Sold by: Darktrace
Deployed on AWS
Vendor Insights
Darktrace is a global leader in AI for cybersecurity that keeps organizations ahead of the changing threat landscape every day. Founded in 2013 in Cambridge, UK, Darktrace provides the essential cybersecurity platform to protect organizations from unknown threats using AI that learns from each business in real-time. Darktraces platform and services are supported by 2,300 employees who protect nearly 10,000 customers globally. To learn more, visit http://www.darktrace.com.
4.2
Overview
The Darktrace ActiveAI Security Platform provides a full lifecycle approach to cyber resilience that can autonomously spot and respond to known and unknown in progress threats within seconds across the entire organization, including cloud, apps, email, endpoint, network, and operational technology (OT). With its groundbreaking Self-Learning AI, Darktrace continuously learns and updates its knowledge of your business data and applies that understanding to help transform security operations and improve cyber resilience.
Highlights
- Darktrace protects over 9,400 organizations globally from known, unknown and novel cyber-threats.
- Darktrace ActiveAI Security Platform delivers a proactive approach to cyber resilience in a single cybersecurity platform, providing preemptive visibility into security posture, real-time detection, and autonomous response to known and unknown threats without disrupting business operations.
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Skip the manual risk assessment. Get verified and regularly updated security info on this product with Vendor Insights.
Security credentials achieved
(2)
ISO27001
AWS Security Specialization
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
30-day Trial | Free Proof of Value (POV) | $0.00 |
Small | Up to 300 Mbps of average bandwidth. 200 Hosts | $30,000.00 |
Medium | Up to 2 Gbps average bandwidth. 1000 Hosts | $60,000.00 |
Large | Up to 5Gbps average bandwidth. 10,000 hosts | $100,000.00 |
Vendor refund policy
Per Section 7.1 of the Darktrace Master Services Agreement: https://darktrace.com/legal/master-services-agreement
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
Customer Portal support tickets and Phone support +44 (0)8081 893465
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Darktrace
By Trellix
By SentinelOne
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Self-Learning AI Technology
Continuously learns and updates knowledge of business data in real-time to detect and respond to threats without requiring predefined rules or signatures
Autonomous Threat Response
Autonomously spots and responds to known and unknown in-progress threats within seconds across the entire organization without manual intervention
Multi-Vector Coverage
Provides protection and monitoring across cloud, applications, email, endpoints, network, and operational technology (OT) infrastructure
Real-Time Threat Detection
Delivers real-time detection and visibility into security posture with preemptive identification of threats across the organization
Full Lifecycle Cyber Resilience
Implements a comprehensive lifecycle approach to cyber resilience covering threat detection, response, and business continuity without disrupting operations
Multi-Source Threat Data Integration
Correlates security events from Trellix Security Platform and over 500 third-party tools including 13 AWS integrations to create unified threat visibility across the security stack.
AI-Driven Alert Triage and Prioritization
Applies artificial intelligence-driven analytics to perform 100% alert triage, prioritize threats, and provide GenAI-powered insights for threat investigation and remediation guidance.
No-Code Automation for Investigation and Response
Provides UI-driven, point-and-click automation capabilities to offload repetitive security operations tasks and accelerate investigation and response workflows.
Pre-Built Analytics and Correlation Rules
Ingests data from multiple sources and correlates events using pre-built analytics and rules to reconstruct complete attack narratives and reduce manual investigation pivots.
Multi-Deployment Architecture Support
Supports cloud, hybrid, and air-gapped deployment models with an open integration ecosystem for flexible security infrastructure configurations.
AI-Powered Threat Detection and Response
Real-time threat detection and automated response capabilities augmented by advanced AI and automation across endpoints, cloud workloads, and identity infrastructure.
Cloud Workload Protection
Runtime threat protection for Amazon EC2 instances, EKS clusters, and AWS Fargate with autonomous blocking of malware, ransomware, and fileless attacks.
Extended Detection and Response
Correlated view of full attack stories across endpoints, identities, and cloud workloads using patented Storyline technology to automatically correlate and contextually group related events.
Identity Threat Detection and Response
Continuous monitoring and protection against credential theft, privilege escalation, and lateral movement attacks across Active Directory and cloud identity providers including Entra ID, Okta, Ping, SecureAuth, and Duo.
Generative AI Security Analysis
Generative AI security analyst that automates threat hunting, provides incident summaries, and accelerates investigations through machine-speed analysis.
Validated by AWS Marketplace
FedRAMP
GDPR
HIPAA
ISO/IEC 27001
PCI DSS
SOC 2 Type 2
-
-
-
-
-
No security profile
-
-
-
-
-
Standard contract
No
No
No
Customer reviews
Daniel S.
Darktrace Network: Intuitive, AI-Driven Cybersecurity with Real-Time Threat Detection
Reviewed on May 04, 2026
Review provided by G2
What do you like best about the product?
Darktrace Network excels in delivering cutting-edge cybersecurity through its intuitive UI/UX, making complex threat detection accessible. The platform seamlessly integrates with existing IT infrastructures, enhancing overall security without disruptions. Its performance is impressive, promptly identifying anomalies and potential threats in real-time. While pricing reflects the advanced technology it provides, the ROI is substantial for organizations prioritizing security. Onboarding is efficient, supported by responsive customer service that ensures a smooth transition. Darktrace's AI-driven intelligence gives it a unique edge, continuously learning and adapting to evolving threats. Overall, Darktrace Network is an invaluable tool for proactive cybersecurity management.
What do you dislike about the product?
Cost can be quite high and out of reach for many small businesses.
What problems is the product solving and how is that benefiting you?
This finds interesting traffic, analyzes it, and acts autonomously to stop bad traffic.
Alan B.
Powerful Insights, but a Complex Interface and Limited Alert Context meant a change
Reviewed on Mar 10, 2026
Review provided by G2
What do you like best about the product?
Darktrace provided me with a very powerful solution with many detailed insights
What do you dislike about the product?
Their interface is incredibly complex and doesn't favour people who have limited time to learn it over repeated use. Also, there is no context given to some of the alerts.
What problems is the product solving and how is that benefiting you?
We have now replaced Darktrace with ArcticWolf who have a much clearer interface, work with you via their concierge service and have an automated containment solution, so you can analyse the issue whilst it doesn't spread across your system
Pasan Jayarathna
Monitoring has improved data loss detection and now spots abnormal internal file transfers quickly
Reviewed on Jan 04, 2026
Review provided by PeerSpot
What is our primary use case?
My main use case for Darktrace is to identify remote connections and abnormal connections such as FTP or any kind of RDP happening inside our LAN network or company network, where we want to verify the data transfers and check if any abnormal user is transferring data through the network to the outside, or any kind of suspicious activity.
One specific example of a situation where Darktrace helped me spot something unusual is when one of the employees tried to copy some of his data to the outside. He is a developer trying to implement an application in a cloud environment, and while he was copying his file from inside our network to a cloud network, we got an alert, which we considered significant because he had not done it earlier, as it was an initial step in his developing environment. Because of that alert from Darktrace, when we checked with him, it was actually a legitimate activity.
How has it helped my organization?
Darktrace impacts my organization positively by providing us with a better understanding of abnormal activities detected among users.
The positive impact includes helping us identify a lot of transfers and abnormal activities, as some users try to perform RDPs inside our network, using LAN for different desktops or laptops, making it quite useful to identify users, especially those from a non-technical background.
What is most valuable?
In my understanding, the best feature Darktrace offers is the identification of copying files, which acts as a DLP , and it is a main concern for companies because users sometimes copy data outside without knowing, especially those without a technical background.
When I mention the DLP-like feature and file copying detection, the alerts have been very timely, as we get an alert within a couple of minutes, which is excellent. Even if some developers are working after hours and copying files, our SOC team detects this, and most of the time they call us so we can identify the users. The alerts are quite accurate and proactive.
What needs improvement?
As of now, I feel Darktrace can be improved to better detect end device activities, such as laptops or desktops, to bind it with our network.
For how long have I used the solution?
I have been using Darktrace for around two years.
What do I think about the scalability of the solution?
Regarding scaling, we initially planned for 2,000 to 4,000 devices, but we did not add any additional licenses for more devices after implementing Darktrace.
How are customer service and support?
The customer support from Darktrace is good. We reached out to them a couple of times to check on some features, and they helped us very effectively.
How was the initial setup?
Integrating Darktrace with our existing security tools was not difficult at all. We simply SPAN our core network port into the Darktrace side, and we did not face any difficulties at that time.
Which other solutions did I evaluate?
In terms of the interface and reporting, I believe Darktrace is good. I have also worked with ExtraHop, and compared to them, I feel Darktrace is way ahead, so I do not have any improvement suggestions for reporting views.
What other advice do I have?
Darktrace is a very good tool, and we introduced it after we had an incident in a previous company, where we faced an attack and that is when we introduced this tool, which helped us identify a lot of abnormal activities, mainly from our developing team. My company is quite large with around 8,000 employees and they are developing a lot of things without our knowledge.
Although I do not have exact numbers, I can say that our security posture has improved a lot since implementing Darktrace, especially as our SOC team monitors the activities and we communicate with users about the need to stop certain activities.
During my time at the company, we did not find any zero-day threats or unusual attacks, but we noticed certain abnormal activities done by users.
My advice for others looking into using Darktrace is that for large-scale companies with huge teams, especially developers working separately from the system teams, it is crucial to implement security measures, as sometimes the most vulnerable positions come from those in technical backgrounds who can create security loopholes. In such environments, having tools Darktrace is essential to improve the organization's security posture without compromising their reputation. I would rate this product a 9 out of 10.
Tejas Jain
Intelligent threat response has improved incident handling and provides clear attack path visibility
Reviewed on Jan 02, 2026
Review from a verified AWS customer
What is most valuable?
Regarding the autonomous response feature, I appreciate how it functions within the platform.
What needs improvement?
Based on my experience, I believe the solution could be improved in some areas, and there are certain drawbacks that I have encountered.
For how long have I used the solution?
I have been working with Darktrace for approximately one to one and a half years or longer.
What do I think about the stability of the solution?
In general, I would say that the interface of Darktrace is intuitive enough, and it aids in understanding threat landscapes and attack paths.
What do I think about the scalability of the solution?
Regarding scalability, I would rate it eight points.
How are customer service and support?
If asked to rate Darktrace support on a scale from zero to ten where ten is the best, I would give them five points.
How was the initial setup?
Regarding the installation and initial setup, I found it to be straightforward rather than complex.
What's my experience with pricing, setup cost, and licensing?
Concerning pricing for the product, I would say it is somewhat expensive.
What other advice do I have?
I have rich experience with many tools including Vectra, Cisco firewall, and Check Point.
Manufacturing
Great product, protects manufacturing environments
Reviewed on Aug 05, 2025
Review provided by G2
What do you like best about the product?
Already saved us once, would have cost thousands to recover
What do you dislike about the product?
Took a little while for us to set a base normal
What problems is the product solving and how is that benefiting you?
Protects our network when we are forced to use obsolete software, e.g. Windows XP