Darktrace AI interrupts in-progress cyber-attacks, including ransomware, email phishing, and threats to cloud environments. It's able to detect and establish baselines for your organization so it can make the distinction between what is and what isn't normal network activity for your organization. This allows it to tackle complex cyber-attacks as they happen and prevent future cyber-attacks from happening.
N/A
Microsoft Defender XDR
Score 8.6 out of 10
N/A
Microsoft 365 Defender combines SIEM and XDR capabilities for Microsoft 365 environments, encompassing threat detection, post-breach detection, automated investigation, and response for endpoints. Additionally, it protects cloud apps, emails and documents, and employee identities.
We've compared the solution to probably 5-10 others having selected just a handful of the more recent ones. Using this with one other, we feel like we've covered most areas as possible. The integration with the Microsoft stack cannot be beaten and it just feels natural to use …
Darktrace is a product well suited for the vast majority of infrastructures and helps monitoring and responding to threats based on the network in a very elastic way. This is a product based on on-premise infrastructures that hosts its machines locally, of course it can be technically difficult to monitor an entire On-Cloud infrastructure but even there there's room for sensors and monitoring, not to mention the SaaS and mail integration that completes the product.
**Well Suited:**- **Enterprise Environments:** - Ideal for large-scale enterprise environments with a diverse IT infrastructure, offering comprehensive coverage across endpoints, networks, and cloud services.- **Integrated Microsoft Ecosystem:** - Excellently suited for organizations heavily invested in the Microsoft ecosystem, providing seamless integration with other Microsoft security tools and services.- **Proactive Threat Detection:** - Well-suited for organizations that prioritize proactive threat detection and response, leveraging advanced analytics and machine learning for early anomaly identification.- **Regulated Industries:** - Particularly beneficial for businesses in regulated industries, such as finance or healthcare, where compliance with stringent data protection regulations is crucial.**Less Appropriate:**- **Small Businesses with Limited Resources:** - Might be less appropriate for small businesses with limited resources or those with a simpler IT infrastructure, as the comprehensive features may exceed their specific needs.- **Highly Specialized Security Requirements:** - In scenarios where a business has highly specialized security requirements that necessitate specific, niche solutions, Microsoft Defender XDR might be less flexible compared to specialized security tools.- **Non-Windows Environments:** - Less appropriate for organizations predominantly using non-Windows operating systems, as it is optimized for integration within the Microsoft ecosystem.- **Organizations with Strict Bandwidth Constraints:** - In environments with strict bandwidth constraints, continuous monitoring and analysis by Defender XDR could potentially impact network performance.
Uses it Al model UEBA to detect anomalies in the behaviour of not only the users in a corporate network but also the routers, servers, and endpoints in that network.
Provides a visualisation of both egress and outbound network traffics flowing in and out of the organisation.
Darktrace comes with it autonomous AI model detection and responses capabilities.
Darktrace as an AI next generation NDR solution, prevents ,contains and quarantines malicious traffics from and into the corporate network.
I am a huge fan of Microsoft Defender for Endpoint within Microsoft 365 Defender. It is one of the most professional and reliable EDR (Endpoint Detection and Response) tool out there providing excellent features like vulnerability management, baseline assessments, device discovery etc.
Microsoft Defender for Office365 (Email Security) is yet another class apart product in this Microsoft 365 Defenderr stack. It is one of the easiest to use tools among all the other Microsoft security products yet at the same time offers such a wide variety of features like threat policies (anti-spam, anti-malware, anti-phishing etc.), attack simulation, message trace etc.
Incident Management is the main USP of Microsoft 365 Defender due to which it can actually be considered as a true XDR. The intuitive and user-friendly UI, the very useful attack story view, broad classifications, automated investigation etc. etc. etc.; the list of awesome features just goes on.
There are few areas that I would say need to be improved; their customer support portal allows you to log tickets with any suggestions or things you feel the product is missing, and they will generally show you how to achieve what you want, or in some cases, introduce it as a feature in a later update.
Setting up Microsoft 365 Defender integration with other tools or platforms might be challenging and require technical know-how.
Improving its third-party security tools integration and simplifying the setup process would offer a smoother experience for security teams.
A simpler way to improve security operations is by having a more cohesive way of detecting and responding to threats across different security solutions.
Darktrace support is excellent in my experience. They send a competent engineer on-site to provide on-boarding training. They were also very responsive in responding to questions and concerns. Having an individual point of contact who is a competent network and security engineer is not a common experience, at least for me.
Microsoft Support is really good in calls and uptime availability and they are helpful in understanding and fixing issues and reporting the bugs, also the first line support is amazing in fixing bugs and releasing the new patches.
Microsoft Provides a good training for the Microsoft 365 Defender and has a good learning paths to learn and take the exams and get your Certifications.
We did NOT select Darktrace. OSSIM/AlienVault is a more mature product and it provided better intelligence and reporting. The end user interface is much easier to use - and you can tell built form engineers who have had to do the work. My suggestion for anyone considering Darktrace, is to get the price upfront; do a 30/60 onsite trail; and do the same thing, at the same time, with AlienVault. AlientVault will win every time. I say that because that's exactly what I did.
We used the MS XDR as this is a bundle that we bought when we subscribed to the M365 platform, so having it was a bonus as we stated earlier, but due to limitation on licenses in Sentinelone, having this is just a blessing for us, so we can reduce around 200 licenses and can utilize it for other users
One big positive is how it helps us with the security assessments that clients have done on us. They are looking to see if we know how we might have unusual/malicious traffic running on the network.
If you have a small network and only need 1 appliance, it can be a good ROI and peace of mind.
You could go down a hole in trying to spend time looking at all of your traffic with this software. You need to focus only on what it is showing as potential bad traffic.
