Normally, when we have a setup, and I log in with any guest, Darktrace blocks us from remotely logging in from within the office network. It ensures that we cannot remote log in anywhere. It is a security system that identifies hacking attempts. Darktrace also integrates with VirusTotal for verification. Additionally, we use the email protection feature.

Darktrace ensures that we do not have breaches on our systems, and it helps improve our security status before breaches can even reach our system.

The investigative part of Darktrace is valuable, especially the automation features. It allows setting up checks and provides guidance on mitigating situations, which is very useful. There are different modules that you can add to the console for protection.

The Darktrace Mobile app needs improvement as it's currently limited in functionality, and the learning AI takes a while to adapt to new devices, flagging new users as threats for up to a month before recognizing them as regular network users.

I have been using Darktrace for almost a year now.

Darktrace is very stable. I can reliably check logs and track what is happening within the system.

The scalability isn't a high priority for us as it mostly deals with system security. It provides necessary features for security enhancement whenever needed.

The support provided by Darktrace is very good. We had issues with Darktrace Mobile, and they assisted us with a solution, even allowing us to test new features.

Positive

I joined the current company after Darktrace was already in use, so I do not have information on previous solutions.

The initial setup can be rated as a seven out of ten because it involves going into the console and ensuring that the network settings are correctly configured.

Two people are enough for deployment, provided they know the network settings and configurations.

By using Darktrace alongside Mimecast, it has helped improve our security posture by preventing breaches before they reach our system.

I do not have any experience regarding the pricing or setup costs as it was managed by the company administration.

I did not have any information on other solutions evaluated prior to Darktrace as they were in use before I joined the company.

Darktrace is a good product to invest in if you can afford it. It provides excellent security features.

I'd rate the solution eight out of ten.

We use Darktrace for standard network security, mail security, and SaaS security.

NTG is now autonomous response.

The management user interface needs improvement. More insights are necessary, and deeper technical experience and knowledge are required to pinpoint actions, breaches, or behavior.

We have been using Darktrace for three years.

I would rate the stability of the solution as nine.

The scalability of Darktrace is very high. I would rate it eight out of ten.

Technical support is rated at nine out of ten.

Positive

We used more standard antivirus solutions and firewalling. However, these cannot be compared to an EDR or HDR like Darktrace.

The setup was straightforward and not a problem, even for someone not very technical.

Our service provider did some support there.

The pricing is rated at eight, implying it's considered expensive.

We evaluated other options, but they were more like standard antivirus and firewalling, not comparable to Darktrace.

I recommend Darktrace to others if they can afford it.

I'd rate the solution eight out of ten.

We use Darktrace primarily as a network detection device to monitor our network points and nodes. We fully utilize its capabilities, including Antigena, for post-work hours remediation and blocking potentially risky ports. We chose not to use its email security features, as the user interface was less responsive. We opted for network detection instead, which aligns better with our needs.

Darktrace provides better visibility into network risks, allowing you to take preemptive action against risky user behavior. It helps prevent sensitive data leaks to some extent, based on user actions on specific network ports. The tool can create user-based risk profiles with its email capability, but since we don't use that feature, it only identifies each user as a node without a detailed profile. While a user heat map could offer more insights into user activity on devices and the network, a limitation is that the appliance doesn't monitor anything once the user leaves the office, leaving a coverage gap.

Darktrace provides extensive information on data exfiltration, though it isn't a competent DLP tool. It can identify when a device uploads data outside the network, offering an initial alert on potential exfiltration. This feature helps us understand network activity and user behavior. We expected it to provide risk profiles and generate a heat map of users based on their activities.

They have a tool called Antigena for automated responses, but we limit its use to very specific actions, primarily during off-hours when the team isn't available.

Darktrace needs significant improvement in its notification capabilities. While it does notify administrators, the old approach of having admins directly police users is outdated. Users now prefer automated, impersonal responses rather than being confronted by IT staff, which can lead to concerns about privacy violations. We've requested Darktrace to develop a feature that notifies users directly when it detects potential data exfiltration. Darktrace doesn't differentiate between personal and work data uploaded to Google Drive or OneDrive. It flags it as exfiltration and expects the IT team to investigate further.

Human policing is a thing of the past; what’s needed now are automated responses, user awareness, and behavior warnings, areas where Darktrace falls short. In contrast, Egress, an email security solution, excels in this regard. It intuitively detects potential risks, even flagging first-time email recipients and integrating data classification. We’ve encouraged Darktrace to adopt this level of functionality, transforming it from just identifying exfiltration to a more comprehensive data leak prevention tool. However, as of now, Darktrace is still limited to identifying when a node is transferring data without distinguishing the nature of that data.

Darktrace could improve by enabling user heat maps or risk profiles, a feature that many other EDR and cybersecurity products already effectively provide. It would be beneficial for us if they could offer this functionality without requiring the purchase of an additional email security solution.

On the plus side, Darktrace integrates with CrowdStrike, allowing it to monitor CrowdStrike agent actions. This integration helps us achieve a unified view of our security landscape since we route Darktrace, CrowdStrike, FortiGate, and other tools through SecureWorks, our centrally managed security platform.

I have been using Darktrace for two years.

The product is stable.

I rate the solution’s stability a nine out of ten.

It has a better cost-per-user value for an enterprise.

I rate the solution’s scalability a six out of ten.

The initial setup is very easy. You must deploy it within your network because it's an NDR tool, meaning it must be installed as an on-premise appliance. During COVID, however, it became apparent that this setup had limitations since it couldn’t monitor remote users, rendering the investment less effective when employees worked from home.

To address this, Darktrace offers an agent that can be deployed on individual devices at an additional licensing cost. For our maritime business, with numerous vessels, deploying small devices or agents on each one isn't practical—it would be like adding a firewall box and a Darktrace box to every boat.

It would be more efficient if Darktrace developed a cloud-based solution similar to Meraki's approach. This would reduce the hardware footprint on remote devices and locations, making it more feasible for businesses like ours.

We evaluated Vectra AI alongside Darktrace as a potential network NDR solution, but other competitors are in the market. Trellix also offers an NDR solution, and any cybersecurity product with strong NDR capabilities competes with Darktrace. Since Vectra AI was relatively new and not yet stable at that time. Metrix also offers an NDR solution, but its product lineup is too complex, requiring the purchase of multiple components to access NDR capabilities. This didn’t align with our approach of selecting best-in-class products for specific functions rather than opting for an all-in-one solution.

Darktrace claims that AI powers threat detection, but it often feels more like a program or algorithm than intuitive or engaging AI. We haven’t observed the advanced AI capabilities expected from their claims. It may use AI in the backend to assess and evaluate risks, possibly through sophisticated algorithms. However, Darktrace lacks those capabilities regarding AI engaging directly with customers or providing intuitive interactions. The AI’s role seems to be more focused on risk evaluation rather than engaging or interacting with users meaningfully.

The core product is impressive. Darktrace's appliance performs well, quickly evaluating all nodes and establishing a solid baseline. While our environment had few threats, I've heard that visibility can be challenging for IT and cybersecurity teams in large enterprises. The appliance offers a rapid overview of your network environment.

Darktrace’s approach to deploying POC first is a strong point. It provides immediate insight into potential threats and risks, helping to build a compelling business case for its use. The device is reliable, with minimal downtime and performance issues, and is quick to set up.

Overall, I rate the solution a seven out of ten.

We use Darktrace for threat monitoring in the finance industry.

Darktrace's most valuable features are its dashboards and its ability to summarize huge amounts of information about threats and suspicious traffic. The solution summarizes suspicious traffic in all our networks, allowing us to focus our efforts on the most vulnerable points in our network.

The solution's user interface and stability could be improved.

I have been using Darktrace for one year.

I rate the solution’s stability a six out of ten.

I rate the solution’s scalability an eight out of ten.

The solution's technical support team was very proficient and useful.

Positive

We previously used Cisco's EDR and traffic monitor.

The solution's initial setup is very complex. It's not easy to set up Darktrace. The solution was deployed in three months by a team consisting of ten networking engineers.

The solution improved our visibility. Earlier, we couldn't visualize some threats on the internal network level. With Darktrace, we were able to spot some deficiencies and certain vulnerabilities.

Before choosing Darktrace, we evaluated Palo Alto and Cisco. Palo Alto needed some integration with other Palo Alto and Cisco products. It was mostly focused on network traffic anomalies rather than cybersecurity threats.

Darktrace is a very complex product. It's not like a commodity because we're not talking about licenses but mostly about traffic, which is a complex matter. Darktrace's AI technology could be improved because it requires a huge amount of manual work to work properly.

Overall, I rate the solution an eight out of ten.

I use it for Email security and network traffic analysis.

It has a strong emphasis on machine learning (ML). In addition, they are pioneers in introducing artificial intelligence in these modules.

The detection models keep changing based on emerging threats discovered in the outside threat landscape. That is really valuable to organizations like us, small and medium-sized companies. It is also beneficial for enterprise customers when it comes to understanding the threat landscape. They design the detection models based on that.

The autonomous response is also highly designed in Darktrace. Moreover, it's not only monitored by us; their backend team also keeps on understanding that our monitoring is always on. If any sensor is down, they immediately notify us. A few of the sensors are not in contact, make it fix it to get continuous support.

Since security products are trying to expand 360 degrees in the enterprise, if Darktrace comes forward with more automation and integrations with other security monitoring tools, it would really benefit CISOs and CIOs to better understand automation and have better visibility into what's happening in our environment.

I have been using it since 2018.

It's stable. The majority of our competitors, like Vectra and others, are unable to move to other products because Darktrace gives better importance and efficiency in terms of monitoring our network services and traffic. 

The moment Darktrace implements their services to expand their detection models and focus on the threat landscape, that really makes us want to continue with Darktrace. Even recently, when we had a renewal, we explored other products, but our company still gives much importance to Darktrace.

It is easy to scale. 

Technical support is good. They always coordinate with the CISO. If any of the sensors are down, they immediately notify the CISO, since I work via the CISO as well as the chief security architect for the entire organization. 

At any moment the sensors are down or the availability of our monitoring solutions are not reachable to their security backend team, their support team immediately notifies us. Their customer support is very helpful.

Positive

I have tried different solutions for similar use cases, but their detection mechanism is limited, even though their dashboard and UI give a better picture. But that's not true in actual detection.

I have explored Vectra. The sensors they ask us to place and the mechanisms of Darktrace and Vectra are similar. But when it comes to detection models, Darktrace has higher chances to mitigate the number of emerging threats that are happening across the world.

It's pretty easy to install. The initial installation of the brain sensor takes two or three days. But the subsequent expansion of the headless sensors to branch sites may take only one day.

The maintenance of the systems is very limited. It's not like other switches, routers, or firewalls that we take care of. The majority of upgrades are handled by Darktrace backend team. The only thing we have to take care of is the network availability of these headless sensors.

For implementation, less than three people are needed, or even one person. But when it comes to monitoring, we need more people because if the branches are expanded widely across the globe, you need a continuous team to monitor it. The volume of incidents is higher when Darktrace is implemented if the environment is not hardened well.

The return on investment is really high in terms of detecting bad actors or bad threats in the organization. In addition, I have discovered that when we negotiate a bundle package with Darktrace, they are really considered as affordable.

The pricing is almost equal between Vectra and Darktrace. In fact, we are one of the pioneer customers of Darktrace in the Asia Pacific (APAC) region.

Overall, I would rate it an eight out of ten. 

Darktrace learns patterns and can identify malicious behavior based on that learning. It learns what tasks users perform, what data they access, and similar activities. Unlike an EDR, which uses patterns and signatures to identify existing threats, Darktrace uses AI to learn and recognize patterns. This provides a different approach to monitoring and detecting anomalies. 

Pricing could be cheaper.

I have been using Darktrace as an end user for three years.

I rate the solution’s scalability a ten out of ten.

The initial setup is straightforward and takes a couple of hours.

We did in-house because we've got skill levels, but differently depending from time to time, depending on

The benefit is the security. You probably have a security case, an alarm system, and one or two locks. You don't rely on one security device; you have different layers. Darktrace is just one of those layers.

It is very expensive.

I rate the product’s pricing a ten out of ten, where one is cheap and ten is expensive.

I am the sole administrator and monitor of Darktrace because we have a small IT team. However, Darktrace monitors our entire organization. In a larger company with many IT departments, multiple people might monitor Darktrace and engage with it. Our finance company has a small IT department.

Darktrace adapted to the evolving landscape of cybersecurity threats by leveraging proprietary technology and machine learning algorithms. Their unique approach and cutting-edge solutions have established them as a leading company.

It's difficult to gauge the effectiveness of Darktrace because we don't fully understand how it operates; we only see the alerts it generates. If we create an event on the network, Darktrace will alert us so we know it works in those scenarios. If something new and unknown happens on the network, it's unclear whether Darktrace will detect it. We're paying a lot of money, hoping it does, as Darktrace is a proprietary technology. It might work, or it might not detect some threats. We don't have full visibility or a map of its coverage.

Darktrace can be expensive, depending on the use case. It's like comparing different types of cars: some people need a two-seater, while others need a ten-seater. Darktrace is more like a seven-seater—very specific and not suitable for everyone. 

Overall, I rate the solution an eight out of ten.

We use the product to collect and monitor my environment. It models my traffic and sends me reports. Additionally, I have the response module in place to handle critical breaches by quarantining devices. I utilize it for generating reports and analyzing data to leverage threat intelligence.

The product's most valuable features are the response module and email protection.

Darktrace is quite expensive, which can be a significant factor for organizations with budget constraints. The pricing needs improvement. 

I have been working with Darktrace for around four to five years now.

It is a stable solution. I rate the stability an eight. 

I rate the platform scalability a ten. It supports a wide range of devices and is highly scalable.

The technical support services are reliable.

Positive

With the support from Darktrace and its partners, the setup process was user-friendly and easy.

The deployment took less than a week, although the learning phase for the environment can take some additional time.

Darktrace generates an ROI by effectively mitigating threats and avoiding costs related to downtime and other issues.

The product is expensive.

Darktrace provides real-time alarms for any anomalies in my network, which I utilize for incident response. It has significantly improved our reporting capabilities and response times once we set the parameters for identifying critical threats.

The response capability is beneficial because it autonomously responds to identified threats without manual intervention, ensuring that alerts are addressed 24/7. This includes quarantining devices as needed, which adds resilience to our security operations.

There have been improvements in incident response times. Before using the response functionality, we experienced a breach last year. Now, reports highlight and address incidents more effectively, reducing response times.

Its AI technology supports cybersecurity by learning my environment and accurately responding to threats. It reduces false positives and provides accurate threat detection by understanding the behavior of my network.

It is a tool worth trying, but the pricing aspect should be considered. I rate an eight out of ten.

Darktrace is used for detecting network-based threats like ransomware in the early stage or illicit communications with external endpoints.

A very useful feature in Darktrace for real-time threat analysis is the packet inspection that analyzes the packet traffic in real time. Data acquisition is the source rather than tapping the data downstream after some processing.

Darktrace could expand into EDR (endpoint detection and response) and combine it with its network detection. They could thereby have a more holistic knowledge of the system through network information or through visibility into the operating system of the endpoints.

I have been working with Darktrace for four years.

Darktrace is a very stable solution.

Darktrace is a very scalable solution. Our clients for Darktrace are enterprise customers.

The solution’s technical support is very good.

Positive

The solution’s initial setup is very straightforward.

The solution's deployment time depends on the complexity of the network. For some huge networks, you need to tap the right resources and measure the system to acquire all the required traffic. The deployment is very straightforward in smaller networks where you have to connect to only one switch.

Darktrace is quite an expensive solution. Users need to pay a yearly licensing fee for the solution.

Darktrace has improved our client's organization's threat detection and response capabilities. Darktrace has helped users intercept and stop ransomware attack attempts in the very early stage, within a couple of minutes of its detection Autonomous response is a very good and useful feature that differentiates Darktrace from other solutions.

One person can easily maintain the solution. Darktrace easily integrates with our client's IT infrastructure solutions, like Microsoft 365, CrowdStrike, and Palo Alto firewalls. Darktrace has impacted our clients' incident response time to be very quick.

Darktrace is an autonomous solution. Users have to ensure they present all the traffic to the tool so it can intercept threats and not have hidden spots in their networks.

Overall, I rate Darktrace a nine out of ten.

We use the solution for email, network and cloud security.

The network security and AR response are the main things.

The product is expensive, but it is a very good product. The user interface is also good.

I have been using Darktrace for two years.

The product is stable.

I rate the solution’s stability a nine out of ten.

The solution’s scalability is pretty straightforward. We’ve around 3500 users using this solution.

I rate the solution’s scalability an eight out of ten.

I contact technical support on occasion and ask questions, and they are responsive. I can get them on call or email. I’m very happy with the support.

Positive

The initial setup was quick and painless.

The product is very expensive.

The product is expensive, but it is a quality product. If you look apart from the cost, it's a good product followed by very good support. If you're willing to spend the money, it is worth consideration.

Overall, I rate the solution an eight out of ten.

Our primary use case is incident response.

One thing I appreciate is Antigena Email, which is for email protection.

One of the most valuable features is Behavior analytics.

One thing I would like is for Darktrace to flag SMB traffic more accurately. Currently, it only flags that SMB traffic has occurred, but it doesn't specify which file was being transferred. This makes it difficult to investigate incidents involving SMB traffic, as we don't have concrete evidence of what was being sent.

For example, if a user is sent an unauthorized file via SMB, Darktrace would only flag that SMB traffic occurred between the two users. It wouldn't be able to tell us which file was sent, so we would have to manually investigate the incident to determine what happened.

It would be helpful if Darktrace could flag the specific file that was being transferred in SMB traffic incidents. This would make it much easier to investigate these incidents and take appropriate action.

In future releases, I would like to see more playbooks.

I have been using this solution for a year now. 

I would rate the stability a ten out of ten. 

I would rate the scalability an eight out of ten. There are five end users in our analyst team. 

The customer service and support are really good. That's one of the things that I've come to appreciate about Darktrace. 

Any concern that you give to them, they come on board and arrange a meeting where you could possibly do some practical work with them. They would take on the incident, and they would say, "Okay. Let's set this incident together."

Positive

We used Sophos. We chose Darktrace because of its reliability. Unlike other solutions that rely heavily on signature-based logins, Darktrace operates by learning the behavior of individual users. This means that what may seem normal to me could be considered abnormal for someone else, and Darktrace can effectively block such anomalies. This feature has proven to be immensely helpful.

The initial setup is very easy. I would rate my experience with the initial setup a ten out of ten, where one is difficult and ten is easy to set up. 

It took around an hour to set up. 

The deployment process is pretty self-sufficient. It handles network closure and device discovery.

One person is sufficient for the deployment process. 

The solution is quite expensive. I would rate the licensing model an eight out of ten. 

I would recommend it based on its excellent behavior analytics and AI implementation.

Overall, I would rate the solution an eight out of ten.