I work as the CIO & Information Manager in the gaming and gambling industry. The company has 650 employees and >30.000 customers.
I'm not able to find a study where Darktrace is compared against Crowdstrike Falcon (or other solutions for endpoint security, e.g. Sentinel One).
Can anyone help and share their insights?
Regards from the Netherlands
Consultant at a computer software company with 51-200 employees
Mar 31, 2022
Most of these comparisons are opinions and some tests are done in specific conditions that might not suit or reflect your organization's needs and roadmap. Ultimately, the cost of a mistake is a data breach and not just an audit finding or operational discomfort.
I mention this because there are no viable shortcuts. I suggest you test the solutions thoroughly in your own environment to see what works for you.
The gaming floor is hopefully "air-gapped" and the solution should respect that segregation and still provide great security and visibility. One of the challenges is security updates.
For such an environment you would need comprehensive AI and machine learning. I suggest you look at the difference between IOC and IOA.
IOA vs IOC: Defining & Understanding The Differences | CrowdStrike. (Please also check other sources).
Good luck and stay safe!
Which solution is better depends on which is more suitable specifically for your company. Darktrace, for example, is meant for smaller to medium-sized businesses. It is also a good option for organizations who have limited security resources but still need deep insights into threats and network intrusions. Darktrace also has an invaluable feature that produces weekly reports.
A unique feature Darktrace has to its name is its use of artificial intelligence for cybersecurity and machine learning capabilities. Darktrace is able to successfully detect threats over networks before it's even possible for them to spread. In addition, it notifies you with all the threat details. Although Darktrace is geared toward smaller-sized organizations, it does come with a hefty cost. The cost increases as the number of products that need to be monitored increases.
SentinelOne is a great product and effective for mitigating threats. It allows you to have granular control over your environments and your endpoints. SentinelOne has a central management console. It also provides insight into lateral movement threats, by gathering data from anything that happens to be related to the security of an endpoint. Another SentinelOne feature that’s fantastic is their one-click automation remediation, along with rollback for restoring an endpoint, which can often be very helpful.
SentinelOne is also known for its ability to decrease incident response time and has deep visibility that comes in handy quite often. However, the dashboard design isn’t wonderful. In contrast to Darktrace though, SentinelOne is efficient because minimal administrative support is required, and it offers a lot for a solution that is cost-effective.
While both SentinelOne and Darktrace boast many beneficial features, one outweighs the other when it comes to price. If Darktrace is within your budget, I would recommend it. But if not, SentinelOne is a great solution that makes a lot of sense.
IT Security Coordinator at a healthcare company with 10,001+ employees
Nov 5, 2021
An easy answer for me - pretty much exactly what @Janet Staver described.
DT was a good east-west network traffic tool that could tell you all about communications between systems (think NDR) but limited capacity, expensive boxes, that we outgrew.
S1 is an endpoint tool with deep inspection, a central console, and is cost-effective.
Enterprises are increasingly facing multiple network monitoring challenges, like tracking, monitoring, and improving network performance. Addressing these challenges with a Network Traffic Analysis (NTA) solution helps an organization avoid various network monitoring challenges with proactive strategies. PeerSpot real users of Network Traffic Analysis note the advantages of this type of solut...
Network Traffic Analysis (NTA) monitors network availability and activity. It can identify anomalies, including security and operational issues. It uses network communications to detect and investigate security threats as well as malicious or anomalous behaviors within the network. It uses a combination of behavioral modeling, machine learning, and rule-based detection. This helps to create a...
PeerSpot’s crowdsourced user review platform helps technology decision-makers around the world to better connect with peers and other independent experts who provide advice without vendor bias.
Our users have ranked these solutions according to their valuable features, and discuss which features they like most and why.
You can read user reviews for the Top 8 Network Detection and Response (ND...
Keeping up with the evolution of cybersecurity and the threats that are haunting the IT industry across all industries, this text pays special attention to ransomware, as this practice is on the rise in the world of cybercrime. Let's focus on the subject, specifically on the Healthcare sector. We are based on Sophos' annual report on cyber threats, which discusses the continuity of ransomware...
What is HIDS in Cybersecurity?
A HIDS (Host Intrusion Detection System) is software that detects malicious behavior on the host. It monitors all the operating system operations, tracks user behavior, and operates independently without human assistance.
How does a Host-based Intrusion Detection System work?
HIDS operates at the OS level, unlike others antivirus systems that operate at the a...
Hi @Allan Gillies,
CyGlass is an alternative to DarkTrace that primarily addresses the SMB market only. Typically we cover 80% of what DT can offer but for circa 35% of the cost.
Why? We are a SAAS-based cloud platform so we don't require any hardware, just your existing firewalls that we pull netflow data into the Cloud and utilise our AI to map out and offer you full visibility for on-prem and Cloud networks.
We generate a set of free reports that offer you a scorecard (RAG analysis) that cover the 0365 summary report, the ransomware prevention report as well as an executive summary that offers instant visibility of your architecture.
Let me know if you want further information.
I am based in the UK
Byte25 is a SAAS platform that gives you deep visibility into your network traffic, including Network Detection and Response capabilities. It is aimed at the SMB market. It's a Dark trace for the masses.
I'm not sure what specifically you're trying to defend against, but we're just wrapping up a Crowdstrike deployment, and it's been surprisingly smooth.
We opted to move away from Kaspersky (for ethical reasons), even though it's technically the best AV product out there, but it was always a bit heavy on the clients.
Crowdstrike is more of a behavior monitor, and it's much lighter. Crowdstrike pricing isn't anything to write home about, but you have lots of "a la carte" choices, so you can make it fit your needs, and your budget.