Darktrace Reviews

Darktrace makes up part of our security solution and it is able to operate without intervention from IT staff. Antigena feature for automatic response is awesome.

You can have a one-person IT team and with Darktrace, you can get notification of potential threats that are incoming or are already happening on the network.

I like the Antigena feature in Darktrace, as it offers immediate response and is helpful.

This product collects more data than your traditional type of software, which is useful for us.

Darktrace picks up anomalies as soon as they arise.

The interface is too mathematical and it should be simplified. If you are a seasoned user then you would know where to go, but you have to learn it first. The terminologies being used are mostly numbers. In general, it could be more user-friendly. The GUI can be more simplified and the sections on the interface can be better organised. Usability and visibility of features can improve the skills of administrators and the product will be a preferred solution and ratings will increase.

My experience with Darktrace is short because we are just implementing it now.

The stability of Darktrace is fine.

We do not intend to scale. Scalability is more of a contract issue that comes into play if you want to add nodes to the system. We are opting for a specific number of nodes or endpoints, which we would be able to keep for quite a number of years. I don't expect that we will expand that much, so scalability should not be an issue.

We have been in contact with technical support using different platforms. We have dealt with them using Microsoft Teams, Zoom, WhatsApp and via email.

Positive

No

The initial setup was quite simple and straightforward, taking about an hour to complete. After that, the port modeling took perhaps an hour or two.

Vendor Team

If you consider the features and the cost of market leaders, we are satisfied with the pricing.

Snode

I would rate this solution an eight out of ten.

We use it to deploy to enterprise customers to provide them with a complete, reliable and intelligent threat detection and response system.

It helps us to reliably serve our customers with quick deployment of a durable, effective and intelligent product.

The most valuable part of the product is the whole package. The features included in the Enterprise Immune System are complete and effective. Its detection engine is ridiculously good.

It is hard to really address what needs to be improved in the respect that it does everything I would expect of a superior solution. It is simple enough to use because the interface is quite simple, the setup is quick and painless — in only an hour the product is installed. Users can train on the system in less than three hours. When the configuration is complete they will already know what to do and they can just go on and use the product.

I think that the price is quite good compared to other, similar products. They already have a plugin that you can use to set up integration with virtually any other product. 

Maybe it could come with a few more built-in integrations, such as adding ServiceNow. They already have built-in integration with Antigena Cyber AI Response Modules for the clouds and for the network (AWS & Azure), and they did Office 365 (email), and SaaS applications as well.

I guess a few more options and opportunities like this built-in would be nice. It is not a big thing.

The stability of the product is really very good. Clients who have had us do the implementations say it is fantastic after they've tried it.

The product is definitely scalable and can grow with your enterprise business.

In terms of customer support, it is really rare that you need them to do anything because the product is really good. You turn it on and it just works. Really anyone can run it. So a level ten tech, a level five tech or a level one tech can use it. It makes everyone competent. It's like driving an automatic car because the gears shift for you. You still have to be a good driver and take the wheel and press the gas. But you can switch it back to manual if you want a different level of control. It's up to you. But everybody with different skill levels and different purposes for the deployment can use it.

When we have contacted the technical support they have been very good.

It's simple enough to install and it does exactly as the product says: "installed in about an hour." With only an hour to install initially and with being able to train people to use it in just a few hours, it is very quick to do the initial setup. Very straightforward. It's a jog in the park. 

Normally, once you deploy, for a normal site it's about two weeks time to set up configurations for the network, but then it is optimized and processing even faster. It's faster with fewer features and, usually, I use is about half of what it is capable of doing based on the client need. And once you do that configuration, you're ready to go. All that in less than two weeks and you can start getting threat intelligence reports from the network with intelligent tools. It's fantastic.

We are the ones who do the implementations and we have done many, so we are very good at it.

Our return on investment is as a reseller and consultant because we make returns on servicing the customers.

I think that the price is quite fair and very good for this type of product and the features that the product provides. 

My advice to people and organizations considering this as a solution is: go buy it. They shouldn't waste their time fussing and looking around at other solutions. It works. I've done administrating for several years, and this is the one solution that works. It complements what you have, whatever that is. It is like a plug-and-play component. There is no solution that does what it does. You even have some excellent systems like Cisco's Stealthwatch — these are just the three packet analysis technologies. Darktrace is actually DPI (Deep Packet Inspection), which in my markets is now called the threat level buttons. It is really an advanced product and everything just works ridiculously well.

If I had to rate the product on a scale of one to ten (ten is the best) I'd give it an actual ten. It is the only product I use that I would give a full ten. It's hard to achieve a ten as you have to be better than everything and everyone else. It does deliver on what it says it can do.

Darktrace is a very good solution.

Darktrace is very useful for us because it has a large number of models for detecting threats.

There are numerous false positives.

Darktrace requires numerous configurations. It would be beneficial if the configuration could be made simpler.

I have been using Darktrace for three years.

Darktrace is very stable.

Darktrace is easy to scale. It's a scalable solution.

Technical support is good.

The initial setup is difficult.

It took three or four months to deploy.

People must first examine the network architecture in order to make the best implementation.

Darktrace is a very good solution, I would rate it a nine out of ten.

Overall, I like the system. The product offers us a very good user interface and we've found the network visibility to be very good so far. The solution has one window and shows all networks.

The solution comes in multiple languages, including English and Arab options.

The solution is stable.

We've found that technical support is helpful and available to assist us if we need them.

There are some automation capabilities, however, they could be presented better.

The manual is difficult to follow. While it presents some use cases, it's not very clear. There may also be some language barriers, as it's not available in my language.

Some aspects of the initial setup are complex. 

It would be useful if there was a way to check to see if there are certain devices that are not in sync with the solution. I'm not sure if this is an option or not. 

The cost of the solution is quite high.

I'm very interested in ISO 27001 and these processes. I'd like to better understand how it supports this kind of workflow.

I haven't used the solution for very long. It may only be about 20 hours or so. It's very, very new. 

The solution is mostly stable. I found that, during the POC, sometimes my rights would do off and I would have to reinstate them, however, other than that, it was very stable. The performance was good. 

I've only used the solution for a short amount of time. I can't really speak to the scalability. There were different models that I tried, however, I can't speak about how different models affect the scalability. I've only used it for a very short amount of time.

There are maybe three or four people on the solution, now that we've tested it. 

I haven't really interacted so much with technical support, however, there is a person available to us that could help us troubleshoot or answer our questions if we need assistance. 

There are aspects of the initial setup that are not very straightforward. there is some complexity. I needed to keep going back to the manual to check things at certain points. 

We are still currently in the test period. Within the year, we will have to invest in the cost of licensing. We have not done that yet.

The solution itself is quite expensive. 

We did look at other solutions, however, I can't speak to which solutions we actually looked at.

We are a partner.

I'm not sure which version of the solution we're using. My understanding is that it is version 5.

I would recommend the solution to others. However, it's important to ensure you use the solution in order to set up your processes correctly and to the benefit of the organization.

So far, I would rate the solution at an eight out of ten.

We primarily use this solution as part of our security.

The cyber AI analyst, antigena, and threat visualizer are the most valuable aspects of the solution.

The setup is very simple. 

It's a very stable product.

Users can expand it as needed. 

I don't have any thoughts on where there might be a need for improvement. 

In the next version, I'd like to see penetration testing. They already have that coming up, so it'll be good to see that.

I've been dealing with the solution for three to four years. 

The product is extremely stable and mature. There are no bugs or glitches. It doesn't crash or freeze.

The product is very scalable across all vectors of the digital estate.

The initial implementation process is extremely easy. It's extremely seamless and very easy to set up. It's up and running in less than an hour.

I'm a partner and reseller.

We are using the latest version of the solution. 

It's deployed on-premise, in the cloud, in email, via SaaS, and on the endpoint.

I'd advise potential new users to  use antigena. It's a handy tool to stop cyber attacks.

I'd rate the solution ten out of ten.

We have a Darktrace appliance, and we are using it to monitor threats in our network environment. It has the Antigena module installed. So, it does not only monitor but also proactively blocks when there is a physical threat.

It scans the entire network, which includes all IP addresses, subnets, and users. It is very smart for all different segments of the network.

It is autonomous. So, it learns. It uses algorithms and AI to learn the common behavioral patterns on the network, and it is able to identify threats based on abnormal patterns.

It is expensive, but everything else has been great so far. It is fine for now for what we need it to do.

I have been using this solution for about a year and a half.

Their support has been great so far.

It was very easy and straightforward.

It is expensive.

It is good. Recently, they have made it more sensitive for tracking or identifying all the behaviors or patterns. So, you're getting more alerts out of it, which I guess is a good thing.

I would rate it a ten out of ten.

We deployed Darktrace for one of the biggest telecommunications companies in Latin America. It is deployed on-premise, but it is more like a service because we don't care about the appliances. Even though it works with appliances, it is more related to the services to the connections that the solution can handle. Because of that, it is on-premise, but it also has a component with sensors that works for remote instances, almost like a cloud solution. 

Some of the clients, especially in the security area, think that this appliance will replace a firewall or a prevention system solution, but it doesn't replace them. It actually complements them because the firewall decides to allow or deny a connection, and a prevention system is designed to avoid any type of risks to the connection or intrusion on the network. Darktrace allows you to find the unknown threats inside the network and identify them by using some artificial intelligence. It can do all the tracking inside or outside the network.

It is connected directly to the core switch, and in the first stage, it probably takes about a month to learn the behavior of the network and the users. With that, it starts to know what type of information is correct inside the network, and what type of information probably would be a risky connection or risky data moving from one site to another. It then starts doing the alerting. After the first stage or the learning stage is complete, we can find the size of the network. The second stage is the use of a different model inside the solution called Antigena. It works like the antibodies inside our body. Once it detects something that is wrong inside the network, it not only does the alerting but also takes the decision to block that type of connection in order to avoid any information leak or any possible risky connection. If somebody is doing some data mining, it disables connection to the engine that is doing the data mining.

We have been giving results not only to the security or compliance area inside of a company but also to the legal department. If someone is doing something wrong in terms of compliance, they can take directly take action against the person or group doing that.

We also give results to the infrastructure people and the network people. Based on our experience, most of the customers don't really know the size of their network. With this type of solution, we can know the complete network. We can know the real size, and how many resources are connected to the network and the internet. For example, one customer said to us, "I only have 18,000 connections on the network." We did the sizing with 18,000, and when we started the deployment, this customer had one thousand and twenty hundred connections. They didn't realize that until we arrived.

It is very easy to work with Darktrace once you know how it works and the type of permissions that you need to get related to the security over a network. The interface is awesome. I'm sure that you have seen Ironman, and you know Jarvis, the computer of Tony Stark. The interface of Darktrace is very similar, and you can see in 3D, like a hologram, the whole network, traffic, and all the traces inside the network. The interface is awesome, and it provides a lot of information. At least for us, it is very easy to handle this interface, get the reports, and do the interpretation of those reports.

Darktrace also provides mobile monitoring. With an app on your mobile phone, you can view the information live, which is very useful for area directors and field engineers. Darktrace can be also correlated with any type of big data solution, such as Splunk.

It would be good if they can include some endpoint protection for remote workers. Nowadays, most people are working remotely. Therefore, they should include some type of sensors that can be installed on the endpoint in order to directly report the main usage and protect remotely. Phone protection will also be a great feature to add to Darktrace.

I have been working with Darktrace for at least four years. I recommend and sell it to customers. A long time ago, I used to be a technical guy. Now I am on the sales side. Our technical crew and sales crew are certified for this solution.

For the past four years, I have only seen two crashes in two appliances. That was because the customer sent more traffic than what the solution or that specific appliance could handle. It was solved by using another appliance to do the appropriate balancing. The second crash was because it was a human error and somebody by mistake disconnected the cable and connected it to a different interface.

It is very easy to scale. When you need more appliances to support the infrastructure, you can use them as LEGOS. In order to place them, the only thing that you need to have is a rack, and you can start connecting them to the switch, and that's it. Once that you have it on the main console, you just assign the role to every single appliance, and that's it.

We're very focused on big companies, but we also have medium customers. The reason why we don't sell it to the small companies is that this type of solution is very expensive for them to finance. So, probably the assets that they have are very important, but based on the budget that small companies have in Latin America, they cannot afford a solution like this.

The support that we have in Latin America is very good. It is a very good company to work with. They have offices here. I would rate them a ten out of ten.

It is very easy. The setup of the solution takes probably half an hour. The only thing that we need to place Darktrace on a customer site is a connection on the core switch with a mirror port. We need to have some space on the rack, and then we connect the appliance to the core switch, and that's it. We go back to the customer a week later to see what Darktrace is catching and start sharing with the customer our discovery inside the network.

The biggest deployment that we have done took about two months, but it was in 26 different sites. The main challenge was the transport. We had to take care of all the logistics to transport all the appliances and find the appropriate time to run all the appliances because most of the customers do not allow to rack them at any time. Therefore, it needs to be done at midnight when almost nobody is using the network. That was our main challenge, but it is very easy to set up.

The pricing is very flexible for Darktrace. Sometimes, a customer does not have the appropriate budget, but Darktrace can handle that. They offer monthly payments, so the customer can acquire the solution very easily.

Over the past years, I have seen some customers say, "No, I have Endpoint protection. I have intrusion prevention. I have a firewall. I don't need anything like that." My advice is that first of all, open your mind to new solutions because this type of solution will catch everything that the rest of the solutions that you have won't catch. That's the first thing. The second thing is that do not limit the work of the people who work with Darktrace by saying that you know your network because we can assure you that you don't know your network and the threats that are inside and outside the network and the size of the network.

We always start with Darktrace Enterprise Immune System, which is the first model. The reason for this is that it is easier to adopt the Antigena model at the second stage because the solution by itself needs to learn inside of the network and what is good and what is bad. When we place Antigena, the deployment stages are exactly the same as when you first deploy the Enterprise Immune System in order to let it learn. After the solution starts learning, it will take at least a couple of months or probably three months to deploy Antigena. Therefore, it doesn't make sense to make customers spend more money on a solution in the initial stages and go for a solution that they would not be using initially. This also provides the appropriate sizing of the network. Most of the time, the customer needs to acquire more services from us in order to support all the infrastructure that they have.

I would rate Darktrace a ten out of ten. I am a very happy user and a happy seller of Darktrace.

We are a system integrator and we pose solutions, including this one, to our clients.

It is mainly used to reinforce response capabilities with respect to network security.

I find it very good in the way that they show the past events, including the attack history. You are able to visualize all of the attack paths and connectivity to see what's happened.

The GUI interface is very good.

They are using the best machine learning and AI at the moment.

The need to simplify the analysis from a user perspective. In a few cases, you have to be a specialist in order to understand what's happening. It would be helpful if they could recognize incidents and simplify the customer's challenge to identify what is happening.

I was been working with Darktrace for two years.

Stability-wise, we have not had any issues and it has been quite good.

We haven't had any trouble with scalability.

We have had contact with technical support and help was quite straightforward. Our feedback for them is good.

We work with a variety of products in the security space including Darktrace, Splunk, Elastic, and others.

The initial setup is really simple. This product is normally deployed as an on-premises appliance and it normally takes less than one day. It depends on how complex the network is, but it's usually quite simple.

Our customers feel that the price of Darktrace is quite high compared to other solutions. However, I feel that they are one of the top solutions in this space and they want to be paid for that.

They are currently working on improving their interface by including AI to help simplify things, but it does not work on real-time data. Rather, it works on historical events.

This is definitely a product that I can recommend, although I would probably be using it together with a SOC service or somebody else who can manage it properly.

I would rate this solution a seven out of ten.