Darktrace

Darktrace Review

Avantages :

Rapid Time for Detection and Response: Darktrace's real-time threat detection and response capabilities assist my organization in shortening the period of time needed to identify and address cyber attacks. My Security team can avert possible harm and condense the scope of a security incident by quickly responding to risks when they are first identified.

Inconvénients :

False Positives: Like any cybersecurity solution, Darktrace could produce false positive alerts, which are signals that seem to indicate a potential threat but actually turn out to be harmless. It may be necessary to continuously monitor and modify the solution to prevent false positives while making sure that actual threats are accurately detected.

Dark Trace AI to protect your network

Commentaires : It is good product with its AI engine and capable to learn the network. More helpful to identify ongoing threats and during forensic investigations. Easy to deploy and configure. Once plug with IP address can be used. Interfaces are nice and provide detailed view of incidents. It needs improvements on reporting capabilities. When you cannot centrally log traffic cost will be higher since each and every location need separate appliance.

Avantages :

Device installation is very easy and no advance configurations to be done. Darktrace can learn the network traffic behavior and alert you when deviations occurred. Portal has good learning materials and case studies. Support is quite fast and you will get update within hour when you open a ticket. It provides packet captures and can be downloaded for forensic analysis. Mobile version is available. Models can be customized and can be create according to the network behavior of the organization. Custom rules can be configured.

Inconvénients :

During the initial implementation there are higher number of false positives and need to manually tag those. Some legitimate traffic detected as threat. Need more fine tune. Device doesn’t have mechanism to alert when traffic stopped flow to the device. You need to manually check the receiving traffic on interfaces. If you cannot send traffic to central location each individual location should have an appliance to get total visibility of the network. Very limited reports and reports need more improvements.

Powerful product with a lot of changes needed

Commentaires : I would rate Darktrace as 4/10. For me a product that gives accurate readings and good reporting features is extremely important which is missing in Darktrace.

Avantages :

No doubt of Darktrace being a powerful addition to your environment. The capability of ingesting and correlating the entire network traffic is superb. Darktrace correlates logs to the breach models and give timely alerts whenever a model is hit. Plus while working on a breach, you can discuss it with your colleagues using their copy to clipboard functionality. As like most EDR, it not only helps to you to take a pcap of the traffic, you can also moving view the traffic and pattern that is a few days old.

Inconvénients :

It requires a regular health check. The major issue withour deployment is that when you try to check an asset logs, Darktrace takes the entire /24 range and gets confused between asset which ends up giving false logs.Plus the advanced search fuctionality is not very well defined. The lack of reporting also makes it a bit challenging

You may not get it at first, because of you training with Antivirus

Commentaires : I am ensuring that my network and devices are safe or at least they can account to me about what they are doing...! I know this sound weird, but with darktrace it seem like the system are telling me what they did or what they are doing.
Feel like the way to go.

Avantages :

The detection features are extremely useful, it is what the busy IT /Security or even advance pro use will want to see as time progress over his cooperate network. The details are in your face, similar and somewhat like what you see in the movies. This makes you rethink what you believe that you know, from what is actually happening on your network and to your devices.

Inconvénients :

It cost an arm and a leg for small business but it does provide the value for money. If you are not into the whole - cyber security thing! but know that 1 good expert delivers services for 120K per annum, then this is a package of excellent experts for the same price range of 1 expert. I think the offer should be a little bit more considerate of smaller organization and their tight budgets, having the various offers as add on, can quickly bring up the bills. First there is the base software - with one price, Have Office365 then you have to add on.....

NDR with a lot of potential

Commentaires : Very responsive and good people to work with. The product has a ton of potential, especially if you worth within their eco-system.

Avantages :

It provided a lot of information about the network which was unknown before. The UI is nice and being able to see raw network logs is useful.

Inconvénients :

The biggest issue was that it does not do very good for anything other then it's model breach detections. Trying to use it to troubleshoot or monitor other network related things isn't very effective. After years of tuning, it was still very false positive prone and got to the point were it was hard to not ignore the alerts from it.