A flexible and scalable NDR
August 30, 2023
A flexible and scalable NDR

Score 9 out of 10
Vetted Review
Verified User
Modules Used
- Darktrace DETECT
- Darktrace RESPOND
Overall Satisfaction with Darktrace
Darktrace is one of the best solutions when it comes to monitor your network with an NDR. Extremely scalable and with a fantastic way of correlating network communications, this is one of the best solutions in the market. We use it not only to monitor our customer's infrastructures, but we also integrate it with several modules, giving the SoC Analysts great room for moving and responding.
Pros
- Network monitoring
- PCAP Parsing
- Correlation rules
- Behavioural rules
Cons
- Backup management
- Asset inventory
- Advanced queries scalability
- Darktrace RESPOND helps to apply an instant remediation to threats
- Integrations with 3rd parties
- The possibility to create a PCAP from the already parsed traffic and analize it
- As a cybersecurity product, every incident avoided is a ROI
- It is compliant with the most important certifications about privacy
- After a first period of machine learning, Darktrace usually allows IT Teams to find and remedy to several issues regarding the network configurations of the infrastructure
Its capabilities to respond to a threat both manual than automated way makes Darktrace one of the best NDR in the market. The rules editor allows the right flexibility to build a set of rules sized for the infrastructure, while the third parties integrations and modules helps both the administrator and the user to interact with several components of the infrastructure. The whole AI-Based monitoring, along with the continuous growing of the network and the establishment of a Pattern of Life for every host in the network makes Darktrace a formidable competitor in the NDR sector.
Do you think Darktrace delivers good value for the price?
Yes
Are you happy with Darktrace's feature set?
Yes
Did Darktrace live up to sales and marketing promises?
Yes
Did implementation of Darktrace go as expected?
Yes
Would you buy Darktrace again?
Yes
Using Darktrace
20 - Darktrace, as an NDR is part of a set of Cybersecurity products that helps our SoC to continuously monitor both our infrastructure and our clients. Its capability to detect and block threats based not only on a fully-scalable ruleset but also on Ai-Learning related to the behavior of the hosts and the establishment of patterns of life for the network makes DarkTrace a must-have.
5 - In order to support Darktrace on its day to day operations, having a set of skilled analysts and network administrators its a must. As an NDR, DarkTrace mirrors the network traffic from the core switches (and more) and allows users to manage the flow captured but from an administrative point of view, a deep understanding of the network is required in order to achieve proper results.
- Watched domain and Suspicious Domains: Darktrace can point out to unusual domains which means domains that are strange in some way ( DGA, young domain, suspicous TLD and more)
- Unusual traffic detection: once the pattern of life has been established, Darktrace helps us to point out that unusual network traffic between hosts or in download/upload to prevent possible exfiltrations
- Lateral Movements and scans: Darktrace can correlate and detect lateral movements that breaks the patter of life of hosts and create an "extended alert" known as Cyber AI Investigation that shows the lateral movement.
- Domain Filtering via threat intelligence, Watched Domains and Trusted Domains
- Native integration with some firewall vendors in order to dynamically block IPs both on DarkTrace with RESPOND and the Firewall
- Mail filtering and monitoring
- LDAP Monitoring
Comments
Please log in to join the conversation