What users are saying about
46 Ratings
22 Ratings
46 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener'>trScore algorithm: Learn more.</a>
Score 8.3 out of 100
22 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow noopener'>trScore algorithm: Learn more.</a>
Score 8.1 out of 100

Attribute Ratings

  • Darktrace is rated higher in 1 area: Support Rating
  • Graylog is rated higher in 1 area: Likelihood to Recommend

Likelihood to Recommend

7.2

Darktrace

72%
8 Ratings
7.5

Graylog

75%
7 Ratings

Support Rating

9.4

Darktrace

94%
4 Ratings
4.8

Graylog

48%
5 Ratings

Likelihood to Recommend

Darktrace

I think if you manage a large number of mailboxes, you need a reliable solution to protect corporate email from any threat. This solution uses AI to analyze emails to check if they're safe or if it's a risk for the organization. It has a good UI (all in English), and the more you're using it, the more you get. There are a lot of metrics and indicators to help the email security admin.
Read full review

Graylog

For small companies, Graylog is the best solution possible. It's easy to configure and "just works." Above everything else, it's free. The only thing I hold against it is the fact that it's Linux-based. [This] makes sense because Elasticsearch is Linux-based. But Linux adds a layer of complexity that we don't need for something basic as a logging server. I'm pretty sure that we would have had a logging server years earlier if I had to convince quite a few decision-making people to go ahead with it anyway.
Read full review

Pros

Darktrace

  • Monitors your network for unusual behaviour; as it learns what is normal for your network, you don't need to worry too much about things that are normal for your organisation, but might be considered odd in other places, triggering as alarms. It can also detect more subtle changes such as a device accessing a server but at an unusual time.
  • There are a large number of models that are used to create the alerts, which can all be customised, and you can also create your own from scratch, to allow you to tailor it perfectly to your situation.
Read full review

Graylog

  • Graylog does a great job of its core function: log aggregation, retention, and searching.
  • Graylog has a very flexible configuration. The backend for storage is Elasticsearch and MongoDB is used to store the configuration. You have to option to make your configuration as simple as possible by storing everything on one box, or you can scale everything out horizontally by using a cluster of Elasticsearch nodes and MongoDB servers with several Graylog servers pointed to all the necessary nodes.
  • Graylog does a good job of abstracting away a fair portion of Elasticsearch index management (sharding, creation, deletion, rotation, etc).
Read full review

Cons

Darktrace

  • Really had a poor time of identifying devices and what the device's purpose was - a simple nmap scan did a better job. The problem is they expect you to fine-tune the results - which is exactly what you would expect - but day one it found over 2,000 servers (and I only have 112).
  • Really had a hard time separating network traffic into locations - I use distinct subnets for my buildings, but there was no good way to create a logical map of my traffic internally. Did not garner a sense of trust that it was seeing everything.
  • Sat through a few "analyst" reports - which showed me possible threats in my environment. I am already using a few open source tools, and they actually found more than the analyst reports. Also, there was no way to get the reports on your own - you had to work through their analysts to get the information.
Read full review

Graylog

  • Support for more log sources
  • Event alerts/emails - Some cases where unable to separate data from multiple clients, and no easy fix
  • API - Limits results to 10,000 and can cause server to lockup on queries that exceed the limit
Read full review

Pricing Details

Darktrace

Starting Price

Editions & Modules

Darktrace editions and modules pricing
EditionModules

Footnotes

    Offerings

    Free Trial
    Free/Freemium Version
    Premium Consulting/Integration Services

    Entry-level set up fee?

    No setup fee

    Additional Details

    Graylog

    Starting Price

    Editions & Modules

    Graylog editions and modules pricing
    EditionModules

    Footnotes

      Offerings

      Free Trial
      Free/Freemium Version
      Premium Consulting/Integration Services

      Entry-level set up fee?

      No setup fee

      Additional Details

      Support Rating

      Darktrace

      Darktrace support is excellent in my experience. They send a competent engineer on-site to provide on-boarding training. They were also very responsive in responding to questions and concerns. Having an individual point of contact who is a competent network and security engineer is not a common experience, at least for me.
      Read full review

      Graylog

      Community support does not give simple straightforward answers; simply search up Graylog Issues and look at some of the responses on the forums. The documentation is your only hope if you are on the free version, as you can NOT purchase only support. The few times I have worked with Graylog Enterprise support they were great though.
      Read full review

      Alternatives Considered

      Darktrace

      The Darktrace user interface was improved. Darktrace provides more metrics and more info to decide if an email is malicious or not in doubt case. Darktrace provides a lot of info about the email being analyzed, if there was a previous communication between both parts before for example, it's so easy to deploy.
      Read full review

      Graylog

      In terms of log aggregation, the free product fully stacks up with the competitors listed. Full control over the data ingests for flexible configuration. Graylog even better on that front than AlienVault USM because you cannot configure the variable mapping. We haven't used the threat exchange stuff or correlation. But with regex searches, we have created function dashboards that show threat theater pictures of our network based on logs from our firewall.
      Read full review

      Return on Investment

      Darktrace

      • Darktrace is covering some lack of security issues.
      • Darktrace helps the company to follow some compliance obligations.
      • Darktrace can't solve all issues. It needs to work with other Security tools (e.g Splunk).
      Read full review

      Graylog

      • Graylog is just less expensive than some other options which meant it fit into our budget otherwise we might not be able to justify a higher cost.
      • Being able to track issues that we normally couldn't track using other tools is a bonus to help us know of any issues we have and can fix before an outage or failure that could potentially cost money.
      • We have had to spend more time than I would like to understand and customize Graylog which has taken time away from other tasks and projects.
      Read full review

      Add comparison