Darktrace Managed Detection and Response
Darktrace Managed Detection and Response is a managed service for organizations using Darktrace's AI security platform across network, cloud, OT, endpoint and SaaS telemetry. After an alert, Darktrace's SOC triages, investigates, reviews relevant RESPOND measures and can escalate threat-containment actions, while the buyer still owns Darktrace deployment scope, response authority, remediation, recovery and coverage outside the Darktrace environment.
- Service
- Platform-led MDR and co-managed security operations support
- Response
- Co-manage the SOC
Best for
Organizations already using or evaluating Darktrace for network, cloud, OT, endpoint, email or identity coverageUsually replaces
Some 24/7 monitoring and alert triage for deployed Darktrace modulesResponse role
Service shares SOC workflow with your team or MSP while you keep control.Check first
Deploying and tuning the relevant Darktrace modules and sensors across the environmentCoverage
Covers
- 24/7 Darktrace SOC monitoring for significant anomalies in the customer's Darktrace environment
- Analyst triage and investigation of high-priority Darktrace alerts
- Review of related Darktrace RESPOND measures and escalation of supported containment actions
Your team still owns
- Granting and governing response authority for Darktrace RESPOND or connected integrations
- Remediating affected endpoints, identities, cloud workloads, OT systems and business processes
- Covering telemetry and alerts outside the contracted Darktrace environment
Tradeoffs
Works well
- Strong fit for buyers that already see Darktrace as a core detection and response platform
- Official sources clearly describe 24/7 SOC triage, investigations, reporting and optimization support
- Coverage can span network, cloud, OT, endpoint, SaaS, email and identity when the relevant modules are deployed
Watch out for
- No usable public MDR price was found
- Service value depends heavily on Darktrace deployment quality and module coverage
- Not a full replacement for EDR, SIEM, identity administration or incident recovery
What customers say
Public sentiment is strongest for Darktrace's NDR and broader platform rather than the exact MDR service. Gartner and G2 signals point to visibility, AI-led detection and support value, while community threads repeatedly caution about cost, tuning, false positives and not treating Darktrace alone as a full SOC or EDR replacement.
Reported benefits
- Buyers value network and OT visibility that can complement endpoint and SIEM tooling
- AI Analyst and SOC review can reduce some investigation and alert-prioritization workload
- Darktrace's platform has substantial public review volume compared with the MDR listing itself
- Marketplace and legal artifacts make enterprise procurement paths more visible than many smaller services
Reported limits
- Exact MDR-service review volume is sparse, including no AWS Marketplace reviews
- Community feedback is mixed on tuning burden, false positives, sales pressure and price
- Value depends on deployment quality and whether Darktrace modules cover the buyer's critical assets
- Buyers still need endpoint, identity, SIEM or ticketing context outside Darktrace scope
Pricing
- Price signal
- No public MDR list price found.
- Billing model
- Custom
- Proof of concept
- Available
- Onboarding
- Depends on Darktrace module deployment, sensor coverage, cloud and SaaS connections, RESPOND configuration, alert-routing design, response approvals and service-ready review findings.
Ask before buying
- Which Darktrace modules, environments and alert types are included in MDR monitoring?
- Which response actions can Darktrace escalate or trigger without customer approval?
- How are platform licenses, MDR fees, implementation, reporting, retention and add-on services priced?
Connects with
- SIEM
- Darktrace ActiveAI Security Platform
- Darktrace DETECT
- EDR / Endpoint
- Darktrace / ENDPOINT
- Cloud
- Microsoft 365
- Other
- Darktrace / NETWORK
- Darktrace / CLOUD
- Darktrace / OT
- Darktrace / IDENTITY
- Darktrace / EMAIL
- Darktrace RESPOND
Notes
Why co-managed SOC
Darktrace MDR includes 24/7 SOC triage, investigation, expert support, monthly reporting, operational reviews and escalation of response actions. It is still co-managed because the buyer keeps deployment scope, permissions, remediation and recovery.
Platform boundary
The service is explicitly tied to the buyer's Darktrace environment across deployed modules. Do not assume it monitors or responds inside unrelated SIEM, EDR, identity or ticketing tools unless the contract and integration design say so.
Response authority
Official material supports review of RESPOND measures and escalation of containment actions, but public sources do not prove universal autonomous containment. Buyers need a written response matrix by module, asset type and approval path.
Pricing boundary
AWS Marketplace shows a private-offer route and a $1 custom-offer placeholder. The public draft treats that as procurement evidence only, not a real MDR price.
Review boundary
Public review volume is meaningful for Darktrace / NETWORK and the broader platform, but exact MDR-service reviews are thin. The profile separates platform sentiment from managed-service proof.