We just raised a $30M Series A: Read our story
2019-01-22T11:52:00Z

What needs improvement with Darktrace?

174

Please share with the community what you think needs improvement with Darktrace.

What are its weaknesses? What would you like to see changed in a future version?

ITCS user
Guest
2525 Answers

author avatar
Top 20Real User

They just need to make it a little bit more accurate as far as their alerts are concerned. It does generate some false positives that you have to tune. You have to do a lot of tuning when you first get it because of the false positives, but once it is all tuned up and ready to go, it will do its thing from there.

2021-09-08T17:13:58Z
author avatar
Top 5LeaderboardReal User

In an upcoming release, there could be more customizable playbooks or a library of playbooks to choose from. Since it is collecting all scenarios that might happen from any threat, new playbooks may be discovered and customers will have the privilege to use them in their environment. Other than that, Darktrace is leading in every aspect.

2021-07-02T14:56:56Z
author avatar
Top 5LeaderboardReal User

The solution could be easier to use. The user interface is a bit too detailed. They should work to pare it down and simplify it. They seemed to have designed it for an expert user and not a layman. If there are some system administrators who are not experts and they just want to just get sensors reports and escalate, it should be easier for them to do so.

2021-06-09T16:47:11Z
author avatar
Real User

There are some automation capabilities, however, they could be presented better. The manual is difficult to follow. While it presents some use cases, it's not very clear. There may also be some language barriers, as it's not available in my language. Some aspects of the initial setup are complex. It would be useful if there was a way to check to see if there are certain devices that are not in sync with the solution. I'm not sure if this is an option or not. The cost of the solution is quite high. I'm very interested in ISO 27001 and these processes. I'd like to better understand how it supports this kind of workflow.

2021-04-20T11:35:11Z
author avatar
Top 20Real User

In terms of improvements, fine-tuning is the area where we have to spend some time because it works on unsupervised machine learning. It would be good if they can improve their algorithm or technical functionality to reduce the fine-tuning effort. They can also come up with something at the endpoint level. So far, Darktrace has been a network detection response (NDR) solution. It does not offer much at the endpoint level or on user-client devices or servers. There should be more visibility at the endpoint level. It would be good to have the detection and response at the endpoint level by Darktrace. It should also have integration with an agile environment so that we can have continuous development and continuous integration in the application development environment. This is currently not there. It should also have internet-facing platform visibility, which is currently missing. They also need to improve the reporting and management dashboards. Currently, these are not so easy for a non-technical person. All these features would make Darktrace much better, and they would also be helpful in selling more solutions.

2021-02-24T10:23:12Z
author avatar
Top 10Real User

One thing that I would like to look at going forward is to have a fully automated network infrastructure that is monitored automatically real-time, and that gives me this kind of capability where I would be able to look at my network at any given time and see the state of my network. With Darktrace, at the moment, I have to almost put in a date and tell them that want you to give me data from this date to this date. I don't want that. I want a fast solution in which it doesn't matter when I log into the application. Whenever I log in, I must be able to see my network and run a report. In other words, if I go in now and I say, "Give me a full report of what happened today, it must be able to give me that. It mustn't just be limited to a seven-day period, for argument's sake. It must be able to give me real-time and day-to-day tracking of what has happened within my network.

2021-02-22T19:35:00Z
author avatar
Top 10Real User

Firstly, the integration should be improved. In terms of what additional features I would like included in the next release of Darktrace, I would like to see more protection in the endpoint. Especially because we have a lot of people using VPNs. If they would improve end point security, it would give more control there.

2021-02-01T20:46:00Z
author avatar
Top 5LeaderboardReal User

It's sometimes a challenge getting logs from different sources. I would probably want to see if there was a way to improve that, to enable gathering of more information.

2021-01-23T16:56:26Z
author avatar
Top 20Real User

It can have more integration with orchestration or event management solutions. They can provide more knowledge or research information for analysts for investigating cases and detecting anomalies in networks.

2021-01-10T14:17:19Z
author avatar
Top 5Real User

Its threat analyzer could be better. It should also have agents. They should improve this product by installing agents for the machine to get more visibility. Currently, they are monitoring only the network. They should also monitor the agents from inside. It should also have a better pricing plan because it is an expensive product.

2020-12-23T13:30:35Z
author avatar
Top 5LeaderboardReseller

The user interface and the configuration are a bit complex and should be improved or simplified. It's user-friendly, but it could be easier. The pricing could be better and the scalability should be simplified for the customers. The integration could be better, as it's not that interactive. They could make it more interactive for the customer's daily use.

2020-12-16T12:57:41Z
author avatar
Top 10Reseller

It would be good if they can include some endpoint protection for remote workers. Nowadays, most people are working remotely. Therefore, they should include some type of sensors that can be installed on the endpoint in order to directly report the main usage and protect remotely. Phone protection will also be a great feature to add to Darktrace.

2020-12-16T00:58:27Z
author avatar
Top 10Real User

The need to simplify the analysis from a user perspective. In a few cases, you have to be a specialist in order to understand what's happening. It would be helpful if they could recognize incidents and simplify the customer's challenge to identify what is happening.

2020-11-30T14:46:27Z
author avatar
Top 10Real User

I am just a manager and I do not really have a technical viewpoint. The tool really suits me perfectly for now for all my basic security needs and what I expect it to do. It does not need any major changes right now to do what I need it to do. It is not missing anything. If I am thinking about improvement, everything can be improved somewhat. Maybe the interface and dashboards could be better. I would be glad if they could make these easier from the point of view of management. It could save some time. The price is also a little high and could be more enticing.

2020-09-10T07:35:38Z
author avatar
Top 20Real User

The product is really excellent all around and I can not fault it. The only thing that I can think of that would improve it would be if they had a better visualization and a reporting portal. What I mean by better visualization is it could help map our services and endpoints in a better way. At the moment it is fairly complex in the way that it represents our network devices. It would help if there was in a slightly more logical way of visualizing the assets as opposed to the way it is currently being done. We are talking to Dartrace at the moment about putting in a reporting portal so we can have technical reports separate from management reports. Some of our management gets information in reports that they do not need to see. When they see it they will not understand what it means. Targeting — or customizing — the reports that we make can allow us to have the content fit what the recipient needs to see without distracting extras. Apart from those potential additions, this product is absolutely excellent. It has given us everything we have wanted. Darktrace, as a company, has been really good. Our account manager is totally responsive. The support teams have been really conscientious. Fingers crossed. So far Darktrace has proven to be a great asset.

2020-08-26T07:13:00Z
author avatar
Top 5LeaderboardReal User

The interface is too mathematical and it should be simplified. If you are a seasoned user then you would know where to go, but you have to learn it first. The terminologies being used are mostly numbers. In general, it could be more user-friendly. The GUI can be more simplified and the sections on the interface can be better organised. Usability and visibility of features can improve the skills of administrators and the product will be a preferred solution and ratings will increase

2020-08-06T06:44:46Z
author avatar
Top 20Real User

The product is automated to a certain degree, but I think this could be improved. I'm looking for a way of being able to react to threats that are detected based on risk. Aside from that, there is nothing really that they could improve on, it's a product more suited to organizations with an SOC, security operations center, or a company with an IT team of network security members because it relies on constantly monitoring it to see information based on the risks of events. In our case, we have a small IT team, which means that a large amount of time would have been spent drilling into it. If something did happen on the network, we'd ideally be responding to it reactively instead of proactively. Some of the other products we tested did that so that if something was detected, it would block that device by means of an endpoint, which halts the process and gives you time to check it out. Darktrace would tell you, for example, if there was a ransomware attack, but it wouldn't stop the attack. Other products would identify it as a ransomware attack and stop the network card on the endpoint, giving time to react to the alert, and proceed to cleanse or investigate the machine that's had a problem. That was our issue with Darktrace. The only reason that it looks like we are going down a different route is because of the endpoint protection issue. The product doesn't have an endpoint agent that can react to outcomes or triggers that are set on the device, otherwise, it would be great.

2020-01-26T09:26:00Z
author avatar
Top 10Real User

Darktrace needs to simplify most of the positive reports. We have to field all the positive reports, false positives, too. Sometimes we need to check false positives manually. We have to filter false positives. After that, we configure it again. Then, we want to analyze these false positives. That's the main thing. If we are assessing features, this should be easier to handle. Darktrace needs to automate the reports of false positives, botnets, and everything. So far, I think the solution is good. Not excellent, good.

2019-12-31T09:39:00Z
author avatar
Top 20Real User

This is quite an expensive product so the pricing is something that can be improved.

2019-12-23T07:05:00Z
author avatar
Top 5LeaderboardReal User

The solution would benefit from automation. Currently, you have to know what you are searching for.

2019-12-05T06:53:00Z
author avatar
Reseller

The pricing is based on the number of endpoints, so the program is rather expensive. I would like to see something that will fit my clients' budget. That is something they can work on to improve. Secondly, I would like to see my entire network, structurally and architecturally, on a single screen or in one single dashboard. Right now you have to keep going through different clippings to see everything.

2019-08-21T06:36:00Z
author avatar
Reseller

It is hard to really address what needs to be improved in the respect that it does everything I would expect of a superior solution. It is simple enough to use because the interface is quite simple, the setup is quick and painless — in only an hour the product is installed. Users can train on the system in less than three hours. When the configuration is complete they will already know what to do and they can just go on and use the product. I think that the price is quite good compared to other, similar products. They already have a plugin that you can use to set up integration with virtually any other product. Maybe it could come with a few more built-in integrations, such as adding ServiceNow. They already have built-in integration with Antigena Cyber AI Response Modules for the clouds and for the network (AWS & Azure), and they did Office 365 (email), and SaaS applications as well. I guess a few more options and opportunities like this built-in would be nice. It is not a big thing.

2019-08-20T05:12:00Z
author avatar
Real User

The products is designed to monitor traffic sent and received via the corporate egress /network points. I would be interested to see further integration or development of a capability to obtain visibility of mobile devices such as Laptops and Mobiles, which operate outside of the network and may communicate specifically when off the corporate network.

2019-08-18T07:52:00Z
author avatar
Real User

Darktrace does not have any capabilities to configure. So I would like to see supervised machines and capabilities in the next version.

2019-08-18T07:52:00Z
author avatar
Real User

Block attack capabilities or integration with other SIEM solutions such as IBM QRadar.

2019-01-22T11:52:00Z
Learn what your peers think about Darktrace. Get advice and tips from experienced pros sharing their opinions. Updated: October 2021.
542,608 professionals have used our research since 2012.