We compared Microsoft Defender for Endpoint and VMware Carbon Black Endpoint based on our users reviews in five parameters. After reading the collected data, you can find our conclusion below:
Comparison Results: The reviews suggest that Microsoft Defender for Endpoint is commended for its simple installation process, seamless integration with Windows, and effective detection and correlation of threats. However, it may suffer from a lack of clarity in its licensing model and limitations in its user interface, security features, and customization options. On the other hand, VMware Carbon Black Endpoint may present a more challenging initial setup and higher pricing. Nevertheless, it offers advanced functionalities, robust protection against attacks, extensive integration possibilities, and a highly acclaimed EDR capability. It is noted that improvements are needed in terms of management, graphical user interface, compatibility, and technical support. Overall, both products possess their individual strengths and weaknesses.
"Forensics is a valuable feature of Fortinet FortiEDR."
"This is stable and scalable."
"Additionally, when it comes to EDR, there are more tools available to assist with client work."
"Fortinet is very user-friendly for customers."
"Fortinet FortiEDR's scalability is quite good, and you can add licenses to the solution."
"It is a scalable solution...The initial setup of Fortinet FortiEDR was straightforward."
"The setup is pretty simple."
"The solution was relatively easy to deploy."
"The patch updates and version updates are very good. Those happen on an automated basis whenever I'm connecting to the organization network, either through LAN or through the VPN."
"The performance of Microsoft Defender for Endpoint has been good."
"Defender works in the background monitoring the traffic for viruses."
"I like the process visibility. This ability to visualize how something was executed is valuable, and the fact that Defender ATP is also linked to the threat intelligence that they have is also valuable. So, even if you have something that doesn't have a conventional signature, the fact that you get this strange execution means that you can detect things that are normally not visible."
"The EDR feature is most valuable."
"Microsoft Defender for Endpoint is free and part of the licensing stack of other Microsoft products."
"In my opinion, the most valuable aspects are the reporting analytics and integration with Sentinel. Defender does an excellent job of correlating the different entities that comprise threat analysis, analytics data, and log analytics. It helps to piece together investigations into any exploit or malicious activity within a specific tenant. AI and analytics tools are probably the most valuable components."
"It is quite stable. We have not had any cases, i.e., viruses, that would require a reboot, etc. We have never had a situation where we needed to reinstall the tools as a result of the Defender application or a feature being corrupt."
"The product allows us to focus on endpoint and antivirus protection."
"The tool is pretty stable."
"The biggest feature out of CarbonBlack is its ability to dive in with more depth. You can look at the entire kill chain and understand, not only if an alarm or identified incident is truly a true security issue versus a false positive, and it allows us to backtrack and figure out why it actually happened and how it got into the environment."
"Carbon Black Cb Defense has a nice component called Alert Triage. It contains full details of the process execution "kill chain" and "go live" for immediate remediation."
"The solution has a library where we can have multiple threat intels onboarded. We just have to subscribe to a particular site intel and they'll provide us with all of the truncated details so that we can create IOCs and alerts on the basis of those IOCs."
"Behavioral Monitoring stops known malicious events before they even begin."
"It is stable and easy to set up."
"The solution has a very nice API on the back end for remoting into a system and executing scripts or utilizing self automation."
"The dashboard isn't easy to access and manage."
"The security should be strong for the cloud. Some applications are on-prem and some are on the cloud. Fortinet should also have strong security for the cloud. There should be more security for the cloud."
"There's room for improvement in the quick response time and technical support for integration issues, especially when dealing with multiple vendors."
"We find the solution to be a bit expensive."
"To improve Fortinet, we need to see more features and technology areas at the endpoint level introduced."
"We've encountered challenges during API deployment, occasionally resulting in unstable environments."
"They can include the automation for the realtime updates. We have a network infrastructure with remote sites. Whenever they send updates, they are not automated. We have to go into the console and push those updates. I wish it was more automated. The update file is currently around 31 MB. It could be smaller."
"The amount of usage, the number of details we get, or the number of options that can be tweaked is limited in comparison to that with other EDR solutions"
"I would like Microsoft to have some kind of direct integration for USB controls. They have GPO and other controls to control the access of the USB drives on devices, but if there is something that can be directly implemented into the portal, it would be good. There should be a way to control via a cloud portal or something like that in a dynamic way. USB control for data exfiltration would be a good feature to implement. Currently, there are ways to do it, but it involves too many different things. You have to implement it via GPOs and other stuff, and then you move or copy those big files via Defender ATP. If there is a simple way of implementing those features, it would be great."
"There's a lot of manual effort involved to configure what we need."
"The time to generate certain alerts on our dashboard can take between 45 minutes to an hour, and I am unsure of the factors that influence this duration."
"Its interface can be improved a little bit. We would like to have some sort of centralization. It should have something like a central server that is managing all the other clients. There are solutions from Kaspersky or ESET NOD32 that are really doing this kind of thing currently. We would like to see something similar from Microsoft."
"Microsoft Defender for Endpoint is secure but when it comes to security all solutions could improve security."
"Defender could be more secure and stable."
"Microsoft Defender for Endpoint could improve by adding more security features."
"Updates are not coming out of preview quickly enough and it is holding back on the development of the product."
"What was rolled out to my company are mixed versions of Carbon Black CB Defense, so what I'd like to see in the next release is more synchronization, where it can detect the endpoint that's running an old version and suggest updates."
"In my company, we face issues sometimes when there is a need to write custom rules or we want to write for some rules that are different from the standard rules provided by the solution."
"The solution needs expanded endpoint query tools."
"I would personally give the tech support a rating of seven out of ten."
"The solution needs better overall compatibility with other products."
"The solution has to mature on container security and a lot of cloud environment security."
"Carbon Black has limited capability to integrate with Rapid7."
"The feature set for the firewall needs improvement."
More Microsoft Defender for Endpoint Pricing and Cost Advice →
Microsoft Defender for Endpoint is ranked 1st in Endpoint Protection Platform (EPP) with 182 reviews while VMware Carbon Black Endpoint is ranked 16th in Endpoint Protection Platform (EPP) with 62 reviews. Microsoft Defender for Endpoint is rated 8.0, while VMware Carbon Black Endpoint is rated 8.0. The top reviewer of Microsoft Defender for Endpoint writes "Eliminates the need to look at multiple dashboards by automatically providing one XDR dashboard to show the security score of each subscription". On the other hand, the top reviewer of VMware Carbon Black Endpoint writes "Centralization via the cloud allows us to protect and control people working from home". Microsoft Defender for Endpoint is most compared with Symantec Endpoint Security, Intercept X Endpoint, SentinelOne Singularity Complete, CrowdStrike Falcon and Microsoft Intune, whereas VMware Carbon Black Endpoint is most compared with CrowdStrike Falcon, Trend Micro Deep Security, SentinelOne Singularity Complete, Symantec Endpoint Security and Cortex XDR by Palo Alto Networks. See our Microsoft Defender for Endpoint vs. VMware Carbon Black Endpoint report.
See our list of best Endpoint Protection Platform (EPP) vendors and best Endpoint Detection and Response (EDR) vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.