Skip to main content
TrustRadius
Darktrace

Darktrace

Overview

What is Darktrace?

Darktrace AI interrupts in-progress cyber-attacks, including ransomware, email phishing, and threats to cloud environments. It's able to detect and establish baselines for your organization so it can make the distinction between what is and what isn't normal network activity for…

Read more
Recent Reviews

TrustRadius Insights

The Threat Visualizer has proven to be an invaluable tool for security operation centers, allowing them to focus on critical issues amidst …
Continue reading
TrustRadius Insights
TrustRadius Insights
Read all reviews

Reviewer Pros & Cons

View all pros & cons
ROBERT OFOLI KWEI | TrustRadius Reviewer
ROBERT OFOLI KWEI
Senior Security Specialist
Consolidated Bank Ghana Limited (Banking, 5001-10,000 employees)
AR
Antonio Rodriguez
Information Technology Audit Manager
GDES (Facilities Services, 201-500 employees)
Return to navigation

Pricing

View all pricing
Darktrace

Darktrace

N/A
Unavailable

What is Darktrace?

Darktrace AI interrupts in-progress cyber-attacks, including ransomware, email phishing, and threats to cloud environments. It's able to detect and establish baselines for your organization so it can make the distinction between what is and what isn't normal network activity for your organization.…

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting/Integration Services

Would you like us to let the vendor know that you want pricing?

168 people also want pricing

Alternatives Pricing

ManageEngine OpManager

ManageEngine OpManager

$245
for 10 devices
What is ManageEngine OpManager?

ManageEngine's OpManager is network performance monitoring software.

Return to navigation

Product Demos

Darktrace - Zero Trust Lab Demo

YouTube

DEMO DARKTRACE Darktrace Cyber AI Platform

YouTube

DEMO DARKTRACE Darktrace Cyber AI Platform

YouTube

Darktrace CSRF exploit (CVE-2019-9596 and CVE-2019-9597)

YouTube

Grove Cybersecurity - Darktrace testimonials

YouTube

Darktrace Respond Network Overview/Darktrace Antigena Demo

YouTube
View more demos
Return to navigation

Product Details

What is Darktrace?

Darktrace Cyber AI Loop helps users reduce risk and harden security. The Darktrace Cyber AI Loop is built on continuous feedback and an interconnected understanding of the enterprise. Darktrace monitors and protects people and digital assets across the IT ecosystem. Self-Learning AI learns normal patterns of life to identify the malicious behaviors that don't belong.

Darktrace Features

  • Supported: Virtual deployment
  • Supported: Integrations: Darktrace is designed with an open architecture to complement an existing infrastructure.
  • Supported: Self-learning to understand the human, not just the email address

Darktrace Video

Darktrace 6: Loop Ready

Darktrace Competitors

Darktrace Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo

Frequently Asked Questions

Darktrace AI interrupts in-progress cyber-attacks, including ransomware, email phishing, and threats to cloud environments. It's able to detect and establish baselines for your organization so it can make the distinction between what is and what isn't normal network activity for your organization. This allows it to tackle complex cyber-attacks as they happen and prevent future cyber-attacks from happening.

Vectra Threat Detection & Response Platform, ExtraHop Reveal(x), and Sangfor NGAF are common alternatives for Darktrace.

The most common users of Darktrace are from Mid-sized Companies (51-1,000 employees).
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

(58)

Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

The Threat Visualizer has proven to be an invaluable tool for security operation centers, allowing them to focus on critical issues amidst the complex threat landscape. Users have praised its AI models for effectively detecting abnormal threats and potential security breaches. With its visual representation of network activity and connections, the Threat Visualizer enables users to observe the flow of the network, providing crucial insights into potential vulnerabilities. Darktrace Antigena email, a component of Darktrace's suite of security solutions, has been commended for its real-time threat analysis and blocking capabilities. This feature enhances email security by identifying and mitigating potential threats before they can cause harm. Darktrace's role as an intelligence gatherer for network traffic has been highly appreciated by customers, who value its ability to identify anomalies and potential threats. Organizations have also benefited from Darktrace's capability to track suspicious activity and unauthorized access, enabling them to take prompt action and mitigate any potential risks. The integration of Darktrace with other security and monitoring tools such as Splunk and Solarwinds has further enhanced its effectiveness in comprehensive threat detection and response. With its scalability and robust monitoring capabilities, Darktrace has become a popular choice in the market. By constantly monitoring networks and triggering alerts for abnormal behavior, it provides organizations with thorough system monitoring that is essential in today's digital landscape. With packet captures for analysis and a mobile app for monitoring alerts on the go, Darktrace offers convenience and flexibility to its users. Additionally, Darktrace's provision of a weekly summary of network security issues delivers valuable insights that help organizations stay ahead of potential threats. Customers appreciate how Darktrace's AI and ML capabilities continuously monitor network traffic and user behavior, enhancing overall network visibility. The product integrates seamlessly with Microsoft 365 for email security, successfully identifying phishing emails and blocking malicious attachments and links. One key advantage that users have noted about Darktrace is its ease of installation. It provides organizations with deep insights into network activity, including obsolete protocols and Data Loss Prevention breaches. In addition to meeting security assessment requirements, Darktrace helps organizations proactively identify potential threats in their environment. Overall, the Threat Visualizer and Darktrace's suite of security solutions have been highly regarded for their ability to provide comprehensive threat detection and response, enhancing overall network security.

Comprehensive AI-based NDR solution: Users have found Darktrace to be a comprehensive AI-based network detection and response solution. Several reviewers appreciate its ability to detect anomalies in user behavior as well as network infrastructure like routers, servers, and endpoints.

Effective prevention of malicious traffic: Many users highly appreciate Darktrace's autonomous AI model detection and response capabilities. They applaud its effectiveness in preventing, containing, and quarantining malicious traffic in the corporate network.

Valuable security features: Darktrace's ability to block malicious attachments and phishing emails is regarded as a valuable feature by users. They find it reassuring that Darktrace provides excellent security to corporate email systems, enhancing overall cybersecurity measures.

Confusing User Interface: Some users have found the user interface to be confusing, suggesting a need for improvement in the IU language. Excessive Blocking: Several users experienced excessive blocking, making the software overly restrictive. Difficulty Removing Emails: Users mentioned that removing an email from the inbox took too much time. Inaccurate Device Identification: One user had a poor experience with device identification, stating that a simple nmap scan performed better. Lack of Comprehensive Network Traffic Mapping: The software was criticized for not providing a good way to create a logical map of network traffic between subnets. Limited Threat Detection and Reporting: Some users expressed concerns about inaccurate threat detection and incomplete reporting capabilities when compared to open-source tools.

Attribute Ratings

Reviews

(1-2 of 2)
Companies can't remove reviews or game the system. Here's why
February 19, 2020

Good tool but a LOT of false positives

Verified User
Professional in Information Technology
Primary/Secondary Education Company, 1001-5000 employees
Score 7 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
I worked with Darktrace in a couple of organizations (from 300 to 1000+ users). Darktrace is a beneficial product to keep track of lateral network traffic inside of the organization. It augments the firewall, which looks at the traffic moving in and out of the company's LAN. Darktrace utilizes SPAN ports on switches to get the traffic, that's the only configuration needed outside of the Darktrace appliance, making installation relatively easy. If organization has multiple locations, either multiple Darktrace units will be required, or the network must be configured to forward SPAN traffic. Darktrace does provide beneficial insights into network activity inside the network, such as the use of obsolete protocols, DLP breaches, etc.
Pros and Cons
  • Ease of installation and configuration - Darktrace appliance is very close to plug and play (SPAN port configuration should be easy for any network admin). Darktrace provides comprehensive onboarding for customers as well, so you do not feel lost during the configuration of the device.
  • Identifying and tracking of the devices on the network - Hostname, OS, IP, MAC, previous activity - everything can be seen in the same interface. It is so much easier than tracking device in question across the firewall, DHCP, DNS logs.
  • False positives. Darktrace uses "AI" to create its alerts for "unusual" or "malicious" activity. It is very common to see an alert for completely benign and normal device behavior - PC tries to print for the first time in a while, for example.
  • Antigena actions. To some extent, this is a continuation of the previous point. Darktrace can break the network connectivity of the suspected device automatically. The excessive number of false positives makes administrators reluctant to use this feature, though. Also, the default Antigena actions are not relevant to real-world problems as I saw them in my experience with Darktrace.
Likelihood to Recommend
If organization has money to spend on Darktrace (licensing is based on the number of endpoints in the network) and has staff to sift through all the alerts the device creates, Darktrace does improve security significantly. You will see what is going on inside the network, in real-time, and in easy to understand manner. The problem is that there are a lot of things going on inside of any corporate network. The AI of the Darktrace appliance has a hard time reducing the number of events to look at to a reasonable level. Whoever is thinking about buying Darktrace must be ready to spend a lot of man-hours working with the product, clearing false positives and tweaking rules.
Return on Investment
  • Multiple security problems were identified through the use of Darktrace that would not have been identified otherwise.
  • Reduction of IT workload was not achieved - the product requires continuous manual intervention.
Alternatives Considered
We looked into several competitors and are still looking, due to the problems Darktrace has with false positives. Darktrace is attractive as their support is generally good, and working with the product is relatively easy.
Support Rating
9
Darktrace support is excellent in my experience. They send a competent engineer on-site to provide on-boarding training. They were also very responsive in responding to questions and concerns. Having an individual point of contact who is a competent network and security engineer is not a common experience, at least for me.
Other Software Used
January 29, 2020

The best security guard your network could have

Verified User
Engineer in Information Technology
Aviation & Aerospace Company, 501-1000 employees
Score 10 out of 10
Vetted Review
Verified User
Incentivized
Use Cases and Deployment Scope
Darktrace is used across almost all of my organisation. It allows constant monitoring across all of our networks, and because it has the ability to learn "normal" behaviour for your network, it triggers alerts when it sees behaviour outside of this range. It's allowed thorough monitoring of our systems, 24/7. You can download packet captures, which can then be loaded in to wireshark, of traffic from devices on the network, and the data for these captures are held for some time as well - the exact time varies depending on the amount of traffic, but I've normally been able to retrieve traffic data from a few weeks previously when needed. There is also a mobile app that you can configure to allow monitoring of alerts on your phone. On a few occasions in the past, when something alerted that was potentially damaging to the network (such as a malware outbreak at one site), a Darktrace employee contacted me directly to let me know that there was something potentially high priority going on.
Pros and Cons
  • Monitors your network for unusual behaviour; as it learns what is normal for your network, you don't need to worry too much about things that are normal for your organisation, but might be considered odd in other places, triggering as alarms. It can also detect more subtle changes such as a device accessing a server but at an unusual time.
  • There are a large number of models that are used to create the alerts, which can all be customised, and you can also create your own from scratch, to allow you to tailor it perfectly to your situation.
  • There are few areas that I would say need to be improved; their customer support portal allows you to log tickets with any suggestions or things you feel the product is missing, and they will generally show you how to achieve what you want, or in some cases, introduce it as a feature in a later update.
Likelihood to Recommend
Darktrace would be well suited to any environment really; the only constraint would be the budget. The cost scales on the number of devices to be monitored by the product, so it can be quite expensive in larger environments. Any company that would benefit from having 24/7 monitoring of their network would find that this product would suit that need perfectly. It can also create a number of reports, which is useful if you have any requirement to present periodic figures and statistics for your network. There are also additional features available and in development such as Antigena, which can be configured to allow potential threats to be automatically mitigated; it can block connections to a certain address, using certain ports, or it can enforce "normal behaviour" where it will only allow a machine to communicate in a way that Darktrace has observed before and considers normal. This has huge benefits particularly for 24/7 organisations where you don't have the ability to have someone monitoring the network personally at all times, as it could stop a malware outbreak in its tracks.
Return on Investment
  • Productivity; Darktrace has allowed us to see a large number of occasions where the company network was being mis-used, particularly out of hours. This has allowed team managers to identify issues within their teams, where people have been say streaming movies instead of working. We've also been able to block more sites and services than we might otherwise have been aware of, that people were using to bypass our restrictions.
  • Network security; we have had a few occasions where a user has had a scam email for example and opened the attachment, which has then attempted to traverse the network. Darktrace has detected this almost instantly on each occasion, and allowed us to stop the infection before it has had a chance to do any damage.
Support Rating
10
Any time I have had any issue with Darktrace, I've been able to contact an engineer through their support desk, and I have always had a very speedy response. Even when the issue has been caused by something outside of the Darktrace devices, they have still been very keen to try to help and identify what the problem was. The customer portal also has a large number of videos and guides that you can use to educate yourself on the product.
Other Software Used
Return to navigation