Darktrace

Darktrace Review

장점:

Rapid Time for Detection and Response: Darktrace's real-time threat detection and response capabilities assist my organization in shortening the period of time needed to identify and address cyber attacks. My Security team can avert possible harm and condense the scope of a security incident by quickly responding to risks when they are first identified.

단점:

False Positives: Like any cybersecurity solution, Darktrace could produce false positive alerts, which are signals that seem to indicate a potential threat but actually turn out to be harmless. It may be necessary to continuously monitor and modify the solution to prevent false positives while making sure that actual threats are accurately detected.

Dark Trace AI to protect your network

주석: It is good product with its AI engine and capable to learn the network. More helpful to identify ongoing threats and during forensic investigations. Easy to deploy and configure. Once plug with IP address can be used. Interfaces are nice and provide detailed view of incidents. It needs improvements on reporting capabilities. When you cannot centrally log traffic cost will be higher since each and every location need separate appliance.

장점:

Device installation is very easy and no advance configurations to be done. Darktrace can learn the network traffic behavior and alert you when deviations occurred. Portal has good learning materials and case studies. Support is quite fast and you will get update within hour when you open a ticket. It provides packet captures and can be downloaded for forensic analysis. Mobile version is available. Models can be customized and can be create according to the network behavior of the organization. Custom rules can be configured.

단점:

During the initial implementation there are higher number of false positives and need to manually tag those. Some legitimate traffic detected as threat. Need more fine tune. Device doesn’t have mechanism to alert when traffic stopped flow to the device. You need to manually check the receiving traffic on interfaces. If you cannot send traffic to central location each individual location should have an appliance to get total visibility of the network. Very limited reports and reports need more improvements.

Powerful product with a lot of changes needed

주석: I would rate Darktrace as 4/10. For me a product that gives accurate readings and good reporting features is extremely important which is missing in Darktrace.

장점:

No doubt of Darktrace being a powerful addition to your environment. The capability of ingesting and correlating the entire network traffic is superb. Darktrace correlates logs to the breach models and give timely alerts whenever a model is hit. Plus while working on a breach, you can discuss it with your colleagues using their copy to clipboard functionality. As like most EDR, it not only helps to you to take a pcap of the traffic, you can also moving view the traffic and pattern that is a few days old.

단점:

It requires a regular health check. The major issue withour deployment is that when you try to check an asset logs, Darktrace takes the entire /24 range and gets confused between asset which ends up giving false logs.Plus the advanced search fuctionality is not very well defined. The lack of reporting also makes it a bit challenging

You may not get it at first, because of you training with Antivirus

주석: I am ensuring that my network and devices are safe or at least they can account to me about what they are doing...! I know this sound weird, but with darktrace it seem like the system are telling me what they did or what they are doing.
Feel like the way to go.

장점:

The detection features are extremely useful, it is what the busy IT /Security or even advance pro use will want to see as time progress over his cooperate network. The details are in your face, similar and somewhat like what you see in the movies. This makes you rethink what you believe that you know, from what is actually happening on your network and to your devices.

단점:

It cost an arm and a leg for small business but it does provide the value for money. If you are not into the whole - cyber security thing! but know that 1 good expert delivers services for 120K per annum, then this is a package of excellent experts for the same price range of 1 expert. I think the offer should be a little bit more considerate of smaller organization and their tight budgets, having the various offers as add on, can quickly bring up the bills. First there is the base software - with one price, Have Office365 then you have to add on.....

AI machine learning with models and advanced search capabilities

주석: Great - but when we lost our main support person a year ago (She was promoted), it's been a small bit more tedious to get answers immediately. Cybersec is a fast world.

장점:

Advanced Search lets us dig into the exact 5W's. It also lets us recreate packet captures for network troubleshooting. The iOS app is great and lets us remotely get notified and handle any manually required situations that do not fall under our autonomous scope of actions.

단점:

The app has had a few bugs in the past, but is working great now. I wish we could do even more with the app - like advanced search capabilities to help diagnose while on the move.

NDR with a lot of potential

주석: Very responsive and good people to work with. The product has a ton of potential, especially if you worth within their eco-system.

장점:

It provided a lot of information about the network which was unknown before. The UI is nice and being able to see raw network logs is useful.

단점:

The biggest issue was that it does not do very good for anything other then it's model breach detections. Trying to use it to troubleshoot or monitor other network related things isn't very effective. After years of tuning, it was still very false positive prone and got to the point were it was hard to not ignore the alerts from it.

Know what is out there!

주석: Helps our SOC with their day to day business.

장점:

Real time overview of what anomalies are happening on the network! Looks at our email environment as well and generates nice management reports.

단점:

Takes a lot of tweaking to set it up according to your specific needs

Analyzing all threats with ease.

장점:

Darktrace helps tracing the possible threats in our company'S network. Provides information regarding the source of thay threat which keeps us alerted and secure. Great support from the Darktrace staff.

단점:

Considering the other softwares, pricing is too high

The SIEM you need

주석: Excellent all around the support and execution of the software is unlike any other.

장점:

The AI Machine learning analyst and automated feature that Darktrace Provides are second to none.

단점:

There is many incidents that can be looked into as false positives when first establishing your models.

DarkTrace Cyber AI

주석: A great technology partner to work with.

장점:

The cyber AI mimics the human immune system and autonomously does the following: Self-Learning: detects threats other solutions miss Autonomous Response: fights in-progress attacks 24/7 Protection Everywhere: covers hybrid cloud, email systems, network, IoT, endpoints, and OT Augmented Intelligence: saves up to 92% of your security analysts' time

단점:

So far the solution is doing what it's supposed to do.

Best Email Spam Filter

장점:

It has reduced a number of spam emails we received that might compromise our data and network in the organisation, once opened without analysing. DarkTrace uses AI to make decisions, and all held emails will have a description or reason for that action.

단점:

Sometimes it quarantines important emails when the sender is new and requires manual action to move the emails to inbox. But with learning exception, in time it will make better decisions.

Information Overload, but hard to understand the information provided

장점:

DarkTrace provides an overwhelming amount of information regarding network traffic and the devices that are communicating on your network. You can see an exploded view of your entire network or zoom down to see an individual device that may be causing issues.

단점:

There are very limited education materials on how to use Darktrace. While most network monitoring software have an abundance of internet based information on how to setup and utilize the product, DarkTrace is extremely lacking in this department. Aside from contacting Customer Support, that may or may not respond, there is very little information on the web about DarkTrace.

Advanced security if you achieve network visibility

주석: The product and the reports received are of a high quality. They require an incident response team trained to extract the potential.

장점:

Both the visibility obtained by the product and the information provided by the analysts is of the highest quality.

단점:

The very definition of the product requires visibility of all network traffic to get the full potential of the tool. In distributed and complex networks, this can be very expensive in deployment and configuration

Cyber security tool

장점:

This is a great tool to see threats on your network and where they are coming from; it provides a very detailed analysis of your systems network threats.

단점:

It is costly and really does not protect your systems, it only provides you with the threats analysis you need to make an informed decision.

really usefull if for large companies

장점:

the capability of monitoring your entire network in real time and the AI continuing to learn and distinguish between a attack and normal network behavior

단점:

you are able to monitor but can't stop any suspicious network activity from the software