Co-Founder & Managing Director at a comms service provider with 1-10 employees
Reseller
Top 20
Used for detecting network-based threats like ransomware or illicit communications with external endpoints
Pros and Cons
  • "A very useful feature in Darktrace for real-time threat analysis is the packet inspection that analyzes the packet traffic in real time."
  • "Darktrace could expand into EDR (endpoint detection and response) and combine it with its network detection."

What is our primary use case?

Darktrace is used for detecting network-based threats like ransomware in the early stage or illicit communications with external endpoints.

What is most valuable?

A very useful feature in Darktrace for real-time threat analysis is the packet inspection that analyzes the packet traffic in real time. Data acquisition is the source rather than tapping the data downstream after some processing.

What needs improvement?

Darktrace could expand into EDR (endpoint detection and response) and combine it with its network detection. They could thereby have a more holistic knowledge of the system through network information or through visibility into the operating system of the endpoints.

For how long have I used the solution?

I have been working with Darktrace for four years.

Buyer's Guide
Darktrace
March 2024
Learn what your peers think about Darktrace. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.

What do I think about the stability of the solution?

Darktrace is a very stable solution.

What do I think about the scalability of the solution?

Darktrace is a very scalable solution. Our clients for Darktrace are enterprise customers.

How are customer service and support?

The solution’s technical support is very good.

How would you rate customer service and support?

Positive

How was the initial setup?

The solution’s initial setup is very straightforward.

What about the implementation team?

The solution's deployment time depends on the complexity of the network. For some huge networks, you need to tap the right resources and measure the system to acquire all the required traffic. The deployment is very straightforward in smaller networks where you have to connect to only one switch.

What's my experience with pricing, setup cost, and licensing?

Darktrace is quite an expensive solution. Users need to pay a yearly licensing fee for the solution.

What other advice do I have?

Darktrace has improved our client's organization's threat detection and response capabilities. Darktrace has helped users intercept and stop ransomware attack attempts in the very early stage, within a couple of minutes of its detection Autonomous response is a very good and useful feature that differentiates Darktrace from other solutions.

One person can easily maintain the solution. Darktrace easily integrates with our client's IT infrastructure solutions, like Microsoft 365, CrowdStrike, and Palo Alto firewalls. Darktrace has impacted our clients' incident response time to be very quick.

Darktrace is an autonomous solution. Users have to ensure they present all the traffic to the tool so it can intercept threats and not have hidden spots in their networks.

Overall, I rate Darktrace a nine out of ten.

Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller
Flag as inappropriate
PeerSpot user
Head of Infrastructure, Security and Communications at a construction company with 5,001-10,000 employees
Real User
Easy to set up with good integration capabilities and useful UI
Pros and Cons
  • "We have found the product to be stable and issue-free."
  • "We'd like threat hunting, and we'd like to see a global solution that can automate vulnerability scans. I know it is something they are working on."

What is our primary use case?

We're using it in a complete security solution yet still within a different product that Darktrace has that's related to the network or email.

What is most valuable?

The most valuable aspect of the product would be that it's a product that is quite easy to integrate. It's quite easy to start working with it, which is working well. The concept of artificial intelligence that is behind the solution is the most interesting feature for us.

The sense of detection and monitoring and topics within security is good.

It was easy to set up the product.

We have found the product to be stable and issue-free.

It is scalable. 

What needs improvement?

We need them to ensure they will detect new attacks and pick up anomalies.

We, of course, would love more threat intelligence, and more integration with vulnerability scanners. We'd like threat hunting, and we'd like to see a global solution that can automate vulnerability scans. I know it is something they are working on. 

They're working in different modules that could be related to threat intelligence and to the tech vulnerabilities or functionalities related to EDR.

For how long have I used the solution?

We've been working with the solution for the last couple of years. 

What do I think about the stability of the solution?

We've had no issues with stability. It's reliable. There are no bugs or glitches. It doesn't crash or freeze.

What do I think about the scalability of the solution?

It is scalable and easily expands. 

The whole of the organization leverages the product, however, I do not have a clear picture of how many people we are working it. That said, we have a company of 2,000.

How are customer service and support?

I've dealt with technical support in the past. I found them to be helpful. 

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We did previously use a different solution. That said, I don't remember what it was called. 

How was the initial setup?

The product is easy to set up.

After deployment, we spent three months, which is the time that this solution needs to learn about what's happening in our network. In one day, once we had defined all the configurations and once they have been seen on the appliance, we were able to start running it.

It's an easy product to maintain. 

What about the implementation team?

We handled the initial setup ourselves. We did not need any outside assistance from integrators or consultants. 

What's my experience with pricing, setup cost, and licensing?

The pricing is okay. I'd rate it seven out of ten in terms of affordability.

You have different modules which you have to pay for. If you want to expand functionality, it ends up costing more. 

Which other solutions did I evaluate?

Looked at Microsoft, Proofpoint, and Minecraft when we were looking into Darktrace. We decided on this product based on the available features. 

What other advice do I have?

We are using the last version of the solution, although I don't know the exact version number. We plan to upgrade in the next couple of weeks. We might be on version five, with the latest being six.

This is something that is really easy to implement in an organization. It gives us good visibility about what is happening in our networks, and on the system. We like the transparency available within our infrastructure now. We can also personalize it to fit our needs. You can either choose plug and play or you can go deeper. They have artificial intelligence you can start working with. You can define more by leveraging modules. Overall, it's very interesting. 

I'd rate the solution eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
Darktrace
March 2024
Learn what your peers think about Darktrace. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.
System Administrator at Finlays
Real User
Top 5Leaderboard
Reasonably prices, stable, and straightforward to set up
Pros and Cons
  • "The ability to detect activity on the network is very useful to us. Even if it's not necessarily an illegal activity, if it is abnormal activity, it is able to detect it and notify us."
  • "The solution could be easier to use."

What is our primary use case?

We are primarily using the solution for network monitoring as well as cybersecurity.

What is most valuable?

The ability to detect activity on the network is very useful to us. Even if it's not necessarily an illegal activity, if it is abnormal activity, it is able to detect it and notify us.

The solution is stable.

The product scales well within a network.

The initial setup is pretty simple.

The solution isn't too expensive.

What needs improvement?

The solution could be easier to use.

The user interface is a bit too detailed. They should work to pare it down and simplify it. They seemed to have designed it for an expert user and not a layman. If there are some system administrators who are not experts and they just want to just get sensors reports and escalate, it should be easier for them to do so.

For how long have I used the solution?

I've been using the solution for three years at this point.

What do I think about the stability of the solution?

The solution is very stable. As far as we've been using it, we've not had any major issues. It doesn't crash or freeze. There are no bugs or glitches. It's reliable.

What do I think about the scalability of the solution?

The solution is scalable within the network. If a company needs to expand it, it can do so.

For our particular office, we have around 100 users.

I cannot say if we will increase usage. We have many offices and decisions in relation to usage increases would come from our UK office.

How are customer service and technical support?

Technical support is great. They are very responsive and helpful. We are very satisfied with the level of support they provide to us.

Which solution did I use previously and why did I switch?

We did not previously use a different solution. For cybersecurity, this is our first product. We were using the traditional endpoint protection as well, and we still do. For that, we use Sophos.

How was the initial setup?

The installation was straightforward, from what I understand. I didn't actually handle ht process. That was done by a consultant. 

The deployment was fast. In less than an hour, everything was up and running.

I handle the maintenance myself.

What about the implementation team?

We had a consultant that assisted us with the implementation. They made the process very easy.

What's my experience with pricing, setup cost, and licensing?

We typically do yearly or three-year licensing, however, I can't speak to the exact costs or arrangements.

It's not too expensive. The price is good for what it offers.

What other advice do I have?

We're just a customer and an end-user.

Overall, I'd rate the solution at an eight out of ten. We've mostly been quite happy with the product.

I'd recommend it to other users and organizations.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior Security & Infrastructure Architect at a retailer with 10,001+ employees
Real User
Built-in AI analytics helps give you total visibility of your architecture assets
Pros and Cons
  • "AI analytics are built directly into the product."
  • "It is a very simple product to use."
  • "A reporting portal could be a great addition to help customize reports."

What is our primary use case?

I am working with Darktrace in concert with F5, Tufin, and SAP security products.  

What is most valuable?

One of the things I like most about Darktrace is the fact that it has AI analytics built into it. That merger allows us to have a look at the way that things are working within our company. The fact that it is self-learning is a benefit that has given me 100% visibility across the cloud, my SaaS (Software as a Service) providers, my Office 365 services, within my data center, and also on-premises.  

We are also working with Darktrace on their alpha and beta testing for endpoint security. That is a model that we are thinking about incorporating later. 

Another thing I really like is that it is a very simple product to use. It is very logical and it works beautifully.  

What needs improvement?

The product is really excellent all around and I can not fault it. The only thing that I can think of that would improve it would be if they had a better visualization and a reporting portal.  

What I mean by better visualization is it could help map our services and endpoints in a better way. At the moment it is fairly complex in the way that it represents our network devices. It would help if there was in a slightly more logical way of visualizing the assets as opposed to the way it is currently being done.  

We are talking to Dartrace at the moment about putting in a reporting portal so we can have technical reports separate from management reports. Some of our management gets information in reports that they do not need to see. When they see it they will not understand what it means. Targeting — or customizing — the reports that we make can allow us to have the content fit what the recipient needs to see without distracting extras.  

Apart from those potential additions, this product is absolutely excellent. It has given us everything we have wanted. Darktrace, as a company, has been really good. Our account manager is totally responsive. The support teams have been really conscientious.  

Fingers crossed. So far Darktrace has proven to be a great asset.  

For how long have I used the solution?

We have been using Darktrace for about four-and-a-half years now.  

What do I think about the scalability of the solution?

The scalability of Darktrace is excellent. If we want to increase the IP count it is just a matter of negotiating the licenses. We have already upgraded to the largest model of their hardware, and scaling is nice and simple in that situation.  

How are customer service and technical support?

The technical support people have been good. They understand exactly what we need every time. So I am very happy about that.  

If you ask a question and support can not answer straight away, they will say that they will be back to you within 'X' number of hours. Then they actually do it, which is not something that you get a lot of in technical support teams. Normally people do not stick to what they say they are going to do.  

How was the initial setup?

Our deployment took probably the best part of three months. But the amount of time was more a matter of our constraints, not a problem with Darktrace and the difficulty of deployment. We are operating in 13 countries and it was the scale of it that took additional time. Smaller deployments will take less time.  

What other advice do I have?

If someone asked me for advice about the product I would definitely highly recommend it to those who need this type of solution. It is really good. It has given us a view of our company and it has actually caught a couple of people that were doing data exfiltration and stealing data from our company. We caught them doing it in the act in live time, which is just incredible.  

On the scale from one to ten where one is the worst and ten is the best, I would definitely rate this product at the moment as a ten. It is a perfect solution for our needs.  

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Director Of Information Technology at a computer software company with 501-1,000 employees
Real User
Top 20
Intuitive, has excellent technical support, and has good visibility
Pros and Cons
  • "The active threat dashboard is the most valuable feature of this solution."
  • "I believe their network monitoring device licensing module could use some improvement."

What is our primary use case?

Darktrace is a cybersecurity solution that is essentially an AI-driven ecosystem. Call it network monitoring with telemetry SaaS cloud connections.

How has it helped my organization?

It provides a comprehensive cybersecurity solution that monitors my cloud accounts as well as my local network. It monitors local network traffic, VPN's and it connects to my firewalls, allowing me to see what's going on in my environment. I have visibility into pretty much everything that's going on now.

What is most valuable?

The active threat dashboard is the most valuable feature of this solution. 

What needs improvement?

The licensing model has room for improvement. The license by IP rather than node or device, even if it's a single Mac address. If I have three people who are constantly in three different locations, they want to charge you three licenses. My only criticism of the product is that its licensing model isn't flexible.

I would like to see a Darktrace EDR client, a true EDR client that integrates into it, and not a third-party EDR.

For how long have I used the solution?

I have been working with Darktrace for six months. 

We are working with the most recent version.

What do I think about the stability of the solution?

Darktrace is very stable. It's very reliable.

What do I think about the scalability of the solution?

Darktrace is a very scalable solution.

We have 650 users in our organization.

It's extensively used.

How are customer service and support?

I give them five stars from the sale cycle to the support cycle.

Which solution did I use previously and why did I switch?

I considered other options, but this is the one I chose, because of the flexibility and the ease of use.

How was the initial setup?

The initial set is very simple and intuitive. With the instructions provided, it took about 10 minutes to set up.

It requires no maintenance. It is managed by Darktrace, they push down the updates. I don't have to do anything with it.

What's my experience with pricing, setup cost, and licensing?

I think it's mostly the licensing on the network monitoring piece that I don't like. All of the other modules, such as the licensing modules, are on par. It's one for one.

Which other solutions did I evaluate?

I evaluated Endpoint protection solutions, such as CrowdStrike Falcon, Darktrace, and SentinelOne. We decided on Darktrace.

What other advice do I have?

I'm a partner with Darktrace.

I would advise them to engage with their sales team and their sales engineering team to make sure they understand the license model.

It's very intuitive. It's a fantastic product, and the only reason they don't get a 10 is because of their licensing. I believe their network monitoring device licensing module could use some improvement.

I would rate Darktrace an eight out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Parnter
PeerSpot user
Security Engineer at a real estate/law firm with 1,001-5,000 employees
Vendor
Provides a higher level of threat detection, detects any type of attack, and very useful for an autonomous response
Pros and Cons
  • "The Antigena feature is most valuable. Once it learns your environment, Antigena can step in and block a denial of service attack, a ransomware attack, or just about anything that doesn't belong in the environment. It can detect any type of attack that hits the environment because it understands what normal looks like for the network. It is very useful for an autonomous response."
  • "They just need to make it a little bit more accurate as far as their alerts are concerned. It does generate some false positives that you have to tune. You have to do a lot of tuning when you first get it because of the false positives, but once it is all tuned up and ready to go, it will do its thing from there."

What is our primary use case?

We use it to protect IoT devices. Darktrace does network traffic analysis. So, by analyzing all traffic patterns in your environment, you can detect any type of anomalous activity, as far as the network is concerned. 

I have been using its latest version. Its deployment depends on the environment. It can do sensors in the cloud, and it can also do on-prem.

How has it helped my organization?

It provided a higher level of threat detection.

What is most valuable?

The Antigena feature is most valuable. Once it learns your environment, Antigena can step in and block a denial of service attack, a ransomware attack, or just about anything that doesn't belong in the environment. It can detect any type of attack that hits the environment because it understands what normal looks like for the network. It is very useful for an autonomous response. 

What needs improvement?

They just need to make it a little bit more accurate as far as their alerts are concerned. It does generate some false positives that you have to tune. You have to do a lot of tuning when you first get it because of the false positives, but once it is all tuned up and ready to go, it will do its thing from there. 

For how long have I used the solution?

I used it for about a year.

What do I think about the stability of the solution?

It is a very stable product. We didn't have any issues.

What do I think about the scalability of the solution?

It has sensors that you can install. So, it can scale on-prem and off-prem in the cloud.

It is being used extensively. We have 2,000 employees. We use it to protect IoT devices. We also use it to protect Windows servers, desktops, and laptops. Its usage would increase if the net grows, but it's probably not going to grow too much bigger than 2,000 employees.

How are customer service and technical support?

The support from Darktrace is very helpful.

Which solution did I use previously and why did I switch?

We didn't use any other solution previously. 

How was the initial setup?

It was pretty straightforward. You just monitor everything from your core switch. It monitors everything in and out.

We got it up in half an hour, but it still has to learn. You still have to give it some time to learn about the environment, and that's usually going to be at least two weeks.

What about the implementation team?

We brought in their guy to the site. In terms of maintenance, it is automatically set up to reach out to their website and pull down updates and stuff. We don't have to worry about that too much.

What's my experience with pricing, setup cost, and licensing?

It was $3,600 a month or $2,000 plus or so. I am not sure. 

Its licensing is pretty simple.

Which other solutions did I evaluate?

We were thinking about getting another solution called Vector, but we didn't. We brought Darktrace in.

What other advice do I have?

Darktrace is a pretty good company. The only thing that they need to really work on is just being able to get rid of some of those false positives. Once the solution is tuned up, it pretty much just runs.

I would advise making sure that you do a really good PoC of the product so that you can be sure that it makes sense in your environment.

I would rate it a nine out of 10. 

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Mebbert Chiyangi - PeerSpot reviewer
Information Security Analyst at INFRATEL CORPORATION ZAMBIA LIMITED
Real User
Top 5
Efficient behaviour analytics features and offers high stability
Pros and Cons
  • "One thing I appreciate is Antigena Email, which is for email protection."
  • "One thing I would like is for Darktrace to flag SMB traffic more accurately. Currently, it only flags that SMB traffic has occurred, but it doesn't specify which file was being transferred. This makes it difficult to investigate incidents involving SMB traffic, as we don't have concrete evidence of what was being sent."

What is our primary use case?

Our primary use case is incident response.

How has it helped my organization?

One thing I appreciate is Antigena Email, which is for email protection.

What is most valuable?

One of the most valuable features is Behavior analytics.

What needs improvement?

One thing I would like is for Darktrace to flag SMB traffic more accurately. Currently, it only flags that SMB traffic has occurred, but it doesn't specify which file was being transferred. This makes it difficult to investigate incidents involving SMB traffic, as we don't have concrete evidence of what was being sent.

For example, if a user is sent an unauthorized file via SMB, Darktrace would only flag that SMB traffic occurred between the two users. It wouldn't be able to tell us which file was sent, so we would have to manually investigate the incident to determine what happened.

It would be helpful if Darktrace could flag the specific file that was being transferred in SMB traffic incidents. This would make it much easier to investigate these incidents and take appropriate action.

In future releases, I would like to see more playbooks.

For how long have I used the solution?

I have been using this solution for a year now. 

What do I think about the stability of the solution?

I would rate the stability a ten out of ten. 

What do I think about the scalability of the solution?

I would rate the scalability an eight out of ten. There are five end users in our analyst team. 

How are customer service and support?

The customer service and support are really good. That's one of the things that I've come to appreciate about Darktrace. 

Any concern that you give to them, they come on board and arrange a meeting where you could possibly do some practical work with them. They would take on the incident, and they would say, "Okay. Let's set this incident together."

How would you rate customer service and support?

Positive

Which solution did I use previously and why did I switch?

We used Sophos. We chose Darktrace because of its reliability. Unlike other solutions that rely heavily on signature-based logins, Darktrace operates by learning the behavior of individual users. This means that what may seem normal to me could be considered abnormal for someone else, and Darktrace can effectively block such anomalies. This feature has proven to be immensely helpful.

How was the initial setup?

The initial setup is very easy. I would rate my experience with the initial setup a ten out of ten, where one is difficult and ten is easy to set up. 

It took around an hour to set up. 

What about the implementation team?

The deployment process is pretty self-sufficient. It handles network closure and device discovery.

One person is sufficient for the deployment process. 

What's my experience with pricing, setup cost, and licensing?

The solution is quite expensive. I would rate the licensing model an eight out of ten. 

What other advice do I have?

I would recommend it based on its excellent behavior analytics and AI implementation.

Overall, I would rate the solution an eight out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Recep  Alver - PeerSpot reviewer
Cyber Security Engineer at Natica IT Consulting at Natica IT Consulting
Real User
Top 5
A user-friendly cyber defense solution with useful dashboards
Pros and Cons
  • "I like the dashboards, which are cool. They are more user-friendly, in my experience. Its learning capabilities are really good."
  • "It should be easier to access the Darktrace portal and its documentation. Only the customer can access their portal and support. It could be cheaper."

What is our primary use case?

Our customers use Darktrace to monitor network traffic.

What is most valuable?

I like the dashboards, which are cool. They are more user-friendly, in my experience. Its learning capabilities are really good.

What needs improvement?

It should be easier to access the Darktrace portal and its documentation. Only the customer can access their portal and support. It could be cheaper. 

What do I think about the stability of the solution?

Darktrace is relatively stable.

What do I think about the scalability of the solution?

Darktrace is scalable. It's very good. We have two big banks in Turkey using this solution.

How was the initial setup?

The initial setup is straightforward. It takes me about half an hour to deploy this solution.

What about the implementation team?

We implement this solution.

What's my experience with pricing, setup cost, and licensing?

Darktrace is expensive. You can pay for the license yearly.

What other advice do I have?

I would recommend this solution to potential users. But the cloud solution is challenging to use in Turkey.

On a scale from one to ten, I would give Darktrace an eight.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Buyer's Guide
Download our free Darktrace Report and get advice and tips from experienced pros sharing their opinions.
Updated: March 2024
Buyer's Guide
Download our free Darktrace Report and get advice and tips from experienced pros sharing their opinions.