Darktrace Reviews and Ratings

Rating: 8.5 out of 10

Score

8.5 out of 10

Community insights

TrustRadius Insights for Darktrace are summaries of user sentiment data from TrustRadius reviews and, when necessary, third party data sources.

Pros

Comprehensive AI-based NDR solution: Users have found Darktrace to be a comprehensive AI-based network detection and response solution. Several reviewers appreciate its ability to detect anomalies in user behavior as well as network infrastructure like routers, servers, and endpoints.

Effective prevention of malicious traffic: Many users highly appreciate Darktrace's autonomous AI model detection and response capabilities. They applaud its effectiveness in preventing, containing, and quarantining malicious traffic in the corporate network.

Valuable security features: Darktrace's ability to block malicious attachments and phishing emails is regarded as a valuable feature by users. They find it reassuring that Darktrace provides excellent security to corporate email systems, enhancing overall cybersecurity measures.

Reviews

13 Reviews

detects anomalous network activity

Rating: 8 out of 10

Incentivized

September 16, 2025

Use Cases and Deployment Scope

We use Darktrace's NETWORK and EMAIL services to monitor for and act upon anomalous activity. Their use of AI algorithms allows the detection system to instantly halt all threatening traffic. In addition, the EMAIL service uses similar technology to weed out malicious email, perform email link locking and blocking, and more to keep your users and network safe.

Pros

detects anomalous network activity
automatically act on detected threats
email link locking
email link blocking

Cons

The dashboard offers a lot of data but can also be very confusing to use
Tooltips for icons could be more detailed

Likelihood to Recommend

Darktrace is an enterprise-level product that is not affordable for most small or mid-sized companies. The period during which the appliance learns your network can be time consuimg as many false-positives are alerted. It is important that your staff anticipates this and has the time to help train the device.

Verified User

Manager in Information Technology (201-500 employees)

Vetted Review

8 years of experience

Darktrace Threat Identification and Analysis

Rating: 8 out of 10

Incentivized

September 8, 2025

Use Cases and Deployment Scope

We installed Darktrace to scan our network traffic to identify anomalies and potential threats. The install was reasonable as the device just requires a TAP port. (I recommend giving it the fastest tap you can.) The device learned for a few weeks and then switched into identification mode, altering us to non-standard activity.

Pros

Network scanning
Anomaly detection
Threat alerting

Cons

The system has so many features and places to tweak we found it hard to tune for our use.
We met regularly with someone from Darktrace to assist us in processing the alerts
The process for mail scanning requires you to reroute mail traffic

Likelihood to Recommend

If the colleague is versed in network protocols and has used a sniffer, this would be a great product for them!

Verified User

Director in Information Technology (51-200 employees)

Vetted Review

6 years of experience

A flexible and scalable NDR

Rating: 9 out of 10

Incentivized

August 30, 2023

Use Cases and Deployment Scope

Darktrace is one of the best solutions when it comes to monitor your network with an NDR. Extremely scalable and with a fantastic way of correlating network communications, this is one of the best solutions in the market. We use it not only to monitor our customer's infrastructures, but we also integrate it with several modules, giving the SoC Analysts great room for moving and responding.

Pros

Network monitoring
PCAP Parsing
Correlation rules
Behavioural rules

Cons

Backup management
Asset inventory
Advanced queries scalability

Likelihood to Recommend

Darktrace is a product well suited for the vast majority of infrastructures and helps monitoring and responding to threats based on the network in a very elastic way. This is a product based on on-premise infrastructures that hosts its machines locally, of course it can be technically difficult to monitor an entire On-Cloud infrastructure but even there there's room for sensors and monitoring, not to mention the SaaS and mail integration that completes the product.

Verified User

Analyst in Information Technology (11-50 employees)

Vetted Review

2 years of experience

If you want to unleash the Power of AI for Threat Detection, go for Darktrace

Rating: 9 out of 10

Incentivized

August 29, 2023

Use Cases and Deployment Scope

We have been using Darktrace for Threat Detection, Network Visibility, Antigena features/PREVENT for automated responses and to be in compliance. It's AI and ML capabilities to continuously monitor network traffic and user behavior are exceptional. It gives an in-depth visibility to our network. We have integrated it with Microsoft365 for Emails which helps detect phishing emails, malicious attachment blocking, spam filtering and malicious link blocking.

Pros

It detects anomalies or deviations from this baseline, it can raise alerts or take automated actions to investigate and mitigate the issue.
It's "Antigena" feature can take automated actions in response to detected threats. You can have antigena for both network and emails and the system will do the blocks at it's own
It integrates with Microsoft365 to identify and respond to email-based threats, including phishing attempts and malicious attachments.

Cons

Whitelisting email or IP are not straight forward
Although the GUI is great but it's too complex
If filters can be easier to implements

Likelihood to Recommend

It's best suited for network anamoly detection and prompt action via antigena for network It's also best suited for Email security and malicious email detections Since, the detections are AI based you may get some false positives from time to time Right after implementation it's difficult to handle due to it's learning behavior Requires some time to learn It not the best for Intrusion prevention scenarios but does a great job for threat detections

Verified User

Professional in Information Technology (51-200 employees)

Vetted Review

4 years of experience

Darktrace threat visualizer, leading NDR solution with peace of mind.

Rating: 6 out of 10

Incentivized

May 23, 2023

Use Cases and Deployment Scope

The Darktrace's Threat Visualizer leverage an enterprise immune system technology to detect and respond to network activity in a way that is intended for use by security operation centres, threat analysts, and network security experts. Business problems Darktrace helps us address; -

<ul><li>The Threat Visualizer employs the underlying AI models to dynamically detect threats that are actually abnormal in the increasingly complex threat landscape, enabling us at the SOC to concentrate attention and expertise where it is needed. </li><li>

</li><li>The Threat Visualizer gives us a visual representation of all network activity and connections—both internal and external—between all machines and users, allowing us to observe how the network is flowing. </li><li>It functions on a broad scale, highlighting various hazards and anomalies for the analyst's attention, and on a more specific one, enabling you to drill down.</li></ul>

Pros

Uses it Al model UEBA to detect anomalies in the behaviour of not only the users in a corporate network but also the routers, servers, and endpoints in that network.
Provides a visualisation of both egress and outbound network traffics flowing in and out of the organisation.
Darktrace comes with it autonomous AI model detection and responses capabilities.
Darktrace as an AI next generation NDR solution, prevents ,contains and quarantines malicious traffics from and into the corporate network.

Cons

AI detection Model
Customisable
Improves on the User Behaviour Behaviour analytics model
Consistently improve model self learning.

Likelihood to Recommend

In network-related attack detection and response, Darktrace threat visualizer is your best solution. Self-containment and quarantine of suspicious network activities with highly detection rate.

ROBERT OFOLI KWEI

Senior Security Specialist in Information Technology at Consolidated Bank Ghana Limited (5001-10,000 employees)

Vetted Review

2 years of experience

View profile

Darktrace Antigena email a good solution to protect corporate email.

Rating: 10 out of 10

Incentivized

April 28, 2022

Use Cases and Deployment Scope

We use Darktrace Antigena email to protect our employees from any threat that can arrive by email. Our email provides, does an initial filtering, but not enough to provide a good security solution. Antigena email provides machine speed to analyze and block if necessary, using AI.

Pros

Block malicious attachments.
Block phishing emails.
Provide an awesome security to corporate email.
Good analytics and metrics about emails.

Cons

Change IU language.
Sometimes excessive block (restrictive).
Sometimes it takes too much time to remove an email from inbox

Likelihood to Recommend

Antonio Rodriguez

Information Technology Audit Manager in Information Technology at GDES (201-500 employees)

Vetted Review

1 year of experience

Darktrace is good to play but not good to an easy learning

Rating: 9 out of 10

Incentivized

February 28, 2022

Use Cases and Deployment Scope

We are using Darktrace to identify possible issues caused by forbidden access and track suspicious activity. As this application is getting the traffic from the source, we're able to identify security issues that before we weren't able to. Also, we are integrating Darktrace with other Security/Monitoring tools like Splunk & Solarwinds.

Pros

AI Incidents view.
Action taken (Antigena).
Executive Threat Report.
Incidents Patterns.

Cons

User/IP Tracking when it is coming from different Darktrace Sensors.
Dashboard not intuitive for rookie user.
Lack of Community forum.

Likelihood to Recommend

Very easy to send mirroring traffic, very intuitive layout to configure the sensors, alerts & notifications. Require good experience in the platform in order to find & troubleshoot logs/incidents. There is not much documentation available on the Free Forum/Google searches. Good pre-sales support for the United Kingdom & Ireland clients, many kudos!

Fabio Silva

Senior Network Engineer in Information Technology at Fexco (1001-5000 employees)

Vetted Review

1 year of experience

Darktrace - Some Shortcomings

Rating: 1 out of 10

Incentivized

November 11, 2021

Use Cases and Deployment Scope

We implemented Darktrace 2 years ago for our organisation of approximately 350 users. The system was identified as a smart learning AI system that would protect the business against a range of cyberattacks.

Pros

Very Clever Marketing
Clever use of the AI

Cons

From time to time an email would appear in your inbox and within 5 to 10 seconds the email would be removed before your eyes. sometimes you could click on it if you were reading emails. Other times it would appear in your notifications and then when you looked for it later it was gone. It made you question your sanity. This problem has never been fixed. if you don't get onto it quick enough the system deletes these actions every month. No trace can be found.
When the system incorrectly quarantined an email, a false positive, there is no way to train the system not to do the same thing again. You have to contact IT support and get them to whitelist the email behind the scenes.
The BIG problem. The system is only as smart as the emails you provided for ingestion. Any email received after ingestion may be quarantined as it falls outside the pattern of behavior. Worse still. The system will let through infected emails if it can see the sender is a trusted source. Even if they have had an attack and sent emails out to their entire address book with an infected payload.
There was no notice of emails being quarantined until recently. When you do get sent a notice now it contains a very poor level of information.

Likelihood to Recommend

I would warn any IT manager against this system. It is

frustrating. Support is very poor and slow. Changes do not get implemented. We

are removing the system and looking elsewhere.

Ask yourself, how smart is a system that simply uses your

existing mail history to determine if it will accept the next email. The system has no ability for the users to identify false positives or train it. It places a lot of pressure on the helps desk. I question where the AI lies.

John King

Executive Director in Information Technology at J G King Building Group (201-500 employees)

Vetted Review

2 years of experience

View profile

Good tool but a LOT of false positives

Rating: 7 out of 10

Incentivized

February 19, 2020

Use Cases and Deployment Scope

I worked with Darktrace in a couple of organizations (from 300 to 1000+ users). Darktrace is a beneficial product to keep track of lateral network traffic inside of the organization. It augments the firewall, which looks at the traffic moving in and out of the company's LAN. Darktrace utilizes SPAN ports on switches to get the traffic, that's the only configuration needed outside of the Darktrace appliance, making installation relatively easy. If organization has multiple locations, either multiple Darktrace units will be required, or the network must be configured to forward SPAN traffic. Darktrace does provide beneficial insights into network activity inside the network, such as the use of obsolete protocols, DLP breaches, etc.

Pros

Ease of installation and configuration - Darktrace appliance is very close to plug and play (SPAN port configuration should be easy for any network admin). Darktrace provides comprehensive onboarding for customers as well, so you do not feel lost during the configuration of the device.
Identifying and tracking of the devices on the network - Hostname, OS, IP, MAC, previous activity - everything can be seen in the same interface. It is so much easier than tracking device in question across the firewall, DHCP, DNS logs.

Cons

False positives. Darktrace uses "AI" to create its alerts for "unusual" or "malicious" activity. It is very common to see an alert for completely benign and normal device behavior - PC tries to print for the first time in a while, for example.
Antigena actions. To some extent, this is a continuation of the previous point. Darktrace can break the network connectivity of the suspected device automatically. The excessive number of false positives makes administrators reluctant to use this feature, though. Also, the default Antigena actions are not relevant to real-world problems as I saw them in my experience with Darktrace.

Likelihood to Recommend

If organization has money to spend on Darktrace (licensing is based on the number of endpoints in the network) and has staff to sift through all the alerts the device creates, Darktrace does improve security significantly. You will see what is going on inside the network, in real-time, and in easy to understand manner. The problem is that there are a lot of things going on inside of any corporate network. The AI of the Darktrace appliance has a hard time reducing the number of events to look at to a reasonable level. Whoever is thinking about buying Darktrace must be ready to spend a lot of man-hours working with the product, clearing false positives and tweaking rules.

Verified User

Professional in Information Technology (1001-5000 employees)

Vetted Review

2 years of experience

The best security guard your network could have

Rating: 10 out of 10

Incentivized

January 29, 2020

Use Cases and Deployment Scope

Darktrace is used across almost all of my organisation. It allows constant monitoring across all of our networks, and because it has the ability to learn "normal" behaviour for your network, it triggers alerts when it sees behaviour outside of this range. It's allowed thorough monitoring of our systems, 24/7. You can download packet captures, which can then be loaded in to wireshark, of traffic from devices on the network, and the data for these captures are held for some time as well - the exact time varies depending on the amount of traffic, but I've normally been able to retrieve traffic data from a few weeks previously when needed. There is also a mobile app that you can configure to allow monitoring of alerts on your phone. On a few occasions in the past, when something alerted that was potentially damaging to the network (such as a malware outbreak at one site), a Darktrace employee contacted me directly to let me know that there was something potentially high priority going on.

Pros

Monitors your network for unusual behaviour; as it learns what is normal for your network, you don't need to worry too much about things that are normal for your organisation, but might be considered odd in other places, triggering as alarms. It can also detect more subtle changes such as a device accessing a server but at an unusual time.
There are a large number of models that are used to create the alerts, which can all be customised, and you can also create your own from scratch, to allow you to tailor it perfectly to your situation.

Cons

There are few areas that I would say need to be improved; their customer support portal allows you to log tickets with any suggestions or things you feel the product is missing, and they will generally show you how to achieve what you want, or in some cases, introduce it as a feature in a later update.

Likelihood to Recommend

Darktrace would be well suited to any environment really; the only constraint would be the budget. The cost scales on the number of devices to be monitored by the product, so it can be quite expensive in larger environments. Any company that would benefit from having 24/7 monitoring of their network would find that this product would suit that need perfectly. It can also create a number of reports, which is useful if you have any requirement to present periodic figures and statistics for your network. There are also additional features available and in development such as Antigena, which can be configured to allow potential threats to be automatically mitigated; it can block connections to a certain address, using certain ports, or it can enforce "normal behaviour" where it will only allow a machine to communicate in a way that Darktrace has observed before and considers normal. This has huge benefits particularly for 24/7 organisations where you don't have the ability to have someone monitoring the network personally at all times, as it could stop a malware outbreak in its tracks.

Verified User

Engineer in Information Technology (501-1000 employees)

Vetted Review

5 years of experience

Loading Reviews List....

The best security guard your network could have

Rating: 10 out of 10

Incentivized

January 29, 2020

Use Cases and Deployment Scope

Pros

Monitors your network for unusual behaviour; as it learns what is normal for your network, you don't need to worry too much about things that are normal for your organisation, but might be considered odd in other places, triggering as alarms. It can also detect more subtle changes such as a device accessing a server but at an unusual time.
There are a large number of models that are used to create the alerts, which can all be customised, and you can also create your own from scratch, to allow you to tailor it perfectly to your situation.

Cons

There are few areas that I would say need to be improved; their customer support portal allows you to log tickets with any suggestions or things you feel the product is missing, and they will generally show you how to achieve what you want, or in some cases, introduce it as a feature in a later update.

Likelihood to Recommend

Verified User

Engineer in Information Technology (501-1000 employees)

Vetted Review

5 years of experience