We use Darktrace for threat monitoring in the finance industry.

Darktrace's most valuable features are its dashboards and its ability to summarize huge amounts of information about threats and suspicious traffic. The solution summarizes suspicious traffic in all our networks, allowing us to focus our efforts on the most vulnerable points in our network.

The solution's user interface and stability could be improved.

I have been using Darktrace for one year.

I rate the solution’s stability a six out of ten.

I rate the solution’s scalability an eight out of ten.

The solution's technical support team was very proficient and useful.

We previously used Cisco's EDR and traffic monitor.

The solution's initial setup is very complex. It's not easy to set up Darktrace. The solution was deployed in three months by a team consisting of ten networking engineers.

The solution improved our visibility. Earlier, we couldn't visualize some threats on the internal network level. With Darktrace, we were able to spot some deficiencies and certain vulnerabilities.

Before choosing Darktrace, we evaluated Palo Alto and Cisco. Palo Alto needed some integration with other Palo Alto and Cisco products. It was mostly focused on network traffic anomalies rather than cybersecurity threats.

Darktrace is a very complex product. It's not like a commodity because we're not talking about licenses but mostly about traffic, which is a complex matter. Darktrace's AI technology could be improved because it requires a huge amount of manual work to work properly.

Overall, I rate the solution an eight out of ten.

I use it for Email security and network traffic analysis.

It has a strong emphasis on machine learning (ML). In addition, they are pioneers in introducing artificial intelligence in these modules.

The detection models keep changing based on emerging threats discovered in the outside threat landscape. That is really valuable to organizations like us, small and medium-sized companies. It is also beneficial for enterprise customers when it comes to understanding the threat landscape. They design the detection models based on that.

The autonomous response is also highly designed in Darktrace. Moreover, it's not only monitored by us; their backend team also keeps on understanding that our monitoring is always on. If any sensor is down, they immediately notify us. A few of the sensors are not in contact, make it fix it to get continuous support.

Since security products are trying to expand 360 degrees in the enterprise, if Darktrace comes forward with more automation and integrations with other security monitoring tools, it would really benefit CISOs and CIOs to better understand automation and have better visibility into what's happening in our environment.

I have been using it since 2018.

It's stable. The majority of our competitors, like Vectra and others, are unable to move to other products because Darktrace gives better importance and efficiency in terms of monitoring our network services and traffic.

The moment Darktrace implements their services to expand their detection models and focus on the threat landscape, that really makes us want to continue with Darktrace. Even recently, when we had a renewal, we explored other products, but our company still gives much importance to Darktrace.

It is easy to scale.

Technical support is good. They always coordinate with the CISO. If any of the sensors are down, they immediately notify the CISO, since I work via the CISO as well as the chief security architect for the entire organization.

At any moment the sensors are down or the availability of our monitoring solutions are not reachable to their security backend team, their support team immediately notifies us. Their customer support is very helpful.

I have tried different solutions for similar use cases, but their detection mechanism is limited, even though their dashboard and UI give a better picture. But that's not true in actual detection.

I have explored Vectra. The sensors they ask us to place and the mechanisms of Darktrace and Vectra are similar. But when it comes to detection models, Darktrace has higher chances to mitigate the number of emerging threats that are happening across the world.

It's pretty easy to install. The initial installation of the brain sensor takes two or three days. But the subsequent expansion of the headless sensors to branch sites may take only one day.

The maintenance of the systems is very limited. It's not like other switches, routers, or firewalls that we take care of. The majority of upgrades are handled by Darktrace backend team. The only thing we have to take care of is the network availability of these headless sensors.

For implementation, less than three people are needed, or even one person. But when it comes to monitoring, we need more people because if the branches are expanded widely across the globe, you need a continuous team to monitor it. The volume of incidents is higher when Darktrace is implemented if the environment is not hardened well.

The return on investment is really high in terms of detecting bad actors or bad threats in the organization. In addition, I have discovered that when we negotiate a bundle package with Darktrace, they are really considered as affordable.

The pricing is almost equal between Vectra and Darktrace. In fact, we are one of the pioneer customers of Darktrace in the Asia Pacific (APAC) region.

Overall, I would rate it an eight out of ten.

Darktrace learns patterns and can identify malicious behavior based on that learning. It learns what tasks users perform, what data they access, and similar activities. Unlike an EDR, which uses patterns and signatures to identify existing threats, Darktrace uses AI to learn and recognize patterns. This provides a different approach to monitoring and detecting anomalies.

Pricing could be cheaper.

I have been using Darktrace as an end user for three years.

I rate the solution’s scalability a ten out of ten.

The initial setup is straightforward and takes a couple of hours.

We did in-house because we've got skill levels, but differently depending from time to time, depending on

The benefit is the security. You probably have a security case, an alarm system, and one or two locks. You don't rely on one security device; you have different layers. Darktrace is just one of those layers.

It is very expensive.

I rate the product’s pricing a ten out of ten, where one is cheap and ten is expensive.

I am the sole administrator and monitor of Darktrace because we have a small IT team. However, Darktrace monitors our entire organization. In a larger company with many IT departments, multiple people might monitor Darktrace and engage with it. Our finance company has a small IT department.

Darktrace adapted to the evolving landscape of cybersecurity threats by leveraging proprietary technology and machine learning algorithms. Their unique approach and cutting-edge solutions have established them as a leading company.

It's difficult to gauge the effectiveness of Darktrace because we don't fully understand how it operates; we only see the alerts it generates. If we create an event on the network, Darktrace will alert us so we know it works in those scenarios. If something new and unknown happens on the network, it's unclear whether Darktrace will detect it. We're paying a lot of money, hoping it does, as Darktrace is a proprietary technology. It might work, or it might not detect some threats. We don't have full visibility or a map of its coverage.

Darktrace can be expensive, depending on the use case. It's like comparing different types of cars: some people need a two-seater, while others need a ten-seater. Darktrace is more like a seven-seater—very specific and not suitable for everyone.

Overall, I rate the solution an eight out of ten.

We use the product to collect and monitor my environment. It models my traffic and sends me reports. Additionally, I have the response module in place to handle critical breaches by quarantining devices. I utilize it for generating reports and analyzing data to leverage threat intelligence.

The product's most valuable features are the response module and email protection.

Darktrace is quite expensive, which can be a significant factor for organizations with budget constraints. The pricing needs improvement.

I have been working with Darktrace for around four to five years now.

It is a stable solution. I rate the stability an eight.

I rate the platform scalability a ten. It supports a wide range of devices and is highly scalable.

The technical support services are reliable.

With the support from Darktrace and its partners, the setup process was user-friendly and easy.

The deployment took less than a week, although the learning phase for the environment can take some additional time.

Darktrace generates an ROI by effectively mitigating threats and avoiding costs related to downtime and other issues.

The product is expensive.

Darktrace provides real-time alarms for any anomalies in my network, which I utilize for incident response. It has significantly improved our reporting capabilities and response times once we set the parameters for identifying critical threats.

The response capability is beneficial because it autonomously responds to identified threats without manual intervention, ensuring that alerts are addressed 24/7. This includes quarantining devices as needed, which adds resilience to our security operations.

There have been improvements in incident response times. Before using the response functionality, we experienced a breach last year. Now, reports highlight and address incidents more effectively, reducing response times.

Its AI technology supports cybersecurity by learning my environment and accurately responding to threats. It reduces false positives and provides accurate threat detection by understanding the behavior of my network.

It is a tool worth trying, but the pricing aspect should be considered. I rate an eight out of ten.

Darktrace is used for detecting network-based threats like ransomware in the early stage or illicit communications with external endpoints.

A very useful feature in Darktrace for real-time threat analysis is the packet inspection that analyzes the packet traffic in real time. Data acquisition is the source rather than tapping the data downstream after some processing.

Darktrace could expand into EDR (endpoint detection and response) and combine it with its network detection. They could thereby have a more holistic knowledge of the system through network information or through visibility into the operating system of the endpoints.

I have been working with Darktrace for four years.

Darktrace is a very stable solution.

Darktrace is a very scalable solution. Our clients for Darktrace are enterprise customers.

The solution’s technical support is very good.

The solution’s initial setup is very straightforward.

The solution's deployment time depends on the complexity of the network. For some huge networks, you need to tap the right resources and measure the system to acquire all the required traffic. The deployment is very straightforward in smaller networks where you have to connect to only one switch.

Darktrace is quite an expensive solution. Users need to pay a yearly licensing fee for the solution.

Darktrace has improved our client's organization's threat detection and response capabilities. Darktrace has helped users intercept and stop ransomware attack attempts in the very early stage, within a couple of minutes of its detection Autonomous response is a very good and useful feature that differentiates Darktrace from other solutions.

One person can easily maintain the solution. Darktrace easily integrates with our client's IT infrastructure solutions, like Microsoft 365, CrowdStrike, and Palo Alto firewalls. Darktrace has impacted our clients' incident response time to be very quick.

Darktrace is an autonomous solution. Users have to ensure they present all the traffic to the tool so it can intercept threats and not have hidden spots in their networks.

Overall, I rate Darktrace a nine out of ten.

We use the solution for email, network and cloud security.

The network security and AR response are the main things.

The product is expensive, but it is a very good product. The user interface is also good.

I have been using Darktrace for two years.

The product is stable.

I rate the solution’s stability a nine out of ten.

The solution’s scalability is pretty straightforward. We’ve around 3500 users using this solution.

I rate the solution’s scalability an eight out of ten.

I contact technical support on occasion and ask questions, and they are responsive. I can get them on call or email. I’m very happy with the support.

The initial setup was quick and painless.

The product is very expensive.

The product is expensive, but it is a quality product. If you look apart from the cost, it's a good product followed by very good support. If you're willing to spend the money, it is worth consideration.

Overall, I rate the solution an eight out of ten.

Our primary use case is incident response.

One thing I appreciate is Antigena Email, which is for email protection.

One of the most valuable features is Behavior analytics.

One thing I would like is for Darktrace to flag SMB traffic more accurately. Currently, it only flags that SMB traffic has occurred, but it doesn't specify which file was being transferred. This makes it difficult to investigate incidents involving SMB traffic, as we don't have concrete evidence of what was being sent.

For example, if a user is sent an unauthorized file via SMB, Darktrace would only flag that SMB traffic occurred between the two users. It wouldn't be able to tell us which file was sent, so we would have to manually investigate the incident to determine what happened.

It would be helpful if Darktrace could flag the specific file that was being transferred in SMB traffic incidents. This would make it much easier to investigate these incidents and take appropriate action.

In future releases, I would like to see more playbooks.

I have been using this solution for a year now.

I would rate the stability a ten out of ten.

I would rate the scalability an eight out of ten. There are five end users in our analyst team.

The customer service and support are really good. That's one of the things that I've come to appreciate about Darktrace.

Any concern that you give to them, they come on board and arrange a meeting where you could possibly do some practical work with them. They would take on the incident, and they would say, "Okay. Let's set this incident together."

We used Sophos. We chose Darktrace because of its reliability. Unlike other solutions that rely heavily on signature-based logins, Darktrace operates by learning the behavior of individual users. This means that what may seem normal to me could be considered abnormal for someone else, and Darktrace can effectively block such anomalies. This feature has proven to be immensely helpful.

The initial setup is very easy. I would rate my experience with the initial setup a ten out of ten, where one is difficult and ten is easy to set up.

It took around an hour to set up.

The deployment process is pretty self-sufficient. It handles network closure and device discovery.

One person is sufficient for the deployment process.

The solution is quite expensive. I would rate the licensing model an eight out of ten.

I would recommend it based on its excellent behavior analytics and AI implementation.

Overall, I would rate the solution an eight out of ten.

The tool offers us visibility into network traffic.

The tool gives us alerts whenever an admin is trying to connect.

I am impressed with the product's ability to give insights into network traffic.

I would like to see a feature where the tool ingests information from an anti-malware product that is present at the endpoint.

I am using the product since September.

The solution is stable.

The tool's deployment is easy.

The tool's pricing is costly.

I would rate the tool a nine out of ten. You need to use the tool on a trial basis so that you can get comfortable with it.

The solution is a security cover for our on-premises solution to improve our security rating. Also, we want to protect our emails.

It has helped the organization to detect any malware affecting the machines. For example, if any phishing email creates a factory view bug or some of the workstations have some weird activities, or if someone downloaded malware from the internet, then Darktrace sends us a warning notification to look into the details so that our machine does not get involved with the malware. This function has helped our organization.

The network monitoring and the email monitoring features are very valuable for us.

The main portal needs improvement as it is difficult to use. But it's straightforward to follow compared to other VPN portals, for example, Azure. You don't have to bug the customer support team quite often.

They can add the EDR and follow-up options in the next release. For instance, if something happens, we get a notification. If a follow-up option is available, we can create a case and then understand how to record the evidence.

I have been using Darktrace for one year.

It is a stable solution. I rate it nine out of ten.

It is a scalable solution. I rate it a nine out of ten. Presently, 150 users are using the solution, and we wish to increase the number of users in the future.

The technical support team is slow, but not that bad. I rate it eight out of ten.

I do not know much about it, as an engineer from Darktrace did the setup for us.

The engineer from Darktrace set it up about two years ago.

There has been a return on investment using the product.

We pay 8,000 a year. The pricing is reasonable.

If any company has enough budget to put another layer between the internet and the on-prem device, they should consider Darktrace.

I rate the product a nine and a half out of ten.