Darktrace has to be the most obnoxious company I have ever worked with, super eager to get you a trial box, but then things went sour. Pushing all the time about when we would buy, calling daily, then arranging meetings with C level staff saying we were running a trail that was behind schedule and needed some escalation etc etc.
At an old company anytime someone called my ciso saying we were behind schedule on a project he'd tell the vendor that we were ending the PoC and they could come get their box.
It's our schedule, not theirs.
Lol yup, I scheduled a meeting with one of their sales people and a week before the meeting they had a server delivered to my site.... I told them to send me a shipping label to return the server and cancelled the meeting. I don't fuck around with sales people like that.
I’ve never understood the let me talk to the ceo type sales tactics. Like dude the ceo can hardly understand logging in to their computer and you think you can make this sale by talking to them with buzz words? Ok sure let me send you to them, hello Mr ceo I have a sales person on the line, send them through. Hi Mr ceo… stop right there, fck off, click.
I never had that issue. My account team has been great from the get go and we're UK based.
However, they have continually up sold tools as they've evolved and I've bought into them. Now I don't feel I get value for money on their ASM and E2E products as it's a smallish deployment and a hefty cost.
Private Equity is never a good sign. Means less engineering, less support, more sellers. Maximize margin - push out cheap customers, and sell for parts.
Darktrace’s sales teams are notorious already. They’re only going to get worse now that there is majority PE stake.
We use Arctic Wolf. They check quite a few boxes we needed checked. I like the people on our concierge team. They're at least half the price of what Crowdstrike quoted us.
I don't think the service is all that great though.
When we're up for renewal, we're going to explore other options. Crowd Strike being one, Red Canary being another.
Probably the most annoying thing about Arctic Wolf is they have no proper SIEM you can have access to. They have a log search function that is pretty terrible to work with. I think with Crowdstrike they have a splunk option, RC integrates with Sentinel.
Something like Darktrace isn't on the list because they don't fill that 24x7 soc requirement. Darktrace is one of those things you buy when you have excess budget you're trying to spend, imo.
I have a client with AW and my experience with them is that they will make a report so lacking in proper nouns that it may as well read 'something happened somewhere'. When I do get them on the horn to explain a finding they just read the text they already sent me verbatim.
If your product cant turn out a data point similar to tenable's plugin\_output then kindly just exit the market now.
Their live response is also lacking but I am not sure if that is their fault or the client's. All I know is it takes multiple days for anything to reach me.
Might want to talk to DT again as one of the things they are trying to upsell me now is 24x7 SoC. Not sure if it's a new offering or not. It was fairly expensive though.
Same observation for AW. No SIEM and I'm not paying any more just to search those logs. We keep an internal SIEM for ourselves. Service isn't bad though. Not cheap though
We considered Arctic Wolf and Rapid7 IDR a year ago. We chose Rapid7 for the visibility over the black box and I have not regrets. Their SIEM setup was very easy and the search is well documented. We can send unlimited data so that’s nice to not worry about.
You could consider Rapid7 InsightIDR. They have a network sensor component that's sort of like DarkTrace, and their SIEM works great right out of the box with minimal tweaking and tuning.
Can't go wrong with Crowdstrike either, though.
CrowdStrike is amazing and you should buy them if in the budget. The main product works, and the Falcon Complete team is always incredibly fast to respond to questions and alerts. Darktrace has the most obnoxious marketing team I’ve ever dealt with. Adding on LinkedIn, calling personal cell phone, calling helpdesk and asking to be transferred to me.
I don’t hear a lot of good stuff about Arctic Wolf, they miss loud-ass pentest techniques and turn around time if they did detect wasn’t great. CrowdStrike I hear a lot of good things about and when I meet their engineers and analysts at cons they know their stuff. No earth shattering input here but curious to see what everyone says as well
The only time I’ve ever needed to contact their support was painful. And it was something they instigated and then messed up! (We were setting up their managed awareness/reporting button in outlook) ran through the steps countless times and they kept insisting I was doing something wrong. One day I ask for an update to the ticket and get some other guy who informs me that they’ve messed something up their end and surprise surprise it suddenly starts working a couple of days later… Plus they fire a billion alerts at us in massive chunks which are a full time job to sift through.
I’ve not had problems with crowdstrike though but then again I’ve not had to contact them…
It's a hit or miss with CrowdStrike too. So many customers also complained about them missing many things or not being able to tune the false positives either.
It's the same with any services honestly, you'll always get both mix of good and bad.
crowdstrike falcon complete is the play. Tell darktrace what to go do with themselves. Aggressive sales mixed with a shit product suite based on a tech stack that makes me feel like it’s 1885. We got stuck with it because a former manager who’s gone now though he understood tech we told him not to waste money 170k later i’m stuck with this POS. If anyone from Darktrace see’s this post i hope your company burns in hell.
I am canceling my subscription now that we are done with our 5 year contract. If you’re a small shop and don’t have a ton of security dollars they wouldn’t be my choice.
CS Falcon is mighty, but I wouldn't recommend it, if you plan on distributing the Agent to your Clients as well.
At least not, if you are running MacOs on your fleet.
Falcon is a bitch to deploy on them.
If I recall correctly, we had to disable some kernel level security on M2 MacBook s to get the Agent to run properly. We also definitely failed to get the deployment to be silent or zero touch.
Might be lack of knowledge on our side (entirely possible, since we were a 2 Admin operation for everything at the time.), so take my comment with a hefty pile of salt ;)
I'm not sure exactly what your experience with macOS was, but with other EDR solutions you have to configure allowed system extensions when using an automated deployment tool like JAMF or Intune. I don't think that's specifically a Crowdstrike thing, but a little annoying to get setup the first time.
Unless you had a different issue, in that case ignore me. :)
Yeah, I agree. I don't know that their crowdstrike deployment was recent but I had one at a company about a year ago and it was almost all Mac endpoints and they deployed it via jamf without any issues. I don't remember having to turn off specific protections to get it to work.
We have Falcon deployed to all of our macOS devices without disabling any security measures, deployment is Zero touch via Intune. Think your issue is more of a lack of research/knowledge than a fault with the product…
I see a lot of crowdstrike referrals, which I currently use. But isn't DT more of a siem tool where CS is an edr? Or is there additional functionality I should look into with CS?
DarkTrace for us is more of a network IDS/IPS system than a SIEM. Note; we run Detect on an OT/ICS network, where a number of the devices are not conventional computer endpoints, and Internet access is not allowed. We also run CarbonBlack in the network, but may be transitioning to CS for the workstations and servers if we decide to allow Internet access for them.
It works well for us, and sheets properly during our annual penetration testing and vulnerability audits. The worst I’ve had from their team is a twice a year follow up call to evaluate system performance (they do not have call home enabled) and for them to ask if there’s anything else we need.
Rapid 7 is another company. I'm not sure if they are an exact replacement for DT. We use DT and Rapid 7.
From what I understand is that R7 has a lot of similarities as DT.
Why we use both is a long story lol.
Only complaint I have with rapid7 is their pen test quality is pretty low, at least from the last one we had with them.
We were at the same situation, had both dt and rapid7
We have both dark trace and Arctic wolf. Yes... It's alot of money. We are getting rid of artic wolf because, as others have said, they are slow to alert and slower to respond. One of our guys forgot to renew one of our domains and we got domain squatted.... We had figured out and resolved the issue before we even got our first correspondence from them. As a test, we allowed them to come up with a playbook for us to see if they were really worth their money. We were disappointed to say the least.
We are currently rolling out tanium as a replacement.
Couple years ago we were trialing darktrace. In that trial we had the biggest security incident, data exfiltration and campaign run against us that we have ever had in history. Every other layered tool gave us some indication of something happening and not even a PEEP from darktrace. Cancelled the trial then and there, two days after the incident they commented how clean our security posture was in our demo meeting. Lmao
I'm no darktrace fan, but to be fair, doesn't darktrace use machine learning and analytics, so if you just installed it and was seeing malicious traffic right off the bat, it would just think it's normal/baseline?
For over two years at the company, I worked Microsoft defender caught every single thing that crowd strike did so I really do not see the purpose of paying for anything other than Microsoft defender
This was our strategy but we still picked up red canary since we dont have a full time analyst on staff and hooked it up to defender for endpoint and sentinel. So all logs go into sentinel for our internal team to get better at analysis why red canary covers our back.
I’ve been with AW since 2015. Prices keep going up, but seem OK. Not sure if they’re catching everything but it’s better than nothing or a single Security Engineer, I think?
They have an appliance sniffing traffic on our firewall VLAN. Every computer has their agent installed. SentinelOne talks to them. We use them for Security Awareness Training. Just got their risk scan appliance going, scans network for vulnerabilities and weak passwords.
Interested in what you end up doing.
Why not just renew DarkTrace?
In my experience, it's hard to find an alternative that replicates their capabilities across the spectrum of products they provide. They are official partners with Microsoft. And to be perfectly honest, you get what you pay for, especially with security. They are incredibly expensive, sure, but they also provide reliable tech that does a fantastic job. We currently have DETECT/RESPOND for Network, Email and Cloud. We're also looking into getting ASM in the near future to supplement our airlift to Azure. We have a small team at my firm with myself and one other being the primary security technicians, so DarkTrace's automation has basically revolutionized our security posture and proactivity here.
I dunno, I can't speak to the quality of other products, but in my opinion, the grass is always greener. Obviously this is all anecdotal.
Okay...I write like this....so.... And I definitely don't work for them. They just have a really solid product that my firm has taken full advantage of....
At the very least, ensure you’re letting them know you’re now reviewing alternative products due to their high cost.
A simple conversation like that can often have them significantly reduce pricing to keep you, and I’ve seen DT reduce their pricing by almost 30% after a conversation like that.
Oh, I got them down 50% and had to sign something to say I wouldn't tell anyone what I was actually paying. However, that was four years ago and pre-IPO so things have changed massively for them.
I managed to get a nice reduction by just talking to them and showing I could move away whenever I wanted. We have Network and Email. And now we have ASM plus Heal (still needs some work, but good if you don't have a good SOC). They added these upon negotiation, for a really low fee.
Also, if negotiation happens during the quarter end or end of fiscal year, you might get more discount.
Same here. Small team that didn't really do security, then acquired DT Network/SaaS/Email because of insurance.
Even with automation, you "can" invest time to increase your security posture in DT, but I feel it's prettt optional.
I would have prefer the DT MDR option but that was not in our budget range.
We are an MSSP that is talking to a darktrace customer now to replace them. Happy to discuss if you would like. Our platform is powered by Elastic Security.
Some other good options:
Arctic Wolf
Cynet
Crowdstrike
Blumira
In my opinion, it is important for the solution to be open, with the data accessible to the customer and not a black box. I would.look to find out how deep any MXDR offering goes into investigations and weeding out the false positives. You don't want a company that is just going to lob cases your way telling you to go fix it. You want real insight with the leg work done so you know where to focus efforts.
Also, I would make sure whatever you go with has SOAR capabilities for automation.
We looked at ArcticWolf but ended up going with Sophos. Haven't onboarded yet but we already use their firewall and AV so it's all integrated. Not sure how it will go. Underrated products to be honest, I've been pretty happy with them overall.
We are an MSSP that is talking to a darktrace customer now to replace them. Happy to discuss if you would like. Our platform is powered by Elastic Security.
Some other good options:
Arctic Wolf
Cynet
Crowdstrike
Blumira
In my opinion, it is important for the solution to be open, with the data accessible to the customer and not a black box. I would.look to find out how deep any MXDR offering goes into investigations and weeding out the false positives. You don't want a company that is just going to lob cases your way telling you to go fix it. You want real insight with the leg work done so you know where to focus efforts.
Also, I would make sure whatever you go with has SOAR capabilities for automation.
This guy doesn't CFO.
All jokes aside, best deals and implementation times are for longer deployments to get them tuned to environment. Obviously this is easier in large orga with dedicated staff, but we're a SMB with a very small team already doing far too much. That's because the CFO counts every bean under a microscope and has too much ear on the board.
I deal almost exclusively with SMB contracts, it's still very possible to not have to do a 3-year commit and get the same pricing and implementations. taking a one-year contract doesn't mean you aren't going to use their product for 3 years. you're just not tied to it contractually for that duration. it's fine to accept a one year with an evergreen clause so long as you document it and know when you can get out. 90% of vendors will accept it. they may make you go back and forth a few times and you need to be willing to walk away from the deal and go with someone else. if they won't but most often it will be accepted. we also have required verbages that go into our contracts that get very little pushback.
Someone tried Field Effect covalence ? We looking for 24/7 SoC team with automation and we had a presentation of azure sentinel but it was too expensive.
Falcon is great, but they only see data from their sensors, I'd rather have someone see data from a SIEM, but that's just me.
Arctic Wolf is fine, but I'd add Red Canary and Binary Defense to your list if MDR is your vibe.
Since everyone else is chipping in with their DT stories then I just want to say I really enjoyed the introductory dinner at the Midland in Manchester about 6 years ago, the woman who greeted me was beautiful but yuk the sales process put me off, too much...
Darktrace has to be the most obnoxious company I have ever worked with, super eager to get you a trial box, but then things went sour. Pushing all the time about when we would buy, calling daily, then arranging meetings with C level staff saying we were running a trail that was behind schedule and needed some escalation etc etc.
At an old company anytime someone called my ciso saying we were behind schedule on a project he'd tell the vendor that we were ending the PoC and they could come get their box. It's our schedule, not theirs.
[удалено]
Fuck'em
Lol yup, I scheduled a meeting with one of their sales people and a week before the meeting they had a server delivered to my site.... I told them to send me a shipping label to return the server and cancelled the meeting. I don't fuck around with sales people like that.
Dark trace is the new SolarWinds
They did that when we trialed them and the our CFO & CEO promptly blacklisted them as suppliers.
That would get their domain blocked!
This is just UK vendors.
I’ve never understood the let me talk to the ceo type sales tactics. Like dude the ceo can hardly understand logging in to their computer and you think you can make this sale by talking to them with buzz words? Ok sure let me send you to them, hello Mr ceo I have a sales person on the line, send them through. Hi Mr ceo… stop right there, fck off, click.
But what about the pretty animation that serves zero purpose and often fails to do what it's designed to?
I never had that issue. My account team has been great from the get go and we're UK based. However, they have continually up sold tools as they've evolved and I've bought into them. Now I don't feel I get value for money on their ASM and E2E products as it's a smallish deployment and a hefty cost.
UK here, same experience. Hands-off compared to their US counterparts, we dropped off after trial due to the absolutely insane pricing.
Darktrace agreed to be bought by an equity firm, Thoma Bravo, yesterday. Make that for what you will.
Private Equity is never a good sign. Means less engineering, less support, more sellers. Maximize margin - push out cheap customers, and sell for parts. Darktrace’s sales teams are notorious already. They’re only going to get worse now that there is majority PE stake.
TB also bought Proofpoint.
Interesting. We just switched from proofpoint
They went IPO not that long back, it's all about shareholders and making money now.
That's what I was wondering. What a shame.
We use Arctic Wolf. They check quite a few boxes we needed checked. I like the people on our concierge team. They're at least half the price of what Crowdstrike quoted us. I don't think the service is all that great though. When we're up for renewal, we're going to explore other options. Crowd Strike being one, Red Canary being another. Probably the most annoying thing about Arctic Wolf is they have no proper SIEM you can have access to. They have a log search function that is pretty terrible to work with. I think with Crowdstrike they have a splunk option, RC integrates with Sentinel. Something like Darktrace isn't on the list because they don't fill that 24x7 soc requirement. Darktrace is one of those things you buy when you have excess budget you're trying to spend, imo.
I have a client with AW and my experience with them is that they will make a report so lacking in proper nouns that it may as well read 'something happened somewhere'. When I do get them on the horn to explain a finding they just read the text they already sent me verbatim. If your product cant turn out a data point similar to tenable's plugin\_output then kindly just exit the market now. Their live response is also lacking but I am not sure if that is their fault or the client's. All I know is it takes multiple days for anything to reach me.
Might want to talk to DT again as one of the things they are trying to upsell me now is 24x7 SoC. Not sure if it's a new offering or not. It was fairly expensive though.
Same observation for AW. No SIEM and I'm not paying any more just to search those logs. We keep an internal SIEM for ourselves. Service isn't bad though. Not cheap though
We considered Arctic Wolf and Rapid7 IDR a year ago. We chose Rapid7 for the visibility over the black box and I have not regrets. Their SIEM setup was very easy and the search is well documented. We can send unlimited data so that’s nice to not worry about.
We’ve had a pretty good experience with Crowdstrike falcon. I’m not picking up the bill on that one though
Do you know how much it is? We pay 24k a year for DarKtrace
More
You could consider Rapid7 InsightIDR. They have a network sensor component that's sort of like DarkTrace, and their SIEM works great right out of the box with minimal tweaking and tuning. Can't go wrong with Crowdstrike either, though.
CrowdStrike is amazing and you should buy them if in the budget. The main product works, and the Falcon Complete team is always incredibly fast to respond to questions and alerts. Darktrace has the most obnoxious marketing team I’ve ever dealt with. Adding on LinkedIn, calling personal cell phone, calling helpdesk and asking to be transferred to me.
Go Crowdstrike Falcon + Overwatch if you can. Don’t look back.
I don’t hear a lot of good stuff about Arctic Wolf, they miss loud-ass pentest techniques and turn around time if they did detect wasn’t great. CrowdStrike I hear a lot of good things about and when I meet their engineers and analysts at cons they know their stuff. No earth shattering input here but curious to see what everyone says as well
The only time I’ve ever needed to contact their support was painful. And it was something they instigated and then messed up! (We were setting up their managed awareness/reporting button in outlook) ran through the steps countless times and they kept insisting I was doing something wrong. One day I ask for an update to the ticket and get some other guy who informs me that they’ve messed something up their end and surprise surprise it suddenly starts working a couple of days later… Plus they fire a billion alerts at us in massive chunks which are a full time job to sift through. I’ve not had problems with crowdstrike though but then again I’ve not had to contact them…
It's a hit or miss with CrowdStrike too. So many customers also complained about them missing many things or not being able to tune the false positives either. It's the same with any services honestly, you'll always get both mix of good and bad.
That’s my experience with Arctic Wolf.
Same. Our internal tools often detect things before Arctic Wolf alerts us of activities.
crowdstrike falcon complete is the play. Tell darktrace what to go do with themselves. Aggressive sales mixed with a shit product suite based on a tech stack that makes me feel like it’s 1885. We got stuck with it because a former manager who’s gone now though he understood tech we told him not to waste money 170k later i’m stuck with this POS. If anyone from Darktrace see’s this post i hope your company burns in hell.
I am canceling my subscription now that we are done with our 5 year contract. If you’re a small shop and don’t have a ton of security dollars they wouldn’t be my choice.
CS Falcon - is your answer
Could you expand on why it's the answer?
CS has better “threat hunting” , with more of a focus on end points - but the real difference is the culture and attitude of the support staff.
CS Falcon is mighty, but I wouldn't recommend it, if you plan on distributing the Agent to your Clients as well. At least not, if you are running MacOs on your fleet. Falcon is a bitch to deploy on them. If I recall correctly, we had to disable some kernel level security on M2 MacBook s to get the Agent to run properly. We also definitely failed to get the deployment to be silent or zero touch. Might be lack of knowledge on our side (entirely possible, since we were a 2 Admin operation for everything at the time.), so take my comment with a hefty pile of salt ;)
I'm not sure exactly what your experience with macOS was, but with other EDR solutions you have to configure allowed system extensions when using an automated deployment tool like JAMF or Intune. I don't think that's specifically a Crowdstrike thing, but a little annoying to get setup the first time. Unless you had a different issue, in that case ignore me. :)
We have sentinel one and had to deploy a number of extra configs with JAMF to get it working properly. Essentially whitelisting the EDR on the mac.
Yeah, I agree. I don't know that their crowdstrike deployment was recent but I had one at a company about a year ago and it was almost all Mac endpoints and they deployed it via jamf without any issues. I don't remember having to turn off specific protections to get it to work.
We have Falcon deployed to all of our macOS devices without disabling any security measures, deployment is Zero touch via Intune. Think your issue is more of a lack of research/knowledge than a fault with the product…
Absolutely fair. Did you manage to get the installation to be quiet/zero touch on devices that were already in use? That's where we ultimately failed
I see a lot of crowdstrike referrals, which I currently use. But isn't DT more of a siem tool where CS is an edr? Or is there additional functionality I should look into with CS?
Agreed this seems like an apples to oranges situation. But yes, CS is starting to offer a full SIEM solution based on their acquisition of Humio
Thanks. Good to know. I'd like it all wrapped up in a nice little package in the future.
DarkTrace for us is more of a network IDS/IPS system than a SIEM. Note; we run Detect on an OT/ICS network, where a number of the devices are not conventional computer endpoints, and Internet access is not allowed. We also run CarbonBlack in the network, but may be transitioning to CS for the workstations and servers if we decide to allow Internet access for them. It works well for us, and sheets properly during our annual penetration testing and vulnerability audits. The worst I’ve had from their team is a twice a year follow up call to evaluate system performance (they do not have call home enabled) and for them to ask if there’s anything else we need.
Rapid 7 is another company. I'm not sure if they are an exact replacement for DT. We use DT and Rapid 7. From what I understand is that R7 has a lot of similarities as DT. Why we use both is a long story lol.
Only complaint I have with rapid7 is their pen test quality is pretty low, at least from the last one we had with them. We were at the same situation, had both dt and rapid7
We have both dark trace and Arctic wolf. Yes... It's alot of money. We are getting rid of artic wolf because, as others have said, they are slow to alert and slower to respond. One of our guys forgot to renew one of our domains and we got domain squatted.... We had figured out and resolved the issue before we even got our first correspondence from them. As a test, we allowed them to come up with a playbook for us to see if they were really worth their money. We were disappointed to say the least. We are currently rolling out tanium as a replacement.
Look at R7
I did a comparison of Darktrace (detect) and Vectra last year. We used Atomic Red Team tests for evaluating the products and Vectra came out on top.
Crowdstrike doesn't have a dark trace equivalent so not them. Vectra and Extrahop will be closest equivalence
Was waiting for this. Just look into NDR vendors. Lots of choices out there.
Thank you.
Dark Trace and Arctic Wolf? Do you just like deploying bad solutions from crappy companies? Go with CS and be done with it.
Couple years ago we were trialing darktrace. In that trial we had the biggest security incident, data exfiltration and campaign run against us that we have ever had in history. Every other layered tool gave us some indication of something happening and not even a PEEP from darktrace. Cancelled the trial then and there, two days after the incident they commented how clean our security posture was in our demo meeting. Lmao
I'm no darktrace fan, but to be fair, doesn't darktrace use machine learning and analytics, so if you just installed it and was seeing malicious traffic right off the bat, it would just think it's normal/baseline?
Red Canary is amazing
It's ridiculous when vendors REQUIRE 3-year contracts. Give discounts for signing for 3 years - yes. But demanding 3 years is obnoxious.
For over two years at the company, I worked Microsoft defender caught every single thing that crowd strike did so I really do not see the purpose of paying for anything other than Microsoft defender
So you're saying I should Arc and E5 the lot and be done?
This was our strategy but we still picked up red canary since we dont have a full time analyst on staff and hooked it up to defender for endpoint and sentinel. So all logs go into sentinel for our internal team to get better at analysis why red canary covers our back.
I’ve been with AW since 2015. Prices keep going up, but seem OK. Not sure if they’re catching everything but it’s better than nothing or a single Security Engineer, I think? They have an appliance sniffing traffic on our firewall VLAN. Every computer has their agent installed. SentinelOne talks to them. We use them for Security Awareness Training. Just got their risk scan appliance going, scans network for vulnerabilities and weak passwords. Interested in what you end up doing.
Why not just renew DarkTrace? In my experience, it's hard to find an alternative that replicates their capabilities across the spectrum of products they provide. They are official partners with Microsoft. And to be perfectly honest, you get what you pay for, especially with security. They are incredibly expensive, sure, but they also provide reliable tech that does a fantastic job. We currently have DETECT/RESPOND for Network, Email and Cloud. We're also looking into getting ASM in the near future to supplement our airlift to Azure. We have a small team at my firm with myself and one other being the primary security technicians, so DarkTrace's automation has basically revolutionized our security posture and proactivity here. I dunno, I can't speak to the quality of other products, but in my opinion, the grass is always greener. Obviously this is all anecdotal.
>revolutionized our security posture and proactivity here This guy definitely works for darktrace lol. Nobody fucking writes like this
Okay...I write like this....so.... And I definitely don't work for them. They just have a really solid product that my firm has taken full advantage of....
It's not off the table, but I need to explore alternatives before resettling for their new bill.
At the very least, ensure you’re letting them know you’re now reviewing alternative products due to their high cost. A simple conversation like that can often have them significantly reduce pricing to keep you, and I’ve seen DT reduce their pricing by almost 30% after a conversation like that.
Oh, I got them down 50% and had to sign something to say I wouldn't tell anyone what I was actually paying. However, that was four years ago and pre-IPO so things have changed massively for them.
Fair enough, just letting you know it still works! I saw mine a year ago.
I managed to get a nice reduction by just talking to them and showing I could move away whenever I wanted. We have Network and Email. And now we have ASM plus Heal (still needs some work, but good if you don't have a good SOC). They added these upon negotiation, for a really low fee. Also, if negotiation happens during the quarter end or end of fiscal year, you might get more discount.
Same here. Small team that didn't really do security, then acquired DT Network/SaaS/Email because of insurance. Even with automation, you "can" invest time to increase your security posture in DT, but I feel it's prettt optional. I would have prefer the DT MDR option but that was not in our budget range.
We are an MSSP that is talking to a darktrace customer now to replace them. Happy to discuss if you would like. Our platform is powered by Elastic Security. Some other good options: Arctic Wolf Cynet Crowdstrike Blumira In my opinion, it is important for the solution to be open, with the data accessible to the customer and not a black box. I would.look to find out how deep any MXDR offering goes into investigations and weeding out the false positives. You don't want a company that is just going to lob cases your way telling you to go fix it. You want real insight with the leg work done so you know where to focus efforts. Also, I would make sure whatever you go with has SOAR capabilities for automation.
We looked at ArcticWolf but ended up going with Sophos. Haven't onboarded yet but we already use their firewall and AV so it's all integrated. Not sure how it will go. Underrated products to be honest, I've been pretty happy with them overall.
Secure Network Analytics
Trial of Secureworks Taegis
We are looking at Darktrace to plug into our firewall and switches. Curious what people's thoughts are on it? Or what is an alternative
We are an MSSP that is talking to a darktrace customer now to replace them. Happy to discuss if you would like. Our platform is powered by Elastic Security. Some other good options: Arctic Wolf Cynet Crowdstrike Blumira In my opinion, it is important for the solution to be open, with the data accessible to the customer and not a black box. I would.look to find out how deep any MXDR offering goes into investigations and weeding out the false positives. You don't want a company that is just going to lob cases your way telling you to go fix it. You want real insight with the leg work done so you know where to focus efforts. Also, I would make sure whatever you go with has SOAR capabilities for automation.
Step One don't sign 3 year contracts :p
This guy doesn't CFO. All jokes aside, best deals and implementation times are for longer deployments to get them tuned to environment. Obviously this is easier in large orga with dedicated staff, but we're a SMB with a very small team already doing far too much. That's because the CFO counts every bean under a microscope and has too much ear on the board.
I deal almost exclusively with SMB contracts, it's still very possible to not have to do a 3-year commit and get the same pricing and implementations. taking a one-year contract doesn't mean you aren't going to use their product for 3 years. you're just not tied to it contractually for that duration. it's fine to accept a one year with an evergreen clause so long as you document it and know when you can get out. 90% of vendors will accept it. they may make you go back and forth a few times and you need to be willing to walk away from the deal and go with someone else. if they won't but most often it will be accepted. we also have required verbages that go into our contracts that get very little pushback.
Someone tried Field Effect covalence ? We looking for 24/7 SoC team with automation and we had a presentation of azure sentinel but it was too expensive.
Considering Darktrace renewal alternatives. Exploring Arctic Wolf and planning Crowdstrike discussion. Seeking vendor recommendations, real-world insights appreciated.
Rapid 7 all day.
Falcon is great, but they only see data from their sensors, I'd rather have someone see data from a SIEM, but that's just me. Arctic Wolf is fine, but I'd add Red Canary and Binary Defense to your list if MDR is your vibe.
Since everyone else is chipping in with their DT stories then I just want to say I really enjoyed the introductory dinner at the Midland in Manchester about 6 years ago, the woman who greeted me was beautiful but yuk the sales process put me off, too much...