Good tool but a LOT of false positives
February 19, 2020
Good tool but a LOT of false positives
Score 7 out of 10
Vetted Review
Verified User
Overall Satisfaction with Darktrace
I worked with Darktrace in a couple of organizations (from 300 to 1000+ users). Darktrace is a beneficial product to keep track of lateral network traffic inside of the organization. It augments the firewall, which looks at the traffic moving in and out of the company's LAN. Darktrace utilizes SPAN ports on switches to get the traffic, that's the only configuration needed outside of the Darktrace appliance, making installation relatively easy. If organization has multiple locations, either multiple Darktrace units will be required, or the network must be configured to forward SPAN traffic. Darktrace does provide beneficial insights into network activity inside the network, such as the use of obsolete protocols, DLP breaches, etc.
- Ease of installation and configuration - Darktrace appliance is very close to plug and play (SPAN port configuration should be easy for any network admin). Darktrace provides comprehensive onboarding for customers as well, so you do not feel lost during the configuration of the device.
- Identifying and tracking of the devices on the network - Hostname, OS, IP, MAC, previous activity - everything can be seen in the same interface. It is so much easier than tracking device in question across the firewall, DHCP, DNS logs.
- False positives. Darktrace uses "AI" to create its alerts for "unusual" or "malicious" activity. It is very common to see an alert for completely benign and normal device behavior - PC tries to print for the first time in a while, for example.
- Antigena actions. To some extent, this is a continuation of the previous point. Darktrace can break the network connectivity of the suspected device automatically. The excessive number of false positives makes administrators reluctant to use this feature, though. Also, the default Antigena actions are not relevant to real-world problems as I saw them in my experience with Darktrace.
- Multiple security problems were identified through the use of Darktrace that would not have been identified otherwise.
- Reduction of IT workload was not achieved - the product requires continuous manual intervention.
We looked into several competitors and are still looking, due to the problems Darktrace has with false positives. Darktrace is attractive as their support is generally good, and working with the product is relatively easy.
Do you think Darktrace delivers good value for the price?
Not sure
Are you happy with Darktrace's feature set?
Yes
Did Darktrace live up to sales and marketing promises?
No
Did implementation of Darktrace go as expected?
Yes
Would you buy Darktrace again?
Yes