2019-01-22T11:52:00Z

What needs improvement with Darktrace?


Please share with the community what you think needs improvement with Darktrace.

What are its weaknesses? What would you like to see changed in a future version?

Guest
99 Answers

author avatar
Top 5LeaderboardReal User

The product is automated to a certain degree, but I think this could be improved. I'm looking for a way of being able to react to threats that are detected based on risk. Aside from that, there is nothing really that they could improve on, it's a product more suited to organizations with an SOC, security operations center, or a company with an IT team of network security members because it relies on constantly monitoring it to see information based on the risks of events. In our case, we have a small IT team, which means that a large amount of time would have been spent drilling into it. If something did happen on the network, we'd ideally be responding to it reactively instead of proactively. Some of the other products we tested did that so that if something was detected, it would block that device by means of an endpoint, which halts the process and gives you time to check it out. Darktrace would tell you, for example, if there was a ransomware attack, but it wouldn't stop the attack. Other products would identify it as a ransomware attack and stop the network card on the endpoint, giving time to react to the alert, and proceed to cleanse or investigate the machine that's had a problem. That was our issue with Darktrace. The only reason that it looks like we are going down a different route is because of the endpoint protection issue. The product doesn't have an endpoint agent that can react to outcomes or triggers that are set on the device, otherwise, it would be great.

2020-01-26T09:26:00Z
author avatar
Top 5LeaderboardReal User

Darktrace needs to simplify most of the positive reports. We have to field all the positive reports, false positives, too. Sometimes we need to check false positives manually. We have to filter false positives. After that, we configure it again. Then, we want to analyze these false positives. That's the main thing. If we are assessing features, this should be easier to handle. Darktrace needs to automate the reports of false positives, botnets, and everything. So far, I think the solution is good. Not excellent, good.

2019-12-31T09:39:00Z
author avatar
Top 20Real User

This is quite an expensive product so the pricing is something that can be improved.

2019-12-23T07:05:00Z
author avatar
Top 5LeaderboardReal User

The solution would benefit from automation. Currently, you have to know what you are searching for.

2019-12-05T06:53:00Z
author avatar
Top 20Reseller

The pricing is based on the number of endpoints, so the program is rather expensive. I would like to see something that will fit my clients' budget. That is something they can work on to improve. Secondly, I would like to see my entire network, structurally and architecturally, on a single screen or in one single dashboard. Right now you have to keep going through different clippings to see everything.

2019-08-21T06:36:00Z
author avatar
Top 20Reseller

It is hard to really address what needs to be improved in the respect that it does everything I would expect of a superior solution. It is simple enough to use because the interface is quite simple, the setup is quick and painless — in only an hour the product is installed. Users can train on the system in less than three hours. When the configuration is complete they will already know what to do and they can just go on and use the product. I think that the price is quite good compared to other, similar products. They already have a plugin that you can use to set up integration with virtually any other product. Maybe it could come with a few more built-in integrations, such as adding ServiceNow. They already have built-in integration with Antigena Cyber AI Response Modules for the clouds and for the network (AWS & Azure), and they did Office 365 (email), and SaaS applications as well. I guess a few more options and opportunities like this built-in would be nice. It is not a big thing.

2019-08-20T05:12:00Z
author avatar
Top 20Real User

Darktrace does not have any capabilities to configure. So I would like to see supervised machines and capabilities in the next version.

2019-08-18T07:52:00Z
author avatar
Real User

The products is designed to monitor traffic sent and received via the corporate egress /network points. I would be interested to see further integration or development of a capability to obtain visibility of mobile devices such as Laptops and Mobiles, which operate outside of the network and may communicate specifically when off the corporate network.

2019-08-18T07:52:00Z
author avatar
Real User

Block attack capabilities or integration with other SIEM solutions such as IBM QRadar.

2019-01-22T11:52:00Z
Learn what your peers think about Darktrace. Get advice and tips from experienced pros sharing their opinions. Updated: April 2020.
441,726 professionals have used our research since 2012.