Darktrace AI interrupts in-progress cyber-attacks, including ransomware, email phishing, and threats to cloud environments. It's able to detect and establish baselines for your organization so it can make the distinction between what is and what isn't normal network activity for your organization. This allows it to tackle complex cyber-attacks as they happen and prevent future cyber-attacks from happening.
N/A
F5 BIG-IP SSL Orchestrator
Score 8.4 out of 10
N/A
F5 Networks provides the SSL Orchestrator, a high-performance decryption, analysis, and re-encryption tool for SSL/TLS traffic across the network to locate threats or data exfiltration efforts concealed in encrypted traffic.
Darktrace is a product well suited for the vast majority of infrastructures and helps monitoring and responding to threats based on the network in a very elastic way. This is a product based on on-premise infrastructures that hosts its machines locally, of course it can be technically difficult to monitor an entire On-Cloud infrastructure but even there there's room for sensors and monitoring, not to mention the SaaS and mail integration that completes the product.
F5 SSL Orchestrator is an ideal software to address the blind spots of the encryption of incoming and outgoing traffic, this is because it provides a high visibility of the traffic. By having a management based on policies allows to carry out a simpler management and obtain a more integration easy with existing infrastructures. It is ideal for reducing costs as it allows the creation of dynamic devices, thereby evaluating whether the traffic should be decrypted or not.
Uses it Al model UEBA to detect anomalies in the behaviour of not only the users in a corporate network but also the routers, servers, and endpoints in that network.
Provides a visualisation of both egress and outbound network traffics flowing in and out of the organisation.
Darktrace comes with it autonomous AI model detection and responses capabilities.
Darktrace as an AI next generation NDR solution, prevents ,contains and quarantines malicious traffics from and into the corporate network.
There are few areas that I would say need to be improved; their customer support portal allows you to log tickets with any suggestions or things you feel the product is missing, and they will generally show you how to achieve what you want, or in some cases, introduce it as a feature in a later update.
It is a software with a somewhat complex documentation so when you are in doubt it is difficult to solve it through its documentation.
A good knowledge is required in the management of the software, because although its implementation is flexible, carrying it out in the appropriate way guarantees good operation.
Its price can be somewhat high if it is a small company, however considering its high versatility the investment is worth it.
Learning curve somewhat steep, but you can count on the support of your support team.
The Darktrace toolset is very expansive, allowing it to handle many different tasks, but this leads to a user interface that is sometimes not at all intuitive. Icons don't always make sense visually, and the associated tool tips do not always provide enough detail on what action the button performs
Darktrace support is excellent in my experience. They send a competent engineer on-site to provide on-boarding training. They were also very responsive in responding to questions and concerns. Having an individual point of contact who is a competent network and security engineer is not a common experience, at least for me.
We did NOT select Darktrace. OSSIM/AlienVault is a more mature product and it provided better intelligence and reporting. The end user interface is much easier to use - and you can tell built form engineers who have had to do the work. My suggestion for anyone considering Darktrace, is to get the price upfront; do a 30/60 onsite trail; and do the same thing, at the same time, with AlienVault. AlientVault will win every time. I say that because that's exactly what I did.
OpenSSL is a simple software to use, with a complete documentation and an easy installation and ideal for encrypting and decrypting and making certificates, however F5 SSL Orchestrator can be implemented in different ways, it provides a high visibility of the traffic which does not miss any threat It wants to hide in encrypted traffic, but its biggest advantage is that it helps to better manage and does not provide static but dynamic devices so it is possible to decrypt once or encrypt once, it is for all these powerful features that F5 SSL Orchestrator was chosen.
One big positive is how it helps us with the security assessments that clients have done on us. They are looking to see if we know how we might have unusual/malicious traffic running on the network.
If you have a small network and only need 1 appliance, it can be a good ROI and peace of mind.
You could go down a hole in trying to spend time looking at all of your traffic with this software. You need to focus only on what it is showing as potential bad traffic.
By providing a high vision of inbound and outbound traffic, we manage to avoid the entry of threats and the exposure or loss of data from our business infrastructure.
Its policy based management is very helpful, since it is much simpler to manage SSL traffic and to be aware of any attack coming from it and to apply security controls to all business traffic.
