Skip to main content
TrustRadius
Darktrace

Darktrace

Overview

What is Darktrace?

Darktrace AI interrupts in-progress cyber-attacks, including ransomware, email phishing, and threats to cloud environments. It's able to detect and establish baselines for your organization so it can make the distinction between what is and what isn't normal network activity for…

Read more

Learn from top reviewers

Return to navigation

Product Demos

Darktrace - Zero Trust Lab Demo

YouTube

DEMO DARKTRACE Darktrace Cyber AI Platform

YouTube

DEMO DARKTRACE Darktrace Cyber AI Platform

YouTube

Darktrace CSRF exploit (CVE-2019-9596 and CVE-2019-9597)

YouTube

Grove Cybersecurity - Darktrace testimonials

YouTube

Darktrace Respond Network Overview/Darktrace Antigena Demo

YouTube
Return to navigation

Product Details

What is Darktrace?

Darktrace Cyber AI Loop helps users reduce risk and harden security. The Darktrace Cyber AI Loop is built on continuous feedback and an interconnected understanding of the enterprise. Darktrace monitors and protects people and digital assets across the IT ecosystem. Self-Learning AI learns normal patterns of life to identify the malicious behaviors that don't belong.

Darktrace Features

  • Supported: Virtual deployment
  • Supported: Integrations: Darktrace is designed with an open architecture to complement an existing infrastructure.
  • Supported: Self-learning to understand the human, not just the email address

Darktrace Video

Darktrace 6: Loop Ready

Darktrace Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo

Frequently Asked Questions

Darktrace AI interrupts in-progress cyber-attacks, including ransomware, email phishing, and threats to cloud environments. It's able to detect and establish baselines for your organization so it can make the distinction between what is and what isn't normal network activity for your organization. This allows it to tackle complex cyber-attacks as they happen and prevent future cyber-attacks from happening.

The most common users of Darktrace are from Enterprises (1,001+ employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews From Top Reviewers

(1-5 of 5)

Why I didn't pick Darktrace

Rating: 2 out of 10
January 12, 2018
MF
Vetted Review
Verified User
Brought it in to act as an intelligence gatherer for network traffic - specifically to look for anomalies and help identify potential threats and suspicious activity. I installed it at the network core, so it was able to view all traffic (well, mostly all traffic - we had a few issues with some of the VLANs and my switches are configured for fault tolerance, which it also had an issue with) moving from inside to outside.
  • It did an ok job of analyzing and collecting data. It used a span (mirrored) port and then using its own algorithm developed flow records.
  • It did an ok job of segmenting traffic into networks - not always correctly, but ok.
  • It tried to identify devices by type - once again, it did ok, but not that great.
Cons
  • Really had a poor time of identifying devices and what the device's purpose was - a simple nmap scan did a better job. The problem is they expect you to fine-tune the results - which is exactly what you would expect - but day one it found over 2,000 servers (and I only have 112).
  • Really had a hard time separating network traffic into locations - I use distinct subnets for my buildings, but there was no good way to create a logical map of my traffic internally. Did not garner a sense of trust that it was seeing everything.
  • Sat through a few "analyst" reports - which showed me possible threats in my environment. I am already using a few open source tools, and they actually found more than the analyst reports. Also, there was no way to get the reports on your own - you had to work through their analysts to get the information.
In my opinion, based on what I saw, the product is not ready for prime time yet. The GUI interface was slick but very difficult to use. There was no reporting capability. There was no availability to integrate other products or share data easily. The people were very nice and easy to work with - but in my opinion, no one who worked on developing the product has spent any time on a day-to-day basis in the trenches. While I get the brain trust behind the product (and it is very, very impressive), there is still a disconnect between the developers and the end-users. For the cost of the product (quite expensive), the end user base is not going to be satisfied with the product, especially since I can get the same, and better, information from other products.
  • None - we chose not to move forward. The price of the product did not warrant the investment.
We did NOT select Darktrace. OSSIM/AlienVault is a more mature product and it provided better intelligence and reporting. The end user interface is much easier to use - and you can tell built form engineers who have had to do the work. My suggestion for anyone considering Darktrace, is to get the price upfront; do a 30/60 onsite trail; and do the same thing, at the same time, with AlienVault. AlientVault will win every time. I say that because that's exactly what I did.

The best security guard your network could have

Rating: 10 out of 10
January 29, 2020
Vetted Review
Verified User
Darktrace
5 years of experience
Darktrace is used across almost all of my organisation. It allows constant monitoring across all of our networks, and because it has the ability to learn "normal" behaviour for your network, it triggers alerts when it sees behaviour outside of this range. It's allowed thorough monitoring of our systems, 24/7. You can download packet captures, which can then be loaded in to wireshark, of traffic from devices on the network, and the data for these captures are held for some time as well - the exact time varies depending on the amount of traffic, but I've normally been able to retrieve traffic data from a few weeks previously when needed. There is also a mobile app that you can configure to allow monitoring of alerts on your phone. On a few occasions in the past, when something alerted that was potentially damaging to the network (such as a malware outbreak at one site), a Darktrace employee contacted me directly to let me know that there was something potentially high priority going on.
  • Monitors your network for unusual behaviour; as it learns what is normal for your network, you don't need to worry too much about things that are normal for your organisation, but might be considered odd in other places, triggering as alarms. It can also detect more subtle changes such as a device accessing a server but at an unusual time.
  • There are a large number of models that are used to create the alerts, which can all be customised, and you can also create your own from scratch, to allow you to tailor it perfectly to your situation.
Cons
  • There are few areas that I would say need to be improved; their customer support portal allows you to log tickets with any suggestions or things you feel the product is missing, and they will generally show you how to achieve what you want, or in some cases, introduce it as a feature in a later update.
Darktrace would be well suited to any environment really; the only constraint would be the budget. The cost scales on the number of devices to be monitored by the product, so it can be quite expensive in larger environments. Any company that would benefit from having 24/7 monitoring of their network would find that this product would suit that need perfectly. It can also create a number of reports, which is useful if you have any requirement to present periodic figures and statistics for your network. There are also additional features available and in development such as Antigena, which can be configured to allow potential threats to be automatically mitigated; it can block connections to a certain address, using certain ports, or it can enforce "normal behaviour" where it will only allow a machine to communicate in a way that Darktrace has observed before and considers normal. This has huge benefits particularly for 24/7 organisations where you don't have the ability to have someone monitoring the network personally at all times, as it could stop a malware outbreak in its tracks.
  • Productivity; Darktrace has allowed us to see a large number of occasions where the company network was being mis-used, particularly out of hours. This has allowed team managers to identify issues within their teams, where people have been say streaming movies instead of working. We've also been able to block more sites and services than we might otherwise have been aware of, that people were using to bypass our restrictions.
  • Network security; we have had a few occasions where a user has had a scam email for example and opened the attachment, which has then attempted to traverse the network. Darktrace has detected this almost instantly on each occasion, and allowed us to stop the infection before it has had a chance to do any damage.
Any time I have had any issue with Darktrace, I've been able to contact an engineer through their support desk, and I have always had a very speedy response. Even when the issue has been caused by something outside of the Darktrace devices, they have still been very keen to try to help and identify what the problem was. The customer portal also has a large number of videos and guides that you can use to educate yourself on the product.

DarkTrace is great for small to medium size businesses

Rating: 10 out of 10
February 09, 2021
Vetted Review
Verified User
Darktrace
2 years of experience
We needed a better insight into network security threats that might be in our organization. DarkTrace provides an invaluable service of not only giving us the ability to dig deep into possible network intrusions but also has a weekly summary of possible network security issues. One of the main reasons we chose DarkTrace was that they provided the weekly report put together by a security professional. We review this weekly report and take action as needed.
  • Network Security
  • Security Analysis
  • Threat Detection
  • Whole Packet Capture
Cons
  • Initial configuration
  • Security Analyst timely response to questions
  • GUI
Recommend: for a company with limited security resources that needs a better look into possible network intrusions. Not suited for: a company that has a full SOC staff that has time and resources to dedicate to network security threats.
  • We had an ROI just during the POC. DarkTrace helped us identify a ransomware attack and we stopped it before it happened.
  • The weekly reports more than pay for itself within the first few months.
  • The powerful search capability helps us solve problems where other solutions fall short.
The weekly reports was why we chose DarkTrace.

Darktrace threat visualizer, leading NDR solution with peace of mind.

Rating: 6 out of 10
November 17, 2023
RO
Vetted Review
Verified User
Darktrace
2 years of experience
The Darktrace's Threat Visualizer leverage an enterprise immune system technology to detect and respond to network activity in a way that is intended for use by security operation centres, threat analysts, and network security experts. Business problems Darktrace helps us address; -
  • The Threat Visualizer employs the underlying AI models to dynamically detect threats that are actually abnormal in the increasingly complex threat landscape, enabling us at the SOC to concentrate attention and expertise where it is needed.

  • The Threat Visualizer gives us a visual representation of all network activity and connections—both internal and external—between all machines and users, allowing us to observe how the network is flowing.
  • It functions on a broad scale, highlighting various hazards and anomalies for the analyst's attention, and on a more specific one, enabling you to drill down.
  • Uses it Al model UEBA to detect anomalies in the behaviour of not only the users in a corporate network but also the routers, servers, and endpoints in that network.
  • Provides a visualisation of both egress and outbound network traffics flowing in and out of the organisation.
  • Darktrace comes with it autonomous AI model detection and responses capabilities.
  • Darktrace as an AI next generation NDR solution, prevents ,contains and quarantines malicious traffics from and into the corporate network.
Cons
  • AI detection Model
  • Customisable
  • Improves on the User Behaviour Behaviour analytics model
  • Consistently improve model self learning.
In network-related attack detection and response, Darktrace threat visualizer is your best solution. Self-containment and quarantine of suspicious network activities with highly detection rate.
  • Threat visualizer
  • Self -learning Al model
  • Darktrace UEBA antigen model -
  • Darktrace AI analyst feature.
  • self-quarantine and alerting feature.
  • It has increase business process
  • Decision making process improvement.
  • Meeting regulator and industry wide compliance.
  • Acquiring industry known business certification.
  • Boost customer confidence .
The product's capacity to provide insights into network traffic is impressive. The organisation was able to find any malware harming the devices with their assistance. We really value network monitoring and self-learning monitoring tools.
Darktrace comes with a simple usability interface with easy navigation and organisation.
  • AI analyst for performing incident analysis.
  • Self-learning UEBA
  • Enterprise grade report generation.
  • AI model
  • Fine turning AI detection alerts
  • User Account management.
Yes
Very simple to use, and navigate.

Darktrace is good to play but not good to an easy learning

Rating: 9 out of 10
November 03, 2022
FS
Vetted Review
Verified User
Darktrace
1 year of experience
We are using Darktrace to identify possible issues caused by forbidden access and track suspicious activity. As this application is getting the traffic from the source, we're able to identify security issues that before we weren't able to. Also, we are integrating Darktrace with other Security/Monitoring tools like Splunk & Solarwinds.
  • AI Incidents view.
  • Action taken (Antigena).
  • Executive Threat Report.
  • Incidents Patterns.
Cons
  • User/IP Tracking when it is coming from different Darktrace Sensors.
  • Dashboard not intuitive for rookie user.
  • Lack of Community forum.
Very easy to send mirroring traffic, very intuitive layout to configure the sensors, alerts & notifications. Require good experience in the platform in order to find & troubleshoot logs/incidents. There is not much documentation available on the Free Forum/Google searches. Good pre-sales support for the United Kingdom & Ireland clients, many kudos!
  • AI Incidents.
  • Antigena Actions.
  • Executive Threat report.
  • Darktrace is covering some lack of security issues.
  • Darktrace helps the company to follow some compliance obligations.
  • Darktrace can't solve all issues. It needs to work with other Security tools (e.g Splunk).
Return to navigation