What is our primary use case?
Generally, we use Darktrace for behavioral analytics. We use it in the inner-network and the outside network for malicious connectivity. Darktrace gives us support with networks. We follow all the notifications and sometimes we block malicious IPs from the firewall.
What is most valuable?
Its most valuable feature is its ability to identify malicious connected IPs from outside and the attacks that get through to the inside.
What needs improvement?
Darktrace needs to simplify most of the positive reports. We have to field all the positive reports, false positives, too. Sometimes we need to check false positives manually. We have to filter false positives. After that, we configure it again. Then, we want to analyze these false positives. That's the main thing. If we are assessing features, this should be easier to handle.
Darktrace needs to automate the reports of false positives, botnets, and everything.
So far, I think the solution is good. Not excellent, good.
For how long have I used the solution?
I'm using Darktrace about two years.
What do I think about the stability of the solution?
The stability of the solution is fine.
What do I think about the scalability of the solution?
In terms of scalability, it is ok.
It's a behavioral analysis solution, so we are not actively using it. We analyze all the user traffic from the Darktrace. That's the main thing.
There are about 3,000 users. All the 3,000 user traffic is going through Darktrace.
We don't do the maintenance for Darktrace. My vendor is maintaining it since we got the product from them.
We are analyzing attempts to connect to them. After that, if you want reports, they provide them. We have a service and everything with the vendor. Then, if we have any requirements, they do it for us. The solution is working all day and my team is analyzing two hours for that.
How are customer service and technical support?
In terms of technical support, if you raise some complaints, they tend to everything with user traffic within three or four hours. They provide the solution then we implement it.
Which solution did I use previously and why did I switch?
Before using Darktrace I was using FireEye, but I switched because FireEye is very expensive and they do the same thing. It provides the same thing, except that DarkTrace has a different solution for the firewall, email filtering and everything else, and Darktrace is doing everything in a single box.
How was the initial setup?
The initial setup is simple. It only takes three or four days. But we need to identify one to three traffic behavioral analysis, after that we can find the lead.
What about the implementation team?
My team handled the deployment. They did everything. After that, they give me a report, which I then go through.
What's my experience with pricing, setup cost, and licensing?
We are doing a monthly cost-basis. It's about 500,000 NKR because we are the first to implement it in Sri Lanka. We worked out direct pricing from Darktrace UK. After that, we selected a vendor in Sri Lanka. But the thing is, we are the first implementation here. I think they are actually undercharging and giving us the solution first because they want a reference from us since we are a bank in Sri Lanka. That's why they are doing it like that.
There are no additional costs besides the license, except the 15% rate to the Sri Lanka government.
What other advice do I have?
Based on our experience with DarkTrace, I would advise that if they are comparing prices, ROI and everything, I think Darktrace is better than FireEye.
On a scale of 1 to 10 I can rate it a 6. I give it a 6 because it's been a year learning everything, and technology, attacks and patents are changing everyday.
Which deployment model are you using for this solution?