Likelihood to Recommend Darktrace is a product well suited for the vast majority of infrastructures and helps monitoring and responding to threats based on the network in a very elastic way. This is a product based on on-premise infrastructures that hosts its machines locally, of course it can be technically difficult to monitor an entire On-Cloud infrastructure but even there there's room for sensors and monitoring, not to mention the SaaS and mail integration that completes the product.
Read full review Trellix (FireEye + McAfee)
It’s a dedicated Network Advanced Threat Detection and Prevention solution. Easy maintenance and low operating costs fit perfectly for SMEs. Variety of appliance selection makes NX the perfect choice for large enterprises. As it’s a dedicated solution with its own appliance, price is higher compared to NGTP add on solutions. FireEye is an ecosystem therefore when you’ve the EX or HX vice versa, you should be looking to NX. Otherwise, you’re missing the threat intel exchange on the network side reverse is the true. Sizing is important before the purchase, if you select a low end model for a busy network you lose your initial investment. For multiple NX deployments I highly recommend CMS. Without CMS you’ll lose the threat intel exchange and this will negatively reduce the risk scores.
Read full review Pros Uses it Al model UEBA to detect anomalies in the behaviour of not only the users in a corporate network but also the routers, servers, and endpoints in that network. Provides a visualisation of both egress and outbound network traffics flowing in and out of the organisation. Darktrace comes with it autonomous AI model detection and responses capabilities. Darktrace as an AI next generation NDR solution, prevents ,contains and quarantines malicious traffics from and into the corporate network. Read full review Trellix (FireEye + McAfee)
Advanced detection of targeted attacks. Mandiant team effort is a big plus. Inline mitigation capabilities particularly well. Different deployment models for specific needs. License and information sharing selection 1 way or 2 way mode. Frequent updates. Low false positive rates. FireEye sandboxing is immune to sandboxing attacks. Central management (CMS) capabilities for managing several NX's. Extra IPS/IDS functionality in the product. Smartvision specific to lateral movement detection. Upgrades and updates with zero down time. Local FireEye support is superb. Multiple deployment scenarios (span, inline) in the same NX for different interface pairs. SSL inspection support. No need to maintain, build or updates the images. It's highly automatic. Read full review Cons There are few areas that I would say need to be improved; their customer support portal allows you to log tickets with any suggestions or things you feel the product is missing, and they will generally show you how to achieve what you want, or in some cases, introduce it as a feature in a later update. Read full review Trellix (FireEye + McAfee)
Very first detected APT sample can pass the NX even it's inline blocking mode. Performance optimization for busy networks is cumbersome. CMS does not provide all the management capabilities, CLI or local config. Should be done for advanced customization. Constant limitations of tcpdump/ packet capture for 10G interfaces. IPS functionality is a bit cumbersome, not a full feature IPS, lack of signatures and customization of IPS signatures. It's not a full NDR solution or a UBA solution. Lack of device or user mapping. Forensics is based on the specific APT. May not provide the whole story and need some additional tools. You cannot make manual submission to NX (needs AX). You cannot access the kernel directly for deep analy[sis] or troubleshooting (assist from FireEye Support should be taken). Read full review Likelihood to Renew It's a powerfull product that help administrators to provide email security to our organization.
Good metrics about received emails that help us to determine in doubt case if the email is a false positive or it's malware.
They're improving the product releasing continuous updates and have mobile phone app to manage it.
Read full review Trellix (FireEye + McAfee)
Usability Darktrace comes with a simple usability interface with easy navigation and organisation.
Read full review Trellix (FireEye + McAfee)
Support Rating Darktrace support is excellent in my experience. They send a competent engineer on-site to provide on-boarding training. They were also very responsive in responding to questions and concerns. Having an individual point of contact who is a competent network and security engineer is not a common experience, at least for me.
Read full review Trellix (FireEye + McAfee)
Alternatives Considered We did NOT select Darktrace.
OSSIM /AlienVault is a more mature product and it provided better intelligence and reporting. The end user interface is much easier to use - and you can tell built form engineers who have had to do the work. My suggestion for anyone considering Darktrace, is to get the price upfront; do a 30/60 onsite trail; and do the same thing, at the same time, with AlienVault. AlientVault will win every time. I say that because that's exactly what I did.
Read full review Trellix (FireEye + McAfee)
FireEye NX is a solid product. It gives you sustainable security throughout the organization. NX detection engines are more capable compared to others. Its catch rate is higher, FP rate is lower, [and] speed is awesome. NX can work for highly regulated environments with 1 way solution. Operation costs are much lower. Software quality is very good. It may have bugs, but these bugs do not compromise the security in general. SOC team loves the FireEye NX for its pinpoint detection capabilities. Local and partner support is exceptional.
Read full review Return on Investment One big positive is how it helps us with the security assessments that clients have done on us. They are looking to see if we know how we might have unusual/malicious traffic running on the network. If you have a small network and only need 1 appliance, it can be a good ROI and peace of mind. You could go down a hole in trying to spend time looking at all of your traffic with this software. You need to focus only on what it is showing as potential bad traffic. Read full review Trellix (FireEye + McAfee)
As [a] financial company on the digital markets, we need to be safeguard for 0days and targeted attacks. FireEye NX provides the best updated protection with its enhanced capabilities. Security score based on detection/prevention metrics [is] very high ensuring the highest level of security. APTs in our region successfully detected and mitigated by the NX. For the ROI, in a six month period FireEye is paying off its [investment]. One negative thing, especially with increasing network bandwidths, [is that] you need to make [the] investment every two or three years. Read full review ScreenShots Trellix Network Security Screenshots