Blog Post

Awake Security Reigns Over Darktrace in Independent Tolly Group Test

Tolly Group Evaluates the Evolution of Network Traffic Analysis

Tolly Group just released a new independent test report which evaluated and compared the Awake Security Platform against the Darktrace Enterprise Immune System in a live customer environment. The side-by-side test demonstrated Awake’s solution was more than twice as accurate and produced 1500% fewer “noisy” alerts than Darktrace, saving customers time and money while providing more actionable threat detection and better protection against breaches.

Key Takeaways

  • Compared to Awake, Darktrace had a false negative rate of 60% missing a majority of the threat test cases.
  • Awake had a significantly lower false positive rate with 95% of the alerts being actionable. This compared to Darktrace, where only 13.5% of the alerts were relevant and actionable.
  • Darktrace only enabled the validation of 40% of the threat test cases with native tools in the product.

Why does this matter? False negatives put organizations at risk because they are threats that are invisible to the security team. False positives and clunky workflows, on the other hand, slow down the team and may cause them to miss even the threats that are in fact uncovered because they get buried in the noise.

Testing Procedure

The Tolly Group is a premier independent third-party testing service founded in 1989 which has published over thirteen hundred test reports evaluating the top security and technology providers in the industry. To conduct the test, Tolly Group focused on key attack scenarios based on the MITRE ATT&CK framework that are vital for any Network Detection and Response (NDR) solution to address. These use cases included detection of IoT threats, data theft and exfiltration, insider threats, and credential theft. Importantly, the test was performed at a current Darktrace customer that was looking to evaluate the Awake Security Platform as a replacement. This customer, based in the San Francisco Bay Area, was looking for an objective and quantifiable approach to evaluate NTA / NDR solutions and was willing to collaborate with The Tolly Group for this purpose.

Kevin Tolly, founder of The Tolly Group, summarized the test saying, “conducting this test at a site running both Awake and Darktrace solutions in a proof-of-concept evaluation provided us with a very accurate side-by-side comparison. For the key use cases we evaluated, Awake performed far more precisely, recognizing all five attack scenarios while Darktrace only recognized two. And on top of that, Darktrace produced far more noise, generating more than fifty non-actionable alerts compared to just one for Awake. Ultimately, this results in Awake delivering a more intuitive tool that empowers security teams to secure the organization more effectively.”

At present, commercial security testing products do not provide tools for evaluating NTA solutions. NTA systems incorporate behavioral analysis elements and are dependent on monitoring “real-world traffic”. The historical network testing approach of using artificially generated load traffic has limited utility in testing such solutions that are not looking for malware patterns in the traffic. The use of “live” traffic was therefore considered a critical component of executing an accurate test.

In addition, the test also focused on the workflow beyond detection. The security analyst’s job does not stop with detection. If anything, that is where it starts, leading into investigations, digital forensics and incident response tasks. NTA solutions, therefore, must focus on delivering tools, workflows, and context for use by a human operator. We believe The Tolly Group methodology’s emphasis on detection, workflow as well as solution efficiency and usability are the set of criteria customers consider in evaluating the total cost of ownership and value of a security solution.


ETR’s Summer 2019 Emerging Technology Study

This affirmation of Awake’s leadership position against Darktrace in an independent test reinforces what perhaps IT decision makers have already known. For instance, ETR’s Summer 2019 Emerging Technology Study found a higher rate of Global 1000 companies that are “currently evaluating” Awake’s technology than any other vendor included in their survey of privately-held cybersecurity vendors—including Darktrace.

All this recognition is testament to the incredible team that works every day to tackle some of security’s big challenges. If you would like to see why there is so much of a buzz around our platform reach out to us at And if you want to be part of the team that delivers these solutions to our customers hit us up at

All product names, logos, and brands are the property of their respective owners. All company, product and service names used in this website are for identification purposes only. Use of these names, logos, and brands does not imply endorsement.

Rudolph Araujo
Rudolph Araujo

VP, Strategy and Marketing