cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Showing results for 
Search instead for 
Did you mean: 
Newcomer I

Darktrace

Hi

 

Has anyone out there got any opinions or experience of Darktrace?

 

Looks like a very clever bit of UI but does it produce the goods?

 

Any info might be useful!

 

Thanks 

 

Andrew

 

6 Replies
Viewer

Re: Darktrace

From what I understand it works ok but has an entry price of no less than 80k  for enterprise Go out and look at these guys, from what I can see its a better product at half the price. Sandstormtechnology.com (SOC in Box) they call it. Let us know what you go with. 

 

 

Newcomer I

Re: Darktrace

Thanks kendogster, I'll take a look at sandstorm. As you say, these things are not cheap, so we might end up with neither!
Newcomer III

Re: Darktrace

Do you plan to get Darktrace to help you resolve certain challenges you are facing? Or just want to get "something with AI because it's the hot buzz word now"?

 

Newcomer I

Re: Darktrace

Neither, a salesman from Darktrace has contacted my company and the IT boys want to have a look.  As I said, the UI is very fancy but I wondered if it actually produced anything of value in anyone's experience.

 

AI might be a useful tool, but who knows in this case.  If there were members who could say it provided some significant insights, it might be worth a look.

Highlighted
Newcomer III

Re: Darktrace

In our experience, we use it to fill in the gap for network security monitoring. It show the value during PoC and show us traffic/activities that we were not aware of. With AI it reduce the overhead to constantly tweak the rule with traditional network monitoring tool.

Community Champion

Re: Darktrace

Disclaimer: My company is a DarkTrace partner.

That being said, I will not recommend anyone a solution that is not right for them.

 

With DarkTace, besides clever marketing and (personal opinion annoying UI), it does bring a lot to the table.

Not sure if they have bragged about it to you already, but the city of Las Vegas is actually using it to protect its infrastructure.

 

My early experience with ML/AI(ish) products started with LightCyber years ago, before they were gobbled up by PAN. Essentially an anomaly detection and alerting tool integrated with NAC to quarantine the compromised machines.

 

DarkTrace works on similar principles with advanced and evolving detection algorithms.

It does allow you to playback the incidents' progress, which is a very nice feature.

 

Things to note: If you are planning to rely on antigena for dynamic protection, for UDP traffic you'll have to integrate it with your existing firewalls, as by itself, it relies on TCP RST for isolation.

 

 You may also consider splitting your monitored environment in two segments, one that is prone to relatively unpredictable pattern changes and one with the more established workflows.

 

Doing that will reduce the false-positives and you'll be more confident in turning the full auto mode on.

 

Overall, I think that either this or similar solutions are inevitable if we are to stand a chance of stopping evolving algorithmic exploits.

 

Regards,

 

Vladimir