We are a system integrator and we pose solutions, including this one, to our clients.
It is mainly used to reinforce response capabilities with respect to network security.
Download the Darktrace Buyer's Guide including reviews and more. Updated: December 2022
Darktrace is a world leader in Autonomous Cyber AI and offers several different desirable tools available to provide a wide array of outstanding support and superior threat security. Darktrace works with many different popular solutions, such as Microsoft 365, Azure, AWS, and many more.
Darktrace offers many different products to keep every type of business enterprise safe.
Darktrace’s Enterprise Immune System is uniquely designed to learn the status quo of your operating system and is thereby quickly able to discover any anomalies, abusive behavior, and potential cyber threats and stop them immediately before there is any threat to your organization. With Darktrace’s Enterprise Immune System, you have complete transparency across your entire operational system. Darktrace utilizes intuitive self-learning to discover potential new known attacks externally and also locate any internal threats. Darktrace is intuitively self-adapting and will quickly learn the best way to keep your critical systems safe at all times, even as your business changes and grows.
Darktrace offers an Industrial Immune System, which is specifically designed to understand the unique technologies of industrial systems and aggressively protect the integrity and durability of those ecosystems. You will get full transparency of OT, IT, and industrial IoT.
Darktrace Antigena combines the best of the Autonomous Response technology to keep your enterprise ecosystems safe at all times. Darktrace Antigena has the decision-making ability to easily identify suspicious behavior and can stop in-progress threats such as cyber-attacks, ransomware, and threats to your cloud or proprietary infrastructure. Darktrace Antigena will provide protection to keep your systems safe and avoid any downtime or negative impact on your organization's productivity.
Darktrace Cyber AI Analyst works as an investigative solution that instantly rates, interprets, and reports on the entire range of potential security threats. Darktrace Cyber AI Analyst uses an intuitive analysis process to investigate 100% of all potential threats. Each and every threat is rated and a response plan is created to direct your teams on the best possible course of action needed to immediately resolve the issue. Darktrace AI Analyst also handles Zero-day malware and ransomware. The automated threat investigation can work faster to develop a plan, follow issues, and investigate than any human component. Darktrace AI will save time and money by adding an additional supplemental layer of security to your organization.
Darktrace provides outstanding enterprise-wide cyber defense to more than 5,500 organizations worldwide that rely on Darktrace daily to keep their business ecosystems running at maximum efficiency and productivity without any unplanned downtime within the overall business operation. Darktrace has a super-fast, machine-speed defense supported by the unique Autonomous Response that can take some of the pressure off of your security team and at the same time mount an aggressive fightback continuing to develop a safer defense every day.
Reviews from Real Users
Imad A., Group IT Manager at a manufacturing company, says, “"I have found the most valuable features to be artificial intelligence for cybersecurity, advanced machine learning capabilities, enterprise Immune System, Antigena Network, and Antigena Email. The way the solution detects the threat over the network before it spreads is very good. It notifies you of what the threat is exactly doing and gives you all the details about the execution of that application that had created the threat over your network."
A Security Engineer at a real estate/law firm states, "The Antigena feature is most valuable. Once it learns your environment, Antigena can step in and block a denial of service attack, a ransomware attack, or just about anything that doesn't belong in the environment. It can detect any type of attack that hits the environment because it understands what normal looks like for the network. It is very useful for an autonomous response."
Irwin Mitchell, Open Energi, Wellcome Trust, FirstGroup plc, Virgin Trains, Drax, QUI! Group, DNK, CreaCard, Macrosynergy, Sisley, William Hill plc, Toyota Canada, Royal British Legion, Vitol
We are a system integrator and we pose solutions, including this one, to our clients.
It is mainly used to reinforce response capabilities with respect to network security.
I find it very good in the way that they show the past events, including the attack history. You are able to visualize all of the attack paths and connectivity to see what's happened.
The GUI interface is very good.
They are using the best machine learning and AI at the moment.
The need to simplify the analysis from a user perspective. In a few cases, you have to be a specialist in order to understand what's happening. It would be helpful if they could recognize incidents and simplify the customer's challenge to identify what is happening.
I was been working with Darktrace for two years.
Stability-wise, we have not had any issues and it has been quite good.
We haven't had any trouble with scalability.
We have had contact with technical support and help was quite straightforward. Our feedback for them is good.
We work with a variety of products in the security space including Darktrace, Splunk, Elastic, and others.
The initial setup is really simple. This product is normally deployed as an on-premises appliance and it normally takes less than one day. It depends on how complex the network is, but it's usually quite simple.
Our customers feel that the price of Darktrace is quite high compared to other solutions. However, I feel that they are one of the top solutions in this space and they want to be paid for that.
They are currently working on improving their interface by including AI to help simplify things, but it does not work on real-time data. Rather, it works on historical events.
This is definitely a product that I can recommend, although I would probably be using it together with a SOC service or somebody else who can manage it properly.
I would rate this solution a seven out of ten.
The primary use case for Darktrace is for tracking intruders and alerting for network threats.
The most valuable feature in Darktrace is that it gives me a comprehensive, detailed view of my network and whatever is happening inside it. It is a very good tool for me that helps me to remain aware of security vulnerabilities. I know what is happening on my network in real-time and it responds quickly. It is really very useful.
I am just a manager and I do not really have a technical viewpoint. The tool really suits me perfectly for now for all my basic security needs and what I expect it to do. It does not need any major changes right now to do what I need it to do. It is not missing anything.
If I am thinking about improvement, everything can be improved somewhat. Maybe the interface and dashboards could be better. I would be glad if they could make these easier from the point of view of management. It could save some time.
The price is also a little high and could be more enticing.
We have been using Darktrace for about two years.
Darktrace is very stable. It provides 99.9% of our security needs and it does not have downtime. It is a very good, stable solution.
We did not have the opportunity to test the scalability because our organization has not grown much over the period of time that we have been using the product. I think that scalability is built into the product, but for now, we have not experienced how scaling the product works firsthand.
I am not so satisfied with the pricing model for Darktrace. The price is a little bit high compared to other solutions. The pricing model should be more flexible.
On a scale from one to ten where one is the worst and ten is the best, I would rate Darktrace as an eight-out-of-ten.
I am working with Darktrace in concert with F5, Tufin, and SAP security products.
One of the things I like most about Darktrace is the fact that it has AI analytics built into it. That merger allows us to have a look at the way that things are working within our company. The fact that it is self-learning is a benefit that has given me 100% visibility across the cloud, my SaaS (Software as a Service) providers, my Office 365 services, within my data center, and also on-premises.
We are also working with Darktrace on their alpha and beta testing for endpoint security. That is a model that we are thinking about incorporating later.
Another thing I really like is that it is a very simple product to use. It is very logical and it works beautifully.
The product is really excellent all around and I can not fault it. The only thing that I can think of that would improve it would be if they had a better visualization and a reporting portal.
What I mean by better visualization is it could help map our services and endpoints in a better way. At the moment it is fairly complex in the way that it represents our network devices. It would help if there was in a slightly more logical way of visualizing the assets as opposed to the way it is currently being done.
We are talking to Dartrace at the moment about putting in a reporting portal so we can have technical reports separate from management reports. Some of our management gets information in reports that they do not need to see. When they see it they will not understand what it means. Targeting — or customizing — the reports that we make can allow us to have the content fit what the recipient needs to see without distracting extras.
Apart from those potential additions, this product is absolutely excellent. It has given us everything we have wanted. Darktrace, as a company, has been really good. Our account manager is totally responsive. The support teams have been really conscientious.
Fingers crossed. So far Darktrace has proven to be a great asset.
We have been using Darktrace for about four-and-a-half years now.
The scalability of Darktrace is excellent. If we want to increase the IP count it is just a matter of negotiating the licenses. We have already upgraded to the largest model of their hardware, and scaling is nice and simple in that situation.
The technical support people have been good. They understand exactly what we need every time. So I am very happy about that.
If you ask a question and support can not answer straight away, they will say that they will be back to you within 'X' number of hours. Then they actually do it, which is not something that you get a lot of in technical support teams. Normally people do not stick to what they say they are going to do.
Our deployment took probably the best part of three months. But the amount of time was more a matter of our constraints, not a problem with Darktrace and the difficulty of deployment. We are operating in 13 countries and it was the scale of it that took additional time. Smaller deployments will take less time.
If someone asked me for advice about the product I would definitely highly recommend it to those who need this type of solution. It is really good. It has given us a view of our company and it has actually caught a couple of people that were doing data exfiltration and stealing data from our company. We caught them doing it in the act in live time, which is just incredible.
On the scale from one to ten where one is the worst and ten is the best, I would definitely rate this product at the moment as a ten. It is a perfect solution for our needs.
Primarily we use the solution to spot problems that cannot be found by other solutions.
Darktrace has improved our knowledge of abnormal phenomenen which could have potentially be hazardous for the organization.You have to be vigilant with GDPR compliance rules in Europe
The most valuable aspect of the solution is that you can see all the process mistakes. You can see all the different types of unusualcsituations that you usually don't see in a traffic solution.
The solution would benefit from automation. Currently, you have to know what you are searching for.
I've been using the solution for one month.
The solution is stable. We've never had any problems with it.
The solution is scalable. So far, we have 12 networks done. We have about 500 users on it currently.
I haven't had too much interaction with technical support. Technical support was in France but the experts were in England. It's good generally, but we haven't used the solution for too long.
We didn't previously use a different solution.
When you have an expert, the initial setup is easy, but if you do it on your own, it could be complex. Deployment takes at least a month.
We didn't evaluate another solution. We met the solution's team in Cannes for an IT meeting and decided to pursue discussions with implementation.
We use the on-premises deployment model.
It's a quite clever solution. It has a lot of potential, but I'd advise those considering to hold off implementing the solution until after a newer version is released.
I'd rate the solution seven out of ten. If they added automation and included it in the price, I'd rate it higher.
I'm a customer data security manager and we are looking at replacing our current solution, McAfee, with something like Darktrace or CrowdStrike which will provide the same visibility with the endpoint protection aspect.
The Ability to drill right down into an event that has been identified as something of interest so that you can be assured if it is a valid event and therefore not suffer from loads of false positives. Once that initial assurance and confidence was there, you could easily rely on the dashboard and minimise the risk of constantly drilling into each and every event but pick the ones with most risk.
The product is automated to a certain degree, but I think this could be improved. I'm looking for a way of being able to react to threats that are detected based on risk. Aside from that, there is nothing really that they could improve on, it's a product more suited to organizations with an SOC, security operations center, or a company with an IT team of network security members because it relies on constantly monitoring it to see information based on the risks of events.
In our case, we have a small IT team, which means that a large amount of time would have been spent drilling into it. If something did happen on the network, we'd ideally be responding to it reactively instead of proactively. Some of the other products we tested did that so that if something was detected, it would block that device by means of an endpoint, which halts the process and gives you time to check it out. Darktrace would tell you, for example, if there was a ransomware attack, but it wouldn't stop the attack. Other products would identify it as a ransomware attack and stop the network card on the endpoint, giving time to react to the alert, and proceed to cleanse or investigate the machine that's had a problem. That was our issue with Darktrace.
The only reason that it looks like we are going down a different route is because of the endpoint protection issue. The product doesn't have an endpoint agent that can react to outcomes or triggers that are set on the device, otherwise, it would be great.
We tested the solution for one month.
Stability is fine, we had no issues with it whatsoever.
We didn't need to scale the solution, but you could scale it without any issue. The only thing that I think you had to keep an eye on was network traffic through your switches because effectively, you're capturing all the traffic on your network on a port that goes to this device.
The support was fantastic, really good. We were in touch with the guy who I believe was the accounts manager.
Initial setup was easy. We just had to configure a switch port into what's called promiscuous mode and then plug in the device and give it an IP address and leave it. We deployed with our own technical team. It took a day to setup, maybe even less than that. Once installed they activated the license on it. We left it at baseline to look at the network for a week. It just looked at existing traffic and worked out what was typical traffic and what was interesting traffic.
For out of the box it is licensed per device or node that it connects to. I think for services there were some additional licensing fees.
We evaluated other options and Darktrace had really good dashboards and graphics, but other devices like CrowdStrike, for example, had the endpoint protection we're looking for as well as the features that Darktrace has. The difference is in functionality.
I would suggest to anyone considering this option to identify if this is going to be a monitoring tool to supplement an existing system or if this is going to be another product in your existing security suite of tools.
I would rate this product an eight out of 10.
Generally, we use Darktrace for behavioral analytics. We use it in the inner-network and the outside network for malicious connectivity. Darktrace gives us support with networks. We follow all the notifications and sometimes we block malicious IPs from the firewall.
Its most valuable feature is its ability to identify malicious connected IPs from outside and the attacks that get through to the inside.
Darktrace needs to simplify most of the positive reports. We have to field all the positive reports, false positives, too. Sometimes we need to check false positives manually. We have to filter false positives. After that, we configure it again. Then, we want to analyze these false positives. That's the main thing. If we are assessing features, this should be easier to handle.
Darktrace needs to automate the reports of false positives, botnets, and everything.
So far, I think the solution is good. Not excellent, good.
I'm using Darktrace about two years.
The stability of the solution is fine.
In terms of scalability, it is ok.
It's a behavioral analysis solution, so we are not actively using it. We analyze all the user traffic from the Darktrace. That's the main thing.
There are about 3,000 users. All the 3,000 user traffic is going through Darktrace.
We don't do the maintenance for Darktrace. My vendor is maintaining it since we got the product from them.
We are analyzing attempts to connect to them. After that, if you want reports, they provide them. We have a service and everything with the vendor. Then, if we have any requirements, they do it for us. The solution is working all day and my team is analyzing two hours for that.
In terms of technical support, if you raise some complaints, they tend to everything with user traffic within three or four hours. They provide the solution then we implement it.
Before using Darktrace I was using FireEye, but I switched because FireEye is very expensive and they do the same thing. It provides the same thing, except that DarkTrace has a different solution for the firewall, email filtering and everything else, and Darktrace is doing everything in a single box.
The initial setup is simple. It only takes three or four days. But we need to identify one to three traffic behavioral analysis, after that we can find the lead.
My team handled the deployment. They did everything. After that, they give me a report, which I then go through.
We are doing a monthly cost-basis. It's about 500,000 NKR because we are the first to implement it in Sri Lanka. We worked out direct pricing from Darktrace UK. After that, we selected a vendor in Sri Lanka. But the thing is, we are the first implementation here. I think they are actually undercharging and giving us the solution first because they want a reference from us since we are a bank in Sri Lanka. That's why they are doing it like that.
There are no additional costs besides the license, except the 15% rate to the Sri Lanka government.
Based on our experience with DarkTrace, I would advise that if they are comparing prices, ROI and everything, I think Darktrace is better than FireEye.
On a scale of 1 to 10 I can rate it a 6. I give it a 6 because it's been a year learning everything, and technology, attacks and patents are changing everyday.
Once installed, it starts picking up and learning the network very well because it's got a powerful AI integrated into it.
The user interface is very intuitive.
The Dynamic Threat Dashboard is very nice, as it lists all of your threats and rates them, and then you can choose whether to investigate further.
This solution has some good features for customization in terms of how you're tagging your network, which basically makes it easier to identify what is actually happening. You can see where the traffic is going, where it is coming from, and that sort of thing.
This solution has some powerful APIs, although we do not use that functionality at the moment.
This is quite an expensive product so the pricing is something that can be improved.
I have been using Darktrace for between two and three years.
We've seen no major problems between the master and slave devices in our architecture.
Darktrace is definitely scalable. We started off with a single device monitoring a single site and we progressively added more sites with different devices in a master/slave architecture. The more we've added, we've had to re-think a little bit, but overall the scalability is excellent.
We have ten security analysts who are using this solution.
The Darktrace technical support is very good.
We started off with Darktrace. It was based on a decision from somebody in the business who had previously used it.
Personally, I have used a few other solutions and with respect to the interface, you probably couldn't get more intuitive than Darktrace.
Darktrace is very easy to set up. Even our basic technical people are able to do it. It's almost like plug and play. There is some basic configuration to do, but it's nothing major.
I would say that most technical people can do the majority of the setup.
We were granted access to all of the documentation and information from Darktrace, so we did the implementation ourselves. There may have been one or two areas that we had to go back to Darktrace directly to get clarification on, but there was no third-party partner or reseller involved.
We're very pleased with Darktrace so it is a bit difficult to pinpoint areas for improvement. It covers all of our needs and from what I can see, it does the basics very well. There are many advanced features, also.
This is a solution that I definitely recommend. It offers a proof of value rather than a proof of concept, where they run the tool in your network, let it learn and then catch any vulnerabilities. Then you will actually see the value of the solution, either potentially blocking any exploitive threats or not, but its a really good thing to go through. To do this, I think that you have to go through an actual partner unless you're in a location where Darktrace has a physical office. In any event, I strongly recommend going through the proof of value to see if you like it. If there is a charge then it is definitely worth it.
I would rate this solution an eight out of ten.
We use it to deploy to enterprise customers to provide them with a complete, reliable and intelligent threat detection and response system.
It helps us to reliably serve our customers with quick deployment of a durable, effective and intelligent product.
The most valuable part of the product is the whole package. The features included in the Enterprise Immune System are complete and effective. Its detection engine is ridiculously good.
It is hard to really address what needs to be improved in the respect that it does everything I would expect of a superior solution. It is simple enough to use because the interface is quite simple, the setup is quick and painless — in only an hour the product is installed. Users can train on the system in less than three hours. When the configuration is complete they will already know what to do and they can just go on and use the product.
I think that the price is quite good compared to other, similar products. They already have a plugin that you can use to set up integration with virtually any other product.
Maybe it could come with a few more built-in integrations, such as adding ServiceNow. They already have built-in integration with Antigena Cyber AI Response Modules for the clouds and for the network (AWS & Azure), and they did Office 365 (email), and SaaS applications as well.
I guess a few more options and opportunities like this built-in would be nice. It is not a big thing.
The stability of the product is really very good. Clients who have had us do the implementations say it is fantastic after they've tried it.
The product is definitely scalable and can grow with your enterprise business.
In terms of customer support, it is really rare that you need them to do anything because the product is really good. You turn it on and it just works. Really anyone can run it. So a level ten tech, a level five tech or a level one tech can use it. It makes everyone competent. It's like driving an automatic car because the gears shift for you. You still have to be a good driver and take the wheel and press the gas. But you can switch it back to manual if you want a different level of control. It's up to you. But everybody with different skill levels and different purposes for the deployment can use it.
When we have contacted the technical support they have been very good.
It's simple enough to install and it does exactly as the product says: "installed in about an hour." With only an hour to install initially and with being able to train people to use it in just a few hours, it is very quick to do the initial setup. Very straightforward. It's a jog in the park.
Normally, once you deploy, for a normal site it's about two weeks time to set up configurations for the network, but then it is optimized and processing even faster. It's faster with fewer features and, usually, I use is about half of what it is capable of doing based on the client need. And once you do that configuration, you're ready to go. All that in less than two weeks and you can start getting threat intelligence reports from the network with intelligent tools. It's fantastic.
We are the ones who do the implementations and we have done many, so we are very good at it.
Our return on investment is as a reseller and consultant because we make returns on servicing the customers.
I think that the price is quite fair and very good for this type of product and the features that the product provides.
My advice to people and organizations considering this as a solution is: go buy it. They shouldn't waste their time fussing and looking around at other solutions. It works. I've done administrating for several years, and this is the one solution that works. It complements what you have, whatever that is. It is like a plug-and-play component. There is no solution that does what it does. You even have some excellent systems like Cisco's Stealthwatch — these are just the three packet analysis technologies. Darktrace is actually DPI (Deep Packet Inspection), which in my markets is now called the threat level buttons. It is really an advanced product and everything just works ridiculously well.
If I had to rate the product on a scale of one to ten (ten is the best) I'd give it an actual ten. It is the only product I use that I would give a full ten. It's hard to achieve a ten as you have to be better than everything and everyone else. It does deliver on what it says it can do.
Our primary use case of this solution is to monitor lateral traffic.
The solution helped us to find a few anomalies.
Darktrace does not have any capabilities to configure. So I would like to see supervised machines and capabilities in the next version.
Darktrace is extremely stable.
We are only four users on Darktrace currently, and I believe it is scalable.
I am satisfied with the technical support we received.
The initial setup was very straightforward because, in fact, there was nothing to configure. You just plug in the box and search for kickbacks. Deployment took about a day and it was done by one of Darktrace's consultants.
I worked on another solution before but we decided to test out Darktrace so that we could compare them.
Darktrace is a good product and it can be implemented on premises. Someone who wants to take care of the lateral movement and configure it, will love what it offers. I rate this solution a seven out of ten. I would like to see supervised machine running in the future.
Our primary use case of this solution is for endpoint data and we've had good results with Darktrace.
What I like about Darktrace is that you can quickly identify threats. I did a trial where I injected a small malware to see how long it takes for the program to identify it and to see that there is an anomaly. The response was good and it took the program less than a minute to detect it. The fast response time is definitely a plus.
The pricing is based on the number of endpoints, so the program is rather expensive. I would like to see something that will fit my clients' budget. That is something they can work on to improve.
Secondly, I would like to see my entire network, structurally and architecturally, on a single screen or in one single dashboard. Right now you have to keep going through different clippings to see everything.
The solution is stable enough for what we use it for.
We haven't been using the program long enough to know how scalable it is. I also know that it will depend on the amount of traffic on your server. But I saw in the demo that it can scale up to thousands and thousands of endpoints.
The initial setup was quite straightforward but it gets harder if you have a lot of traffic on your server. With the right knowledge, you would be able to work around that with ease and do the configuration yourself. Because it's more deployment, so it's not that complex so far. I may have to contact their technical team once we get a bigger deployment.
We evaluated several other options like McAfee. One reason why I chose Darktrace, in the end, was because of the difference in price, what we intend to achieve with the program and other costs.
My advice to others is always to keep an open mind and to find out as much as you can about the program to see if it offers what you are looking for. I rate Darktrace eight out of ten.
It has improved our monitoring capabilities.
The most valuable feature is the alerts. The alerts are meaningful. The event rolls up into meaningful and actionable alerts rather than just being noise.
The products is designed to monitor traffic sent and received via the corporate egress /network points.
I would be interested to see further integration or development of a capability to obtain visibility of mobile devices such as Laptops and Mobiles, which operate outside of the network and may communicate specifically when off the corporate network.
The stability isn't good but I like the product. It's a good product but we need to look into other similar products that operate in the same zone: user behavior analysis and user detection. We need it to be good in comparison.
We currently have an inner network. We don't have a full-scale deployment. It is on network segment where there are around 5,000 users. The full company would be around 9,000 users if we deployed it across all the subsidiaries.
Their technical support is good.
This is the first solution of this type that we've used. During the initial three month trial, we saw a lot of stuff from the product that we were unable to see through the conventional tooling technologies that we had in place.
The setup was straightforward. It was a matter of hours. It took around two to three hours.
My advice to someone considering this solution is to install it, conduct a pilot, and see. You need to see how easy it is to implement and you need to add it to install. You need to see what kinds of results it provides and compare it to your existing tool kit. The product demonstrates its actual capabilities when it's actually working. It's difficult to comprehend what it can actually do but it does give you an added level of visibility.
It has good capabilities. I would rate it an eight out of ten.
Cross-correlation with the endpoint based activities would be useful, like the ability to look at the deep supervised learning engine of the artificial intelligence unit and being able to take input data from the endpoints in order to apply the rules. It works on supervised learning and rules but I would like to be able to do things on different feeds as well.
It has a very good graphical user interface. The ability to get a console on the mobile phone and being able to respond and do basic incident response capabilities remotely is also a good feature.
DT console and alerting system allow getting detailed information about the behavior of users and malicious external or internal threats.
Block attack capabilities or integration with other SIEM solutions such as IBM QRadar.