Darktrace AI interrupts in-progress cyber-attacks, including ransomware, email phishing, and threats to cloud environments. It's able to detect and establish baselines for your organization so it can make the distinction between what is and what isn't normal network activity for your organization. This allows it to tackle complex cyber-attacks as they happen and prevent future cyber-attacks from happening.
N/A
F5 BIG-IP SSL Orchestrator
Score 9.0 out of 10
N/A
F5 Networks provides the SSL Orchestrator, a high-performance decryption, analysis, and re-encryption tool for SSL/TLS traffic across the network to locate threats or data exfiltration efforts concealed in encrypted traffic.
In network-related attack detection and response, Darktrace threat visualizer is your best solution. Self-containment and quarantine of suspicious network activities with highly detection rate.
F5 SSL Orchestrator is an ideal software to address the blind spots of the encryption of incoming and outgoing traffic, this is because it provides a high visibility of the traffic. By having a management based on policies allows to carry out a simpler management and obtain a more integration easy with existing infrastructures. It is ideal for reducing costs as it allows the creation of dynamic devices, thereby evaluating whether the traffic should be decrypted or not.
Monitors your network for unusual behaviour; as it learns what is normal for your network, you don't need to worry too much about things that are normal for your organisation, but might be considered odd in other places, triggering as alarms. It can also detect more subtle changes such as a device accessing a server but at an unusual time.
There are a large number of models that are used to create the alerts, which can all be customised, and you can also create your own from scratch, to allow you to tailor it perfectly to your situation.
Really had a poor time of identifying devices and what the device's purpose was - a simple nmap scan did a better job. The problem is they expect you to fine-tune the results - which is exactly what you would expect - but day one it found over 2,000 servers (and I only have 112).
Really had a hard time separating network traffic into locations - I use distinct subnets for my buildings, but there was no good way to create a logical map of my traffic internally. Did not garner a sense of trust that it was seeing everything.
Sat through a few "analyst" reports - which showed me possible threats in my environment. I am already using a few open source tools, and they actually found more than the analyst reports. Also, there was no way to get the reports on your own - you had to work through their analysts to get the information.
It is a software with a somewhat complex documentation so when you are in doubt it is difficult to solve it through its documentation.
A good knowledge is required in the management of the software, because although its implementation is flexible, carrying it out in the appropriate way guarantees good operation.
Its price can be somewhat high if it is a small company, however considering its high versatility the investment is worth it.
Learning curve somewhat steep, but you can count on the support of your support team.
Darktrace support is excellent in my experience. They send a competent engineer on-site to provide on-boarding training. They were also very responsive in responding to questions and concerns. Having an individual point of contact who is a competent network and security engineer is not a common experience, at least for me.
The Darktrace user interface was improved. Darktrace provides more metrics and more info to decide if an email is malicious or not in doubt case. Darktrace provides a lot of info about the email being analyzed, if there was a previous communication between both parts before for example, it's so easy to deploy.
OpenSSL is a simple software to use, with a complete documentation and an easy installation and ideal for encrypting and decrypting and making certificates, however F5 SSL Orchestrator can be implemented in different ways, it provides a high visibility of the traffic which does not miss any threat It wants to hide in encrypted traffic, but its biggest advantage is that it helps to better manage and does not provide static but dynamic devices so it is possible to decrypt once or encrypt once, it is for all these powerful features that F5 SSL Orchestrator was chosen.
By providing a high vision of inbound and outbound traffic, we manage to avoid the entry of threats and the exposure or loss of data from our business infrastructure.
Its policy based management is very helpful, since it is much simpler to manage SSL traffic and to be aware of any attack coming from it and to apply security controls to all business traffic.
