What is the Darktrace Validation Assessment?

The Darktrace Validation Assessment is a $5,000 CAD service from Sherlock Forensics that tests whether your Darktrace installation actually detects real attack techniques. We deploy ShadowTap, a physical penetration testing device, on your network and simulate an attacker gaining physical access. We then map every phase of the attack against your Darktrace alerts to show you what was detected, what was missed and how long detection took. The report includes specific tuning recommendations to improve your Darktrace deployment.

How long does the Darktrace validation take?

Active testing runs 3-5 business days after ShadowTap is deployed on your network. Including device shipping and report writing, the total engagement takes approximately 10-15 business days from kickoff to final report delivery. Your Darktrace appliance and configuration remain untouched throughout the engagement.

Are you affiliated with Darktrace?

No. Sherlock Forensics is completely independent of Darktrace. We do not sell, resell, partner with or receive any compensation from Darktrace. This independence is what makes our validation credible. We report exactly what we find, whether that confirms your Darktrace is working well or reveals gaps that need attention.

Can I combine Darktrace validation with a penetration test?

Yes. The Comprehensive Security Assessment at $12,000 CAD includes both full penetration testing (external and internal via ShadowTap) and detection validation against your Darktrace. This is the most cost-effective way to get both a vulnerability assessment and a detection validation in a single engagement.

For Darktrace Customers

You Invested in Darktrace. We Validate Your Investment.

Independent validation with real attack simulation. Find out what Darktrace catches and what it misses.

Sherlock Forensics offers the Darktrace Validation Assessment, a $5,000 CAD service for Darktrace customers who want independent proof that their deployment actually works. We deploy our ShadowTap device on your network, simulate a physical access attacker and map every phase against your Darktrace alerts. Your report includes a minute-by-minute detection timeline, missed events analysis, false positive assessment and specific tuning recommendations. We are completely independent of Darktrace - no partnership, no reseller relationship, no conflicts of interest.

Book Your Darktrace Validation Full Service Details

The Problem

You Spent $100K+ on Darktrace. Does It Work?

The Sales Demo Was Impressive

Darktrace demos are exceptional. The threat visualizer looks amazing. The AI learns your network. Antigena responds autonomously. But a sales demo shows the product working under ideal conditions with pre-selected scenarios. Your network is not a demo environment. Your traffic patterns are unique. Your configuration was done by your team, not by Darktrace's demo engineers.

Nobody Has Tested It Since Deployment

Most organizations deploy Darktrace, tune it during the initial period and then trust it to work indefinitely. Networks change. Applications change. User behavior changes. Has your Darktrace been re-validated against these changes? If you cannot answer that question with confidence, you need a validation assessment.

Darktrace's Own Tests Are Not Enough

Darktrace includes built-in attack simulation capabilities. These test whether Darktrace can detect its own test patterns, which is not the same as detecting a real attacker. Our validation uses real attack techniques, real tools and a real rogue device on your network. If we can evade Darktrace, a real attacker can too.

What You Get

Your Darktrace Validation Report

Detection Timeline

A minute-by-minute timeline showing when each attack phase began and when Darktrace detected it. This is the most important deliverable. If Darktrace takes 45 minutes to flag a rogue device establishing an outbound tunnel, that is 45 minutes an attacker has to achieve their objective. You will see exactly how fast your Darktrace responds to real threats.

Missed Events Analysis

Every attack activity that Darktrace did not detect, with explanations of why it was likely missed and specific configuration changes to improve coverage. Common gaps include: network segments not being monitored, Antigena set to passive mode, model sensitivity too low for certain attack types and encrypted tunnel detection gaps.

False Positive Assessment

During the testing window, we review alerts Darktrace generates that are unrelated to our activity. High false positive rates cause alert fatigue, which causes real attacks to be ignored. We assess your current ratio and recommend tuning adjustments to reduce noise without reducing detection coverage.

Tuning Recommendations

Specific, actionable steps to improve your Darktrace deployment: model sensitivity adjustments, Antigena policy changes, network segment coverage gaps, SIEM integration opportunities and custom model suggestions tailored to your environment. These are recommendations you can implement immediately after receiving the report.

How It Works

Three Simple Steps

1. We Ship ShadowTap

We pre-configure our ShadowTap penetration testing device and ship it to your office via tracked courier. No software installation required. No IT configuration needed. Your team simply plugs it into an available network port in the agreed-upon location.

2. We Attack Your Network

Our team simulates a physical access attacker: passive reconnaissance, identity harvesting, covert tunnel establishment, Active Directory enumeration, lateral movement and privilege escalation. At each phase, we document what we do and cross-reference it against your Darktrace alerts. Full methodology details here.

3. You Get Your Report

Within five business days of testing completion, you receive a detailed report with detection timeline, missed events, false positive assessment and tuning recommendations. We also include a debrief call to walk through findings and answer questions from your team.

Pricing

Clear, Fixed Pricing

Darktrace Validation Assessment

$5,000 CAD

Standalone Darktrace validation with real attack simulation. Includes ShadowTap deployment, full attack matrix execution, detection timeline, missed events analysis, false positive assessment and tuning recommendations. Ideal if you want to validate Darktrace specifically.

Book Darktrace Validation

Comprehensive Security Assessment

$12,000 CAD

Everything in the Darktrace Validation plus full external penetration testing, complete internal penetration test via ShadowTap, CVSS-scored vulnerability findings, remediation roadmap and compliance mapping. Best value if you need both penetration testing and Darktrace validation.

Order Comprehensive

Independence

Completely Independent of Darktrace

No Partnership

Sherlock Forensics has no commercial relationship with Darktrace. We do not sell Darktrace, resell Darktrace, receive referral fees from Darktrace or compete with Darktrace. We are a cybersecurity firm that tests whether security tools work. Darktrace is one of many platforms we validate.

No Bias

We have no incentive to tell you Darktrace works when it does not, and no incentive to tell you it fails when it succeeds. If your Darktrace installation catches every attack phase we throw at it, our report will say exactly that. If it misses critical attack stages, our report will say that too. You hired us for the truth, not for a narrative.

We Also Test Other Platforms

Darktrace is not the only platform we validate. Our Network Detection Validation service covers CrowdStrike Falcon, Vectra AI, ExtraHop, Cisco Stealthwatch, Snort, Suricata, Zeek and any other NDR, IDS or IPS. Same methodology, same independence, same honest reporting.

Frequently Asked Questions

FAQs for Darktrace Customers

What is the Darktrace Validation Assessment?: A $5,000 CAD service that tests your Darktrace installation against real attack techniques. We deploy ShadowTap on your network, simulate a physical access attacker and map every phase against your Darktrace alerts. You receive a detailed report with detection timelines, missed events and tuning recommendations. Full details here.
How long does the validation take?: Active testing runs 3-5 business days after ShadowTap is deployed. Total engagement time from kickoff to report delivery is approximately 10-15 business days. Your Darktrace appliance remains completely untouched throughout.
Are you affiliated with Darktrace?: No. Sherlock Forensics is completely independent. No partnership, no reseller relationship, no referral fees. This independence is what makes our validation credible.
Can I combine this with a penetration test?: Yes. The Comprehensive Security Assessment at $12,000 CAD includes full penetration testing plus Darktrace validation in one engagement. This is the most cost-effective option if you need both vulnerability assessment and detection validation. Read more about why both are valuable.

Validate Your Investment

Book Your Darktrace Validation

$5,000 CAD. Real attack simulation. Honest reporting. Specific tuning recommendations. Find out if your Darktrace catches real attackers.

Book Your Darktrace Validation

Ready to Validate Your Darktrace?

Tell us about your Darktrace deployment: how many appliances, which network segments are monitored, whether Antigena is active. We will scope your validation and provide a fixed-price quote.

Call 604.229.1994

Phone: 604.229.1994
Burnaby Office: Burnaby, BC, Canada
Coquitlam Office: Coquitlam, BC, Canada
Related Pages: Full Service Details · Darktrace vs Pentest · ShadowTap