It's easy to set up. The deployment takes one or two days. You need to collect the data from a device and then direct it to the portal.
It's nice that we can integrate and assimilate automation scenarios and use cases for different analysis purposes.
The detection feature and the fact that Darktrace is the first landscape system that detects without using signature-based detections are the most valuable. It also provides an autonomous response. For our customers, not having to worry about a breach that might be coming without their knowledge is the most valuable. They don't have to rely on human intervention. Darktrace checks on its own and responds. Once installed, it works on its own. It hardly requires any support or goes down.
It has helped us to organize our security. We get a better overview on what is happening on the network, which has helped us get quicker responses to users. If we see malicious activity, then we can quickly take action on it. Previously, we weren't getting an overview as fast as we are now, so we can now provide a quicker response.
We appreciate the value of the AML (structured query language). We receive security intel feeds for a specific type of malware or ransomware. AML queries looking for the activity is applied in almost real-time. Ultimately, this determines if the activity was not observed on the network.
We had useful information within the hour of deployment. The ability to trace back for historical analysis, as well as the behavioral analysis done with the security information, puts the user in a position to make an informed decision to mitigate the performance or security incidents. Regarding the security incidents, Reveal (x) is able to create incident cards that guide your teams through the incidents and gives you the option to delve into the transaction detail to potentially view payloads as well.
The most valuable feature is the way it captures the traffic, and it contains every detail of the communication.