We compared Abnormal Security and Darktrace based on our users reviews in six parameters. After reading the collected data, you can find our conclusion below:
Comparison Results: Based on the comparison between Abnormal Security and Darktrace, Abnormal Security offers easy setup and seamless integration with Office 365, whereas Darktrace's setup can be difficult and time-consuming. Abnormal Security specializes in catching spear phishing attacks and has AI-based spam filtering, while Darktrace focuses on detecting threats and vulnerabilities using AI-driven capabilities. Abnormal Security could improve by addressing email slip-through and finding more partnerships, whereas Darktrace could enhance its false positive reduction and simplify configuration. Pricing-wise, Abnormal Security has fair prices and excellent customer support, while Darktrace's pricing and licensing model could be more flexible and support could be improved in certain areas.
"At the moment we are satisfied with this product. It's a stable, scalable, and resilient solution for us."
"There are several features that I consider valuable."
"The benefit that stands out to me is the ability for multiple individuals to collaborate simultaneously within the same document. Additionally, there is the option to save the document directly in the integrated OneDrive or SharePoint."
"The initial setup is straightforward. You just add the license, click it, and then you can set up the rules. It is quite simple."
"Microsoft Defender for Office 365's most valuable feature is its performance."
"Microsoft Defender for Office 365 has improved my organization's security. It makes it easier to manage the infrastructure without the help of third-party applications."
"The initial setup was easy."
"Microsoft Defender has a feature to protect each and every attachment. Even if it's an encrypted attachment, it will check for any potential threats."
"Ease of use is undoubtedly one of the most valuable features of Abnormal Security."
"One of the things that I love about them is that the setup and installation are super easy. All you do is give them access to your Microsoft 365 tenant, and through APIs, they are able to do their work. They are doing all this through APIs, so you do not have to install the software and take a month to get it all set up to even see the value of the solution. You could be up and running in less than an hour."
"Their ability to take things out of the mailbox and catch things much faster than users is excellent."
"What I like about Abnormal Security is that it notifies me if any of my partners or suppliers are experiencing a security breach by analyzing their database and identifying potential cyber threats."
"It does some really cool stuff that other tools aren't doing. We found it to be really effective, and the AI/ML functionality is really what differentiates them."
"Initial auto-remediation allows us to auto-remediate before the email lands in the end user's inbox for a split second."
"The features that appeal to me most are the combination of auto-remediation and Detection 360."
"I have never encountered any stability issues with Abnormal."
"The product offers us a very good user interface and we've found the network visibility to be very good so far."
"It provides a comprehensive, detailed view of network activity and whatever is happening inside it."
"I like the Antigena feature in Darktrace, as it offers immediate response and is helpful."
"The most valuable feature of Darktrace and the most valuable feature is the artificial intelligence module because that is the tool that determines automatically if there is any risk or not in the network."
"The ability to detect activity on the network is very useful to us. Even if it's not necessarily an illegal activity, if it is abnormal activity, it is able to detect it and notify us."
"It is a very simple product to use."
"Technical support is helpful and responsive."
"Darktrace is very useful for us because it has a large number of models for detecting threats."
"Microsoft Defender for Office 365 could improve by giving customers information on techniques to prevent threats. For example, information about best practices on how to protect their own devices against hackers and scammers, such as educational information or training. This would help others have a better understanding of cyber security. Additionally, there can be more security features added."
"You should be able to deploy Defender for every subscription without the need to add servers."
"We need to be able to whitelist data at the backend."
"The XDR dashboard has room for improvement."
"One area for improvement is support, in terms of being able to reach them and, especially, technical support for configuration."
"Microsoft Defender for Office 365 should be more proactive."
"Microsoft Defender for Office 365 must improve the overall management style, including the GUI. It also needs to change the filters so that it is easy to whitelist and blacklist data."
"The visibility for the weaknesses in the system and unauthorized access can be improved."
"There could be room for improvement in enhancing integration with other cybersecurity tools."
"When we're working on something as engineers, and we find an idea or a method of doing something that would be greatly improved by doing it another way, there should be an ability for me to click the ideas button, type in an idea that I have, and submit it to a product review team or developers to have them think through the process a little bit more."
"One feature I'd love to see is outbound scanning."
"The pricing for academic institutions and student mailboxes is challenging."
"The biggest pain point for us is the lack of support for on-premise email systems."
"The ideal scenario would be for Abnormal Security to work in tandem with Microsoft to analyze incoming emails."
"I would like to have the ability to customize the auto-remediation feature."
"I, as such, do not have anything that I do not like or would like to add, but you could argue that because they are doing it API-based, there is a chance that something could slip through temporarily before they are able to pull it out. In theory, it could happen just because of the nature of the system. They are not in line with the delivery of the mail. They are kind of asynchronous, which is a pro as well as a con. If it is synchronous, then I know it would always stop them, but because it is asynchronous, things could get through temporarily or because of some system issues on the Microsoft side or their side. It is the nature of the beast, but it is a little bit of a con."
"Its threat analyzer could be better. It should also have agents. They should improve this product by installing agents for the machine to get more visibility. Currently, they are monitoring only the network. They should also monitor the agents from inside. It should also have a better pricing plan because it is an expensive product."
"They just need to work on their price. In terms of features, we are trying to understand all the features that we have. We're still exploring everything that we have so that we can fully utilize it. At this point in time, it is not about the features. It is more about utilization. We're just trying to utilize everything to full capacity."
"I would like to see some additional enhancements."
"One thing I would like is for Darktrace to flag SMB traffic more accurately. Currently, it only flags that SMB traffic has occurred, but it doesn't specify which file was being transferred. This makes it difficult to investigate incidents involving SMB traffic, as we don't have concrete evidence of what was being sent."
"Its documentation is not up to the mark. At times, I have a lot of trouble finding a solution. Even when I posted questions on the community chats, it took a lot of time for me to get answers. That's something that can be improved. Darktrace can focus on creating a more interactive community. If there are more people from Darktrace to focus on community chats, it would be better."
"I did not use the AI features because they should make it more user-friendly which would be a benefit. Additionally, the solution could integrate with more SIEM or SOAR tools."
"In terms of improvements, fine-tuning is the area where we have to spend some time because it works on unsupervised machine learning. It would be good if they can improve their algorithm or technical functionality to reduce the fine-tuning effort. They can also come up with something at the endpoint level. So far, Darktrace has been a network detection response (NDR) solution. It does not offer much at the endpoint level or on user-client devices or servers. There should be more visibility at the endpoint level. It would be good to have the detection and response at the endpoint level by Darktrace. It should also have integration with an agile environment so that we can have continuous development and continuous integration in the application development environment. This is currently not there. It should also have internet-facing platform visibility, which is currently missing. They also need to improve the reporting and management dashboards. Currently, these are not so easy for a non-technical person. All these features would make Darktrace much better, and they would also be helpful in selling more solutions."
"One thing that I would like to look at going forward is to have a fully automated network infrastructure that is monitored automatically real-time, and that gives me this kind of capability where I would be able to look at my network at any given time and see the state of my network. With Darktrace, at the moment, I have to almost put in a date and tell them that want you to give me data from this date to this date. I don't want that. I want a fast solution in which it doesn't matter when I log into the application. Whenever I log in, I must be able to see my network and run a report. In other words, if I go in now and I say, "Give me a full report of what happened today, it must be able to give me that. It mustn't just be limited to a seven-day period, for argument's sake. It must be able to give me real-time and day-to-day tracking of what has happened within my network."
More Microsoft Defender for Office 365 Pricing and Cost Advice →
Abnormal Security is ranked 12th in Email Security with 8 reviews while Darktrace is ranked 11th in Email Security with 65 reviews. Abnormal Security is rated 9.6, while Darktrace is rated 8.2. The top reviewer of Abnormal Security writes "Provides comprehensive email security management, effective in detecting a wide range of email threats". On the other hand, the top reviewer of Darktrace writes "Great autonomous support, offers an easy setup, and has responsive support". Abnormal Security is most compared with Mimecast Email Security, Egress Intelligent Email Security, Cloudflare Area 1 Email Security, Avanan and Barracuda Email Protection, whereas Darktrace is most compared with CrowdStrike Falcon, Vectra AI, SentinelOne Singularity Complete, Cortex XDR by Palo Alto Networks and Cisco Secure Network Analytics. See our Abnormal Security vs. Darktrace report.
See our list of best Email Security vendors.
We monitor all Email Security reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.