Open main menu
Home
Random
Donate
Recent changes
Special pages
Community portal
Preferences
About Stockhub
Disclaimers
Search
User menu
Talk
Contributions
Create account
Log in
Editing
Darktrace
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
== Customer survey feedback == JP Morgan commissioned Guidepoint to conduct a survey of CISOs/CTOs across 30 current and past Darktrace customers (13 current and 17 past customers). Darktrace has 6,531 active customers as of Dec-21. Hence, JP Morgan notes that this survey only covers a subset of active and previous customers, albeit should provide some insights on the customer perspective. JP Morgan summarizes JP Morgan's key takeaways from the survey below: === Product-market fit and competition === Enterprise purchasing decisions are business problem-driven. JP Morgan asked survey participants to highlight the key business problems and decision criteria that prompted the consideration/purchase of Darktrace products. Answers to this question help gain insights to Darktrace’s product-market fit and value proposition, i.e. the problems that the market perceives the company’s products to solve. Darktrace sees its offerings as complementary to an organization’s existing security stack and does not see any cybersecurity vendor as its direct competitor, given its coverage and breadth of offerings. However, the business problems that prompted an enterprise to consider/purchase Darktrace products and the alternatives it considered in evaluating Darktrace’s products present a more realistic picture of what enterprises view as alternatives to Darktrace in the fight for cybersecurity wallet-share. JP Morgan summarizes key themes from the survey responses below: '''Business problems that led to the consideration of Darktrace’s products:''' * Need for an expanded layer of network monitoring, better network traffic analysis and cloud security; * Lack of security resources to monitor threats and need for a SIEM/SOAR solution for analytics and threat hunting; * Need for an AI-driven solution to secure against internal threats and APT (Advanced Persistent Threats) that does not rely on past indicators of compromise; * Need for anomaly detection and autonomous blocking of threats; and * Improved email protection against spear/whale phishing. '''Key survey responses to the question “Which business problem prompted the consideration of Darktrace products?”''' * “Overall IT/Network security and staffing bandwidth. We didn’t have enough resources to monitor the previous systems we had in place and respond in a timely fashion to events that could be incidents. We looked to Darktrace to minimize the number of resources required to monitor our security and increase our visibility.” * “Initially the thought of a silent hacker sitting in our system gathering data or information about our security systems. AI was the only thing that could spot this. At the time we only had traditional layers of protection that were not good enough.” * “The initial idea was to utilize AI and Automation and reduce manual efforts in our day-to-day SOC operations.” * “Increased threats, sophistication and resources applied to cyberattacks required more diligence on our part. We have our clients’ PHI data so critical we are protected.” * “Need for Security Operations Center but with limited resources. We also needed a way to watch both on-premises and cloud networks.” * “Improved email protection was required to reduce spear and whale phishing issues we [were] seeing in addition to [an] ML-based solution for SaaS logins.” '''Key decision criteria that led to the purchase of Darktrace products:''' Survey responses to the question ''“What were the key criteria that led to the purchase of Darktrace products?”'' highlight key customer expectations and value demonstrated or promised by Darktrace during/post a Proof of Value (POV) trial. The responses can be summarized in the following key buckets: * Product performance (includes metrics such as accuracy of detection, scalability and ease of deployment & use); * Coverage (especially for cloud/OT environments); * AI capabilities/non-reliance on known threat signatures; * Vendor reputation (includes peer reviews and recommendation from SIs); * Total cost of ownership; * Interoperability with existing security stack; * Other product features (such as full packet capture and user interface); * Service & Support. '''Alternatives considered''' Unsurprisingly, network detection and response (NDR) vendors surfaced as the biggest competitor category, followed by Endpoint/eXtended Detection & Response (EDR/XDR) vendors, Secure Email Gateway providers and SIEM/managed SOC system vendors. * NDR vendors: ExtraHop, Vectra AI, Cisco Stealthwatch, RSA Netwitness, Corelight; * EDR/XDR vendors: Crowdstrike, Cylance, Palo Alto Networks, FireEye, SentinelOne, Carbon Black, Sophos, Skout; * Secure Email Gateway vendors: Mimecast; * SIEM/managed SOC system vendors: Splunk, SecureWorks, Arctic Wolf. '''Figure 14: Alternatives considered in the evaluation of Darktrace products (number of mentions)<ref>Source: J.P. Morgan; based on survey responses from 30 current/past Darktrace customers.</ref>''' [[File:Figure 14.png]]Another striking point from the survey is the lack of broader awareness of vendors providing similar solutions targeting use-cases such as network traffic monitoring, autonomous response or integrated cloud email security solutions. As an example, several survey respondents that highlighted ‘APT/internal threats’ and ‘network traffic visibility’ as key business problems were unaware of NDR vendors beyond Darktrace and instead cited endpoint security platforms or managed SIEMs as alternatives in the evaluation process. Similarly, none of the survey respondents highlighted integrated cloud email security competitors to Darktrace in evaluation of Darktrace’s email product. This clearly demonstrates the value of Darktrace’s marketing efforts; however, JP Morgan does not see this as a sustainable differentiator going forward. With growing vendor awareness, the security vendor selection criteria are likely to shift from “the business problems addressed” to “product experience and price”. === Experience with using Darktrace products === JP Morgan asked survey participants to rate their experience (on a scale of 1 = extremely dissatisfied to 5 = extremely satisfied) with using Darktrace products across the following different dimensions: * Ease of deployment (e.g. time to deploy/set-up period and resources required); * Integration with other security tools and data sources; * Ease of use (manageability of alerts); * Customization/configurability of the platform; * Scalability; * Service & Support; and * Performance (overall platform usefulness, ability to detect and respond to threats/attacks). In addition, JP Morgan asked survey participates to highlight the key factors that they like/dislike about Darktrace’s products. JP Morgan summarize the quantitative and qualitative feedback below. '''Figure 15: Darktrace: Weighted-average rating across key dimensions (aggregate)<ref>Source: J.P. Morgan; average values based on survey conducted across 30 current/past Darktrace customers; 1=extremely dissatisfied, 2=somewhat dissatisfied, 3=neither satisfied nor dissatisfied, 4=somewhat satisfied, 5=extremely satisfied.</ref>''' [[File:Figure 15.png]]'''<br />Figure 16: Darktrace: Weighted-average rating across key dimensions (past customers)<ref>Source: J.P. Morgan; average values based on inputs from 17 past Darktrace customers (out of a total of 30).</ref>''' [[File:Figure 16.png]]'''<br />Figure 17: Darktrace: Weighted-average rating across key dimensions (current customers)<ref>Source: J.P. Morgan; average values based on inputs from 13 current Darktrace customers (out of a total of 30).</ref>''' [[File:Figure 17.png]] {| class="wikitable" |+Table 6: Responses to the question "What do you most like/dislike about Darktrace products?" by current Darktrace customers (n=13)<ref>Source: J.P. Morgan. Survey comments have been reproduced in their original form and have not been edited except as indicated. Survey comments should not be attributed to J.P. Morgan and are not representative of its views.</ref> |# | colspan="3" |Likes | colspan="3" |Dislikes |- |1 |Network detection |Dashboard |Detection capabilities |Complexity |High total cost of ownership |Limited to network visibility |- |2 |Integrates with our existing security stack |Excellent detection and configurability |Low false positive and great reporting |Configuration requires time/learning |Tuning/customization non-trivial |Initial setup took longer than [expected] |- |3 |Good price |Good features |Good support |Limited function |Not best of breed |Can be difficult to use |- |4 |AI feature |Automation |Machine learning |N/A |N/A |N/A |- |5 |System management |Ability to detect threats |Reliability |Can be time consuming in managing log reports |Time to build skills |Lack of overall portfolio |- |6 |User interface |Ability to give actionable info |Always improving functionality |It’s expensive |Need a path to cloud only solution |Antigena email will sometimes not filter out email until after it hits the mailbox |- |7 |Rich in product features that are specific to our business needs |Road map for future technology that aligns to our needs |Engineering support and service is above other vendors |Can be quite costly when you add all the licenses and feature sets |N/A |N/A |- |8 |Usability |Effectiveness |Price |Learning curve |Integration into data sources (separate reporting) |External source coverage |- |9 |Dashboard and ease of use |Machine learning models |Ease of customisation |Cost is a little high |Expanding the solution will be costly |Feature requests need to be submitted via the customer portal |- |10 |Comfort blanket |Solves unique problem |[Threat hunt] |V expensive |[Marketing] | |- |11 |UI and ease of use |Ability to apply exceptions |Behavioral based scoring |New endpoint agent [requires] AI analyst |Models are hard to create |No archiving capability |- |12 |Performance at spotting strange or undesirable behaviour |User-friendly interface |The way it interrogates logs and allows network traffic playback |Cost |Lack of HTTPS inspection | |- |13 |Clever AI engines |[Continuously] improving & adopting to new emerging threats |Can work with human in the loop |Cost |Time to deploy |Lack of compatibility with some older hardware |} {| class="wikitable" |+Table 7: Responses to the question "What do you most like/dislike about Darktrace products?" by past Darktrace customers (n=17)<ref>Source: J.P. Morgan. Survey comments have been reproduced in their original form and have not been edited except as indicated. Survey comments should not be attributed to J.P. Morgan and are not representative of its views.</ref> |# | colspan="3" |Likes | colspan="3" |Dislikes |- |1 |Easy to work with, once you know how |AI |Unsupervised machine learning |Price |Integration |Wanted endpoint protection for remote workers |- |2 |Scalable |Cost |Somewhat ease of use |Interoperability with other security products |False positives |Admin overhead |- |3 |Product options |Coverage specifics |AI |Cost |False positive |Deployment |- |4 |Suite of products |Focus on industrial segment |Coverage areas email, IT, OT etc. |Niche product |Not tightly coupled with public clouds |Skills |- |5 |AI capabilities |Easy deployment |TCO |Integration with legacy systems |Scalability |Roadmap |- |6 |Hard to say at this point. The visualization tool they have is pretty slice |N/A |N/A |Not a lot of value for the money |Other security tools provided similar alerting and sometimes they alerted on things Darktrace did not |Tool was not the most intuitive. |- |7 |Ease of use |Cost |Strong security |Poor support |Better alternatives emerged |Not great [integration] |- |8 |Cost |Support |Customer Success |[Configurability] |Difficult to read manual |Cost Performance |- |9 |Customisation |Detection capability |Logging and UI |Scalability |Not many integrations |Hard to deploy |- |10 |Ease of deployment |Detection of threats - I did say we had a lot of false positives but it did also catch things we most likely wouldn’t have |Speed to operations from start of deployment |False positives - tuning seemed continuous and appeared to never end |Pricing - Other alternatives that cost less have since become available |Resources required to manage |- |11 |Ease of use |Scalability |Detection capabilities |Cost |Ease of integration |Skillset to operate |- |12 |Ease of implementation |Performance |Antigena [autonomous response] |Complexity of resolution |Limited training |Lack of customer focus as they grew |- |13 |Industry standard |Meets needs of its use |User friendly |Price |False positive rate |Technical material |- |14 |Efficacy |Integrations |Ease of use |Price |N/A |N/A |- |15 |Ease of implementation |Support |Cost |N/A |N/A |N/A |- |16 |UI |Ease of use |Price |Performance |Capability |Deployment |- |17 |Intelligence |GUI |Feature Rich |Complicated |Sometimes UI masks the advanced features |Data Visualization |} A majority of survey respondents (50%) – including customers who have discontinued the use of Darktrace products – indicated that Darktrace ''met expectations'' in terms of overall product performance. 30% of survey respondents (9 out of 30) reported that Darktrace products performed ''lower-than-expectations'', while 20% reported that Darktrace ''exceeded expectations'' in terms of performance. Qualitative feedback submitted by current and past Darktrace customers indicates that “high price” and “platform complexity” are among the top disliked factors. Several respondents either discontinued or indicated their willingness to discontinue Darktrace solutions due to availability of cheaper alternatives (such as Vectra AI and ExtraHop) and limited value-add from Darktrace products. Separate interviews with customers indicate that switching costs to alternatives are relatively low (3-6 months of training time/model tuning with a new solution). A majority of current Darktrace customers JP Morgan surveyed (7 out of 13) plan to keep spending with Darktrace unchanged, with 2 current customers indicating their willingness to discontinue usage of Darktrace products. === Factors driving churn === A total of 17 out of 30 surveyed participants are past Darktrace customers. JP Morgan asked these respondents the top reasons for discontinuing the use of Darktrace products to gauge the key factors driving churn in customer base. JP Morgan summarize the responses in Figure 18 below. “High Price” and “Poor product performance” (here “poor product performance” refers to high number of false positives and associated admin burden in managing the alerts, inability to detect serious threats/attacks), poor integration with other security solutions and availability of better alternatives were the commonly cited reasons for discontinuing Darktrace products. '''Figure 18: Top reasons for discontinuing Darktrace products<ref>Source: J.P. Morgan; A total of 17 out of 30 respondents indicated that they discontinued the use of Darktrace products – survey participants were given the option of selecting multiple reasons; *poor product performance includes factors such as high number of false positives, failure to detect serious threats, etc.</ref>''' [[File:Figure 18.png]]
Summary:
Please note that all contributions to Stockhub may be edited, altered, or removed by other contributors. If you do not want your writing to be edited mercilessly, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource (see
Stockhub:Copyrights
for details).
Do not submit copyrighted work without permission!
Cancel
Editing help
(opens in new window)