email is flagged.
View full review »The most valuable feature is the solution's ability to trim out the false positives and point your attention to the real important stuff.
View full review »The most valuable features of Darktrace are the tracing of unusual external emails and monitoring the local network.
View full review »AA
AsankaAbeyrathne
Head of Security at DFCC
The most valuable feature has been the behavioral analytics that allows us to monitor all the traffic.
MM
MatteoMazzei
Security Manager at Yarix S.r.l.
The Enterprise Immune System, Cyber Artificial Intelligence Analyst, and Antigena technology are all very useful aspects of the product.
The solution is quite stable.
The scalability is great.
The initial setup is simple.
View full review »JC
Jan Christiaan
Network Security Engineer at Social Security Commission
I like the Antigena feature in Darktrace, as it offers immediate response and is helpful.
This product collects more data than your traditional type of software, which is useful for us.
Darktrace picks up anomalies as soon as they arise.
View full review »The most valuable feature of Darktrace and the most valuable feature is the artificial intelligence module because that is the tool that determines automatically if there is any risk or not in the network.
You don't need a human operator to be involved. The tool can operate by itself... By itself. That's the best and the most important feature because that reduces the amount of time that a person needs to spend on the tool.
The solution is powerful and very useful, it has the ability to avert many attacks.
The tool does almost 95 percent of the work and you only need to run some features to obtain reports.
View full review »The most valuable feature is that it gives us visibility of rogue traffic that is on the network.
The detection capabilities are good.
GR
Gian Michele Roletto
SOC Manager at Nais Srl
It is a very good platform for understanding what is going on in your network or in your environment because it checks all the activities. This is the same when I use activities on the device, server, network, and web, it checks it all.
The platform has many modules, and each module examines a different situation in the behavior.
View full review »I have used multiple solutions, but its graphical user interface is quite interesting and quite descriptive. There are a lot of video animations, and we can easily see how the data is transferred between various points. That's something really interesting. It is also quite easy to understand for a new user.
View full review »NW
Nathan Williams
Chief Operations & Information Officer at MineWorkers Provident Fund
I particularly like Antigena and the analytics around the real-time monitoring of our network. I also like its reporting because it has got a seven-day reporting period within the system. Every time you run the reports, it gives you the data about the previous seven days. I like that because it is in real-time. I enjoy reading those reports and getting a very clear and decisive idea of what's happening on my network on a real-time basis. I like the actual real-time monitoring of spoofing and things like that. I also like the user monitoring as well as the network logging capabilities.
View full review »In terms of features, the data or information they collect and unsupervised machine learning are very valuable. Its unsupervised machine learning has reduced our team's effort. Both Darktrace and Vectra work on unsupervised machine learning that learns the behavior or develops a profile on its own, which allows our security team to do some other tasks rather than spending time on Darktrace or Vectra.
Because of unsupervised machine learning, its detection capability is quite good. Along with that, if we utilize the integration feature properly, the automated incident response capability of Darktrace is quite useful.
View full review »AW
Andre Walke
Project Co-Ordinator at Ministry of Innovation, Science and Smart Technology
The primary feature we are using is the artificial intelligence and machine learning functionality for reviewing and predicting network traffic and network attacks. Although we're not yet fully using the product, I like the Antigena feature which is their proactive or reactive feature, depending on the deployed antivirus center. Darktrace is for people who understand network security very well, and who have probably been in that scene for quite some time. If you're inclined towards mathematical machine learning, artificial intelligence, and to some degree, data science, this is definitely a tool for you.
View full review »JV
Juan Salvador Vial
Cybersecurity Architecture Manager at Banco de Chile
It is a stable solution.
View full review »VI
Victor Ibanez
Director Comercial México at Aubay
It is very easy to work with Darktrace once you know how it works and the type of permissions that you need to get related to the security over a network. The interface is awesome. I'm sure that you have seen Ironman, and you know Jarvis, the computer of Tony Stark. The interface of Darktrace is very similar, and you can see in 3D, like a hologram, the whole network, traffic, and all the traces inside the network. The interface is awesome, and it provides a lot of information. At least for us, it is very easy to handle this interface, get the reports, and do the interpretation of those reports.
Darktrace also provides mobile monitoring. With an app on your mobile phone, you can view the information live, which is very useful for area directors and field engineers. Darktrace can be also correlated with any type of big data solution, such as Splunk.
OA
Otniel Agostinho
CTO at CyberSecur, Lda
The most valuable feature in Darktrace is that it gives me a comprehensive, detailed view of my network and whatever is happening inside it. It is a very good tool for me that helps me to remain aware of security vulnerabilities. I know what is happening on my network in real-time and it responds quickly. It is really very useful.
View full review »One of the things I like most about Darktrace is the fact that it has AI analytics built into it. That merger allows us to have a look at the way that things are working within our company. The fact that it is self-learning is a benefit that has given me 100% visibility across the cloud, my SaaS (Software as a Service) providers, my Office 365 services, within my data center, and also on-premises.
We are also working with Darktrace on their alpha and beta testing for endpoint security. That is a model that we are thinking about incorporating later.
Another thing I really like is that it is a very simple product to use. It is very logical and it works beautifully.
View full review »The Ability to drill right down into an event that has been identified as something of interest so that you can be assured if it is a valid event and therefore not suffer from loads of false positives. Once that initial assurance and confidence was there, you could easily rely on the dashboard and minimise the risk of constantly drilling into each and every event but pick the ones with most risk.
AA
AsankaAbeyrathne
Head of Security at DFCC
Its most valuable feature is its ability to identify malicious connected IPs from outside and the attacks that get through to the inside.
View full review »TG
Tom Gamali
Group CISO/CTO at Gulf Based Private Conglermate
The most valuable feature is the alerts. The alerts are meaningful. The event rolls up into meaningful and actionable alerts rather than just being noise.
View full review »IG
Irwin Gibson
Chief ICT Officer at Barbados Public Workers Cooperative Credit Union Ltd
I am impressed with the product's ability to give insights into network traffic.
View full review »Darktrace can observe networks and respond to those observations. It provides great network protection, is innovative and flexible.
View full review »Darktrace is a very good solution.
Darktrace is very useful for us because it has a large number of models for detecting threats.
View full review »Overall, I like the system. The product offers us a very good user interface and we've found the network visibility to be very good so far. The solution has one window and shows all networks.
The solution comes in multiple languages, including English and Arab options.
The solution is stable.
We've found that technical support is helpful and available to assist us if we need them.
View full review »Darktrace is very flexible.
View full review »GS
Gerald Segura
Seguridad de la Información at Banco Davivienda (Costa Rica) S.A.
The main valuable feature is that we don't need a lot of analysts. With few analysts, we have all the network monitored, 24/7.
View full review »It is very stable and easy to use.
View full review »The most valuable feature of this solution is that it does not require human intervention to eliminate a threat. It blocks everything automatically.
View full review »GP
Guido Pellillo
Head of Cybersecurity Business Unit at S2E
I find it very good in the way that they show the past events, including the attack history. You are able to visualize all of the attack paths and connectivity to see what's happened.
The GUI interface is very good.
They are using the best machine learning and AI at the moment.
View full review »PP
Philippe Panardie
RSSI at SDIS49
The most valuable aspect of the solution is that you can see all the process mistakes. You can see all the different types of unusualcsituations that you usually don't see in a traffic solution.
View full review »Once installed, it starts picking up and learning the network very well because it's got a powerful AI integrated into it.
The user interface is very intuitive.
The Dynamic Threat Dashboard is very nice, as it lists all of your threats and rates them, and then you can choose whether to investigate further.
This solution has some good features for customization in terms of how you're tagging your network, which basically makes it easier to identify what is actually happening. You can see where the traffic is going, where it is coming from, and that sort of thing.
Darktrace has quite a few inbuilt features such as its own packet analysis module, which is an offshoot of Wireshark.
This solution has some powerful APIs, although we do not use that functionality at the moment.
View full review »OO
OseremeOsobase
Director at Baverianvine
The most valuable part of the product is the whole package. The features included in the Enterprise Immune System are complete and effective. Its detection engine is ridiculously good.
View full review »What I like about Darktrace is that you can quickly identify threats. I did a trial where I injected a small malware to see how long it takes for the program to identify it and to see that there is an anomaly. The response was good and it took the program less than a minute to detect it. The fast response time is definitely a plus.
View full review »DT console and alerting system allow getting detailed information about the behavior of users and malicious external or internal threats.
View full review »I find the complete portfolio to be excellent.
View full review »SR
ShabeerRamsingh
Head of Strategic Business Development at Grove
The cyber AI analyst, antigena, and threat visualizer are the most valuable aspects of the solution.
The setup is very simple.
It's a very stable product.
Users can expand it as needed.
View full review »It is autonomous. So, it learns. It uses algorithms and AI to learn the common behavioral patterns on the network, and it is able to identify threats based on abnormal patterns.
The NDR is good in their solution and they have NTG for email. They have multiple solutions, but for me, I was focusing on one solution, in the NDR section.
View full review »Buyer's Guide
Darktrace
June 2025

Learn what your peers think about Darktrace. Get advice and tips from experienced pros sharing their opinions. Updated: June 2025.
860,168 professionals have used our research since 2012.