Buyer fit
Good fit when
- ✓Mid-market and enterprise organizations wanting AI-powered threat detection with autonomous response across diverse attack surfaces
- ✓Critical infrastructure and industrial environments needing OT/ICS security with protocol-agnostic detection
- ✓Security teams comfortable with autonomous response technology and willing to invest tuning time for optimal detection
Watch out when
- ×SMBs or budget-conscious buyers. Premium pricing, no trial, and no published pricing transparency.
- ×Organizations without dedicated security staff to handle tuning, false positive triage, and platform optimization
- ×Teams wanting turnkey MDR with minimal configuration. Darktrace requires significant tuning and training.
Coverage
1 of 6 attack surfaces in the base price — the rest are separately priced.
Platform
Additional capabilities
Incident response
Pricing
What costs extra
- –Darktrace / ENDPOINT (separate module)
- –Darktrace / CLOUD (separate module)
- –Darktrace / EMAIL (separate module)
- –Darktrace / OT (separate module)
- –Advanced MDR tier (proactive threat hunting)
Cost caveats
- –Full coverage (endpoint, cloud, email, OT) requires multiple separate modules that increase total cost significantly
- –High false positive rates require internal analyst time for tuning despite the MDR service
- –No free trial available to test before purchase
- –Steep learning curve may require professional services or extended onboarding
Verify pricing directly with the provider.
Team and access
Reputation
Gartner Peer Insights Customers' Choice 2025 for NDR (4.8/5, 242 reviews). Practitioners praise Self-Learning AI for detecting novel threats and Antigena response speed. Consistent complaints about high false positive rates, expensive pricing, and steep learning curve. MDR service launched June 2024, so limited community feedback on the managed service specifically.
What customers praise
- ✓Self-Learning AI detects novel and zero-day threats that signature-based tools miss
- ✓Antigena autonomous response contains threats in seconds without human intervention
- ✓Broad attack surface coverage (network, endpoint, cloud, SaaS, OT) from a single platform
Common complaints
- ×High false positive rates require significant tuning effort and ongoing analyst time to optimize
- ×Expensive pricing in upper market segment with limited transparency and negotiation flexibility
- ×Steep learning curve with non-intuitive UI that requires dedicated training
Limited Reddit discussion about Darktrace MDR specifically (launched June 2024). General Darktrace sentiment shows respect for AI detection capabilities but frustration with false positives, high costs, and support quality.
Questions to ask
- 1.
What is the total pricing for MDR including all required modules (DETECT, RESPOND, ENDPOINT, CLOUD, EMAIL, OT) for our environment?
- 2.
Which MDR tier includes proactive threat hunting versus reactive alert response, and what are the specific response time commitments?
- 3.
What is the typical false positive rate during initial deployment, and how long does tuning take to reach stable detection accuracy?
- 4.
How does the SOC coordinate with our team when Antigena takes autonomous actions? What approval workflows are available?
- 5.
What happens to our historical detection data and investigation reports if we leave Darktrace?
- 6.
How does MDR pricing change as we add coverage for endpoint, cloud, email, and OT beyond base network detection?
Evidence
Sources reviewed
Public-data caveats
- –No public contractual response-time SLA is recorded for this profile.
- –No public fixed price is recorded; compare only after a scoped quote.
- –No public breach warranty is recorded.
- –Response authority may depend on pre-approval and contract scope.
Also consider
Independent research. Verify details directly with the provider before making decisions.
