Netify have released our 2024 SD-WAN comparison blog article

Darktrace Cybersecurity Solutions

Sector, Company Type, and Location:Pharmaceutical  |  Manufacturing  |  Healthcare  |  Retail  |  Utilities  |  Education  |  Media  |  Financial Services  |  Legal Services  |  Government  |  Defence  |  Transportation  |  Energy  |  Nonprofit  |  Technology  |  Vendor  |  Europe  |  Asia  |  South Africa  |  United Arab Emirates  |  UK  |  North America  |  Africa
Tags & Search Filters:XDR  |  MDR  |  Endpoint protection  |  Endpoint management  |  Next-Generation Anti Virus

Darktrace was founded in 2013 and has its headquarters in Cambridge, United Kingdom. They currently support over 5,500 customers and offices in more than 110 countries, specializing in providing complex machine learning and AI solutions. Their solutions include Autonomous Response, Intelligence Augmentation and Self-learning AI. In 2017 and 2019 Darktrace’s software engineering team received the MacRobert Award for prestigious innovation from the Royal Academy of Engineering. The company has also received "AI Cyber Product of the Year" at the National Cyber Awards 2021. Darktrace Immune System won in the Threat Detection category at the Fortress Cyber Security Awards 2021 and "Best Enterprise Security Solution (Cyber AI Analyst)" at the SC Awards 2021.


Darktrace Cybersecurity Solutions: Comparisons, Review, Benefits, Use Cases, Pros & Cons

Author: Netify Research Team

If you have questions about Darktrace and how their capability is aligned to your needs, email the Netify research team. UK: North America: 

(Please use the UK email for ROW - Rest of the World - questions or enquiries)

Resources and Downloadable Content

Request the very latest Darktrace SASE data sheet PDF directly from your local account team. Please check your junk folder if not received.

Book a demo of the Darktrace SD WAN and SASE security capability over Zoom or Teams. Learn about their management portal, deployment, SLA and support. You will receive an email asking for times/dates, please check your junk folder if not received.

Request your local in-country sales contact. You will receive details as soon as possible - please check your junk folder if not received.


Netify Review

Darktrace specialize in advanced machine learning and AI solutions that are designed to complement an existing comprehensive cybersecurity perimeter. Their Self-Learning technology is predicted to offer a high return on investment, due to it’s ability to become increasingly efficient with each threat exposure. However, although based on machine learning and AI, the solution is not a complete replacement for client’s security teams - instead the solution complements existing IT teams. As such, this solution should be utilized by enterprises in industries that face a high threat level of sophisticated cyberattacks or regular and frequent “en mass” attacks. 

Marketplace Assistance

Are you an IT decision maker building your own SD WAN or SASE Cybersecurity shortlist?

Take our 90 second assessment quiz to find out which top 3 vendors or managed providers are a match for your answers.

Pros & Cons

What are the pros and cons of Darktrace Cybersecurity?

List of the pros and cons associated with Darktrace Cybersecurity.


  • Offers rapid and automated threat mitigation when network breaches occur, freeing up security teams to deal with higher profile cyberattacks that require a human response. 
  • Interrupts cyberattacks to ensure that business operations remain unaffected.
  • In November 2021 Darktrace announced its first in development offensive capability: “Prevent” expanding their portfolio to include proactive security AI. 


  • Currently Darktrace’s offering only provides a reactive solution to in-progress cyberattacks. 
  • Standalone product that should compliment an existing cybersecurity perimeter, to negate the impact of sophisticated attacks that breach the network. 
  • User reviews of Darktrace’s Enterprise Immune System note some issues such as high price point, lack of detail and reporting as well as some “false positive” threats.

Comparison: Darktrace vs ExtraHop vs FireEye Cybersecurity

Consider the points below to compare Darktrace vs ExtraHop vs FireEye Cybersecurity.


  • Darktrace Autonomous Response contains security threats automatically using Self-Learning AI.
  • Strong focus on developing new technologies such as AI and machine learning. 
  • Leverages global SOCs.


  • Offers MDR and XDR services for early detection of security threats. 
  • Offers machine learning for efficient network analysis. 
  • Leverages global SOCs. 


  • Offers MDR and XDR for defence against cybersecurity threats, leveraging security experts. 
  • Offers machine learning and AI for network security. 
  • Offers security services to complement existing SOCs. 

Similar Vendors

Top 3 similar Cybersecurity Vendors

Click the service provider logo to find out more about each respective Cybersecurity solution.

Products & Services

What are Darktrace's Solutions?

  • Cyber AI Analyst: AI investigation technology that can autonomously investigate threats to operational technologies, SaaS and cloud. 
  • Darktrace Antigena: A range of products powered by Darktrace’s Autonomous Response solution, designed to take action against cyber threats in applications, the cloud, email, the corporate network and endpoints. Works with network providers such as Check Point, Cisco, Palo Alto and Fortinet. Also compatible with cloud providers such as Google Cloud, Azure and AWS. Works with SaaS applications such as Zoom, Microsoft 365 Microsoft Outlook, Teams and Sharepoint and endpoints such Apple IOS, Windows and Linux. Compatible email environments include Exchange, Microsoft 365 and Google Workspace. 
  • Enterprise Immune System: Locates randomly occurring cyber-threats by learning normal device behavior. Visibility is maintained across the dynamic workforce, from endpoints, the corporate network and the cloud. The solution leverages Self-Learning AI. 
  • Industrial Immune System: Designed for complex cyber-physical ecosystems, the Industrial Immune System detects vulnerabilities and threats whilst providing protection from attacks.
  • Darktrace Inoculation: Detects and responds to cyber-threats in real-time (includes zero-days and stealth attacks) powered by unsupervised machine learning. Designed to predict cyber-attacks before they hit a client’s systems and infrastructure and includes Global Threat Notifications and Industry Trend Reports. 
Self-Learning AI

Darktrace Self-Learning AI

Darktrace is best known for their AI technologies. Self-Learning AI was developed in Cambridge in 2013 and powers a majority of Darktrace’s solutions. The technology can be applied to any business system (such as email or in the cloud), removing the need for data migration. It works by creating a deep understanding of all business environments - the more complex, the better as data collected from a variety of users, devices and environments can be used to create a deeper understanding. Self-Learning AI is also able to implement autonomous response, with the ability to react to and interrupt cyber attacks in less than a minute. In some instances, the technology is capable of reacting to threats without requiring the need for human intervention. 

Autonomous Response

What Autonomous Solution is Supported by Darktrace?

Darktrace Autonomous Response is powered by Self-Learning AI. The solution is designed to automatically know what action to take in the event of an attack in order to contain it. A variety of environments can be secured, including cloud, SaaS, email and the corporate network. 

Darktrace Self-Learning AI powers Autonomous Response by constantly updating it’s knowledge of a company’s digital infrastructure to improve response precision, enforcing ‘pattern of life’ on infected devices/entities. The solution contains a variety of ransomware technologies:

  • Email: Darktrace is able to contain emails, lock malicious links and convert or strip attachments, using the least aggressive action possible to avoid disrupting the business. 
  • Lateral Movement: Lateral Movement and even ‘living off the land’ techniques are blocked by Darktrace. The solution detects chains of subtle anomalies such as possible SMB/RDP sessions and network scans. This prevents attacks from progressing by blocking connections. 
  • Establish Foothold and Beaconing (C2):  Darktrace is able to detect anomalous connections and suspicious file downloads in order to prevent attackers attempting remote control. It does this by implementing ‘pattern of life’ and blocking specific connections. 
  • Data Encryption: Encryption is stopped without impacting normal business operations using Autonomous Response. 
  • Data Exfiltration: Autonomous Response stops attacks such as double extortion ransomware from exfiltrating sensitive data by blocking any unusual data transfers which fall outside a device’s ‘pattern of life’. 
Intelligence Augmentation

What Intelligence Augmentation Solution is Supported by Darktrace?

Darktrace Intelligence Augmentation is designed to complement a human IT security team by investigating facets of attacks. The technology mimics human intuition by combining multiple information sources in order to prioritize workloads whilst carrying out threat investigations in real-time. The solution was developed over three years by studying the way security analysts react to output from Darktrace’s Self-Learning AI, in order to understand how security experts follow leads and create hypotheses. 

Darktrace Intelligence Augmentation sits on top of Self-Learning AI and provides a second layer of AI leveraging supervised machine learning to assess the output of the findings. These findings can be presented in any language as required using Natural Language Processing to summarize key information which reduces time to meaning and time to response. 

AI Process of Investigation:

1). A lead is generated - this could be a single alert or event. 

2). The lead kickstarts the investigation and the AI generates hypotheses to understand the nature of the possible threat and underlying cause. 

3). Data is queried in an attempt to refine, confirm or deny the hypotheses using custom algorithms. 

4). The process repeats until an in-depth and accurate as possible description is generated of the nature and root cause of the incident. 


Funding Rounds

Cloud Security

How Does Darktrace Deliver Cloud Security?

Darktrace for Cloud is Darktrace’s cloud security solution. Leveraging Self-Learning AI for hybrid and multi-cloud environments, the technology is compatible with Azure, AWS and Google Cloud providers. The solution learns ‘patterns of life’ for users, devices, instances and containers from the start, which allows it to respond efficiently to random and unknown cyber attacks. 

The solution is agnostic to different data forms and continuously revises it’s understanding of normal behaviors across multiple cloud workloads in real-time. Response times are quick, offering efficient targeted action whilst leveraging the Darktrace Immune System for protection across all business environments (cloud, email, SaaS, endpoints, the corporate network, OT and IoT). An example of how this is deployed in Cloud Security is that AI can match up suspicious activity on a user’s Office 365 account with a linked AWS login - Darktrace will understand that an account takeover has occurred and begin automatically remedying the situation. 

Darktrace is commonly used to detect:

  • Anomalous device connections
  • Anomalous user access
  • Unusual resource deletion, modification and movement 
  • Unusual permission changes
  • Anomalous activity around compliance-related data or devices
  • Brute force attempts
  • Unusual login source or time 
  • Unusual user behavior (such as rule changes or password resets)
  • Malicious insiders (sensitive file access, resource modification, role changes and adding or deleting users)
Cloud Access

Cloud Access

Amazon Web Services30
Microsoft Azure35
Google Cloud35
Remote Users

How Does Darktrace Support Remote Users?

Darktrace supports remote users with their Cyber AI solution. Powered by Self-Learning AI, the technology makes use of triage services and Autonomous Response to continuously update whilst on the job, offering 100% visibility across cloud, email and the corporate network. The solution is able to spot compromised credentials in applications such as Salesforce, Microsoft 365, Box, Google Workspace and more. A number of threats can be prevented using Darktrace, such as data loss (when a user steals, manipulates or leaks critical data), email attacks (spear phishing, social engineering and novel strains of ransomware) and admin abuse (sensitive file access or data destruction).

Managed, co-managed & DIY services

What is the Darktrace Managed, Co-managed and DIY Services Solution?

Darktrace solely offer managed services, offering two different service types both run by Darktrace’s Cyber Analysts and Darktrace Certified Partners. Suitability for each service is chosen based on company size and fit. Further, clients can become part of the ‘Darktrace Community’. This allows them to access intelligence and support from the Cyber Analyst Team. 

24/7 Proactive Threat Notification: 

Leverages Security Operations Centers (SOCs) in Cambridge, San Francisco and Singapore, run by Darktrace Cyber Analysts to offer information to help client’s take action as threats occur. This provides constant coverage of significant incidents identified within the client’s ecosystem as flagged by whatever Darktrace solution is deployed. If an attack is detected, it is labeled as a Proactive Threat Notification (PTN) which ensures that all high-fidelity incidents (warning signs that an attack is currently in progress) are forwarded to a Darktrace SOC. This service is updated constantly to ensure that all high-priority breaches are detected with accuracy and speed. PTN alerts will be triaged if they are deemed to be highly indicative of attack - the decision to triage a PTN is made by a Darktrace Global Cyber Analyst, or, for more complex cases, a senior Level 3 analyst will be required to assess and understand wether the client’s organization is under an immediate attack. If an attack is detected during triage, the client’s team will need to be contacted immediately and offered information on how best to remedy the situation. All fully triaged alerts will be encrypted using a shared key which is emailed to a name distribution list within the client’s organization. Automated telephone calls and/or SMS messages may also be received should a PTN email alert be issued. 

24/7 Ask the Expert:

24/7 Ask the Expert (ATE) can be accessed from the Darktrace Threat Visualizer and the Customer Portal. The feature allows clients to send queries direct to a Darktrace Cyber Analyst for expert advice during a real-time threat investigation. Accessible via the Threat Visualizer, clients can drag and drop graphics and traffic flow data into queries. From here, answers to queries are accessible via Help-> View Questions in the drop down menu, allowing client security teams to collaborate with Darktrace Analysts. 

Clients can create an unlimited amount of queries via ATE. Sometimes queries will be redirected to internal training or technical operations teams if the query is less analytical and more about software functionality. Although ATE is not a direct chat feature, clients will receive priority access to the SOC if they are facing a real-time attack. The services can be constantly accessed by a standard Call Home connection from a master appliance to the Darktrace Management Center in Cambridge, UK. 

Artificial Intelligence

AI Use Cases

AI For Network Security 75%
AI for Endpoint Security 68%
AI for Data Security 71%

What Reporting and Management is Available Via the Darktrace Portal?

Clients can benefit from Darktrace’s Customer Portal, which is an online platform offering clients information about their security environments and allowing them to access product updates and resources from Darktrace security teams. The Portal also includes expert commentary from the Darktrace team of Cyber Analysts which highlight threat trends, case studies and product functionality from the Darktrace community. In the Customer Portal, clients can configure SOC contacts and messaging delivery methods and raise software and hardware support questions and feature requests. Further, user guides, educational videos and FAQs are available and can be accessed within the Portal. 

Years Active

Number of Years Active

Frequently Asked Questions
Which Integrations do Darktrace Support?
Which Partners do Darktrace Support?
Which regulations do Darktrace comply with?
Which industry verticals do Darktrace offer solutions for?
Ask a question

Send your local contact from Darktrace a message, this form will reach Darktrace directly.

Contact Darktrace
Complete the form to get in touch with a representative from Darktrace.

Download the the complete guide to 10 SD WAN solutions.

The most comprehensive top 10 guide we have ever created.

Similar Companies

Deployment Region

North America64%
Europe, Middle East and Africa56%
Latin America10%
Proposition Focus

Proposition Focus


Industry Coverage


Other Focus

Remote users6
Machine Learning6
Cloud Security 8
List your business

List your business with Netify Learn More →


Geographic Focus


Please complete the form to ask a question or send a message directly to Darktrace. Netify have carefully curated global sales contacts based on your IP location. If you do not receive contact, please check your junk folder.

Book a demo of the Darktrace SD WAN and SASE security capability over Zoom or Teams. Learn about their management portal, deployment, SLA and support. You will receive an email asking for times/dates, please check your junk folder if not received.

A Netify Vendor Briefing is a 30 minute Zoom research session for IT decision makers, and an opportunity to learn about the vendors products, services and business strategies specifically or a related technology or market. We'll also discuss their competitors and which other solutions your business should consider. If you do not receive contact, please check your junk folder.

Netify is the first dedicated global SD WAN & SASE comparison marketplace.

List Your Business