Likelihood to Recommend This is the best possible solution for enterprise-level organizations where server counts will be in the thousands. To manage these and understand the communication can be very cumbersome without this tool. Ease of creation map zone and application-wise can be relaxing to OS teams and support teams as well. There is no limit to labeling schema of servers and it gives the freedom to do so.
Read full review Darktrace is a product well suited for the vast majority of infrastructures and helps monitoring and responding to threats based on the network in a very elastic way. This is a product based on on-premise infrastructures that hosts its machines locally, of course it can be technically difficult to monitor an entire On-Cloud infrastructure but even there there's room for sensors and monitoring, not to mention the SaaS and mail integration that completes the product.
Read full review Pros Network traffic flow within environment of organization. Creating maps for visibility and drill down is a key feature. Labelling of servers can be done via running script. Alerts can be sensitized for the traffic not seen. Read full review Uses it Al model UEBA to detect anomalies in the behaviour of not only the users in a corporate network but also the routers, servers, and endpoints in that network. Provides a visualisation of both egress and outbound network traffics flowing in and out of the organisation. Darktrace comes with it autonomous AI model detection and responses capabilities. Darktrace as an AI next generation NDR solution, prevents ,contains and quarantines malicious traffics from and into the corporate network. Read full review Cons Limited support to legacy infrastructure. Integration with third party is a bit tedious. Awaiting support for Kubernetes in the next version. Read full review There are few areas that I would say need to be improved; their customer support portal allows you to log tickets with any suggestions or things you feel the product is missing, and they will generally show you how to achieve what you want, or in some cases, introduce it as a feature in a later update. Read full review Likelihood to Renew It's a powerfull product that help administrators to provide email security to our organization.
Good metrics about received emails that help us to determine in doubt case if the email is a false positive or it's malware.
They're improving the product releasing continuous updates and have mobile phone app to manage it.
Read full review Usability The solution is deployed throughout the organization. Teams are working and integrating it with the help desk tool wherever required. Helps in identifying the network traffic flows in lateral movement and east and west as well. Allows policies by default and later fine-tuning to be done to narrow it and enforce blocking action. Exporting reports from the tool is easy and can be observed for any issues.
Read full review Darktrace comes with a simple usability interface with easy navigation and organisation.
Read full review Support Rating Support has been available 24*7. It also depends on criticality but support is available. Also, the right expertise from the team helps in identifying the issue quickly and this helps in less production downtime if required. The ticket is resolved with RCA.
Read full review Darktrace support is excellent in my experience. They send a competent engineer on-site to provide on-boarding training. They were also very responsive in responding to questions and concerns. Having an individual point of contact who is a competent network and security engineer is not a common experience, at least for me.
Read full review Alternatives Considered 1) No limit to labeling schema. 2) Ease of creating maps with respect to zone, environment, subnets, etc. 3) Ease of creating policies and publishing the same. 4) Deception 5) Integration with monitoring tool (grafana) 6) Changes in the agent can be considered if there are legacy systems, time-consuming but can be achieved with the right information.
Read full review We did NOT select Darktrace.
OSSIM /AlienVault is a more mature product and it provided better intelligence and reporting. The end user interface is much easier to use - and you can tell built form engineers who have had to do the work. My suggestion for anyone considering Darktrace, is to get the price upfront; do a 30/60 onsite trail; and do the same thing, at the same time, with AlienVault. AlientVault will win every time. I say that because that's exactly what I did.
Read full review Return on Investment Blocking unwarranted traffic can really boost security of organization. Alerts can be triggered to SIEM servers and help in timely action. Need to be very careful before configuring and publishing block policies in the production environment. Read full review One big positive is how it helps us with the security assessments that clients have done on us. They are looking to see if we know how we might have unusual/malicious traffic running on the network. If you have a small network and only need 1 appliance, it can be a good ROI and peace of mind. You could go down a hole in trying to spend time looking at all of your traffic with this software. You need to focus only on what it is showing as potential bad traffic. Read full review ScreenShots