Fortinet FortiSOAR vs VMware Carbon Black Cloud comparison

Sponsored
Microsoft Sentinel
Read 86 Microsoft Sentinel reviews
  • 17,297 Views
  • 9,628 Comparison Views
92% willing to recommend
Fortinet FortiSOAR
Read 13 Fortinet FortiSOAR reviews
  • 2,481 Views
  • 1,535 Comparison Views
63% willing to recommend
VMware Carbon Black Cloud
Read 18 VMware Carbon Black Cloud reviews
  • 528 Views
  • 396 Comparison Views
93% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive Summary
We performed a comparison between Fortinet FortiSOAR and VMware Carbon Black Cloud based on real PeerSpot user reviews.

Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR).

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Security Orchestration Automation and Response (SOAR) Report (Updated: June 2024).
Buyer's Guide
Security Orchestration Automation and Response (SOAR)
June 2024
Download the complete report
Helped 789,135 peers since 2012
 

Categories and Ranking

Microsoft Sentinel
Sponsored
Average Rating
8.2
Number of Reviews
86
Ranking in other categories
Security Information and Event Management (SIEM) (2nd), Security Orchestration Automation and Response (SOAR) (1st), Microsoft Security Suite (5th)
Fortinet FortiSOAR
Average Rating
7.4
Number of Reviews
13
Ranking in other categories
Security Orchestration Automation and Response (SOAR) (10th)
VMware Carbon Black Cloud
Average Rating
8.4
Number of Reviews
18
Ranking in other categories
Security Incident Response (3rd), Endpoint Detection and Response (EDR) (27th)
 

Featured Reviews

Nagendra Nekkala - PeerSpot reviewer
Nov 8, 2023
Provides a unified set of tools to detect, investigate, and respond to incidents and enables proactive threat hunting
We use the tool to help secure our cloud-native security solutions. By enabling us to secure our cloud environments, it acts as a single solution for attack detection and threat visibility for proactive hunting. The solution gives us a library of customizable content that helps us address our unique needs. It also gives regular patch updates. It helps us to be updated with the latest threats happening across the world. We use the Microsoft Sentinel Content hub. Integration with Active Directory is also helpful for us. The content hub enables us to see the latest features. We have Extended Detection and Response in SentinelOne. It provides effective protection for the platform. It provides more cybersecurity by providing more visibility and protects our enterprise. The content hub helps us centralize out-of-the-box security information and event management content. It discovers and manages the built-in content. It provides an end-to-end security for us. Microsoft Sentinel correlates signals from first and third-party sources into a single high-confidence incident. It can extract the information through the respective APIs of the third parties. It has increased our threat intelligence, monitoring, and incident analysis efficiency. We use Microsoft Sentinel's AI in automation. The generative AI features enable real-time threat hunting and detection. The solution has helped improve our visibility into user and network behavior. The generative AI provides better detection and response capabilities and faster response times with actionable intelligence. The product has saved us time. It helps us get various log files. When there’s an incident, it enables us to do investigations faster. The tool saves us three days in a week. It reduces the work involved in our event investigation by streamlining the processes and making automation effective. Event investigation is much faster. If someone is looking for a comprehensive solution, Microsoft Sentinel is a good choice. It will fulfill all our needs, including attack detection, threat visibility, and response. Overall, I rate the solution an eight out of ten.
Read full review
AB
Jul 4, 2023
A stable solution that has a number of available connectors and is simple to automate
Fortinet FortiSOAR is a platform that allows you to orchestrate a lot of different solutions to automate response and follow all the incidents you are tracking between all your devices and the data collected The most valuable feature of Fortinet FortiSOAR is the number of available connectors and…
Read full review
Ricardo Franco Mahecha - PeerSpot reviewer
Sep 8, 2023
A highly scalable solution that can be used to get a better view of the security of endpoints and workstations
VMware Carbon Black Cloud is a good home office tool for people working outside the office VMware Carbon Black Cloud helped us to get a better view of the security of endpoints and workstations. The most valuable feature of VMware Carbon Black Cloud is the possibility of securing any PC…
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The automation rules and playbooks are the most useful that I've seen. A number of other places segregate the automation and playbook as separate tools, whereas Microsoft is a SIEM and SOAR tool in one."
"I believe one of the main advantages is Microsoft Sentinel's seamless integration with other Microsoft products."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL."
"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
More Microsoft Sentinel pros
"The good news is that FortiSOAR is not hard to maintain. If you prepared well and deployed strong initially, then maintenance will take half an hour every other week, not more than that. A single person can do it."
"The solution's most valuable feature is playbook creation, which allows us to integrate all data ingestion into the same platform."
"The solution is easy to implement and includes 450 built-in connectors."
"The initial setup is straightforward."
"It's great that the solution is integrated with FortiAnalyzer."
"It has a quick detection and response time."
"The most valuable feature of Fortinet FortiSOAR is the playbook, which has to be defined to apply the policies."
"It is a scalable solution...The implementation phase of the product was not tough or difficult."
More Fortinet FortiSOAR pros
"For setup, the server can be given to you as a VM image and with minimal configuration needed."
"Threat hunting is the most valuable feature of VMware Carbon Black Cloud."
"They're highly stable in comparison with other solutions I have."
"The most valuable feature is its ability to seek out abnormal activity and to create alerts."
"Integration and scalability are the most valuable."
"Probably the most valuable feature of CB Response is its ability to isolate a host and take it off the network, so it's not spreading anything. We have two security operations centers around the globe. When an SOC analyst sees something on an endpoint, they can use Carbon Black Response to isolate that host from the customer's environment and prevent any kind of lateral spread."
"The ability to quickly isolate a system from the network, while still being able to perform some forensics and mitigation work remotely, was of great value to us since we had many mobile and distributed systems."
"The most valuable feature of VMware Carbon Black Cloud is the possibility of securing any PC worldwide."
More VMware Carbon Black Cloud pros
 

Cons

"I would like to see more AI used in processes."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"Sentinel provides decent visibility, but it's sometimes a little cumbersome to get to the information I want because there is so much information. I would also like to see more seamless integration between Sentinel and third-party security products."
"I would like Sentinel to have more out-of-the-box analytics rules. There are already more than 400 rules, but they could add more industry-specific ones. For example, you could have sets of out-of-the-box rules for banking, financial sector, insurance, automotive, etc., so it's easier for people to use it out of the box. Structuring the rules according to industry might help us."
"At the network level, there is a limitation in integrating some of the switches or routers with Microsoft Sentinel. Currently, SPAN traffic monitoring is not available in Microsoft Sentinel. I have heard that it is available in Defender for Identity, which is a different product. It would be good if LAN traffic monitoring or SPAN traffic monitoring is available in Microsoft Sentinel. It would add a lot of value. It is available in some of the competitor products in the market."
"There is room for improvement in entity behavior and the integration site."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
More Microsoft Sentinel cons
"Fortinet's tech support overall is not great when they are at their best."
"Technical support could be improved."
"I don't currently see where the solution is lacking features. For us and for our clients it works very well and we're pleased with it."
"Fortinet FortiSOAR's dashboard is not easy to understand."
"The solution lacks proper documentation, so we have to test and trial each playbook and integration."
"The UI design of the solution needs to be changed since it can get difficult for a newbie to operate."
"I have found that Fortinet FortiSOAR needs a lot of improvement. The Orchestration needs to be improved."
"Fortinet FortiSOAR should add more documentation for some use cases."
More Fortinet FortiSOAR cons
"It's not simple."
"The cloud console has a lot of bugs and issues in the analysis part."
"They have different products, but if we wanted to take their protection and their EPR, then we would need to have two agents"
"The threat intelligence feed could use some fine tweaking."
"Setup is incredibly complex and poorly documented. Every time an upgrade was needed we would need to engage Professional Services for troubleshooting help. Certificates and web services proved to be the most significant sticking points. Since the product runs on a Linux platform, perhaps having staff with more Linux experience could have alleviated some difficulty."
"They need to improve the batch console. It needs more capabilities. We are limited by the ones it provides..."
"The dashboard should be more user-friendly."
"The solution can only handle about 500 bans or blocks."
More VMware Carbon Black Cloud cons
 

Pricing and Cost Advice

"Pricing is pay-as-you-go with Sentinel, which is good because it all depends on the number of users and the number of devices to which you connect."
"Microsoft is costlier. Some organizations may not be able to afford the cost of Sentinel orchestration and the Log Analytics workspace. The transaction hosting cost is also a little bit on the high side, compared to AWS and GCP."
"No license is required to make use of Sentinel, but you need to buy products to get the data. In general, the price of those products is comparable to similar products."
"Azure Sentinel is very costly, or at least it appears to be very costly. The costs vary based on your ingestion and your retention charges."
"Sentinel's pricing is on the higher side, but you can get a discount if you can predict your usage. You have to pay ingestion and storage fees. There are also fees for Logic Apps and particular features. It seems heavily focused on microtransactions, but they may be slightly optional. By contrast, Splunk requires no additional fee for their equivalent of Logic. You have a little more flexibility, but Sentinel's costs add up."
"It varies on a case-by-case basis. It is about $2,000 per month. The cost is very low in comparison to other SIEMs if you are already a Microsoft customer. If you are using the complete Microsoft stack, the cost reduces by almost 42% to 50%. Its cost depends on the number of logs and the type of subscription you have. You need to have an Azure subscription, and there are charges for log ingestion, and there are charges for the connectors."
"I'm not happy with the pricing on the integration with Defender for Endpoint. Defender for Endpoint is log-rich. There is a lot of information coming through, and it is needed information. The price point at which you ingest those logs has made a lot of my customers make the decision to leave that within the Defender stack."
"Cost-wise, Sentinel is based on the volume of information being ingested, so it can be quite pricey. The ability to use strategies to control what data is being ingested is important."
More Microsoft Sentinel pricing and cost advice
"Considering all the features of Fortinet FortiSOAR, I think it has a good price."
"Since Africa is struggling with foreign exchange, the solution is pretty expensive there."
"If you compare Fortinet FortiSOAR's price with the prices of the market leader, Palo Alto, then it can be considered a cheaper product."
"Pricing is fine compared to other solutions."
"The price of the product should be lower. The brand value that Fortinet has, it has the reputation of being a reasonably priced product, and they have an enormous customer base in India. Most of the SME market is covered by FortiGate firewalls. It becomes an easy way for consultants, such as us, or even system integrators, to open the door with the Fortinet product lines."
"The solution offers both licensing and subscription models that are similar in price to other products."
"Fortinet FortiSOAR is expensive."
"Fortinet FortiSOAR is an expensive solution."
"Pricing for this solution could be made lower."
"VMware Carbon Black Cloud is an expensive solution."
"The solution is very inexpensive so there is great cost savings to using it."
"Purchase Professional Services up front as part of the implementation package, then renew hours annually to ensure you have adequate support for upgrades and enhancements. Overbuy by at least 10% to account for infrastructure growth."
"You need to pay for the licensing of the product. The pricing is costly."
"We had no issues purchasing through our preferred reseller and were able to get a fair price even when not purchasing direct. Carbon Black Enterprise Response didn’t break the bank, though adding on the matching antivirus and anti-malware components of the Protect product was more than we could afford, even with some discounting. Cb Response is really designed to complement Carbon Black’s Defense product. While Response can be used on its own, coupling with Defense seems like the best strategy if you can afford the price tag."
report
See which vendors are best for you
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
See recommendations
789,135 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
16%
Financial Services Firm
10%
Government
9%
Manufacturing Company
7%
Computer Software Company
17%
Financial Services Firm
10%
Government
9%
Educational Organization
5%
Financial Services Firm
16%
Computer Software Company
16%
Energy/Utilities Company
8%
Real Estate/Law Firm
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

Is there a common threat intelligence tool that aggregates multiple threat intelligence sources?
Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel an...
See all answers
What is a better choice, Splunk or Azure Sentinel?
It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for ingest...
See all answers
Which is better - Azure Sentinel or AWS Security Hub?
We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel...
See all answers
What do you like most about Fortinet FortiSOAR?
Fortinet FortiSOAR is a very interactive and user-friendly solution.
See all answers
What is your experience regarding pricing and costs for Fortinet FortiSOAR?
Users have to pay a yearly subscription fee for the solution. Fortinet FortiSOAR's pricing is fair compared to other ...
See all answers
What needs improvement with Fortinet FortiSOAR?
The solution’s pricing could be improved. I know that Fortinet already has an ROI calculator inside FortiSOAR. I also...
See all answers
What to choose: an endpoint antivirus, an EDR solution or both?
I can recommend Carbon Black, an award-winning next-gen anti-virus (NGAV) and endpoint detection and response (EDR) s...
See all answers
What's the difference between Carbon Black CB Response and Carbon Black CB Defense?
Carbon Black offers two different levels of Endpoint Detection and Response. One is the VM Carbon Black Cloud Endpoin...
See all answers
What do you like most about Carbon Black CB Response?
Threat hunting is the most valuable feature of VMware Carbon Black Cloud.
See all answers
 

Comparisons

AWS Security Hub vs Microsoft Sentinel Logo
AWS Security Hub vs Microsoft Sentinel
Compared 17% of the time
IBM Security QRadar vs Microsoft Sentinel Logo
IBM Security QRadar vs Microsoft Sentinel
Compared 12% of the time
Wazuh vs Microsoft Sentinel Logo
Wazuh vs Microsoft Sentinel
Compared 6% of the time
Splunk Enterprise Security vs Microsoft Sentinel Logo
Splunk Enterprise Security vs Microsoft Sentinel
Compared 5% of the time
Elastic Security vs Microsoft Sentinel Logo
Elastic Security vs Microsoft Sentinel
Compared 5% of the time
More Microsoft Sentinel Competitors
Palo Alto Networks Cortex XSOAR vs Fortinet FortiSOAR Logo
Palo Alto Networks Cortex XSOAR vs Fortinet FortiSOAR
Compared 43% of the time
Splunk SOAR vs Fortinet FortiSOAR Logo
Splunk SOAR vs Fortinet FortiSOAR
Compared 14% of the time
Swimlane vs Fortinet FortiSOAR Logo
Swimlane vs Fortinet FortiSOAR
Compared 9% of the time
ServiceNow Security Operations vs Fortinet FortiSOAR Logo
ServiceNow Security Operations vs Fortinet FortiSOAR
Compared 6% of the time
Cisco SecureX vs Fortinet FortiSOAR Logo
Cisco SecureX vs Fortinet FortiSOAR
Compared 5% of the time
More Fortinet FortiSOAR Competitors
VMware Carbon Black Endpoint vs VMware Carbon Black Cloud Logo
VMware Carbon Black Endpoint vs VMware Carbon Black Cloud
Compared 34% of the time
Fidelis Elevate vs VMware Carbon Black Cloud Logo
Fidelis Elevate vs VMware Carbon Black Cloud
Compared 24% of the time
Rapid7 InsightIDR vs VMware Carbon Black Cloud Logo
Rapid7 InsightIDR vs VMware Carbon Black Cloud
Compared 15% of the time
Palo Alto Networks Cortex XSOAR vs VMware Carbon Black Cloud Logo
Palo Alto Networks Cortex XSOAR vs VMware Carbon Black Cloud
Compared 14% of the time
Splunk SOAR vs VMware Carbon Black Cloud Logo
Splunk SOAR vs VMware Carbon Black Cloud
Compared 13% of the time
More VMware Carbon Black Cloud Competitors
 

Product Reports

Buyer's Guide
Microsoft Sentinel
June 2024
Microsoft Sentinel reportDownload Microsoft Sentinel product report
Buyer's Guide
Security Orchestration Automation and Response (SOAR)
June 2024
Fortinet FortiSOAR reportDownload Fortinet FortiSOAR product report
Buyer's Guide
VMware Carbon Black Cloud
May 2024
VMware Carbon Black Cloud reportDownload VMware Carbon Black Cloud product report
 

Also Known As

Azure Sentinel
CyberSponse, FortiSOAR
Carbon Black CB Response
 

Learn More

Microsoft
Fortinet
VMware
 

Overview

Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

- Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

- Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

- Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

- Respond to incidents rapidly with built-in orchestration and automation of common tasks

To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

Fortinet FortiSOAR (Security Orchestration, Automation, and Response) is a comprehensive security operations platform created to help SOC teams effectively respond to the growing volume of alarms, repetitive manual tasks, and resource shortage. This patented and customizable security operations workbench provides companies with automated playbooks, incident triaging, and real-time remediation to identify, defend, and counter threats. FortiSOAR effortlessly integrates with more than 350 security products and performs more than 3,000 actions to increase SOC team productivity. With this solution, response times are accelerated, containment is simplified, and mitigation times are cut from hours to seconds.

Fortinet FortiSOAR Features

Fortinet FortiSOAR has many valuable key features. Some of the most useful ones include:

  • Streamlined, role-based incident management: With the help of FortiSOAR's Enterprise Role-Based Incident Management solution, businesses can handle sensitive data in accordance with SOC rules and guidelines while maintaining strong field level role-based access control.
  • Visual Playbook Builder: FortiSOAR's Visual Playbook Designer enables SOC teams to efficiently create, build, debug, control, and deploy playbooks.
  • Truly multi-tenant: FortiSOAR is a truly distributed multi-tenant solution with a scalable, resilient, secure, and distributed architecture that enables MSSPs to offer MDR-like services while supporting operations in regional and global SOC environments.

Fortinet FortiSOAR Benefits

There are many benefits to implementing Fortinet FortiSOAR. Some of the biggest advantages the solution offers include:

  • Manage security alerts, incidents, indicators, assets, and tasks using a streamlined, user-friendly GUI.
  • By eliminating false positives and concentrating solely on the important alerts, the SOC team can work more productively.
  • Track ROI, MTTD, and MTTR with configurable reports and dashboards.
  • Automate using the Visual Playbook Designer's 3,000+ actions for automated workflows and connections and 350+ security platform integrations.
  • Reduce human error by using concise, auditable playbooks and custom modules to handle constantly changing investigative requirements.
  • From a single, collaborative console, scale your network security solution with a multi-tenant distributed architecture.
  • Detect real threats with automatic false positive filtering and forecast similar threats and campaigns with FortiSOAR's ML-powered recommendation engine.
  • Reduce repetitive activities by using automation, incident correlation, threat intelligence, and vulnerability data.
  • Utilize the built-in Incident War Room to streamline crisis management and collaborative P1 incident investigations.
  • Reduce the time it takes to find security incidents from hours to seconds.
  • Use the FortiSOAR mobile app to keep informed and make important decisions while you're on the go.
  • Utilizing the Connector Builder Wizard, you can quickly create and edit connectors within the product's user interface.
  • Flexible deployment options: VM, hosted, or cloud. Available on FortiCloud, AWS, Azure, and as management extensions on FAZ/FMG.

Reviews from Real Users

Another PeerSpot reviewer, a Vice President of Global Technology Infrastructure Automation at a financial services firm, notes of the product, “The most valuable feature is its centralization as you don't want to be going to different locations to correlate items or to piece anything together to derive meaningful insights.”

Zaidoon A., sales product manager at Nourneti, writes, “I like that the solution is integrated with FortiAnalyzer. The solution is scalable. The solution is stable.”

Fortify Endpoint and Workload Protection Legacy approaches fall short as cybercriminals update tactics and obscure their actions. Get advanced cybersecurity fueled by behavioral analytics to spot minor fluctuations and adapt in response. Recognize New Threats Analyze attackers’ behavior patterns to detect and stop never-before-seen attacks with continuous endpoint activity data monitoring. Don’t get stuck analyzing only what’s worked in the past. Simplify Your Security Stack Streamline the response to potential incidents with a unified endpoint agent and console. Minimize downtime responding to incidents and return critical CPU cycles back to the business.
 

Sample Customers

Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
Information Not Available
ALLETE belk
Buyer's Guide
Security Orchestration Automation and Response (SOAR)
June 2024
Download Free Report
Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR). Updated: June 2024.
DOWNLOAD NOW
789,135 professionals have used our research since 2012.

We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.