Skip to main content
TrustRadius
Darktrace

Darktrace

Overview

What is Darktrace?

Darktrace AI interrupts in-progress cyber-attacks, including ransomware, email phishing, and threats to cloud environments. It's able to detect and establish baselines for your organization so it can make the distinction between what is and what isn't normal network activity for…

Read more

Learn from top reviewers

Return to navigation

Product Demos

Darktrace - Zero Trust Lab Demo

YouTube

DEMO DARKTRACE Darktrace Cyber AI Platform

YouTube

DEMO DARKTRACE Darktrace Cyber AI Platform

YouTube

Darktrace CSRF exploit (CVE-2019-9596 and CVE-2019-9597)

YouTube

Grove Cybersecurity - Darktrace testimonials

YouTube

Darktrace Respond Network Overview/Darktrace Antigena Demo

YouTube
Return to navigation

Product Details

What is Darktrace?

Darktrace Cyber AI Loop helps users reduce risk and harden security. The Darktrace Cyber AI Loop is built on continuous feedback and an interconnected understanding of the enterprise. Darktrace monitors and protects people and digital assets across the IT ecosystem. Self-Learning AI learns normal patterns of life to identify the malicious behaviors that don't belong.

Darktrace Features

  • Supported: Virtual deployment
  • Supported: Integrations: Darktrace is designed with an open architecture to complement an existing infrastructure.
  • Supported: Self-learning to understand the human, not just the email address

Darktrace Video

Darktrace 6: Loop Ready

Darktrace Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo

Frequently Asked Questions

Darktrace AI interrupts in-progress cyber-attacks, including ransomware, email phishing, and threats to cloud environments. It's able to detect and establish baselines for your organization so it can make the distinction between what is and what isn't normal network activity for your organization. This allows it to tackle complex cyber-attacks as they happen and prevent future cyber-attacks from happening.

The most common users of Darktrace are from Mid-sized Companies (51-1,000 employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews From Top Reviewers

(1-5 of 5)

Darktrace Antigena email a good solution to protect corporate email.

Rating: 10 out of 10
October 06, 2023
AR
Vetted Review
Verified User
Darktrace
1 year of experience
We use Darktrace Antigena email to protect our employees from any threat that can arrive by email. Our email provides, does an initial filtering, but not enough to provide a good security solution. Antigena email provides machine speed to analyze and block if necessary, using AI.
  • Block malicious attachments.
  • Block phishing emails.
  • Provide an awesome security to corporate email.
  • Good analytics and metrics about emails.
Cons
  • Change IU language.
  • Sometimes excessive block (restrictive).
  • Sometimes it takes too much time to remove an email from inbox
  • Block any threat before it impact you.
  • Good dashboard.
  • Really interesting metrics.
  • Easy to use and integrate with your current email provider.
  • DLP
  • Protected us from ransomware attacks.
  • Protected us from phishing attacks.
  • Protected us from several malicious campaigns against us.
  • Helps in DLP area, you can see who's sending emails outside organization.
Cybersecurity: Email protection.

Antigena email is a way to secure the email using AI. The product gives you metrics and a score rating that can help administrators to know if an email is potentially malicious, why and stop it.
3
Darktrace has free training courses that are very important to follow to understand how the product works and how to use it.
It's recommended you have some cybersecurity knowledge, and email administrator skills.
  • Email protection using AI
  • DLP
  • Statistics
  • Easy to use dashboard. Programmable reports
  • Data Loss prevention
  • Metrics about email campaings against us
  • IaaS protection
It's a powerfull product that help administrators to provide email security to our organization.
Good metrics about received emails that help us to determine in doubt case if the email is a false positive or it's malware.
They're improving the product releasing continuous updates and have mobile phone app to manage it.

If you want to unleash the Power of AI for Threat Detection, go for Darktrace

Rating: 9 out of 10
May 01, 2024
Vetted Review
Verified User
Darktrace
4 years of experience
We have been using Darktrace for Threat Detection, Network Visibility, Antigena features/PREVENT for automated responses and to be in compliance. It's AI and ML capabilities to continuously monitor network traffic and user behavior are exceptional. It gives an in-depth visibility to our network. We have integrated it with Microsoft365 for Emails which helps detect phishing emails, malicious attachment blocking, spam filtering and malicious link blocking.
  • It detects anomalies or deviations from this baseline, it can raise alerts or take automated actions to investigate and mitigate the issue.
  • It's "Antigena" feature can take automated actions in response to detected threats. You can have antigena for both network and emails and the system will do the blocks at it's own
  • It integrates with Microsoft365 to identify and respond to email-based threats, including phishing attempts and malicious attachments.
Cons
  • Whitelisting email or IP are not straight forward
  • Although the GUI is great but it's too complex
  • If filters can be easier to implements
It's best suited for network anamoly detection and prompt action via antigena for network It's also best suited for Email security and malicious email detections Since, the detections are AI based you may get some false positives from time to time Right after implementation it's difficult to handle due to it's learning behavior Requires some time to learn It not the best for Intrusion prevention scenarios but does a great job for threat detections
  • Antigena for network
  • Antigena for Email
  • Malicious link blocking
  • Machine learning model
  • Positive impact: Early Threat Detection
  • Positive impact: Reduced Manual Effort
  • Positive impact: Compliance Assistance
  • Positive impact: Improved Incident Response
  • Positive impact: Reduced Downtime
  • Negative impact: Training and Skill Requirements
  • Negative impact: False Positives
  • Negative impact: Implementation Costs
Darktrace is better in terms of scalability, ease of integration, and ongoing support
50
IT Security
IT Infrastructure
IT Service Desk
5
Network and Communication
Email/SMTP
TCP/IP
Services & Protocols
IT Security
  • Network Security
  • Email Security
  • Model Breach Alerts
  • Auto Actions via Antigena

Darktrace - Some Shortcomings

Rating: 1 out of 10
November 11, 2021
JK
Vetted Review
Verified User
Darktrace
2 years of experience
We implemented Darktrace 2 years ago for our organisation of approximately 350 users. The system was identified as a smart learning AI system that would protect the business against a range of cyberattacks.
  • Very Clever Marketing
  • Clever use of the AI
Cons
  • From time to time an email would appear in your inbox and within 5 to 10 seconds the email would be removed before your eyes. sometimes you could click on it if you were reading emails. Other times it would appear in your notifications and then when you looked for it later it was gone. It made you question your sanity. This problem has never been fixed. if you don't get onto it quick enough the system deletes these actions every month. No trace can be found.
  • When the system incorrectly quarantined an email, a false positive, there is no way to train the system not to do the same thing again. You have to contact IT support and get them to whitelist the email behind the scenes.
  • The BIG problem. The system is only as smart as the emails you provided for ingestion. Any email received after ingestion may be quarantined as it falls outside the pattern of behavior. Worse still. The system will let through infected emails if it can see the sender is a trusted source. Even if they have had an attack and sent emails out to their entire address book with an infected payload.
  • There was no notice of emails being quarantined until recently. When you do get sent a notice now it contains a very poor level of information.
I would warn any IT manager against this system. It is frustrating. Support is very poor and slow. Changes do not get implemented. We are removing the system and looking elsewhere. Ask yourself, how smart is a system that simply uses your existing mail history to determine if it will accept the next email. The system has no ability for the users to identify false positives or train it. It places a lot of pressure on the helps desk. I question where the AI lies.
  • Intelligent mail scanning
  • Threat minimization
  • The system has cost the business money in added pressure on the it Team.

Good tool but a LOT of false positives

Rating: 7 out of 10
February 19, 2020
Vetted Review
Verified User
Darktrace
2 years of experience
I worked with Darktrace in a couple of organizations (from 300 to 1000+ users). Darktrace is a beneficial product to keep track of lateral network traffic inside of the organization. It augments the firewall, which looks at the traffic moving in and out of the company's LAN. Darktrace utilizes SPAN ports on switches to get the traffic, that's the only configuration needed outside of the Darktrace appliance, making installation relatively easy. If organization has multiple locations, either multiple Darktrace units will be required, or the network must be configured to forward SPAN traffic. Darktrace does provide beneficial insights into network activity inside the network, such as the use of obsolete protocols, DLP breaches, etc.
  • Ease of installation and configuration - Darktrace appliance is very close to plug and play (SPAN port configuration should be easy for any network admin). Darktrace provides comprehensive onboarding for customers as well, so you do not feel lost during the configuration of the device.
  • Identifying and tracking of the devices on the network - Hostname, OS, IP, MAC, previous activity - everything can be seen in the same interface. It is so much easier than tracking device in question across the firewall, DHCP, DNS logs.
Cons
  • False positives. Darktrace uses "AI" to create its alerts for "unusual" or "malicious" activity. It is very common to see an alert for completely benign and normal device behavior - PC tries to print for the first time in a while, for example.
  • Antigena actions. To some extent, this is a continuation of the previous point. Darktrace can break the network connectivity of the suspected device automatically. The excessive number of false positives makes administrators reluctant to use this feature, though. Also, the default Antigena actions are not relevant to real-world problems as I saw them in my experience with Darktrace.
If organization has money to spend on Darktrace (licensing is based on the number of endpoints in the network) and has staff to sift through all the alerts the device creates, Darktrace does improve security significantly. You will see what is going on inside the network, in real-time, and in easy to understand manner. The problem is that there are a lot of things going on inside of any corporate network. The AI of the Darktrace appliance has a hard time reducing the number of events to look at to a reasonable level. Whoever is thinking about buying Darktrace must be ready to spend a lot of man-hours working with the product, clearing false positives and tweaking rules.
  • Multiple security problems were identified through the use of Darktrace that would not have been identified otherwise.
  • Reduction of IT workload was not achieved - the product requires continuous manual intervention.
We looked into several competitors and are still looking, due to the problems Darktrace has with false positives. Darktrace is attractive as their support is generally good, and working with the product is relatively easy.
Darktrace support is excellent in my experience. They send a competent engineer on-site to provide on-boarding training. They were also very responsive in responding to questions and concerns. Having an individual point of contact who is a competent network and security engineer is not a common experience, at least for me.

The best security guard your network could have

Rating: 10 out of 10
January 29, 2020
Vetted Review
Verified User
Darktrace
5 years of experience
Darktrace is used across almost all of my organisation. It allows constant monitoring across all of our networks, and because it has the ability to learn "normal" behaviour for your network, it triggers alerts when it sees behaviour outside of this range. It's allowed thorough monitoring of our systems, 24/7. You can download packet captures, which can then be loaded in to wireshark, of traffic from devices on the network, and the data for these captures are held for some time as well - the exact time varies depending on the amount of traffic, but I've normally been able to retrieve traffic data from a few weeks previously when needed. There is also a mobile app that you can configure to allow monitoring of alerts on your phone. On a few occasions in the past, when something alerted that was potentially damaging to the network (such as a malware outbreak at one site), a Darktrace employee contacted me directly to let me know that there was something potentially high priority going on.
  • Monitors your network for unusual behaviour; as it learns what is normal for your network, you don't need to worry too much about things that are normal for your organisation, but might be considered odd in other places, triggering as alarms. It can also detect more subtle changes such as a device accessing a server but at an unusual time.
  • There are a large number of models that are used to create the alerts, which can all be customised, and you can also create your own from scratch, to allow you to tailor it perfectly to your situation.
Cons
  • There are few areas that I would say need to be improved; their customer support portal allows you to log tickets with any suggestions or things you feel the product is missing, and they will generally show you how to achieve what you want, or in some cases, introduce it as a feature in a later update.
Darktrace would be well suited to any environment really; the only constraint would be the budget. The cost scales on the number of devices to be monitored by the product, so it can be quite expensive in larger environments. Any company that would benefit from having 24/7 monitoring of their network would find that this product would suit that need perfectly. It can also create a number of reports, which is useful if you have any requirement to present periodic figures and statistics for your network. There are also additional features available and in development such as Antigena, which can be configured to allow potential threats to be automatically mitigated; it can block connections to a certain address, using certain ports, or it can enforce "normal behaviour" where it will only allow a machine to communicate in a way that Darktrace has observed before and considers normal. This has huge benefits particularly for 24/7 organisations where you don't have the ability to have someone monitoring the network personally at all times, as it could stop a malware outbreak in its tracks.
  • Productivity; Darktrace has allowed us to see a large number of occasions where the company network was being mis-used, particularly out of hours. This has allowed team managers to identify issues within their teams, where people have been say streaming movies instead of working. We've also been able to block more sites and services than we might otherwise have been aware of, that people were using to bypass our restrictions.
  • Network security; we have had a few occasions where a user has had a scam email for example and opened the attachment, which has then attempted to traverse the network. Darktrace has detected this almost instantly on each occasion, and allowed us to stop the infection before it has had a chance to do any damage.
Any time I have had any issue with Darktrace, I've been able to contact an engineer through their support desk, and I have always had a very speedy response. Even when the issue has been caused by something outside of the Darktrace devices, they have still been very keen to try to help and identify what the problem was. The customer portal also has a large number of videos and guides that you can use to educate yourself on the product.
Return to navigation