We just raised a $30M Series A: Read our story

Darktrace OverviewUNIXBusinessApplication

Darktrace is #1 ranked solution in top Intrusion Detection and Prevention Software, Network Traffic Analysis tools, and top Network Detection and Response (NDR) tools. IT Central Station users give Darktrace an average rating of 8 out of 10. Darktrace is most commonly compared to CrowdStrike Falcon:Darktrace vs CrowdStrike Falcon. Darktrace is popular among the large enterprise segment, accounting for 53% of users researching this solution on IT Central Station. The top industry researching this solution are professionals from a comms service provider, accounting for 25% of all views.
What is Darktrace?

Darktrace is a leading autonomous cyber security AI company and the creator of Autonomous Response technology. It provides enterprise-wide cyber defense to over 4,700 organizations, protecting the cloudemailSaaStraditional networksIoT devicesendpoints, and industrial systems.

A self-learning technology, Darktrace AI autonomously detects, investigates, and responds to advanced cyber-threats, including insider threat, remote working risks, ransomware, data loss, and supply chain vulnerabilities.

The company has 1,500 employees globally, with headquarters in Cambridge, UK. Every second, Darktrace AI fights back against a cyber-threat, before it can cause damage.

Darktrace Buyer's Guide

Download the Darktrace Buyer's Guide including reviews and more. Updated: December 2021

Darktrace Customers

Irwin Mitchell, Open Energi, Wellcome Trust, FirstGroup plc, Virgin Trains, Drax, QUI! Group, DNK, CreaCard, Macrosynergy, Sisley, William Hill plc, Toyota Canada, Royal British Legion, Vitol

Darktrace Video

Pricing Advice

What users are saying about Darktrace pricing:
  • "The pricing is very flexible for Darktrace. Sometimes, a customer does not have the appropriate budget, but Darktrace can handle that. They offer monthly payments, so the customer can acquire the solution very easily."
  • "The price of the solution is not cheap. It is not a one-time purchase, there is a subscription that needs to be paid every one to five years depending on your choice. It is expensive but you can reduce the price by only using the services that you want."
  • "It was $3,600 a month or $2,000 plus or so. I am not sure. Its licensing is pretty simple."

Darktrace Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Victor  Ibanez
Director Comercial México at Aubay
Reseller
Top 20
A 10/10 solution with an awesome interface, good stability and scalability, flexible pricing, and good support

Pros and Cons

  • "It is very easy to work with Darktrace once you know how it works and the type of permissions that you need to get related to the security over a network. The interface is awesome. I'm sure that you have seen Ironman, and you know Jarvis, the computer of Tony Stark. The interface of Darktrace is very similar, and you can see in 3D, like a hologram, the whole network, traffic, and all the traces inside the network. The interface is awesome, and it provides a lot of information. At least for us, it is very easy to handle this interface, get the reports, and do the interpretation of those reports. Darktrace also provides mobile monitoring. With an app on your mobile phone, you can view the information live, which is very useful for area directors and field engineers. Darktrace can be also correlated with any type of big data solution, such as Splunk."
  • "It would be good if they can include some endpoint protection for remote workers. Nowadays, most people are working remotely. Therefore, they should include some type of sensors that can be installed on the endpoint in order to directly report the main usage and protect remotely. Phone protection will also be a great feature to add to Darktrace."

What is our primary use case?

We deployed Darktrace for one of the biggest telecommunications companies in Latin America. It is deployed on-premise, but it is more like a service because we don't care about the appliances. Even though it works with appliances, it is more related to the services to the connections that the solution can handle. Because of that, it is on-premise, but it also has a component with sensors that works for remote instances, almost like a cloud solution. 

Some of the clients, especially in the security area, think that this appliance will replace a firewall or a prevention system solution, but it doesn't replace them. It actually complements them because the firewall decides to allow or deny a connection, and a prevention system is designed to avoid any type of risks to the connection or intrusion on the network. Darktrace allows you to find the unknown threats inside the network and identify them by using some artificial intelligence. It can do all the tracking inside or outside the network.

It is connected directly to the core switch, and in the first stage, it probably takes about a month to learn the behavior of the network and the users. With that, it starts to know what type of information is correct inside the network, and what type of information probably would be a risky connection or risky data moving from one site to another. It then starts doing the alerting. After the first stage or the learning stage is complete, we can find the size of the network. The second stage is the use of a different model inside the solution called Antigena. It works like the antibodies inside our body. Once it detects something that is wrong inside the network, it not only does the alerting but also takes the decision to block that type of connection in order to avoid any information leak or any possible risky connection. If somebody is doing some data mining, it disables connection to the engine that is doing the data mining.

How has it helped my organization?

We have been giving results not only to the security or compliance area inside of a company but also to the legal department. If someone is doing something wrong in terms of compliance, they can take directly take action against the person or group doing that.

We also give results to the infrastructure people and the network people. Based on our experience, most of the customers don't really know the size of their network. With this type of solution, we can know the complete network. We can know the real size, and how many resources are connected to the network and the internet. For example, one customer said to us, "I only have 18,000 connections on the network." We did the sizing with 18,000, and when we started the deployment, this customer had one thousand and twenty hundred connections. They didn't realize that until we arrived.

What is most valuable?

It is very easy to work with Darktrace once you know how it works and the type of permissions that you need to get related to the security over a network. The interface is awesome. I'm sure that you have seen Ironman, and you know Jarvis, the computer of Tony Stark. The interface of Darktrace is very similar, and you can see in 3D, like a hologram, the whole network, traffic, and all the traces inside the network. The interface is awesome, and it provides a lot of information. At least for us, it is very easy to handle this interface, get the reports, and do the interpretation of those reports.

Darktrace also provides mobile monitoring. With an app on your mobile phone, you can view the information live, which is very useful for area directors and field engineers. Darktrace can be also correlated with any type of big data solution, such as Splunk.

What needs improvement?

It would be good if they can include some endpoint protection for remote workers. Nowadays, most people are working remotely. Therefore, they should include some type of sensors that can be installed on the endpoint in order to directly report the main usage and protect remotely. Phone protection will also be a great feature to add to Darktrace.

For how long have I used the solution?

I have been working with Darktrace for at least four years. I recommend and sell it to customers. A long time ago, I used to be a technical guy. Now I am on the sales side. Our technical crew and sales crew are certified for this solution.

What do I think about the stability of the solution?

For the past four years, I have only seen two crashes in two appliances. That was because the customer sent more traffic than what the solution or that specific appliance could handle. It was solved by using another appliance to do the appropriate balancing. The second crash was because it was a human error and somebody by mistake disconnected the cable and connected it to a different interface.

What do I think about the scalability of the solution?

It is very easy to scale. When you need more appliances to support the infrastructure, you can use them as LEGOS. In order to place them, the only thing that you need to have is a rack, and you can start connecting them to the switch, and that's it. Once that you have it on the main console, you just assign the role to every single appliance, and that's it.

We're very focused on big companies, but we also have medium customers. The reason why we don't sell it to the small companies is that this type of solution is very expensive for them to finance. So, probably the assets that they have are very important, but based on the budget that small companies have in Latin America, they cannot afford a solution like this.

How are customer service and technical support?

The support that we have in Latin America is very good. It is a very good company to work with. They have offices here. I would rate them a ten out of ten.

How was the initial setup?

It is very easy. The setup of the solution takes probably half an hour. The only thing that we need to place Darktrace on a customer site is a connection on the core switch with a mirror port. We need to have some space on the rack, and then we connect the appliance to the core switch, and that's it. We go back to the customer a week later to see what Darktrace is catching and start sharing with the customer our discovery inside the network.

The biggest deployment that we have done took about two months, but it was in 26 different sites. The main challenge was the transport. We had to take care of all the logistics to transport all the appliances and find the appropriate time to run all the appliances because most of the customers do not allow to rack them at any time. Therefore, it needs to be done at midnight when almost nobody is using the network. That was our main challenge, but it is very easy to set up.

What's my experience with pricing, setup cost, and licensing?

The pricing is very flexible for Darktrace. Sometimes, a customer does not have the appropriate budget, but Darktrace can handle that. They offer monthly payments, so the customer can acquire the solution very easily.

What other advice do I have?

Over the past years, I have seen some customers say, "No, I have Endpoint protection. I have intrusion prevention. I have a firewall. I don't need anything like that." My advice is that first of all, open your mind to new solutions because this type of solution will catch everything that the rest of the solutions that you have won't catch. That's the first thing. The second thing is that do not limit the work of the people who work with Darktrace by saying that you know your network because we can assure you that you don't know your network and the threats that are inside and outside the network and the size of the network.

We always start with Darktrace Enterprise Immune System, which is the first model. The reason for this is that it is easier to adopt the Antigena model at the second stage because the solution by itself needs to learn inside of the network and what is good and what is bad. When we place Antigena, the deployment stages are exactly the same as when you first deploy the Enterprise Immune System in order to let it learn. After the solution starts learning, it will take at least a couple of months or probably three months to deploy Antigena. Therefore, it doesn't make sense to make customers spend more money on a solution in the initial stages and go for a solution that they would not be using initially. This also provides the appropriate sizing of the network. Most of the time, the customer needs to acquire more services from us in order to support all the infrastructure that they have.

I would rate Darktrace a ten out of ten. I am a very happy user and a happy seller of Darktrace.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Imad Awwad
Group IT Manager at a manufacturing company with 1,001-5,000 employees
Real User
Top 5Leaderboard
Advanced Cybersecurity Artificial Intelligence, plenty of features, and impressive threat detection

Pros and Cons

  • "I have found the most valuable features to be artificial intelligence for cybersecurity, advanced machine learning capabilities, enterprise Immune System, Antigena Network, and Antigena Email. The way the solution detects the threat over the network before it spreads is very good. It notifies you of what the threat is exactly doing and gives you all the details about the execution of that application that had created the threat over your network."
  • "In an upcoming release, there could be more customizable playbooks or a library of playbooks to choose from."

What is our primary use case?

Darktrace is used for cybersecurity, you can buy it as a physical appliance or solution as a service on the cloud. I tried the on-premises solution to detect any threat over our network.

How has it helped my organization?

Darktrace played an important role in the security detection strategy by reducing the time lost in detecting, analyzing, and incident resolving. This is due to its friendly user interface that shows you in simple graphs and analytics the output for any log over your network whether it is computer, device, switch, access point, etc...

What is most valuable?

I have found the most valuable features to be artificial intelligence for cybersecurity, advanced machine learning capabilities, enterprise Immune System, Antigena Network, and Antigena Email. The way the solution detects the threat over the network before it spreads is very good. It notifies you of what the threat is exactly doing and gives you all the details about the execution of that application that had created the threat over your network.

There is an included library of threat detections, not only locally, but threats being experienced all around the world. It is similar to a database of all the threats and what is done by cybersecurity administrators across the internet. By collecting events and information all around the world makes Darktrace more proactive in dealing with threat notifications and cybersecurity detection. The service is very comprehensive and can cover all security areas.

It has simple tracking capabilities and a graphical interface that can assist you with coding, you do not need to be a guru. The dashboards are user-friendly and you do not need an application to access your work, it is all done through any browser. Additionally, there is a mobile application that is one of the best features because you can see any threats from your phone. There is a playbook that can give you instructions. For example, if you see your network servers are being injected by ransomware you can stop the session and be notified of which person on what computer triggered the threat.

The solution is very professional. Everybody would like to have an application on their phone to be more proactive about security anywhere and this solution delivers.

What needs improvement?

In an upcoming release, there could be more customizable playbooks or a library of playbooks to choose from. Since it is collecting all scenarios that might happen from any threat, new playbooks may be discovered and customers will have the privilege to use them in their environment. Other than that, Darktrace is leading in every aspect.

For how long have I used the solution?

I have been using this solution for one month.

What do I think about the stability of the solution?

Very Stable

What do I think about the scalability of the solution?

We have a number of employees using the solution in my organization which includes administrators and management.

How are customer service and technical support?

Technical support is excellent. You can communicate with them by sending an email, WhatsApp messages, or other types of communication. They have their support in many places around the world so what ever your time zone is, they are available.

The support you do receive is excellent.

Which solution did I use previously and why did I switch?

I have used other solutions previously but non had this intelligence,

How was the initial setup?

The installation is very easy. I was shocked by the simplicity of the management, implementation, and dashboards. 

What about the implementation team?

I have implemented it using Darktrace Team who were very professional.

What's my experience with pricing, setup cost, and licensing?

The price of the solution is not cheap. It is not a one-time purchase, there is a subscription that needs to be paid every one to five years depending on your choice. It is expensive but you can reduce the price by only using the services that you want. There is some flexibility, for example, if you only want to have email inspections, network inspections, endpoint inspections, or brief analytics of the reports and controls over your infrastructure, can reduce the prices accordingly. Not choosing all the features can reduce the price. When comparing this solution to competitors in the market it is expensive. However, you are paying for a valuable solution with plenty of features. Their artificial and cyber intelligence is working extremely well. I am a consultant and work with a variety of solutions by myself, attend training, and understand people who are working with these solutions.

I need to know the advantage, disadvantages, weaknesses, and what makes the solution better than the others. Darktrace proves at some point that the value of money you are paying for the solution is reasonable for the advanced technology you are receiving as it covers many solutions that can cost much  much more than darktrace where as i you bought Darktrace you reducing all the complexity to one simple solution. 

Which other solutions did I evaluate?

I have evaluated many other solutions.

What other advice do I have?

My advice to those wanting to implement this solution is if they want to experience artificial intelligence, advanced cybersecurity, and high-level detection, this solution is the one. 

I rate Darktrace a nine out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Learn what your peers think about Darktrace. Get advice and tips from experienced pros sharing their opinions. Updated: December 2021.
554,873 professionals have used our research since 2012.
GP
Data Security Manager at a sports company with 201-500 employees
Real User
Top 20
Has the ability to see events and have access to exactly what traffic or website a device had tried connecting to

Pros and Cons

  • "Ability to see events and exactly what traffic or website the device had tried to connect to that raised the alert or issue."
  • "The product doesn't have an endpoint agent that can react to triggers set on the device,"

What is our primary use case?

I'm a customer data security manager and we are looking at replacing our current solution, McAfee, with something like Darktrace or CrowdStrike which will provide the same visibility with the endpoint protection aspect. 

What is most valuable?

The Ability to drill right down into an event that has been identified as something of interest so that you can be assured if it is a valid event and therefore not suffer from loads of false positives. Once that initial assurance and confidence was there, you could easily rely on the dashboard and minimise the risk of constantly drilling into each and every event but pick the ones with most risk.

What needs improvement?

The product is automated to a certain degree, but I think this could be improved. I'm looking for a way of being able to react to threats that are detected based on risk. Aside from that, there is nothing really that they could improve on, it's a product more suited to organizations with an SOC, security operations center, or a company with an IT team of network security members because it relies on constantly monitoring it to see information based on the risks of events.

In our case, we have a small IT team, which means that a large amount of time would have been spent drilling into it. If something did happen on the network, we'd ideally be responding to it reactively instead of proactively. Some of the other products we tested did that so that if something was detected, it would block that device by means of an endpoint, which halts the process and gives you time to check it out. Darktrace would tell you, for example, if there was a ransomware attack, but it wouldn't stop the attack. Other products would identify it as a ransomware attack and stop the network card on the endpoint, giving time to react to the alert, and proceed to cleanse or investigate the machine that's had a problem. That was our issue with Darktrace.

The only reason that it looks like we are going down a different route is because of the endpoint protection issue. The product doesn't have an endpoint agent that can react to outcomes or triggers that are set on the device, otherwise, it would be great. 

For how long have I used the solution?

We tested the solution for one month. 

What do I think about the stability of the solution?

Stability is fine, we had no issues with it whatsoever. 

What do I think about the scalability of the solution?

We didn't need to scale the solution, but you could scale it without any issue. The only thing that I think you had to keep an eye on was network traffic through your switches because effectively, you're capturing all the traffic on your network on a port that goes to this device.

How are customer service and technical support?

The support was fantastic, really good. We were in touch with the guy who I believe was the accounts manager.

How was the initial setup?

Initial setup was easy. We just had to configure a switch port into what's called promiscuous mode and then plug in the device and give it an IP address and leave it. We deployed with our own technical team. It took a day to setup, maybe even less than that. Once installed they activated the license on it. We left it at baseline to look at the network for a week. It just looked at existing traffic and worked out what was typical traffic and what was interesting traffic.

What's my experience with pricing, setup cost, and licensing?

For out of the box it is licensed per device or node that it connects to. I think for services there were some additional licensing fees. 

Which other solutions did I evaluate?

We evaluated other options and Darktrace had really good dashboards and graphics, but other devices like CrowdStrike, for example, had the endpoint protection we're looking for as well as the features that Darktrace has. The difference is in functionality.

What other advice do I have?

I would suggest to anyone considering this option to identify if this is going to be a monitoring tool to supplement an existing system or if this is going to be another product in your existing security suite of tools.

I would rate this product an eight out of 10. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
FH
Founder and Director at a tech services company with 11-50 employees
Real User
Good detection capability and reduces our team's effort, but there should be more visibility at the endpoint level and less effort in fine-tuning

Pros and Cons

  • "In terms of features, the data or information they collect and unsupervised machine learning are very valuable. Its unsupervised machine learning has reduced our team's effort. Both Darktrace and Vectra work on unsupervised machine learning that learns the behavior or develops a profile on its own, which allows our security team to do some other tasks rather than spending time on Darktrace or Vectra. Because of unsupervised machine learning, its detection capability is quite good. Along with that, if we utilize the integration feature properly, the automated incident response capability of Darktrace is quite useful."
  • "In terms of improvements, fine-tuning is the area where we have to spend some time because it works on unsupervised machine learning. It would be good if they can improve their algorithm or technical functionality to reduce the fine-tuning effort. They can also come up with something at the endpoint level. So far, Darktrace has been a network detection response (NDR) solution. It does not offer much at the endpoint level or on user-client devices or servers. There should be more visibility at the endpoint level. It would be good to have the detection and response at the endpoint level by Darktrace. It should also have integration with an agile environment so that we can have continuous development and continuous integration in the application development environment. This is currently not there. It should also have internet-facing platform visibility, which is currently missing. They also need to improve the reporting and management dashboards. Currently, these are not so easy for a non-technical person. All these features would make Darktrace much better, and they would also be helpful in selling more solutions."

What is our primary use case?

I'm currently heading cybersecurity for 1,500 entities. Some of them have deployed Vectra, and some of them have deployed Darktrace. Darktrace has been in the UK market for a while, whereas Vectra is a not-so-old player in the UK market.

We are using the latest version of Darktrace but not their latest offering. They are now also providing email security over the Darktrace platform, but we have not been utilizing that. We have been utilizing their network detection and response and some part of automated incident response (IR) capability.

We have a hybrid infrastructure. Some centers are deployed in the cloud, and some centers are deployed on-prem. The management platform is currently on-prem, but the plan is to move it to SaaS.

What is most valuable?

In terms of features, the data or information they collect and unsupervised machine learning are very valuable. Its unsupervised machine learning has reduced our team's effort. Both Darktrace and Vectra work on unsupervised machine learning that learns the behavior or develops a profile on its own, which allows our security team to do some other tasks rather than spending time on Darktrace or Vectra. 

Because of unsupervised machine learning, its detection capability is quite good. Along with that, if we utilize the integration feature properly, the automated incident response capability of Darktrace is quite useful.

What needs improvement?

In terms of improvements, fine-tuning is the area where we have to spend some time because it works on unsupervised machine learning. It would be good if they can improve their algorithm or technical functionality to reduce the fine-tuning effort. 

They can also come up with something at the endpoint level. So far, Darktrace has been a network detection response (NDR) solution. It does not offer much at the endpoint level or on user-client devices or servers. There should be more visibility at the endpoint level. It would be good to have the detection and response at the endpoint level by Darktrace.

It should also have integration with an agile environment so that we can have continuous development and continuous integration in the application development environment. This is currently not there. It should also have internet-facing platform visibility, which is currently missing. 

They also need to improve the reporting and management dashboards. Currently, these are not so easy for a non-technical person. All these features would make Darktrace much better, and they would also be helpful in selling more solutions.

For how long have I used the solution?

I have been using this solution for maybe six or seven years. At my previous workplace, we were one of the early adopters of Darktrace's unsupervised machine learning technology.

What do I think about the stability of the solution?

Its stability is fine. We are utilizing a mix of their deployment capability. We have appliance-based and sensor-based deployments. Performance-wise, sensor-based ones are slower than appliance-based ones. An appliance also has dedicated hardware.

What do I think about the scalability of the solution?

In terms of scalability, it is fine. We have deployed Darktrace for around 7,000 to 8,000 users for one part of an entity, and it has been working fine. I don't see any issue in terms of its scalability. 

Currently, it has around 7,000 to 8,000 users, but it is getting extended. We are in the process of extending the Darktrace capability to other entities. We are talking about 1,500 entities and 120,000 users in different dispersed and segregated environments. 

How are customer service and technical support?

They've been quite okay in their responses. This solution is definitely complex, so sometimes we don't get the expected level of information or answer straight away, but they have been okay in responding and following up. I would rate them a seven out of ten.

How was the initial setup?

From the initial deployment perspective, it was quite straightforward. We just need to make some configuration changes and then Darktrace works on spanning. It gets a copy of all the data from the network, and it starts building the profile. It has a pretty straightforward deployment.

What other advice do I have?

I would rate Darktrace a seven out of ten. It is a good solution, but it requires some improvements. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
MP
Senior Security & Infrastructure Architect at a retailer with 10,001+ employees
Real User
Top 20
Built-in AI analytics helps give you total visibility of your architecture assets

Pros and Cons

  • "AI analytics are built directly into the product."
  • "It is a very simple product to use."
  • "A reporting portal could be a great addition to help customize reports."

What is our primary use case?

I am working with Darktrace in concert with F5, Tufin, and SAP security products.  

What is most valuable?

One of the things I like most about Darktrace is the fact that it has AI analytics built into it. That merger allows us to have a look at the way that things are working within our company. The fact that it is self-learning is a benefit that has given me 100% visibility across the cloud, my SaaS (Software as a Service) providers, my Office 365 services, within my data center, and also on-premises.  

We are also working with Darktrace on their alpha and beta testing for endpoint security. That is a model that we are thinking about incorporating later. 

Another thing I really like is that it is a very simple product to use. It is very logical and it works beautifully.  

What needs improvement?

The product is really excellent all around and I can not fault it. The only thing that I can think of that would improve it would be if they had a better visualization and a reporting portal.  

What I mean by better visualization is it could help map our services and endpoints in a better way. At the moment it is fairly complex in the way that it represents our network devices. It would help if there was in a slightly more logical way of visualizing the assets as opposed to the way it is currently being done.  

We are talking to Dartrace at the moment about putting in a reporting portal so we can have technical reports separate from management reports. Some of our management gets information in reports that they do not need to see. When they see it they will not understand what it means. Targeting — or customizing — the reports that we make can allow us to have the content fit what the recipient needs to see without distracting extras.  

Apart from those potential additions, this product is absolutely excellent. It has given us everything we have wanted. Darktrace, as a company, has been really good. Our account manager is totally responsive. The support teams have been really conscientious.  

Fingers crossed. So far Darktrace has proven to be a great asset.  

For how long have I used the solution?

We have been using Darktrace for about four-and-a-half years now.  

What do I think about the scalability of the solution?

The scalability of Darktrace is excellent. If we want to increase the IP count it is just a matter of negotiating the licenses. We have already upgraded to the largest model of their hardware, and scaling is nice and simple in that situation.  

How are customer service and technical support?

The technical support people have been good. They understand exactly what we need every time. So I am very happy about that.  

If you ask a question and support can not answer straight away, they will say that they will be back to you within 'X' number of hours. Then they actually do it, which is not something that you get a lot of in technical support teams. Normally people do not stick to what they say they are going to do.  

How was the initial setup?

Our deployment took probably the best part of three months. But the amount of time was more a matter of our constraints, not a problem with Darktrace and the difficulty of deployment. We are operating in 13 countries and it was the scale of it that took additional time. Smaller deployments will take less time.  

What other advice do I have?

If someone asked me for advice about the product I would definitely highly recommend it to those who need this type of solution. It is really good. It has given us a view of our company and it has actually caught a couple of people that were doing data exfiltration and stealing data from our company. We caught them doing it in the act in live time, which is just incredible.  

On the scale from one to ten where one is the worst and ten is the best, I would definitely rate this product at the moment as a ten. It is a perfect solution for our needs.  

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
AsankaAbeyrathne
Assistant Manager at a financial services firm with 201-500 employees
Real User
Top 20
Strong cyber-security solution but it has too many false positives

Pros and Cons

  • "Its most valuable feature is its ability to identify malicious connected IPs from outside and the attacks that get through to the inside."
  • "Darktrace needs to automate the reports of false positives, botnets and everything."

What is our primary use case?

Generally, we use Darktrace for behavioral analytics. We use it in the inner-network and the outside network for malicious connectivity. Darktrace gives us support with networks. We follow all the notifications and sometimes we block malicious IPs from the firewall.

What is most valuable?

Its most valuable feature is its ability to identify malicious connected IPs from outside and the attacks that get through to the inside.

What needs improvement?

Darktrace needs to simplify most of the positive reports. We have to field all the positive reports, false positives, too. Sometimes we need to check false positives manually. We have to filter false positives. After that, we configure it again. Then, we want to analyze these false positives. That's the main thing. If we are assessing features, this should be easier to handle.

Darktrace needs to automate the reports of false positives, botnets, and everything.

So far, I think the solution is good. Not excellent, good.

For how long have I used the solution?

I'm using Darktrace about two years.

What do I think about the stability of the solution?

The stability of the solution is fine.

What do I think about the scalability of the solution?

In terms of scalability, it is ok.

It's a behavioral analysis solution, so we are not actively using it. We analyze all the user traffic from the Darktrace. That's the main thing. 

There are about 3,000 users. All the 3,000 user traffic is going through Darktrace.

We don't do the maintenance for Darktrace. My vendor is maintaining it since we got the product from them.

We are analyzing attempts to connect to them. After that, if you want reports, they provide them. We have a service and everything with the vendor. Then, if we have any requirements, they do it for us. The solution is working all day and my team is analyzing two hours for that.

How are customer service and technical support?

In terms of technical support, if you raise some complaints, they tend to everything with user traffic within three or four hours. They provide the solution then we implement it.

Which solution did I use previously and why did I switch?

Before using Darktrace I was using FireEye, but I switched because FireEye is very expensive and they do the same thing. It provides the same thing, except that DarkTrace has a different solution for the firewall, email filtering and everything else, and Darktrace is doing everything in a single box.

How was the initial setup?

The initial setup is simple. It only takes three or four days. But we need to identify one to three traffic behavioral analysis, after that we can find the lead.

What about the implementation team?

My team handled the deployment. They did everything. After that, they give me a report, which I then go through.

What's my experience with pricing, setup cost, and licensing?

We are doing a monthly cost-basis. It's about 500,000 NKR because we are the first to implement it in Sri Lanka. We worked out direct pricing from Darktrace UK. After that, we selected a vendor in Sri Lanka. But the thing is, we are the first implementation here. I think they are actually undercharging and giving us the solution first because they want a reference from us since we are a bank in Sri Lanka. That's why they are doing it like that.

There are no additional costs besides the license, except the 15% rate to the Sri Lanka government.

What other advice do I have?

Based on our experience with DarkTrace, I would advise that if they are comparing prices, ROI and everything, I think Darktrace is better than FireEye.

On a scale of 1 to 10 I can rate it a 6. I give it a 6 because it's been a year learning everything, and technology, attacks and patents are changing everyday.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
IV
Application & Security Specialist at a financial services firm with 1,001-5,000 employees
Real User
Easy to use with an intuitive dashboard, powerful AI, and inbuilt data packet analysis

Pros and Cons

  • "The Dynamic Threat Dashboard is very nice, as it lists all of your threats and rates them, and then you can choose whether to investigate further."
  • "This is quite an expensive product so the pricing is something that can be improved."

What is most valuable?

Once installed, it starts picking up and learning the network very well because it's got a powerful AI integrated into it.

The user interface is very intuitive.

The Dynamic Threat Dashboard is very nice, as it lists all of your threats and rates them, and then you can choose whether to investigate further.

This solution has some good features for customization in terms of how you're tagging your network, which basically makes it easier to identify what is actually happening. You can see where the traffic is going, where it is coming from, and that sort of thing.

Darktrace has quite a few inbuilt features such as its own packet analysis module, which is an offshoot of Wireshark.

This solution has some powerful APIs, although we do not use that functionality at the moment.

What needs improvement?

This is quite an expensive product so the pricing is something that can be improved.

For how long have I used the solution?

I have been using Darktrace for between two and three years.

What do I think about the stability of the solution?

We've seen no major problems between the master and slave devices in our architecture.

What do I think about the scalability of the solution?

Darktrace is definitely scalable. We started off with a single device monitoring a single site and we progressively added more sites with different devices in a master/slave architecture. The more we've added, we've had to re-think a little bit, but overall the scalability is excellent.

We have ten security analysts who are using this solution.

How are customer service and technical support?

The Darktrace technical support is very good.

Which solution did I use previously and why did I switch?

We started off with Darktrace. It was based on a decision from somebody in the business who had previously used it.

Personally, I have used a few other solutions and with respect to the interface, you probably couldn't get more intuitive than Darktrace.

How was the initial setup?

Darktrace is very easy to set up. Even our basic technical people are able to do it. It's almost like plug and play. There is some basic configuration to do, but it's nothing major.

I would say that most technical people can do the majority of the setup.

What about the implementation team?

We were granted access to all of the documentation and information from Darktrace, so we did the implementation ourselves. There may have been one or two areas that we had to go back to Darktrace directly to get clarification on, but there was no third-party partner or reseller involved.

What other advice do I have?

We're very pleased with Darktrace so it is a bit difficult to pinpoint areas for improvement. It covers all of our needs and from what I can see, it does the basics very well. There are many advanced features, also.

This is a solution that I definitely recommend. It offers a proof of value rather than a proof of concept, where they run the tool in your network, let it learn and then catch any vulnerabilities. Then you will actually see the value of the solution, either potentially blocking any exploitive threats or not, but its a really good thing to go through. To do this, I think that you have to go through an actual partner unless you're in a location where Darktrace has a physical office. In any event, I strongly recommend going through the proof of value to see if you like it. If there is a charge then it is definitely worth it.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
MT
Security Engineer at a real estate/law firm with 1,001-5,000 employees
Real User
Top 20
Provides a higher level of threat detection, detects any type of attack, and very useful for an autonomous response

Pros and Cons

  • "The Antigena feature is most valuable. Once it learns your environment, Antigena can step in and block a denial of service attack, a ransomware attack, or just about anything that doesn't belong in the environment. It can detect any type of attack that hits the environment because it understands what normal looks like for the network. It is very useful for an autonomous response."
  • "They just need to make it a little bit more accurate as far as their alerts are concerned. It does generate some false positives that you have to tune. You have to do a lot of tuning when you first get it because of the false positives, but once it is all tuned up and ready to go, it will do its thing from there."

What is our primary use case?

We use it to protect IoT devices. Darktrace does network traffic analysis. So, by analyzing all traffic patterns in your environment, you can detect any type of anomalous activity, as far as the network is concerned. 

I have been using its latest version. Its deployment depends on the environment. It can do sensors in the cloud, and it can also do on-prem.

How has it helped my organization?

It provided a higher level of threat detection.

What is most valuable?

The Antigena feature is most valuable. Once it learns your environment, Antigena can step in and block a denial of service attack, a ransomware attack, or just about anything that doesn't belong in the environment. It can detect any type of attack that hits the environment because it understands what normal looks like for the network. It is very useful for an autonomous response. 

What needs improvement?

They just need to make it a little bit more accurate as far as their alerts are concerned. It does generate some false positives that you have to tune. You have to do a lot of tuning when you first get it because of the false positives, but once it is all tuned up and ready to go, it will do its thing from there. 

For how long have I used the solution?

I used it for about a year.

What do I think about the stability of the solution?

It is a very stable product. We didn't have any issues.

What do I think about the scalability of the solution?

It has sensors that you can install. So, it can scale on-prem and off-prem in the cloud.

It is being used extensively. We have 2,000 employees. We use it to protect IoT devices. We also use it to protect Windows servers, desktops, and laptops. Its usage would increase if the net grows, but it's probably not going to grow too much bigger than 2,000 employees.

How are customer service and technical support?

The support from Darktrace is very helpful.

Which solution did I use previously and why did I switch?

We didn't use any other solution previously. 

How was the initial setup?

It was pretty straightforward. You just monitor everything from your core switch. It monitors everything in and out.

We got it up in half an hour, but it still has to learn. You still have to give it some time to learn about the environment, and that's usually going to be at least two weeks.

What about the implementation team?

We brought in their guy to the site. In terms of maintenance, it is automatically set up to reach out to their website and pull down updates and stuff. We don't have to worry about that too much.

What's my experience with pricing, setup cost, and licensing?

It was $3,600 a month or $2,000 plus or so. I am not sure. 

Its licensing is pretty simple.

Which other solutions did I evaluate?

We were thinking about getting another solution called Vector, but we didn't. We brought Darktrace in.

What other advice do I have?

Darktrace is a pretty good company. The only thing that they need to really work on is just being able to get rid of some of those false positives. Once the solution is tuned up, it pretty much just runs.

I would advise making sure that you do a really good PoC of the product so that you can be sure that it makes sense in your environment.

I would rate it a nine out of 10. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
Buyer's Guide
Download our free Darktrace Report and get advice and tips from experienced pros sharing their opinions.