Darktrace AI interrupts in-progress cyber-attacks, including ransomware, email phishing, and threats to cloud environments. It's able to detect and establish baselines for your organization so it can make the distinction between what is and what isn't normal network activity for your organization. This allows it to tackle complex cyber-attacks as they happen and prevent future cyber-attacks from happening.
N/A
Microsoft Purview Data Loss Prevention
Score 7.5 out of 10
N/A
Microsoft Purview Data Loss Prevention is used to provide intelligent detection and control of sensitive information across Office 365, OneDrive, SharePoint, Microsoft Teams, and on the endpoint. It also helps prevent data loss through identifying and preventing risky or inappropriate sharing, transfer, or use of sensitive data on endpoints, apps, and services.
N/A
Pricing
Darktrace
Microsoft Purview Data Loss Prevention
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
Darktrace
Microsoft Purview Data Loss Prevention
Free Trial
No
Yes
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
—
—
More Pricing Information
Community Pulse
Darktrace
Microsoft Purview Data Loss Prevention
Features
Darktrace
Microsoft Purview Data Loss Prevention
Data Preparation
Comparison of Data Preparation features of Product A and Product B
Darktrace is a product well suited for the vast majority of infrastructures and helps monitoring and responding to threats based on the network in a very elastic way. This is a product based on on-premise infrastructures that hosts its machines locally, of course it can be technically difficult to monitor an entire On-Cloud infrastructure but even there there's room for sensors and monitoring, not to mention the SaaS and mail integration that completes the product.
I would highly recommend Microsoft Purview Data Loss Prevention for companies that are utilizing Microsoft technologies based on the strong integrations. If a company is using other technologies (e.g Google Workspace), then Microsoft Purview Data Loss Prevention would not be a good fit and would be difficult to implement/manage.
Uses it Al model UEBA to detect anomalies in the behaviour of not only the users in a corporate network but also the routers, servers, and endpoints in that network.
Provides a visualisation of both egress and outbound network traffics flowing in and out of the organisation.
Darktrace comes with it autonomous AI model detection and responses capabilities.
Darktrace as an AI next generation NDR solution, prevents ,contains and quarantines malicious traffics from and into the corporate network.
Automatic labeling, once we've trained the naming conventions and things like that and we get the labels placed on things. One of the biggest problems that our clients face is the fact that they don't particularly know every single time exactly the data that they're trying to protect, how to identify it when it comes into the system or when they create it, right? So we're using Purview and we're using the abilities that Purview has to auto-label things based off of either taxonomy that you have produced or created or that have been automatically populated through AI. That makes it a lot easier and kind of thwarts possible user error that causes problems for organizations.
There are few areas that I would say need to be improved; their customer support portal allows you to log tickets with any suggestions or things you feel the product is missing, and they will generally show you how to achieve what you want, or in some cases, introduce it as a feature in a later update.
Overall, Microsoft DLP is not my number one choice because there's not much flexibility. There's a lot of restrictions and the way they set up rules a lot really restrictive. Thus it takes a lot more time for my team to build the rules and establish the controls as needed. So it's very clunky in that way and they have not improved it over the years, but I know they're trying to get a better, however it takes time because Microsoft, as we all knows, not a really security centric company.
The Darktrace toolset is very expansive, allowing it to handle many different tasks, but this leads to a user interface that is sometimes not at all intuitive. Icons don't always make sense visually, and the associated tool tips do not always provide enough detail on what action the button performs
Darktrace support is excellent in my experience. They send a competent engineer on-site to provide on-boarding training. They were also very responsive in responding to questions and concerns. Having an individual point of contact who is a competent network and security engineer is not a common experience, at least for me.
We did NOT select Darktrace. OSSIM/AlienVault is a more mature product and it provided better intelligence and reporting. The end user interface is much easier to use - and you can tell built form engineers who have had to do the work. My suggestion for anyone considering Darktrace, is to get the price upfront; do a 30/60 onsite trail; and do the same thing, at the same time, with AlienVault. AlientVault will win every time. I say that because that's exactly what I did.
There are much more comprehensive and granular DLP solutions out there like Trellix and Sophos but ultimately they are expensive and require significant administrative oversight for implementation and deployment. For a company of our size, they are just not economically feasible. We purchased out 365 E5 tenant with Purview DLP integration from a reseller at a price that we couldn't compete with vs a standalone enterprise product.
One big positive is how it helps us with the security assessments that clients have done on us. They are looking to see if we know how we might have unusual/malicious traffic running on the network.
If you have a small network and only need 1 appliance, it can be a good ROI and peace of mind.
You could go down a hole in trying to spend time looking at all of your traffic with this software. You need to focus only on what it is showing as potential bad traffic.
