Darktrace AI interrupts in-progress cyber-attacks, including ransomware, email phishing, and threats to cloud environments. It's able to detect and establish baselines for your organization so it can make the distinction between what is and what isn't normal network activity for your organization. This allows it to tackle complex cyber-attacks as they happen and prevent future cyber-attacks from happening.
N/A
Google Threat Intelligence (Mandiant)
Score 8.8 out of 10
Enterprise companies (1,001+ employees)
Google Threat Intelligence, based on the expertise and service of Mandiant, aims to accelerate security and risk decision making – operational as well as strategic – and to enable security teams to focus on threats that matter to them.
If you want threat intel coming into your EDR, Email gateway, and IPS, this is the most cost-effective solution. The others can only pump into your SIEM and rely on monitoring and detection. The former goes into active defense, aka active blocking.
Darktrace is a product well suited for the vast majority of infrastructures and helps monitoring and responding to threats based on the network in a very elastic way. This is a product based on on-premise infrastructures that hosts its machines locally, of course it can be technically difficult to monitor an entire On-Cloud infrastructure but even there there's room for sensors and monitoring, not to mention the SaaS and mail integration that completes the product.
Usually SOC leverages Intel from mutiple sources. The scenarios are: 1.Suitable: In large scale SOC where more than 5000 devices are being monitored and the tech stack is wide, Mandiant will play an excellent role in that scenario. 2.Not Suitable: In small scale SOCs wherein limited devices belonging to the same tech stack is being used then the analysts can rely on OSINT and it is not useful to buy the solution.
Uses it Al model UEBA to detect anomalies in the behaviour of not only the users in a corporate network but also the routers, servers, and endpoints in that network.
Provides a visualisation of both egress and outbound network traffics flowing in and out of the organisation.
Darktrace comes with it autonomous AI model detection and responses capabilities.
Darktrace as an AI next generation NDR solution, prevents ,contains and quarantines malicious traffics from and into the corporate network.
There are few areas that I would say need to be improved; their customer support portal allows you to log tickets with any suggestions or things you feel the product is missing, and they will generally show you how to achieve what you want, or in some cases, introduce it as a feature in a later update.
The Darktrace toolset is very expansive, allowing it to handle many different tasks, but this leads to a user interface that is sometimes not at all intuitive. Icons don't always make sense visually, and the associated tool tips do not always provide enough detail on what action the button performs
Mandiant Advantage Threat Intelligence has a very usable platform, with well-differentiated sections for the analyst, as well as the possibility of cross-searching to obtain the desired results. All this is presented with an interface that is easy on the eye and not very messy, which increases productivity and the speed with which work is done.
Darktrace support is excellent in my experience. They send a competent engineer on-site to provide on-boarding training. They were also very responsive in responding to questions and concerns. Having an individual point of contact who is a competent network and security engineer is not a common experience, at least for me.
We did NOT select Darktrace. OSSIM/AlienVault is a more mature product and it provided better intelligence and reporting. The end user interface is much easier to use - and you can tell built form engineers who have had to do the work. My suggestion for anyone considering Darktrace, is to get the price upfront; do a 30/60 onsite trail; and do the same thing, at the same time, with AlienVault. AlientVault will win every time. I say that because that's exactly what I did.
It gives more ways to analyze threats and options to fixed it. This device gives more visibility on vulnerability detection and its analysis. It provides detailed reports to have more information of all malwares which help us to increase overall security of our current organization
One big positive is how it helps us with the security assessments that clients have done on us. They are looking to see if we know how we might have unusual/malicious traffic running on the network.
If you have a small network and only need 1 appliance, it can be a good ROI and peace of mind.
You could go down a hole in trying to spend time looking at all of your traffic with this software. You need to focus only on what it is showing as potential bad traffic.
