What is most valuable?
Once installed, it starts picking up and learning the network very well because it's got a powerful AI integrated into it.
The user interface is very intuitive.
The Dynamic Threat Dashboard is very nice, as it lists all of your threats and rates them, and then you can choose whether to investigate further.
This solution has some good features for customization in terms of how you're tagging your network, which basically makes it easier to identify what is actually happening. You can see where the traffic is going, where it is coming from, and that sort of thing.
Darktrace has quite a few inbuilt features such as its own packet analysis module, which is an offshoot of Wireshark.
This solution has some powerful APIs, although we do not use that functionality at the moment.
What needs improvement?
This is quite an expensive product so the pricing is something that can be improved.
For how long have I used the solution?
I have been using Darktrace for between two and three years.
What do I think about the stability of the solution?
We've seen no major problems between the master and slave devices in our architecture.
What do I think about the scalability of the solution?
Darktrace is definitely scalable. We started off with a single device monitoring a single site and we progressively added more sites with different devices in a master/slave architecture. The more we've added, we've had to re-think a little bit, but overall the scalability is excellent.
We have ten security analysts who are using this solution.
How are customer service and technical support?
The Darktrace technical support is very good.
Which solution did I use previously and why did I switch?
We started off with Darktrace. It was based on a decision from somebody in the business who had previously used it.
Personally, I have used a few other solutions and with respect to the interface, you probably couldn't get more intuitive than Darktrace.
How was the initial setup?
Darktrace is very easy to set up. Even our basic technical people are able to do it. It's almost like plug and play. There is some basic configuration to do, but it's nothing major.
I would say that most technical people can do the majority of the setup.
What about the implementation team?
We were granted access to all of the documentation and information from Darktrace, so we did the implementation ourselves. There may have been one or two areas that we had to go back to Darktrace directly to get clarification on, but there was no third-party partner or reseller involved.
What other advice do I have?
We're very pleased with Darktrace so it is a bit difficult to pinpoint areas for improvement. It covers all of our needs and from what I can see, it does the basics very well. There are many advanced features, also.
This is a solution that I definitely recommend. It offers a proof of value rather than a proof of concept, where they run the tool in your network, let it learn and then catch any vulnerabilities. Then you will actually see the value of the solution, either potentially blocking any exploitive threats or not, but its a really good thing to go through. To do this, I think that you have to go through an actual partner unless you're in a location where Darktrace has a physical office. In any event, I strongly recommend going through the proof of value to see if you like it. If there is a charge then it is definitely worth it.
I would rate this solution an eight out of ten.
Which deployment model are you using for this solution?
Which version of this solution are you currently using?