Darktrace Room for Improvement

DaliaHassen - PeerSpot reviewer
Senior Security Architect at Meeza

Darktrace is a closed technology, meaning we know very little about how it works, including the architecture, which is significant. As a result, when we implement the system and find we're getting many false positives, we have minimal insight into why it's happening and what we can do to fix it. We don't know how the solution is configured, the criteria for threats to be determined, or the product's inner workings. We understand that they have to ensure privacy and their copyright, but we want to see some documentation or public research into the security Darktrace provides.

A relatively new module called Darktrace PREVENT provides digital protection to the company from the internet. However, the protection doesn't extend to the dark web, which limits its depth. PREVENT also offers phishing awareness training in the form of dummy attacks and some penetration testing, but it is very limited from my point of view.

The AI and Darktrace breach model must be enhanced to minimize false positives, as they can give our customers a negative impression of the solution. Some of them come to us and say they aren't getting what they expect from it, especially after a significant investment.

View full review »
CD
Administrator at a healthcare company with 501-1,000 employees

The only problem with these kinds of demos is that unless something actually goes wrong or you have something in the data center already; you don't see any difference. However, no news is good news.

The price point for the product was too high for what our possible use case could be. The demo might have gone more favorably in their direction if something had actually occurred during the demo. However, nothing did, and management decided that it was not worth the very high price.

The interface didn't really give you a whole bunch of insight into actually what was going on.

They did have some AI that they claimed could tell if traffic was malicious or what the intent of the traffic was. We never got to see that actually do anything. They identified some traffic. They said it was malicious. However, it turns out it was a known traffic that we had occurring, and it wasn't malicious. So there were a few missteps that way.

The UI is too dark.

We ultimately didn't find any value in the product.

View full review »
IU
Head of Infrastructure, Security and Communications at a construction company with 5,001-10,000 employees

We need them to ensure they will detect new attacks and pick up anomalies.

We, of course, would love more threat intelligence, and more integration with vulnerability scanners. We'd like threat hunting, and we'd like to see a global solution that can automate vulnerability scans. I know it is something they are working on. 

They're working in different modules that could be related to threat intelligence and to the tech vulnerabilities or functionalities related to EDR.

View full review »
Buyer's Guide
Darktrace
March 2024
Learn what your peers think about Darktrace. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
763,955 professionals have used our research since 2012.
Christian Strasser - PeerSpot reviewer
Manager Information Systems / Technology at Food Sciences Corporation

We didn't really notice any downsides to the product. We were very impressed with it. It was a matter of timing and cost. Upper management wasn't sold on the value proposition.

View full review »
SS
Director Of Information Technology at a security firm with 1-10 employees

The initial setup is more complex and time-consuming than some solutions.

View full review »
Luis KiambatA - PeerSpot reviewer
Director de Desenvolvimento Tecnológico at Cetim

We need more integrations with other customers and other platforms. For example, we need integrations with the major players. We'd like to see them integrate with Sophos and integrate with other vendors.

The pricing is a bit high for the region. 

View full review »
Malebo Lethoba Group - PeerSpot reviewer
Security Analyst at Life Healthcare

The initial setup is a bit complex. 

It's quite a good product. However, I'd love them to see maybe covering the cloud a bit more. We'd like a cloud version. For example, FortiGate firewalls now have virtual firewalls that you can just install, as well as the cloud. They can drive it with Microsoft, and Microsoft can maybe provide technology that would allow Darktrace to work seamlessly in the cloud. 

View full review »
Mebbert Chiyangi - PeerSpot reviewer
Information Security Analyst at INFRATEL CORPORATION ZAMBIA LIMITED

One thing I would like is for Darktrace to flag SMB traffic more accurately. Currently, it only flags that SMB traffic has occurred, but it doesn't specify which file was being transferred. This makes it difficult to investigate incidents involving SMB traffic, as we don't have concrete evidence of what was being sent.

For example, if a user is sent an unauthorized file via SMB, Darktrace would only flag that SMB traffic occurred between the two users. It wouldn't be able to tell us which file was sent, so we would have to manually investigate the incident to determine what happened.

It would be helpful if Darktrace could flag the specific file that was being transferred in SMB traffic incidents. This would make it much easier to investigate these incidents and take appropriate action.

In future releases, I would like to see more playbooks.

View full review »
JM
Director Of Information Technology at a computer software company with 501-1,000 employees

The licensing model has room for improvement. The license by IP rather than node or device, even if it's a single Mac address. If I have three people who are constantly in three different locations, they want to charge you three licenses. My only criticism of the product is that its licensing model isn't flexible.

I would like to see a Darktrace EDR client, a true EDR client that integrates into it, and not a third-party EDR.

View full review »
Tim Bosman - PeerSpot reviewer
Chief Information Officer at Amadys

Darkforce could be improved in the range of the interface; how to interact with the actions it's taking or not taking.

View full review »
BS
Assistant Manager - Network & Security at a financial services firm with 5,001-10,000 employees

I don't have any specific issues with the solution. We are still in the early phase of analyzing the product.

The cost is a bit on the higher side. We'd like it to be less expensive. 

View full review »
SL
IT Manager at a non-profit with 51-200 employees

The main portal needs improvement as it is difficult to use. But it's straightforward to follow compared to other VPN portals, for example, Azure. You don't have to bug the customer support team quite often.

They can add the EDR and follow-up options in the next release. For instance, if something happens, we get a notification. If a follow-up option is available, we can create a case and then understand how to record the evidence.

View full review »
TP
Co-Founder & Managing Director at a comms service provider with 1-10 employees

Darktrace could expand into EDR (endpoint detection and response) and combine it with its network detection. They could thereby have a more holistic knowledge of the system through network information or through visibility into the operating system of the endpoints.

View full review »
Serena Bryson - PeerSpot reviewer
Information Security Program Manager at a non-profit with 11-50 employees

I did not use the AI features because they should make it more user-friendly which would be a benefit. Additionally, the solution could integrate with more SIEM or SOAR tools.

View full review »
WT
IT Manager at SJ Securities Sdn Bhd

It's good as a solution, however, for me, it's quite complicated. They've got a lot of features there. You need a lot of time to learn it.

It's quite expensive to have.

View full review »
Wissam Khashab - PeerSpot reviewer
IT Security Manager at Sara

Darktrace could improve by being more user-friendly.

View full review »
Winston Lewis - PeerSpot reviewer
Assistant Manager - IT and Innovation at a financial services firm with 51-200 employees

I was under impression that Darktrace's automatic blocking would be an out-of-the-box feature, but we had to integrate it with our firewall to get it to block automatically. The salesperson should be upfront and explain that you need to integrate it with your network. I would also like to see more reporting on risk. Banks in my region want to see at a glance the risk level of various assets.

View full review »
JC
Network Security Engineer at Social Security Commission

It takes time to go through the interface and pick up things. If it were a more straightforward interface, then it would free up time.

View full review »
PatrickWang - PeerSpot reviewer
Cybersecurity Manager at DP World Australia (Holding) Pty. Ltd.

Although we haven't detected any network threats since implementing Darktrace, we are unsure of its efficacy. It would be beneficial if the solution could offer additional details to the user regarding any potential or prevented threats. Additionally, there could be better search tools and integration.

View full review »
AdeelAgha - PeerSpot reviewer
Team Lead - Cyber Security & Compliance at Al Tuwairqi Group

There is a high ratio of false positive information. For example, AI capabilities can sometimes make it difficult to distinguish between a legitimate email and a phishing email. This is one of the features that need to be manually sorted out and aligned. We need to improve this feature by putting DNS into the micro.

View full review »
Wally Lee - PeerSpot reviewer
Vice President | Head of Information Systems & Manufacturing Engineering at a manufacturing company with 51-200 employees

The solution can improve the reporting. Currently, it only runs weekly and the reporting is complex. It is more of a network monitoring system, basically AI.

View full review »
SR
Head of Strategic Business Development at Grove

I don't have any thoughts on where there might be a need for improvement. 

In the next version, I'd like to see penetration testing. They already have that coming up, so it'll be good to see that.

View full review »
DB
Manager, Information Security at a manufacturing company with 1,001-5,000 employees

The product is expensive, but it is a very good product. The user interface is also good.

View full review »
NN
ICT Coordinator at a tech services company with 51-200 employees

It is expensive, but everything else has been great so far. It is fine for now for what we need it to do.

View full review »
Pedro-Cunha - PeerSpot reviewer
Chief Information Security Officer at a consultancy with 201-500 employees

The level of tracking within the network from the transmission level up to the machine level can use improvement.

The solution works similarly to an intrusion prevention system at the network level. It would be a nice improvement to have an add-on that can act at the post level.

The cost of the solution can be reduced to make it more appealing to customers.

View full review »
AA
Head of Security at DFCC

Sometimes the solution gives some false positives which could be improved. The dashboard and reporting for this solution could be improved as it is currently complex. The GUI for this solution could also be improved. 

View full review »
Fridbert Ruronona - PeerSpot reviewer
Information Technology Support Engineer at CCTZ

Darktrace could improve its features, such as monitoring and detecting ransomware. 

View full review »
BI GOORE LEA SEMI - PeerSpot reviewer
CEO at VERINET

I think Darktrace needs to improve its collaboration with local partners. That would include training and improving the technical skills of vendors. Desktop and mobile device protection could also be improved. 

View full review »
MA
Network Security Engineer at a tech services company with 51-200 employees

I think there is some MSSP missing. The market as a whole needs to enhance this area. Some additional integration would be helpful. They need to focus on having additional tools based on how competitive the market currently is.

View full review »
ME
Solution Architect at MCS

I would like to see some additional enhancements and the price adjusted because it is expensive.

View full review »
Recep  Alver - PeerSpot reviewer
Cyber Security Engineer at Natica IT Consulting at Natica IT Consulting

It should be easier to access the Darktrace portal and its documentation. Only the customer can access their portal and support. It could be cheaper. 

View full review »
IG
Chief ICT Officer at Barbados Public Workers Cooperative Credit Union Ltd

I would like to see a feature where the tool ingests information from an anti-malware product that is present at the endpoint. 

View full review »
Buyer's Guide
Darktrace
March 2024
Learn what your peers think about Darktrace. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
763,955 professionals have used our research since 2012.