Overview
What is Darktrace?
Darktrace AI interrupts in-progress cyber-attacks, including ransomware, email phishing, and threats to cloud environments. It's able to detect and establish baselines for your organization so it can make the distinction between what is and what isn't normal network activity for…
TrustRadius Insights
Darktrace threat visualizer, leading NDR solution with peace of mind.
Darktrace Antigena email a good solution to protect corporate email.
A flexible and scalable NDR
Darktrace is good to play but not good to an easy learning
Darktrace - Some Shortcomings
DarkTrace is great for small to medium size businesses
Good tool but a LOT of false positives
The best security guard your network could have
Darktrace offers an excellent AI engine can answer that question "Do I have malicious traffic in my network?"
Why I didn't pick Darktrace
Reviewer Pros & Cons
Product Demos
Darktrace - Zero Trust Lab Demo
DEMO DARKTRACE Darktrace Cyber AI Platform
DEMO DARKTRACE Darktrace Cyber AI Platform
Darktrace CSRF exploit (CVE-2019-9596 and CVE-2019-9597)
Grove Cybersecurity - Darktrace testimonials
Darktrace Respond Network Overview/Darktrace Antigena Demo
Product Details
- About
- Competitors
- Tech Details
- FAQs
What is Darktrace?
Darktrace Features
- Supported: Virtual deployment
- Supported: Integrations: Darktrace is designed with an open architecture to complement an existing infrastructure.
- Supported: Self-learning to understand the human, not just the email address
Darktrace Video
Darktrace Competitors
Darktrace Technical Details
Operating Systems | Unspecified |
---|---|
Mobile Application | No |
Frequently Asked Questions
Comparisons
Compare with
Reviews and Ratings
(61)Community Insights
- Business Problems Solved
- Pros
- Cons
The Threat Visualizer has proven to be an invaluable tool for security operation centers, allowing them to focus on critical issues amidst the complex threat landscape. Users have praised its AI models for effectively detecting abnormal threats and potential security breaches. With its visual representation of network activity and connections, the Threat Visualizer enables users to observe the flow of the network, providing crucial insights into potential vulnerabilities. Darktrace Antigena email, a component of Darktrace's suite of security solutions, has been commended for its real-time threat analysis and blocking capabilities. This feature enhances email security by identifying and mitigating potential threats before they can cause harm. Darktrace's role as an intelligence gatherer for network traffic has been highly appreciated by customers, who value its ability to identify anomalies and potential threats. Organizations have also benefited from Darktrace's capability to track suspicious activity and unauthorized access, enabling them to take prompt action and mitigate any potential risks. The integration of Darktrace with other security and monitoring tools such as Splunk and Solarwinds has further enhanced its effectiveness in comprehensive threat detection and response. With its scalability and robust monitoring capabilities, Darktrace has become a popular choice in the market. By constantly monitoring networks and triggering alerts for abnormal behavior, it provides organizations with thorough system monitoring that is essential in today's digital landscape. With packet captures for analysis and a mobile app for monitoring alerts on the go, Darktrace offers convenience and flexibility to its users. Additionally, Darktrace's provision of a weekly summary of network security issues delivers valuable insights that help organizations stay ahead of potential threats. Customers appreciate how Darktrace's AI and ML capabilities continuously monitor network traffic and user behavior, enhancing overall network visibility. The product integrates seamlessly with Microsoft 365 for email security, successfully identifying phishing emails and blocking malicious attachments and links. One key advantage that users have noted about Darktrace is its ease of installation. It provides organizations with deep insights into network activity, including obsolete protocols and Data Loss Prevention breaches. In addition to meeting security assessment requirements, Darktrace helps organizations proactively identify potential threats in their environment. Overall, the Threat Visualizer and Darktrace's suite of security solutions have been highly regarded for their ability to provide comprehensive threat detection and response, enhancing overall network security.
Comprehensive AI-based NDR solution: Users have found Darktrace to be a comprehensive AI-based network detection and response solution. Several reviewers appreciate its ability to detect anomalies in user behavior as well as network infrastructure like routers, servers, and endpoints.
Effective prevention of malicious traffic: Many users highly appreciate Darktrace's autonomous AI model detection and response capabilities. They applaud its effectiveness in preventing, containing, and quarantining malicious traffic in the corporate network.
Valuable security features: Darktrace's ability to block malicious attachments and phishing emails is regarded as a valuable feature by users. They find it reassuring that Darktrace provides excellent security to corporate email systems, enhancing overall cybersecurity measures.
Confusing User Interface: Some users have found the user interface to be confusing, suggesting a need for improvement in the IU language. Excessive Blocking: Several users experienced excessive blocking, making the software overly restrictive. Difficulty Removing Emails: Users mentioned that removing an email from the inbox took too much time. Inaccurate Device Identification: One user had a poor experience with device identification, stating that a simple nmap scan performed better. Lack of Comprehensive Network Traffic Mapping: The software was criticized for not providing a good way to create a logical map of network traffic between subnets. Limited Threat Detection and Reporting: Some users expressed concerns about inaccurate threat detection and incomplete reporting capabilities when compared to open-source tools.
Attribute Ratings
Reviews
(1-9 of 9)- It detects anomalies or deviations from this baseline, it can raise alerts or take automated actions to investigate and mitigate the issue.
- It's "Antigena" feature can take automated actions in response to detected threats. You can have antigena for both network and emails and the system will do the blocks at it's own
- It integrates with Microsoft365 to identify and respond to email-based threats, including phishing attempts and malicious attachments.
- Whitelisting email or IP are not straight forward
- Although the GUI is great but it's too complex
- If filters can be easier to implements
- The Threat Visualizer employs the underlying AI models to dynamically detect threats that are actually abnormal in the increasingly complex threat landscape, enabling us at the SOC to concentrate attention and expertise where it is needed.
- The Threat Visualizer gives us a visual representation of all network activity and connections—both internal and external—between all machines and users, allowing us to observe how the network is flowing.
- It functions on a broad scale, highlighting various hazards and anomalies for the analyst's attention, and on a more specific one, enabling you to drill down.
- Uses it Al model UEBA to detect anomalies in the behaviour of not only the users in a corporate network but also the routers, servers, and endpoints in that network.
- Provides a visualisation of both egress and outbound network traffics flowing in and out of the organisation.
- Darktrace comes with it autonomous AI model detection and responses capabilities.
- Darktrace as an AI next generation NDR solution, prevents ,contains and quarantines malicious traffics from and into the corporate network.
- AI detection Model
- Customisable
- Improves on the User Behaviour Behaviour analytics model
- Consistently improve model self learning.
- Block malicious attachments.
- Block phishing emails.
- Provide an awesome security to corporate email.
- Good analytics and metrics about emails.
- Change IU language.
- Sometimes excessive block (restrictive).
- Sometimes it takes too much time to remove an email from inbox
A flexible and scalable NDR
- Network monitoring
- PCAP Parsing
- Correlation rules
- Behavioural rules
- Backup management
- Asset inventory
- Advanced queries scalability
Darktrace is good to play but not good to an easy learning
- AI Incidents view.
- Action taken (Antigena).
- Executive Threat Report.
- Incidents Patterns.
- User/IP Tracking when it is coming from different Darktrace Sensors.
- Dashboard not intuitive for rookie user.
- Lack of Community forum.
DarkTrace is great for small to medium size businesses
- Network Security
- Security Analysis
- Threat Detection
- Whole Packet Capture
- Initial configuration
- Security Analyst timely response to questions
- GUI
Good tool but a LOT of false positives
- Ease of installation and configuration - Darktrace appliance is very close to plug and play (SPAN port configuration should be easy for any network admin). Darktrace provides comprehensive onboarding for customers as well, so you do not feel lost during the configuration of the device.
- Identifying and tracking of the devices on the network - Hostname, OS, IP, MAC, previous activity - everything can be seen in the same interface. It is so much easier than tracking device in question across the firewall, DHCP, DNS logs.
- False positives. Darktrace uses "AI" to create its alerts for "unusual" or "malicious" activity. It is very common to see an alert for completely benign and normal device behavior - PC tries to print for the first time in a while, for example.
- Antigena actions. To some extent, this is a continuation of the previous point. Darktrace can break the network connectivity of the suspected device automatically. The excessive number of false positives makes administrators reluctant to use this feature, though. Also, the default Antigena actions are not relevant to real-world problems as I saw them in my experience with Darktrace.
The best security guard your network could have
- Monitors your network for unusual behaviour; as it learns what is normal for your network, you don't need to worry too much about things that are normal for your organisation, but might be considered odd in other places, triggering as alarms. It can also detect more subtle changes such as a device accessing a server but at an unusual time.
- There are a large number of models that are used to create the alerts, which can all be customised, and you can also create your own from scratch, to allow you to tailor it perfectly to your situation.
- There are few areas that I would say need to be improved; their customer support portal allows you to log tickets with any suggestions or things you feel the product is missing, and they will generally show you how to achieve what you want, or in some cases, introduce it as a feature in a later update.
Darktrace offers an excellent AI engine can answer that question "Do I have malicious traffic in my network?"
- Its very strong in recognizing unusual traffic. It learns what is normal and what is not normal.
- It helps to show if our users are hitting malicious websites or not. That is a nice bonus to help with our security awareness and know if our training is doing its job.
- Their weekly reports to us help highlight the most egregious traffic on our network. They are an extra set of eyes for us.
- You have to have an appliance on each segment of your network. If you are not back hauling your traffic to your central data center, then each location has to have an appliance in order to cover that location.
- They gather so much detailed information that it is hard at time to decipher what I'm looking at.
- The way they name actions is unusual and should be changed. They need to label the parts of network traffic better.