Darktrace Competitors and Alternatives

Get our free report covering Cisco, CrowdStrike, Vectra AI, and other competitors of Darktrace. Updated: April 2021.
502,856 professionals have used our research since 2012.

Read reviews of Darktrace competitors and alternatives

SW
Operational Security Manager at a financial services firm with 1,001-5,000 employees
Real User
Top 10
Using Recall and Detect we have been able to track down if users are trying to bypass proxies

What is our primary use case?

Vectra was deployed to give us a view of what is happening on the user network. It helps us to check what is being done by users, if that is compliant with our policies, and if what they're doing is dangerous. It covers cyber security stuff, such as detecting bad proxies, malware infections, and using packet defense on strange behaviors, but it can also be used to help with the assessment of compliance and how my policies will apply. We also use Vectra to administer servers and for accessing restricted networks. There are on-prem modules, which are called Cognito Detect, the NDR/IDS solution… more »

Pros and Cons

  • "The most valuable feature for Cognito Detect, the main solution, is that external IDS's create a lot of alerts. When I say a lot of alerts I really mean a lot of alerts. Vectra, on the other hand, contextualizes everything, reducing the number of alerts and pinpointing only the things of interest. This is a key feature for me. Because of this, a non-trained analyst can use it almost right away."
  • "The key feature for me for Detect for Office 365 is that it can also concentrate all the information and detection at one point, the same as the network solution does. This is the key feature for me because, while accessing data from Office 365 is possible using Microsoft interfaces, they are not really user-friendly and are quite confusing to use. But Detect for Office 365 is aggregating all the info, and it's only the interesting stuff."
  • "Vectra is still limited to packet management. It's only monitoring packet exchanges. While it can see a lot of things, it can't see everything, depending on where it's deployed. It has its limits and that's why I still have my SIEM."
  • "The main improvement I can see would be to integrate with more external solutions."

What other advice do I have?

Do not be afraid to link Vectra to the domain controller, because doing so can bring a lot of value. It can provide a lot of information. It gets everything from the domain controller and that is very efficient. You don't need any specialized skills to deploy or use Vectra. It's very intuitive and it's very efficient. We are in the process of deploying the solution’s Privileged Account Analytics for detecting issues with privileged accounts. We are using specific accounts to know whether they have reached some servers. It's quite easy with all these tools to check whether or not a given access…
JG
Head of Information Security at a engineering company with 10,001+ employees
Real User
Top 10
Gives us network layer visibility into things that may not be covered by other monitoring tools, such as shadow IT

What is our primary use case?

One of the interesting things that made us lean towards going with Awake was that it fulfilled a couple of use cases. One was the core NDR functionality. We wanted it to be able to monitor our network traffic and alert us on security-relevant events. Another request we had was that because our security team was pretty resource-constrained, we wanted a solution that could provide an in-house managed service for monitoring it, as a partner. Awake was able to provide that, with their MNDR team. and that was something that we found pretty valuable.

Pros and Cons

  • "The query language that they have is quite valuable, especially because the sensor itself is storing some network activity and we're able to query that. That has been useful in a pinch because we don't necessarily use it just for threat hunting, but we also use it for debugging network issues. We can use it to ask questions and get answers about our network. For example: Which users and devices are using the VPN for RDP access? We can write a query pretty quickly and get an answer for that."
  • "One concern I do have with Awake is that, ideally, it should be able identify high-risk users and devices and entities. However, we don't have confidence in their entity resolution, and we've provided this feedback to Awake. My understanding is that this is where some of the AI/ML is, and it hasn't been reliable in correctly identifying which device an activity is associated with. We have also encountered issues where it has merged two devices into one entity profile when they shouldn't be merged. The entity resolution is the weakest point of Awake so far."

What other advice do I have?

One thing to be aware of, for someone else using Awake, is to be ready, at the beginning, to clearly define what is expected network activity and what is not. That helps both teams. For us, it has been an interesting challenge because our network is quite complex. In the life sciences, we have pretty varied environments for physical manufacturing, R&D, and SGNA. It spans the whole gamut. What helps in that environment is being very clear, up front, about documenting and giving context to the Awake MNDR team about which devices are domain controllers and the kinds of traffic they should expect…
AA
Director Network Services at a consultancy with 1,001-5,000 employees
Real User
Provides never-before-seen data and intelligence using the encrypted traffic analysis feature

What is our primary use case?

Our primary use for this solution is to help protect against threats on our network.

Pros and Cons

  • "The most valuable feature is having visibility into the data segments throughout our network."
  • "I would like to see more expansion in artificial intelligence and machine learning features."

What other advice do I have?

This is a very good tool, although it is just one piece of our security. We have other security tools that we use to help detect threats. The amount of information that this product gives us for detecting threats is very valuable, and we don't have another product like this in our environment. Threats can take down a company, so this is something that we like, and need. All companies should have a solution like this. Firewalls and IPS systems, along with other security tools are valuable, but they do not have the particular functionality of this one. My advice for anybody implementing this…
JM
IT Manager at a financial services firm with 51-200 employees
Real User
Top 10
Useful filters, reliable, and customer support helpful

What is our primary use case?

We use the solution for traffic filtering, security, and antivirus capabilities.

Pros and Cons

  • "I have found the filter and the antivirus to be most valuable."
  • "The user interface needs some improvement, it is a little rudimentary and not very intuitive."

What other advice do I have?

For those wanting to implement this solution, I was advice before deploying the solution, understand exactly what you want it to do for you. The product has a couple of different capabilities, do you want to expand, or you may not want to expand. These are scenarios that you have to take into account. I would not recommend the solution for small organizations, it would be too time-consuming for that. I rate Cisco NGIPS an eight out of ten.
ÖA
Technology Consultant at a tech services company with 51-200 employees
Consultant
Good Ecosystem, and easy to manage

What is our primary use case?

We are integrators. We work on integrated systems. Our clients use this solution to know what is happening in the network and to analyze it.

Pros and Cons

  • "I like the sales operations testing. and support."
  • "I would like to see integration with third-party tools to improve the visibility of the dashboards."

What other advice do I have?

For others who are interested in using this solution, I would recommend it. I like working with this solution. I would rate Trend Micro Deep Discovery Inspector a nine out of ten.
Get our free report covering Cisco, CrowdStrike, Vectra AI, and other competitors of Darktrace. Updated: April 2021.
502,856 professionals have used our research since 2012.