IT Central Station is now PeerSpot: Here's why

Darktrace OverviewUNIXBusinessApplication

Darktrace is #1 ranked solution in top Intrusion Detection and Prevention Software, Network Traffic Analysis tools, and top Network Detection and Response (NDR) tools. PeerSpot users give Darktrace an average rating of 8.4 out of 10. Darktrace is most commonly compared to CrowdStrike Falcon: Darktrace vs CrowdStrike Falcon. Darktrace is popular among the large enterprise segment, accounting for 53% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a comms service provider, accounting for 23% of all views.
Darktrace Buyer's Guide

Download the Darktrace Buyer's Guide including reviews and more. Updated: August 2022

What is Darktrace?

Darktrace is a world leader in Autonomous Cyber AI and offers several different desirable tools available to provide a wide array of outstanding support and superior threat security. Darktrace works with many different popular solutions, such as Microsoft 365, Azure, AWS, and many more.

Darktrace offers many different products to keep every type of business enterprise safe.

Darktrace’s Enterprise Immune System is uniquely designed to learn the status quo of your operating system and is thereby quickly able to discover any anomalies, abusive behavior, and potential cyber threats and stop them immediately before there is any threat to your organization. With Darktrace’s Enterprise Immune System, you have complete transparency across your entire operational system. Darktrace utilizes intuitive self-learning to discover potential new known attacks externally and also locate any internal threats. Darktrace is intuitively self-adapting and will quickly learn the best way to keep your critical systems safe at all times, even as your business changes and grows.

Darktrace offers an Industrial Immune System, which is specifically designed to understand the unique technologies of industrial systems and aggressively protect the integrity and durability of those ecosystems. You will get full transparency of OT, IT, and industrial IoT.

Darktrace Antigena combines the best of the Autonomous Response technology to keep your enterprise ecosystems safe at all times. Darktrace Antigena has the decision-making ability to easily identify suspicious behavior and can stop in-progress threats such as cyber-attacks, ransomware, and threats to your cloud or proprietary infrastructure. Darktrace Antigena will provide protection to keep your systems safe and avoid any downtime or negative impact on your organization's productivity.

Darktrace Cyber AI Analyst works as an investigative solution that instantly rates, interprets, and reports on the entire range of potential security threats. Darktrace Cyber AI Analyst uses an intuitive analysis process to investigate 100% of all potential threats. Each and every threat is rated and a response plan is created to direct your teams on the best possible course of action needed to immediately resolve the issue. Darktrace AI Analyst also handles Zero-day malware and ransomware. The automated threat investigation can work faster to develop a plan, follow issues, and investigate than any human component. Darktrace AI will save time and money by adding an additional supplemental layer of security to your organization.

Darktrace provides outstanding enterprise-wide cyber defense to more than 5,500 organizations worldwide that rely on Darktrace daily to keep their business ecosystems running at maximum efficiency and productivity without any unplanned downtime within the overall business operation. Darktrace has a super-fast, machine-speed defense supported by the unique Autonomous Response that can take some of the pressure off of your security team and at the same time mount an aggressive fightback continuing to develop a safer defense every day.

Reviews from Real Users

Imad A., Group IT Manager at a manufacturing company, says, “"I have found the most valuable features to be artificial intelligence for cybersecurity, advanced machine learning capabilities, enterprise Immune System, Antigena Network, and Antigena Email. The way the solution detects the threat over the network before it spreads is very good. It notifies you of what the threat is exactly doing and gives you all the details about the execution of that application that had created the threat over your network."

A Security Engineer at a real estate/law firm states, "The Antigena feature is most valuable. Once it learns your environment, Antigena can step in and block a denial of service attack, a ransomware attack, or just about anything that doesn't belong in the environment. It can detect any type of attack that hits the environment because it understands what normal looks like for the network. It is very useful for an autonomous response."







Darktrace Customers

Irwin Mitchell, Open Energi, Wellcome Trust, FirstGroup plc, Virgin Trains, Drax, QUI! Group, DNK, CreaCard, Macrosynergy, Sisley, William Hill plc, Toyota Canada, Royal British Legion, Vitol

Darktrace Video

Archived Darktrace Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
ciso at SDIS49
Real User
Top 5Leaderboard
A clever solution that spots problems that cannot be found by other solutions but it would benefit from having automation
Pros and Cons
  • "The solution is stable. We've never had any problems with it."
  • "The solution would benefit from automation. Currently, you have to know what you are searching for."

What is our primary use case?

Primarily we use the solution to spot problems that cannot be found by other solutions. 

How has it helped my organization?

Darktrace has improved our knowledge of abnormal phenomenen which could have potentially be hazardous for the organization.You have to be vigilant with GDPR compliance rules in Europe 

What is most valuable?

The most valuable aspect of the solution is that you can see all the process mistakes. You can see all the different types of unusualcsituations that you usually don't see in a traffic solution.

What needs improvement?

The solution would benefit from automation. Currently, you have to know what you are searching for.

Buyer's Guide
Darktrace
August 2022
Learn what your peers think about Darktrace. Get advice and tips from experienced pros sharing their opinions. Updated: August 2022.
621,593 professionals have used our research since 2012.

For how long have I used the solution?

I've been using the solution for one month.

What do I think about the stability of the solution?

The solution is stable. We've never had any problems with it.

What do I think about the scalability of the solution?

The solution is scalable. So far, we have 12 networks done. We have about 500 users on it currently.

How are customer service and support?

I haven't had too much interaction with technical support. Technical support was in France but the experts were in England. It's good generally, but we haven't used the solution for too long.

Which solution did I use previously and why did I switch?

We didn't previously use a different solution.

How was the initial setup?

When you have an expert, the initial setup is easy, but if you do it on your own, it could be complex. Deployment takes at least a month.

Which other solutions did I evaluate?

We didn't evaluate another solution. We met the solution's team in Cannes for an IT meeting and decided to pursue discussions with implementation.

What other advice do I have?

We use the on-premises deployment model.

It's a quite clever solution. It has a lot of potential, but I'd advise those considering to hold off implementing the solution until after a newer version is released.

I'd rate the solution seven out of ten. If they added automation and included it in the price, I'd rate it higher.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Data Security Manager at a sports company with 201-500 employees
Real User
Has the ability to see events and have access to exactly what traffic or website a device had tried connecting to
Pros and Cons
  • "Ability to see events and exactly what traffic or website the device had tried to connect to that raised the alert or issue."
  • "The product doesn't have an endpoint agent that can react to triggers set on the device,"

What is our primary use case?

I'm a customer data security manager and we are looking at replacing our current solution, McAfee, with something like Darktrace or CrowdStrike which will provide the same visibility with the endpoint protection aspect. 

What is most valuable?

The Ability to drill right down into an event that has been identified as something of interest so that you can be assured if it is a valid event and therefore not suffer from loads of false positives. Once that initial assurance and confidence was there, you could easily rely on the dashboard and minimise the risk of constantly drilling into each and every event but pick the ones with most risk.

What needs improvement?

The product is automated to a certain degree, but I think this could be improved. I'm looking for a way of being able to react to threats that are detected based on risk. Aside from that, there is nothing really that they could improve on, it's a product more suited to organizations with an SOC, security operations center, or a company with an IT team of network security members because it relies on constantly monitoring it to see information based on the risks of events.

In our case, we have a small IT team, which means that a large amount of time would have been spent drilling into it. If something did happen on the network, we'd ideally be responding to it reactively instead of proactively. Some of the other products we tested did that so that if something was detected, it would block that device by means of an endpoint, which halts the process and gives you time to check it out. Darktrace would tell you, for example, if there was a ransomware attack, but it wouldn't stop the attack. Other products would identify it as a ransomware attack and stop the network card on the endpoint, giving time to react to the alert, and proceed to cleanse or investigate the machine that's had a problem. That was our issue with Darktrace.

The only reason that it looks like we are going down a different route is because of the endpoint protection issue. The product doesn't have an endpoint agent that can react to outcomes or triggers that are set on the device, otherwise, it would be great. 

For how long have I used the solution?

We tested the solution for one month. 

What do I think about the stability of the solution?

Stability is fine, we had no issues with it whatsoever. 

What do I think about the scalability of the solution?

We didn't need to scale the solution, but you could scale it without any issue. The only thing that I think you had to keep an eye on was network traffic through your switches because effectively, you're capturing all the traffic on your network on a port that goes to this device.

How are customer service and technical support?

The support was fantastic, really good. We were in touch with the guy who I believe was the accounts manager.

How was the initial setup?

Initial setup was easy. We just had to configure a switch port into what's called promiscuous mode and then plug in the device and give it an IP address and leave it. We deployed with our own technical team. It took a day to setup, maybe even less than that. Once installed they activated the license on it. We left it at baseline to look at the network for a week. It just looked at existing traffic and worked out what was typical traffic and what was interesting traffic.

What's my experience with pricing, setup cost, and licensing?

For out of the box it is licensed per device or node that it connects to. I think for services there were some additional licensing fees. 

Which other solutions did I evaluate?

We evaluated other options and Darktrace had really good dashboards and graphics, but other devices like CrowdStrike, for example, had the endpoint protection we're looking for as well as the features that Darktrace has. The difference is in functionality.

What other advice do I have?

I would suggest to anyone considering this option to identify if this is going to be a monitoring tool to supplement an existing system or if this is going to be another product in your existing security suite of tools.

I would rate this product an eight out of 10. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Darktrace
August 2022
Learn what your peers think about Darktrace. Get advice and tips from experienced pros sharing their opinions. Updated: August 2022.
621,593 professionals have used our research since 2012.
AsankaAbeyrathne - PeerSpot reviewer
Assistant Manager at a financial services firm with 201-500 employees
Real User
Strong cyber-security solution but it has too many false positives
Pros and Cons
  • "Its most valuable feature is its ability to identify malicious connected IPs from outside and the attacks that get through to the inside."
  • "Darktrace needs to automate the reports of false positives, botnets and everything."

What is our primary use case?

Generally, we use Darktrace for behavioral analytics. We use it in the inner-network and the outside network for malicious connectivity. Darktrace gives us support with networks. We follow all the notifications and sometimes we block malicious IPs from the firewall.

What is most valuable?

Its most valuable feature is its ability to identify malicious connected IPs from outside and the attacks that get through to the inside.

What needs improvement?

Darktrace needs to simplify most of the positive reports. We have to field all the positive reports, false positives, too. Sometimes we need to check false positives manually. We have to filter false positives. After that, we configure it again. Then, we want to analyze these false positives. That's the main thing. If we are assessing features, this should be easier to handle.

Darktrace needs to automate the reports of false positives, botnets, and everything.

So far, I think the solution is good. Not excellent, good.

For how long have I used the solution?

I'm using Darktrace about two years.

What do I think about the stability of the solution?

The stability of the solution is fine.

What do I think about the scalability of the solution?

In terms of scalability, it is ok.

It's a behavioral analysis solution, so we are not actively using it. We analyze all the user traffic from the Darktrace. That's the main thing. 

There are about 3,000 users. All the 3,000 user traffic is going through Darktrace.

We don't do the maintenance for Darktrace. My vendor is maintaining it since we got the product from them.

We are analyzing attempts to connect to them. After that, if you want reports, they provide them. We have a service and everything with the vendor. Then, if we have any requirements, they do it for us. The solution is working all day and my team is analyzing two hours for that.

How are customer service and technical support?

In terms of technical support, if you raise some complaints, they tend to everything with user traffic within three or four hours. They provide the solution then we implement it.

Which solution did I use previously and why did I switch?

Before using Darktrace I was using FireEye, but I switched because FireEye is very expensive and they do the same thing. It provides the same thing, except that DarkTrace has a different solution for the firewall, email filtering and everything else, and Darktrace is doing everything in a single box.

How was the initial setup?

The initial setup is simple. It only takes three or four days. But we need to identify one to three traffic behavioral analysis, after that we can find the lead.

What about the implementation team?

My team handled the deployment. They did everything. After that, they give me a report, which I then go through.

What's my experience with pricing, setup cost, and licensing?

We are doing a monthly cost-basis. It's about 500,000 NKR because we are the first to implement it in Sri Lanka. We worked out direct pricing from Darktrace UK. After that, we selected a vendor in Sri Lanka. But the thing is, we are the first implementation here. I think they are actually undercharging and giving us the solution first because they want a reference from us since we are a bank in Sri Lanka. That's why they are doing it like that.

There are no additional costs besides the license, except the 15% rate to the Sri Lanka government.

What other advice do I have?

Based on our experience with DarkTrace, I would advise that if they are comparing prices, ROI and everything, I think Darktrace is better than FireEye.

On a scale of 1 to 10 I can rate it a 6. I give it a 6 because it's been a year learning everything, and technology, attacks and patents are changing everyday.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Application & Security Specialist at a financial services firm with 1,001-5,000 employees
Real User
Easy to use with an intuitive dashboard, powerful AI, and inbuilt data packet analysis
Pros and Cons
  • "The Dynamic Threat Dashboard is very nice, as it lists all of your threats and rates them, and then you can choose whether to investigate further."
  • "This is quite an expensive product so the pricing is something that can be improved."

What is most valuable?

Once installed, it starts picking up and learning the network very well because it's got a powerful AI integrated into it.

The user interface is very intuitive.

The Dynamic Threat Dashboard is very nice, as it lists all of your threats and rates them, and then you can choose whether to investigate further.

This solution has some good features for customization in terms of how you're tagging your network, which basically makes it easier to identify what is actually happening. You can see where the traffic is going, where it is coming from, and that sort of thing.

Darktrace has quite a few inbuilt features such as its own packet analysis module, which is an offshoot of Wireshark.

This solution has some powerful APIs, although we do not use that functionality at the moment.

What needs improvement?

This is quite an expensive product so the pricing is something that can be improved.

For how long have I used the solution?

I have been using Darktrace for between two and three years.

What do I think about the stability of the solution?

We've seen no major problems between the master and slave devices in our architecture.

What do I think about the scalability of the solution?

Darktrace is definitely scalable. We started off with a single device monitoring a single site and we progressively added more sites with different devices in a master/slave architecture. The more we've added, we've had to re-think a little bit, but overall the scalability is excellent.

We have ten security analysts who are using this solution.

How are customer service and technical support?

The Darktrace technical support is very good.

Which solution did I use previously and why did I switch?

We started off with Darktrace. It was based on a decision from somebody in the business who had previously used it.

Personally, I have used a few other solutions and with respect to the interface, you probably couldn't get more intuitive than Darktrace.

How was the initial setup?

Darktrace is very easy to set up. Even our basic technical people are able to do it. It's almost like plug and play. There is some basic configuration to do, but it's nothing major.

I would say that most technical people can do the majority of the setup.

What about the implementation team?

We were granted access to all of the documentation and information from Darktrace, so we did the implementation ourselves. There may have been one or two areas that we had to go back to Darktrace directly to get clarification on, but there was no third-party partner or reseller involved.

What other advice do I have?

We're very pleased with Darktrace so it is a bit difficult to pinpoint areas for improvement. It covers all of our needs and from what I can see, it does the basics very well. There are many advanced features, also.

This is a solution that I definitely recommend. It offers a proof of value rather than a proof of concept, where they run the tool in your network, let it learn and then catch any vulnerabilities. Then you will actually see the value of the solution, either potentially blocking any exploitive threats or not, but its a really good thing to go through. To do this, I think that you have to go through an actual partner unless you're in a location where Darktrace has a physical office. In any event, I strongly recommend going through the proof of value to see if you like it. If there is a charge then it is definitely worth it.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
OseremeOsobase - PeerSpot reviewer
Director at Baverianvine
Reseller
A great solution for threat detection that intelligently and immediately responds to attacks across your enterprise system
Pros and Cons
  • "A simple, powerful AI solution that just does all the work for you when you turn it on."
  • "It could build in integrations for some complementary products, but it has an assistant plugin so this is not really a big deal."

What is our primary use case?

We use it to deploy to enterprise customers to provide them with a complete, reliable and intelligent threat detection and response system.

How has it helped my organization?

It helps us to reliably serve our customers with quick deployment of a durable, effective and intelligent product.

What is most valuable?

The most valuable part of the product is the whole package. The features included in the Enterprise Immune System are complete and effective. Its detection engine is ridiculously good.

What needs improvement?

It is hard to really address what needs to be improved in the respect that it does everything I would expect of a superior solution. It is simple enough to use because the interface is quite simple, the setup is quick and painless — in only an hour the product is installed. Users can train on the system in less than three hours. When the configuration is complete they will already know what to do and they can just go on and use the product.

I think that the price is quite good compared to other, similar products. They already have a plugin that you can use to set up integration with virtually any other product. 

Maybe it could come with a few more built-in integrations, such as adding ServiceNow. They already have built-in integration with Antigena Cyber AI Response Modules for the clouds and for the network (AWS & Azure), and they did Office 365 (email), and SaaS applications as well.

I guess a few more options and opportunities like this built-in would be nice. It is not a big thing.

For how long have I used the solution?

We have been deploying this solution for clients since 2017

What do I think about the stability of the solution?

The stability of the product is really very good. Clients who have had us do the implementations say it is fantastic after they've tried it.

What do I think about the scalability of the solution?

The product is definitely scalable and can grow with your enterprise business.

How are customer service and technical support?

In terms of customer support, it is really rare that you need them to do anything because the product is really good. You turn it on and it just works. Really anyone can run it. So a level ten tech, a level five tech or a level one tech can use it. It makes everyone competent. It's like driving an automatic car because the gears shift for you. You still have to be a good driver and take the wheel and press the gas. But you can switch it back to manual if you want a different level of control. It's up to you. But everybody with different skill levels and different purposes for the deployment can use it.

When we have contacted the technical support they have been very good.

How was the initial setup?

It's simple enough to install and it does exactly as the product says: "installed in about an hour." With only an hour to install initially and with being able to train people to use it in just a few hours, it is very quick to do the initial setup. Very straightforward. It's a jog in the park. 

Normally, once you deploy, for a normal site it's about two weeks time to set up configurations for the network, but then it is optimized and processing even faster. It's faster with fewer features and, usually, I use is about half of what it is capable of doing based on the client need. And once you do that configuration, you're ready to go. All that in less than two weeks and you can start getting threat intelligence reports from the network with intelligent tools. It's fantastic.

What about the implementation team?

We are the ones who do the implementations and we have done many, so we are very good at it.

What was our ROI?

Our return on investment is as a reseller and consultant because we make returns on servicing the customers.

What's my experience with pricing, setup cost, and licensing?

I think that the price is quite fair and very good for this type of product and the features that the product provides. 

What other advice do I have?

My advice to people and organizations considering this as a solution is: go buy it. They shouldn't waste their time fussing and looking around at other solutions. It works. I've done administrating for several years, and this is the one solution that works. It complements what you have, whatever that is. It is like a plug-and-play component. There is no solution that does what it does. You even have some excellent systems like Cisco's Stealthwatch — these are just the three packet analysis technologies. Darktrace is actually DPI (Deep Packet Inspection), which in my markets is now called the threat level buttons. It is really an advanced product and everything just works ridiculously well.

If I had to rate the product on a scale of one to ten (ten is the best) I'd give it an actual ten. It is the only product I use that I would give a full ten. It's hard to achieve a ten as you have to be better than everything and everyone else. It does deliver on what it says it can do.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
PeerSpot user
it_user1051182 - PeerSpot reviewer
Product Owner - Cyber Security at a healthcare company with 10,001+ employees
Real User
Helps us to find a few anomalies but I would like to see supervised machines in the next version
Pros and Cons
  • "Darktrace is extremely stable."
  • "Darktrace does not have any capabilities to configure."

What is our primary use case?

Our primary use case of this solution is to monitor lateral traffic.

How has it helped my organization?

The solution helped us to find a few anomalies.

What needs improvement?

Darktrace does not have any capabilities to configure. So I would like to see supervised machines and capabilities in the next version.

For how long have I used the solution?

I have been using the latest version of Darktrace for about three months.

What do I think about the stability of the solution?

Darktrace is extremely stable.

What do I think about the scalability of the solution?

We are only four users on Darktrace currently, and I believe it is scalable.

How are customer service and technical support?

I am satisfied with the technical support we received. 

How was the initial setup?

The initial setup was very straightforward because, in fact, there was nothing to configure. You just plug in the box and search for kickbacks. Deployment took about a day and it was done by one of Darktrace's consultants.

Which other solutions did I evaluate?

I worked on another solution before but we decided to test out Darktrace so that we could compare them.

What other advice do I have?

Darktrace is a good product and it can be implemented on premises. Someone who wants to take care of the lateral movement and configure it, will love what it offers. I rate this solution a seven out of ten. I would like to see supervised machine running in the future.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Chief Operating Officer at Winstarbel Communications Limited
Reseller
Quickly identifies threats and has good stability
Pros and Cons
  • "What I like about Darktrace, is that you can quickly identify threats."
  • "The program is quite expensive."

What is our primary use case?

Our primary use case of this solution is for endpoint data and we've had good results with Darktrace.

What is most valuable?

What I like about Darktrace is that you can quickly identify threats. I did a trial where I injected a small malware to see how long it takes for the program to identify it and to see that there is an anomaly. The response was good and it took the program less than a minute to detect it. The fast response time is definitely a plus.

What needs improvement?

The pricing is based on the number of endpoints, so the program is rather expensive. I would like to see something that will fit my clients' budget. That is something they can work on to improve.

Secondly, I would like to see my entire network, structurally and architecturally, on a single screen or in one single dashboard. Right now you have to keep going through different clippings to see everything.

For how long have I used the solution?

I've been using Darktrace for three months now.

What do I think about the stability of the solution?

The solution is stable enough for what we use it for.

What do I think about the scalability of the solution?

We haven't been using the program long enough to know how scalable it is. I also know that it will depend on the amount of traffic on your server. But I saw in the demo that it can scale up to thousands and thousands of endpoints. 

How was the initial setup?

The initial setup was quite straightforward but it gets harder if you have a lot of traffic on your server. With the right knowledge, you would be able to work around that with ease and do the configuration yourself. Because it's more deployment, so it's not that complex so far. I may have to contact their technical team once we get a bigger deployment.

Which other solutions did I evaluate?

We evaluated several other options like McAfee. One reason why I chose Darktrace, in the end, was because of the difference in price, what we intend to achieve with the program and other costs. 

What other advice do I have?

My advice to others is always to keep an open mind and to find out as much as you can about the program to see if it offers what you are looking for. I rate Darktrace eight out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
PeerSpot user
Group CISO/CTO at Gulf Based Private Conglermate
Real User
Improved our monitoring capabilities and has a good graphical user interface
Pros and Cons
  • "The most valuable feature is the alerts. The alerts are meaningful. The event rolls up into meaningful and actionable alerts rather than just being noise."
  • "I would like for the product to work on the endpoints as well. I would like to see enhanced visibility into the endpoints and network but this solution only sits on the network itself."

How has it helped my organization?

It has improved our monitoring capabilities. 

What is most valuable?

The most valuable feature is the alerts. The alerts are meaningful. The event rolls up into meaningful and actionable alerts rather than just being noise. 

What needs improvement?

The products is designed to monitor traffic sent and received via the corporate egress /network points.

I would be interested to see further integration or development of a capability to obtain visibility of mobile devices such as Laptops and Mobiles, which operate outside of the network and may communicate specifically when off the corporate network.  

For how long have I used the solution?

We have done pilots with this solution and have used it for around three months.

What do I think about the stability of the solution?

The stability isn't good but I like the product. It's a good product but we need to look into other similar products that operate in the same zone: user behavior analysis and user detection. We need it to be good in comparison. 

What do I think about the scalability of the solution?

We currently have an inner network. We don't have a full-scale deployment. It is on network segment where there are around 5,000 users. The full company would be around 9,000 users if we deployed it across all the subsidiaries. 

How are customer service and technical support?

Their technical support is good. 

Which solution did I use previously and why did I switch?

This is the first solution of this type that we've used. During the initial three month trial, we saw a lot of stuff from the product that we were unable to see through the conventional tooling technologies that we had in place. 

How was the initial setup?

The setup was straightforward. It was a matter of hours. It took around two to three hours. 

What other advice do I have?

My advice to someone considering this solution is to install it, conduct a pilot, and see. You need to see how easy it is to implement and you need to add it to install. You need to see what kinds of results it provides and compare it to your existing tool kit. The product demonstrates its actual capabilities when it's actually working. It's difficult to comprehend what it can actually do but it does give you an added level of visibility. 

It has good capabilities. I would rate it an eight out of ten. 

Cross-correlation with the endpoint based activities would be useful, like the ability to look at the deep supervised learning engine of the artificial intelligence unit and being able to take input data from the endpoints in order to apply the rules. It works on supervised learning and rules but I would like to be able to do things on different feeds as well. 

It has a very good graphical user interface. The ability to get a console on the mobile phone and being able to respond and do basic incident response capabilities remotely is also a good feature. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
CEO at a tech services company with 11-50 employees
Real User
Good security and network visibility but they should develop integration with other SIEM solutions

What is our primary use case?

  • Security  
  • Network visibility  
  • Breach detection in a VMware environment of about 25 VMs.             

How has it helped my organization?

  • Developed breach detection and security threats
  • GDPR   
  • Privacy compliance      
  • ISO 27001 compliance. 

What is most valuable?

DT console and alerting system allow getting detailed information about the behavior of users and malicious external or internal threats.

What needs improvement?

Block attack capabilities or integration with other SIEM solutions such as IBM QRadar.             

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Download our free Darktrace Report and get advice and tips from experienced pros sharing their opinions.
Updated: August 2022
Buyer's Guide
Download our free Darktrace Report and get advice and tips from experienced pros sharing their opinions.