CrowdStrike Falcon vs Darktrace

Likelihood to Recommend

There aren't many scenarios where I wouldn't recommend CrowdStrike. You'll have the ability to create protection policies for different parts of your environment so that sensitive machines have as much protection as possible, and low-risk machines aren't overly locked down. The only reason I can't see someone choosing CrowdStrike is over a matter of budget. It's not the most expensive, nor is it the cheapest.

Read full review

Randy Munroe

Information Security Analyst

Randall-ReillyMarketing and Advertising, 201-500 employees

View all 8 answers on this topic

Darktrace would be well suited to any environment really; the only constraint would be the budget. The cost scales on the number of devices to be monitored by the product, so it can be quite expensive in larger environments. Any company that would benefit from having 24/7 monitoring of their network would find that this product would suit that need perfectly. It can also create a number of reports, which is useful if you have any requirement to present periodic figures and statistics for your network. There are also additional features available and in development such as Antigena, which can be configured to allow potential threats to be automatically mitigated; it can block connections to a certain address, using certain ports, or it can enforce "normal behaviour" where it will only allow a machine to communicate in a way that Darktrace has observed before and considers normal. This has huge benefits particularly for 24/7 organisations where you don't have the ability to have someone monitoring the network personally at all times, as it could stop a malware outbreak in its tracks.

Read full review

Verified User

Engineer in Information Technology

Aviation & Aerospace Company, 501-1000 employees

View all 5 answers on this topic

Feature Rating Comparison

CrowdStrike Falcon

Darktrace

Anti-Exploit Technology

Endpoint Detection and Response (EDR)

Centralized Management

Hybrid Deployment Support

Infection Remediation

Vulnerability Management

Malware Detection

Pros

Detects and automatically blocks dangerous behavior on endpoints that could be indicative of malicious activity, like executing programs from the deleted items folder, executing a SSH command in silent mode from different places in the OS, etc.
Monitors endpoints continuously for known malware, evaluates dangerous behaviors and blocks execution based on risk tolerance settings, uses AI to draw correlations on multiple attack vectors, and has a human malware hunting element to detect known or newly detected attack vectors.
Is easy to deploy across a large organization and manage centrally by as few as 1 person part time.
This was the fastest and easiest implementation of an enterprise grade security system I have ever done. I pushed software to the endpoints on a Friday afternoon, and was complete by Noon on Monday, as each workstation came online, the installer completed, and we were protected.

Read full review

Mark Sauer

Director of Information Technology

TransPakPackage/Freight Delivery, 1001-5000 employees

View all 8 answers on this topic

It did an ok job of analyzing and collecting data. It used a span (mirrored) port and then using its own algorithm developed flow records.
It did an ok job of segmenting traffic into networks - not always correctly, but ok.
It tried to identify devices by type - once again, it did ok, but not that great.

Read full review

Matthew Frederickson

Director of Information Technology

Council Rock School DistrictEducation Management, 1001-5000 employees

View all 5 answers on this topic

Cons

Falcon isn't continuously scanning the machine, if something is downloaded and viewed as safe it won't be re-checked later.
More dashboards and information on vulnerabilities on the machines would be helpful.
More reports that could be given to executives would also be beneficial. There are some now, but the options are rather limited.

Read full review

Verified User

Analyst in Information Technology

Telecommunications Company, 1001-5000 employees

View all 8 answers on this topic

False positives. Darktrace uses "AI" to create its alerts for "unusual" or "malicious" activity. It is very common to see an alert for completely benign and normal device behavior - PC tries to print for the first time in a while, for example.
Antigena actions. To some extent, this is a continuation of the previous point. Darktrace can break the network connectivity of the suspected device automatically. The excessive number of false positives makes administrators reluctant to use this feature, though. Also, the default Antigena actions are not relevant to real-world problems as I saw them in my experience with Darktrace.

Read full review

Verified User

Professional in Information Technology

Primary/Secondary Education Company, 1001-5000 employees

View all 5 answers on this topic

Support Rating

CrowdStrike Falcon 8.5

Based on 12 answers

Ease of implementation.
Overall protection capabilities.
Real-time system inventory function.
Insight and intelligence of not only the threat, but the potential of the threat.
Support staff of their managed service is excellent.

Read full review

Verified User

Analyst in Finance and Accounting

Financial Services Company, 1001-5000 employees

View all 12 answers on this topic

Darktrace 9.5

Based on 2 answers

Any time I have had any issue with Darktrace, I've been able to contact an engineer through their support desk, and I have always had a very speedy response. Even when the issue has been caused by something outside of the Darktrace devices, they have still been very keen to try to help and identify what the problem was. The customer portal also has a large number of videos and guides that you can use to educate yourself on the product

Read full review

Verified User

Engineer in Information Technology

Aviation & Aerospace Company, 501-1000 employees

View all 2 answers on this topic

Alternatives Considered

Business requirements, mainly. The most important/useful items we appreciate is ease of use and customer service and this product exceeds expectations in that regard. Other offers cover legacy systems and remain with that solution. However, the granularity that you can introduce to an environment is outstanding, all that without losing the simplicity of use.

Read full review

Samuel Hadid

Security Specialist

AMRHealth, Wellness and Fitness, 10,001+ employees

View all 8 answers on this topic

We have not evaluated others as they seem to be in their own class.

Read full review

Verified User

Technician in Information Technology

Law Practice Company, 201-500 employees

View all 5 answers on this topic

Return on Investment

A significant increase in responsiveness to data security incidents.
The frequency and extent of data security issues have been drastically reduced.

Read full review

Verified User

Executive in Information Technology

Restaurants Company, 10,001+ employees

View all 8 answers on this topic

We had an ROI just during the POC. DarkTrace helped us identify a ransomware attack and we stopped it before it happened.
The weekly reports more than pay for itself within the first few months.
The powerful search capability helps us solve problems where other solutions fall short.

Read full review

Verified User

Analyst in Information Technology

Public Safety Company, 201-500 employees

View all 5 answers on this topic

Pricing Details

General

Free Trial

Yes

Free/Freemium Version

—

Premium Consulting/Integration Services

Yes

Entry-level set up fee?

No

General

Free Trial

—

Free/Freemium Version

—

Premium Consulting/Integration Services

—

Entry-level set up fee?

No

Rating Summary

CrowdStrike Falcon

Darktrace

CrowdStrike Falcon

Darktrace

CrowdStrike Falcon vs Darktrace