My main use case for Darktrace is to identify remote connections and abnormal connections such as FTP or any kind of RDP happening inside our LAN network or company network, where we want to verify the data transfers and check if any abnormal user is transferring data through the network to the outside, or any kind of suspicious activity.

One specific example of a situation where Darktrace helped me spot something unusual is when one of the employees tried to copy some of his data to the outside. He is a developer trying to implement an application in a cloud environment, and while he was copying his file from inside our network to a cloud network, we got an alert, which we considered significant because he had not done it earlier, as it was an initial step in his developing environment. Because of that alert from Darktrace, when we checked with him, it was actually a legitimate activity.

Darktrace impacts my organization positively by providing us with a better understanding of abnormal activities detected among users.

The positive impact includes helping us identify a lot of transfers and abnormal activities, as some users try to perform RDPs inside our network, using LAN for different desktops or laptops, making it quite useful to identify users, especially those from a non-technical background.

In my understanding, the best feature Darktrace offers is the identification of copying files, which acts as a DLP, and it is a main concern for companies because users sometimes copy data outside without knowing, especially those without a technical background.

When I mention the DLP-like feature and file copying detection, the alerts have been very timely, as we get an alert within a couple of minutes, which is excellent. Even if some developers are working after hours and copying files, our SOC team detects this, and most of the time they call us so we can identify the users. The alerts are quite accurate and proactive.

As of now, I feel Darktrace can be improved to better detect end device activities, such as laptops or desktops, to bind it with our network.

I have been using Darktrace for around two years.

Regarding scaling, we initially planned for 2,000 to 4,000 devices, but we did not add any additional licenses for more devices after implementing Darktrace.

The customer support from Darktrace is good. We reached out to them a couple of times to check on some features, and they helped us very effectively.

Integrating Darktrace with our existing security tools was not difficult at all. We simply SPAN our core network port into the Darktrace side, and we did not face any difficulties at that time.

In terms of the interface and reporting, I believe Darktrace is good. I have also worked with ExtraHop, and compared to them, I feel Darktrace is way ahead, so I do not have any improvement suggestions for reporting views.

Darktrace is a very good tool, and we introduced it after we had an incident in a previous company, where we faced an attack and that is when we introduced this tool, which helped us identify a lot of abnormal activities, mainly from our developing team. My company is quite large with around 8,000 employees and they are developing a lot of things without our knowledge.

Although I do not have exact numbers, I can say that our security posture has improved a lot since implementing Darktrace, especially as our SOC team monitors the activities and we communicate with users about the need to stop certain activities.

During my time at the company, we did not find any zero-day threats or unusual attacks, but we noticed certain abnormal activities done by users.

My advice for others looking into using Darktrace is that for large-scale companies with huge teams, especially developers working separately from the system teams, it is crucial to implement security measures, as sometimes the most vulnerable positions come from those in technical backgrounds who can create security loopholes. In such environments, having tools Darktrace is essential to improve the organization's security posture without compromising their reputation. I would rate this product a 9 out of 10.

Regarding the autonomous response feature, I appreciate how it functions within the platform.

Based on my experience, I believe the solution could be improved in some areas, and there are certain drawbacks that I have encountered.

I have been working with Darktrace for approximately one to one and a half years or longer.

In general, I would say that the interface of Darktrace is intuitive enough, and it aids in understanding threat landscapes and attack paths.

Regarding scalability, I would rate it eight points.

If asked to rate Darktrace support on a scale from zero to ten where ten is the best, I would give them five points.

Regarding the installation and initial setup, I found it to be straightforward rather than complex.

Concerning pricing for the product, I would say it is somewhat expensive.

I have rich experience with many tools including Vectra, Cisco firewall, and Check Point.

The typical use case for Darktrace is for threat vector scanning, detecting any unusual activity, and anomaly detection. Apart from that, it is very helpful in incident response.

The features I find most effective in Darktrace include anomaly detection. The machine learning model provides accurate alerts after the learning period of 1 or 2 weeks, especially for network anomalies or something that the user is trying to access, which can include trying to visit unknown sites or botnets, and those things get detected and represented in a very good dashboard.

Darktrace positively impacts my organization by enhancing threat hunting, particularly in east-west traffic within the same subnet. Previously, we only used traditional firewalls that cannot catch this lateral traffic. After deploying Darktrace, we gain insights into machine-to-machine communication, which adds more value to the organization and is especially beneficial for the SOC team.

In terms of improvement for Darktrace, pricing is the main concern. Pricing bothers me and this is one of the major factors when choosing a solution. When we get feedback from customers, that's the only felt need. When we factor in Darktrace, we do it only limited. We put it on where the perimeters and connections are, but still, some gray areas are left out, especially if we have multiple branches. We need Darktrace on each branch to get the data out, and I suggest having some kind of a centralized product that gets data from multiple sources to aggregate and provide the data.

I have been familiar with Darktrace for the last 5 to 6 years.

In terms of the speed and effectiveness of Darktrace's automatic response, it gives clear alerts whenever anomalies happen on the network, enabling us to catch them on the fly. However, some of the rules generate false positives, especially with system calls, which get incorrectly marked as anomalies. These are actually system call integrations that need fine-tuning based on our environment integrations.

Regarding Darktrace's capability to adapt and recognize abnormal activities through machine learning and AI, sometimes a password expiration prompts the user to connect to different sources to get the new password changed. During that time, it picks this up as abnormal activity when connecting to LDAP during off-business hours. This is an example of how it detects what it considers an anomaly, since user authentication typically happens during business hours.

Regarding overall stability, Darktrace is a stable product, and I have no complaints from customers wherever it is deployed.

While considering if Darktrace is scalable, I note that there are storage limitations, where the planned capacity can sometimes be overutilized. There is still a gap in terms of storage, and we are trying to figure out how to increase that capacity for regulated environments, which require data retention for 5 to 6 years.

I can rate Darktrace's technical support as one of the best products in the world. We have seen satisfaction reflected on our customers' faces after deployment when they start seeing the data and the dashboard, and they often express surprise at the network traffic visibility that Darktrace provides.

I would rate the technical support of Darktrace between 6 to 8, as the support is good and we receive timely assistance whenever we raise an issue.

Before working with Darktrace, I did not use any similar solution in the same category. Earlier, I was using something called decepters, and my organization may have explored different products, but I learned about network detection and response through Darktrace about 5 to 6 years ago.

Deploying Darktrace is quite easy and plug and play, wherein all we need is to put it in a data center, rack up, and do some switch configuration. The learning would take a week time, and once the data gets populated, we get a very good dashboard.

For deploying Darktrace, I would require 3 to 4 people. We would require a data center person to assist in racking and mounting this, and some network engineers would make this configuration to spend the data ports.

When considering return on investment for organizations using Darktrace, the disadvantage lies in having to use a physical appliance. Running a quick POC is not possible since the hardware has to be shipped from the UK or elsewhere, but other NDR solutions provide virtual appliances that can be deployed on virtualization servers to get up and running quickly.

In terms of setup and licensing costs, Darktrace is on the pricier side compared to similar solutions in the NDR market. Other NDR solutions are also on the higher side, but Darktrace stands out as a bit higher. Competitive pricing would certainly help me as a system integrator to convince customers.

I did not evaluate other options when looking into Darktrace, but some customer preferences led us to consider other NDR solutions, such as 40 NDR. Our customers had a Fortinet setup with various products, and they preferred the 40 NDR for proprietary visibility when collecting logs from Fortinet devices.

We are using the latest version of Darktrace. I have not used Darktrace's Enterprise Immune System. Antigone is the feature of Darktrace that we have recently experienced. At the moment, I have not encountered a situation where Darktrace's self-learning capabilities reduced the risk of data breaches, but it performs very effectively overall. It requires some time to adapt; initially, when we deploy, it takes weeks. On a scale of 1-10, I rate Darktrace a 9.

My current use case for Darktrace is network detection and response.

The functions I find most valuable in Darktrace are the AI analyst as well as the detection.The autonomous response capabilities of Darktrace are not crucial for me because it doesn't work in a network where there are no core switches. In a modern network, the autonomous response doesn't work, especially when sitting in a shared data center.If I'm running a traditional network where I am not in a shared data center with a layer two dedicated for my resources, then it can work for me. However, if I am in a data center where I don't have layer two, it becomes an issue because the autonomous response is reliant on sending spoofed TCP resets to my core switch to block traffic, which is a major issue.

I am uncertain what would make Darktrace better because of the autonomous response issue. In a shared environment, it doesn't work, and there are still some integration issues. They say they can integrate with most firewalls, but when we did an integration with Meraki MX firewalls, that integration didn't work and still doesn't work to this day.

I've been working with Darktrace for more than five years.

For stability, I would rate Darktrace an eight out of ten.

For scalability, I would rate it an eight out of ten because they integrate with many technologies.

The technical support from Darktrace is very good, including support from their resellers. We worked with Grove, who are with 360 Integrity now, and they are quite good.

The initial setup process for Darktrace is complex because I need a network technician or engineer to configure the span port on my core switches, and I need assistance to choose which VLANs I want to ingest traffic from. Beyond that, everything is easy; the management of Darktrace is quite easy. Making exclusions is easy, and investigating within the platform is quite easy. However, the initial setup becomes complex due to the requirement of getting someone to create the span, and needing a dedicated span for Darktrace on the switch.

The main competitor of Darktrace at the moment, based on how long they've been in the market, would be Vectra. Vectra does a similar thing, but Darktrace would beat Vectra based on the algorithms that Darktrace is using because Darktrace's algorithms in terms of AI and ML are quite good.Cisco is also coming with some technologies such as Cisco Secure Analytics, network analytics, and Cisco Secure Cloud Analytics. That technology is quite good because if running mainly on Cisco, such as SD-WAN Meraki devices with remote workers using Cisco Umbrella or AnyConnect, pulling data from them and pushing it into an XDR or Secure Analytics can be quite effective, providing reachability, visibility, and scalability.

Regarding the number of IPs monitored using Darktrace, they provide licenses that allow monitoring of around 16,000 IP addresses, and they give a buffer. Monitoring is possible for as many devices as long as they are in line with the traffic. However, devices that are not in line with the spanning won't be visible, which means there is no visibility.My recommendation for Darktrace would be based on the kind of network someone is running. If someone is running a network where they have dedicated layer two switches, I would most definitely recommend Darktrace as it's a good product. However, if someone is running in a shared environment where they share the layer two with other customers in that data center, then Darktrace wouldn't be suitable.For an overall rating, I would give Darktrace an eight out of ten.

I use Darktrace for incident response and detection within my organization.

The AI analysis and AI investigation features are incredibly effective. I do not need to manually process incidents as Darktrace provides an incident summary, potential detection paths, and other details, all exportable with just a click. The tool is very powerful and saves a lot of time. The autonomous response technology eliminates the need for human intervention by automatically handling incidents even during off hours.

Updates keep coming, which is great, but I prefer a unified UI experience. The intelligence section and the incident view should be seamlessly connected in one view to avoid jumping between pages. This integration would make incident management more intuitive.

I have been working with Darktrace for one year and two months.

The technical support is excellent. Any queries I have logged are responded to efficiently, and my cases are promptly managed and resolved.

Before using Darktrace, I worked with NetWitness and RSA NetWitness.

The licensing cost is approximately eight dollars a year. The cost is reasonable considering the unique capabilities and features Darktrace provides. The support is included, and any issues I have are addressed through logged cases.

I would 100% recommend Darktrace. The product is autonomous, detecting and preventing threats effectively, unlike many competitors that are stuck only at detection. The visuals and the conceptualized views for connections greatly assist in threat analysis. My rating is eight out of ten.

We use Darktrace for network detection and response, specifically for monitoring the network for any malicious activities, anomalies, and lateral movements.

The autonomous mode, which is the Antigena AI response, is particularly valuable. It is capable of responding to lateral movement and ransomware deployment within environments where there is data exfiltration. For example, if more than 2.5 gigabytes of data have been pulled in a few minutes, it engages by blocking for one-hour intervals, alerts, and extends the block until it goes into full isolation if the violation continues.

I have observed a product called LinkShadow, which has more modules of integration and consolidates everything into one dashboard, such as authentication monitoring. Darktrace could improve by integrating with email security gateways like Mimecast or Ironscales. In LinkShadow, this is referred to as mesh technology. Additionally, the Darktrace dashboards are not easy to navigate until one becomes familiar with them.

I have used this solution for the past four years.

There was no mention of specific deployment issues, but the deployment took within a week.

I would rate it a ten. The only time it has been unstable was due to network links going down where other probes were deployed. The appliance itself has never let me down.

I would rate the scalability a ten.

I would rate it a nine. The challenge lies in waiting for a response after logging a ticket. Sometimes it requires back-and-forth responses before having an actual conversation with technical consultants via calls or video conferencing.

Before using Darktrace, we never had a different solution. We did not have a network detection and response tool.

The initial setup is straightforward. The machine needs time to learn the environment before entering active mode. It needs to learn traffic flows and what is considered normal before activating full autonomous mode.

We worked directly with Darktrace for the implementation.

The pricing is costly in USD, and they charge based on device counts. Other network detection and response solutions use module-based licensing with unlimited device connections, but Darktrace charges based on the number of devices ingesting data.

We tried LinkShadow and considered Cisco Secure Network Analytics, but pricing was an issue there, so we never ran a proof of concept for it.

I would recommend Darktrace and rate it a nine. I have not evaluated many other competitors, other than LinkShadow, considering our budget constraints.

I use the solution as a network detection and response platform for security purposes.

The features that are most valuable to me include detection, response with analytics, and network detection. These features are particularly effective because they provide comprehensive security analytics. Additionally, the analytics aspect is highly appreciated for its effectiveness.

I do not use the automation response since I have another product handling automation. Furthermore, I believe that the reporting needs enhancement for better performance.

The presence of sales representatives in my country needs improvement. There is no dedicated salesperson in Egypt, and having one would help to improve focus on this market.

I have been using the solution for almost two years.

I rate the stability as nine out of ten, indicating it is very stable.

I rate the scalability as nine out of ten, demonstrating its capacity to expand effectively.

The technical support is good. The response time and quality are satisfactory, and I am satisfied with the support provided.

The initial setup is very simple and was executed in-house by our team without requiring consultants or integrators.

The implementation was done with our own team.

The product is considered expensive compared to others.

Vectra and Nextcloud are the main competitors. Among these, I prefer Darktrace due to its stability, security, and excellent analytics.

I highly recommend the overall solution to other users and rate it as nine out of ten.

The primary use case for Darktrace includes network monitoring, endpoint monitoring, and email scanning. I integrate it into our cybersecurity strategy and use it to monitor everything happening on the network.

The organizational value of Darktrace is primarily in protecting the business. It ensures that we are prepared against attacks, providing significant security value.

The most valuable feature of Darktrace is its ability to detect and counter threats before they occur. The autonomous response capability is always enabled, blocking threats immediately without hesitation.

Additionally, the Darktrace email platform is a significant asset since it addresses incoming threats before they reach the network, enhancing our security measures.

Protecting the business is essential, and ensuring security through 24/7 AI monitoring is invaluable.

Even before I think about any improvements, Darktrace is proactive by bringing out updates and new features every quarter.

However, the one downside is the pricing, which is quite high.

I have been working with Darktrace for four years.

The stability of Darktrace is excellent, rated ten out of ten. I have never experienced downtime with the system. Even if it goes down, we have other systems in place, although those will not be as fast.

The scalability of Darktrace is rated eight out of ten. It monitors everything as long as endpoints are licensed. Since it's cloud-based, it expands easily.

Darktrace provides excellent technical support with a monthly meeting to review platform incidents, ensuring the system functions as expected. I would rate their customer service at nine out of ten.

I did not use any other solutions before Darktrace.

The initial setup can be rated as seven out of ten. The main challenge was time as the system takes about three to six months to learn the network before it becomes fully effective.

The deployment process heavily relied on Darktrace's team, as they did most of the heavy lifting. Only two team members are currently needed for ongoing monitoring.

The organizational value gained from Darktrace is securing the business against potential threats. A tangible return on investment is only noticeable if facing an actual cyber attack.

The pricing is quite high, estimated at around $350,000 per year. I rate the pricing component at eight out of ten.

There was no alternative when we chose Darktrace; it was the only viable option available in the market at that time.

For new users of Darktrace, it is important to be patient and set up the system properly. Follow Darktrace's advice throughout the setup process, which is crucial for effectiveness. Overall, I rate Darktrace at eight out of ten.

The primary use case for Darktrace is to gain full visibility into the network traffic. Darktrace provides complete packet capture and metadata analysis, unlike other solutions that offer only specific metadata. This comprehensive view allows for better assessment and monitoring of the network environment.

Darktrace is valuable since it offers full packet capture and detailed metadata. This feature sets it apart from competitors, which often provide limited metadata visibility.

Additionally, the interaction with the technical team is seamless, and communication with the account manager is flexible and easy.

The management dashboards and the meter dashboards should be more user-friendly and simple to use for easy management.

I have been using Darktrace for three months.

Darktrace is very stable, and I would rate its stability a ten out of ten.

Darktrace has high scalability, and I would rate it a nine out of ten.

The technical support from Darktrace is of high quality, and I would rate it a nine out of ten.

I previously checked with different solutions.I decided to go with Darktrace. However, it offers complete packet capture and metadata, unlike other vendors.

The initial setup was straightforward, however, there were some connection issues when deploying the VM on the cloud. Overall, the setup process was easy.

The deployment and implementation were carried out in-house by our technical team.

Darktrace initially had a high price. After negotiation, we received discounts. Despite the discounts, it is still considered expensive.

I would recommend Darktrace to others as it provides detailed metadata and full visibility of the network environment.

I rate Darktrace a nine out of ten overall.

I am using it for network and email security. I am a systems administrator overseeing cybersecurity at Alpha International Company Limited. We have been using it for about two years, focusing on the latest version.

Implementing this solution has given us confidence that we are secure. It has improved our network security and email filtering, significantly reducing spam. Overall, it has had a positive impact on our organization's IT operations, providing a comfortable and secure environment.

The most valuable features are the AI and advanced learning tools that distinguish it from other products.

There are still some issues with the network capturing or blocking traffic even after implementing exceptions. It requires more learning in this area.

I have been using the solution for two years.

I would rate the stability as a nine out of ten. It is very stable.

The product is scalable, and I would rate it as a nine out of ten for scalability.

The customer support is good and they are responsive. I would rate them an eight out of ten.

I used Barracuda before switching to this solution.

The initial setup was straightforward.

I led the implementation within my company, with support from them. There was no third-party service involved for training or support.

Using this solution provides financial benefits by securing from server attacks, which offers indirect savings. The percentage of budget savings can range from 30% to 40% for online businesses and five to ten percent for in-house processes.

The price is competitively good, although it is a bit on the higher side. I would rate the price a seven out of ten.

We evaluated a couple of other products, however, this one suited our pricing and network flexibility.

I would recommend this product to online businesses and infrastructures with more than 250 users.

I'd rate the solution eight out of ten.