I'd be curious to hear about your experience and anyone else's using similar products — rustam@cloudflare if you want to chat. We're building out intrusion detection functionality and want to make sure we have more pros and fewer cons than the competition :)
We inherited them a while back. We also just started the decom process. I would say that all in, its just a glorified ELK stack (the advanced search is a Kibana frontend). They tout their advanced AI/ML/Maths/etc. that is supposed to be the golden ticket to all things security. It is not that at all. We tried and tried to get it to a useful state, even with the help of their engineers, and the tool just couldn't get anything that we didn't already have from our other sources (FW, endpoint, etc.). You can't ingest from other sources so it's not really a SIEM even if they tell you they can. You can't to TLS intercept so you get to rely on IP reputation only. You can't use the dashboard "developed by video game designer" because it's so dang heavy and the graphics come before functionality. I guess I will stop my rant there as its a bit all over the place. TLDR; not a good tool for what you are paying for (or maybe at all). It is perfect for checking a compliance box though, so there is that?
Their product is a basic IDS with loads of marketing materials that claim to be driven by AI. Instead of calling it an IDS, they call it an immune system, because the people making purchasing decisions need an ELI5.
There are some very interesting nuggets from their IPO prospectus, which if misleading could eventually turn to 'securities fraud' [1] [2]
> Approximately 74% of Darktrace’s trial deployments in 2020 detected serious vulnerabilities that very often had evaded other defences and quickly demonstrate to prospective customers the comprehensive nature of the AI driven technology.
>The Cyber AI Platform’s average set up time is one hour and the machine learning gains visibility through software sensors that analyse raw, real-time data.
>The Enterprise Immune System and Industrial Immune System use self-learning AI technology to spot the subtle signals of sophisticated attacks and do not rely on traditional rules and signatures to help detect attacks and defend against them. The Cyber AI Analyst product augments human cyber security teams, by automatically triaging, interpreting and reporting on security incidents. The Directors believe Darktrace Antigena is the first solution to use autonomous response to interrupt detected attacks
As of 31 December 2020, the Group had 10 issued patents, with the majority granted in the United States. As of 31 December 2020, the Group had also applied for a further 52 patents, which are pending. The majority of filings are primarily machine learning and AI focused. Of the Group’s patent portfolio, many of the patents are related to multiple focuses, and are related to cyber security tools and AI augmented workflows, mathematics and autonomous response, email security, cloud and SaaS, industrial and endpoint security
frombody|4 years ago
It seems like their target market is mid-level executives that can be dazzled by fancy marketing.
It doesn't seem like a bad product, just overly expensive, with largely the same pros and cons as similar vendors.
Anyone have any experience with the product in operation, and would you onboard them again if you had to do it all over again?
airstrike|4 years ago
Sounds like a pretty sizeable TAM
matsur|4 years ago
jumiejums|4 years ago
nickysielicki|4 years ago
It's a frothy market we're having, isn't it?
ThaDood|4 years ago
xwdv|4 years ago
marc__1|4 years ago
> Approximately 74% of Darktrace’s trial deployments in 2020 detected serious vulnerabilities that very often had evaded other defences and quickly demonstrate to prospective customers the comprehensive nature of the AI driven technology.
>The Cyber AI Platform’s average set up time is one hour and the machine learning gains visibility through software sensors that analyse raw, real-time data.
>The Enterprise Immune System and Industrial Immune System use self-learning AI technology to spot the subtle signals of sophisticated attacks and do not rely on traditional rules and signatures to help detect attacks and defend against them. The Cyber AI Analyst product augments human cyber security teams, by automatically triaging, interpreting and reporting on security incidents. The Directors believe Darktrace Antigena is the first solution to use autonomous response to interrupt detected attacks
[1] https://ir.darktrace.com [2] https://www.bloomberg.com/opinion/articles/2019-06-26/everyt...
godelmachine|4 years ago
Have these guys filed for any patents?
It’s my belief that if you want to make the cut in the InfoSec business, you gotta bring some core offering of your own to the table.
For ex - some groundbreaking algorithm that will help them detect early stages of an attack.
marc__1|4 years ago
From their IPO Prospectus:
As of 31 December 2020, the Group had 10 issued patents, with the majority granted in the United States. As of 31 December 2020, the Group had also applied for a further 52 patents, which are pending. The majority of filings are primarily machine learning and AI focused. Of the Group’s patent portfolio, many of the patents are related to multiple focuses, and are related to cyber security tools and AI augmented workflows, mathematics and autonomous response, email security, cloud and SaaS, industrial and endpoint security
SilurianWenlock|4 years ago
SilurianWenlock|4 years ago
SilurianWenlock|4 years ago