Reviews (1-3 of 3)
September 17, 2018
Score 7 out of 10
We use Darktrace in our main office. It helps us meet security assessment requirements of our clients that want to know how we know if there are bad actors in our environment.
- Its very strong in recognizing unusual traffic. It learns what is normal and what is not normal.
- It helps to show if our users are hitting malicious websites or not. That is a nice bonus to help with our security awareness and know if our training is doing its job.
- Their weekly reports to us help highlight the most egregious traffic on our network. They are an extra set of eyes for us.
- You have to have an appliance on each segment of your network. If you are not back hauling your traffic to your central data center, then each location has to have an appliance in order to cover that location.
- They gather so much detailed information that it is hard at time to decipher what I'm looking at.
- The way they name actions is unusual and should be changed. They need to label the parts of network traffic better.
Read this authenticated review
It's excellent at using its AI engine to learn your environment when it first gets set up. Then over time it know what it has seen in the past and what it hasn't, so you can investigate what could be malicious traffic or not. It shouldn't be considered the end all, be all for networking monitoring, but just another tool to use.
January 12, 2018
Score 2 out of 10
Brought it in to act as an intelligence gatherer for network traffic - specifically to look for anomalies and help identify potential threats and suspicious activity. I installed it at the network core, so it was able to view all traffic (well, mostly all traffic - we had a few issues with some of the VLANs and my switches are configured for fault tolerance, which it also had an issue with) moving from inside to outside.
- It did an ok job of analyzing and collecting data. It used a span (mirrored) port and then using its own algorithm developed flow records.
- It did an ok job of segmenting traffic into networks - not always correctly, but ok.
- It tried to identify devices by type - once again, it did ok, but not that great.
- Really had a poor time of identifying devices and what the device's purpose was - a simple nmap scan did a better job. The problem is they expect you to fine-tune the results - which is exactly what you would expect - but day one it found over 2,000 servers (and I only have 112).
- Really had a hard time separating network traffic into locations - I use distinct subnets for my buildings, but there was no good way to create a logical map of my traffic internally. Did not garner a sense of trust that it was seeing everything.
- Sat through a few "analyst" reports - which showed me possible threats in my environment. I am already using a few open source tools, and they actually found more than the analyst reports. Also, there was no way to get the reports on your own - you had to work through their analysts to get the information.
Read Matt Frederickson's full review
In my opinion, based on what I saw, the product is not ready for prime time yet. The GUI interface was slick but very difficult to use. There was no reporting capability. There was no availability to integrate other products or share data easily. The people were very nice and easy to work with - but in my opinion, no one who worked on developing the product has spent any time on a day-to-day basis in the trenches. While I get the brain trust behind the product (and it is very, very impressive), there is still a disconnect between the developers and the end-users. For the cost of the product (quite expensive), the end user base is not going to be satisfied with the product, especially since I can get the same, and better, information from other products.
January 12, 2018
Score 9 out of 10
We needed a better insight into network security threats that might be in our organization. DarkTrace provides an invaluable service of not only giving us the ability to dig deep into possible network intrusions but also has a weekly summary of possible network security issues. One of the main reasons we chose DarkTrace was that they provided the weekly report put together by a security professional. We review this weekly report and take action as needed.
Read this authenticated review
Recommend: for a company with limited security resources that needs a better look into possible network intrusions. Not suited for: a company that has a full SOC staff that has time and resources to dedicate to network security threats.
Darktrace Scorecard Summary
Darktrace headquartered in San Francisco provides enterprise network security with its machine learning autonomous network traffic analysis (NTA) software, providing an "Immune System" that detects novel or insider threats arising from malicious behavior.
Darktrace Technical Details