We performed a comparison between VMware Carbon Black Cloud and VMware Carbon Black Endpoint based on real PeerSpot user reviews.
Find out in this report how the two Security Incident Response solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The setup is pretty simple."
"The price is low and quite competitive with others."
"Fortinet FortiEDR made our clients feel secure and more at ease, knowing that they had an EDR solution that would close the gap in their security posture."
"The product's initial setup phase is very easy."
"Forensics is a valuable feature of Fortinet FortiEDR."
"he solution is an anti-malware product that integrates well with other vendor products such as firewalls, SIEM, etc. It captures threat intelligence and gives you better visibility. The product also has sandboxing features."
"The stability is very good."
"The console is easy to read. I also like the scanning part and the ability to move assets from one to the other."
"Integration and scalability are the most valuable."
"Threat hunting is the most valuable feature of VMware Carbon Black Cloud."
"The market information they gather from the community is really good. Their configuration capabilities are good."
"It is nice when you're in a situation where you think someone's device is compromised and that there's some malware getting into your fleet."
"We are able to remotely isolate exploited endpoints in seconds and perform a live deep dive of any endpoint into its running processes (as necessary) without the need for extra scripts."
"The ability to quickly isolate a system from the network, while still being able to perform some forensics and mitigation work remotely, was of great value to us since we had many mobile and distributed systems."
"The most valuable features are its lightweight design, ensuring minimal impact on end-users, and its real-time protection."
"Carbon Black insures the probability that any ransomware will be stopped before spreading."
"I like its protection very much. It protects and allows us to lock the environment pretty tightly. Nothing that is not approved through Carbon Black can run in the environment. There is no default. Everything goes through Carbon Black Protect, and everything has to be first approved. Every software is considered to be guilty before prove innocent."
"You can deploy it through the cloud so that even if your stuff is outside of your controlled environment, you are still under control, based on the policies you create. The policies are controlled through the cloud. For example, if I don't allow anyone to do a certain activity or to install a particular app, and a consultant or a partner who is not part of our environment is doing so, it will stop them as well."
"The solution has a very nice API on the back end for remoting into a system and executing scripts or utilizing self automation."
"The whole purpose of the product, like application control, is very good, and also if you need to update some policies, it works well and instantly."
"It is stable and easy to set up."
"The EDR and reports were helpful in improving our organization."
"The best feature of this solution is that we have a live response, which is really tailored to our needs."
"There's lots of very useful documentation online to help troubleshoot and learn about the product."
"To improve Fortinet, we need to see more features and technology areas at the endpoint level introduced."
"Detections could be improved."
"I haven't seen the use of AI in the solution."
"The EDR console should have more extensive reporting. You shouldn't need to purchase FortiAnalyzer. It should be included in the EDR part. The security adviser cloud platform could be improved with more options for exclusive or intensive rules for devices."
"It takes about two business days for initial support, which is too slow in urgent situations."
"The only minor concern is occasional interference with desired programs."
"Cannot be used on mobile devices with a secure connection."
"The support needs improvement."
"The dashboard should be more user-friendly."
"They have different products, but if we wanted to take their protection and their EPR, then we would need to have two agents"
"The product detects too many false positives initially and it could integrate better with other security solutions."
"The cloud console has a lot of bugs and issues in the analysis part."
"The support team of Carbon Black CB Response needs improvement. At present, they need a lot of information. Then they give you an answer that they already gave you. You tell them it didn't work, and then they take a long time."
"Training and education for both partner and customer, including product marketing need to be improved."
"It's not simple."
"They need to improve the batch console. It needs more capabilities. We are limited by the ones it provides..."
"The directions for Splunk are spot on, but it is difficult to find anything on integration with AlienVault,"
"Carbon Black has limited capability to integrate with Rapid7."
"There could be more knowledge. I think they made a mistake when they took away the Check Point integration, because it provides more automation and also more threat intelligence."
"Occasionally, we'll have issues with the latest version and they'll basically tell us that they will improve it in the next iteration. They need to work on their version release quality."
"As far as I know, Carbon Defense has nothing that can be installed on mobile devices. It lacks a defense solution for mobile devices, especially mobile tablets. I would like to see support for mobile devices and the pricing should be less than the pricing for a normal workstation."
"The endpoint machines need improvement."
"Its compatibility can be improved. It did crash a server during deployment, which is not something that I want to happen. Its deployment should also be easier. The whole deployment cycle needs to be simplified. It is an enterprise solution, and to set it up right now, you have to be an expert."
"It is difficult to extract reports for ongoing scans"
VMware Carbon Black Cloud is ranked 2nd in Security Incident Response with 18 reviews while VMware Carbon Black Endpoint is ranked 1st in Security Incident Response with 62 reviews. VMware Carbon Black Cloud is rated 8.4, while VMware Carbon Black Endpoint is rated 8.0. The top reviewer of VMware Carbon Black Cloud writes " Shows promise for endpoint detection and response, with room for improvement in complexity and pricing ". On the other hand, the top reviewer of VMware Carbon Black Endpoint writes "Centralization via the cloud allows us to protect and control people working from home". VMware Carbon Black Cloud is most compared with Fidelis Elevate, Palo Alto Networks Cortex XSOAR, Splunk SOAR and Rapid7 InsightIDR, whereas VMware Carbon Black Endpoint is most compared with CrowdStrike Falcon, Microsoft Defender for Endpoint, Trend Micro Deep Security, SentinelOne Singularity Complete and Cortex XDR by Palo Alto Networks. See our VMware Carbon Black Cloud vs. VMware Carbon Black Endpoint report.
See our list of best Security Incident Response vendors and best Endpoint Detection and Response (EDR) vendors.
We monitor all Security Incident Response reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Carbon Black offers two different levels of Endpoint Detection and Response. One is the VM Carbon Black Cloud Endpoint Standard (CB Defense), and the other is the Carbon Black Endpoint Detection and Response (EDR). We reviewed both and chose the CB Defense.
CB Defense is a next-generation antivirus and endpoint security solution. It uses machine learning and behavioral analytics to monitor endpoint activity and discover malicious activity. Once CB Defense detects a threat, it efficiently blocks harmful apps. It not only prevents any known threats but also prevents suspicious applications from running.
One of the advantages of CB Defense is that it protects multiple types of devices (desktops, laptops, and servers). It is a solution that works well for small and large organizations. We like the ease of use and visibility of the management portal. You can see the activity on all protected endpoints. Configuring policies is simple, too.
The only downside of CB Defense is that you cannot scan individual files on the endpoint.
Carbon Black Endpoint Detection and Response (EDR) is geared more to security operation center teams (SOC) with hybrid or on-premises environments. Unlike CB Defense, Carbon Black EDR stores endpoint activity data. This feature helps security analysts visualize the attack kill chain. Although focused on an on-premises environment, the platform uses the VMWare Carbon Black Cloud’s threat intelligence.
CB Response enables security teams to investigate an endpoint for suspicious activity. An advantage is that you can perform different types of investigations. Other advantages include seeing the process tree view of the endpoint and isolating and pulling files from a host. We also liked that you can see a timeline of changes made to a system. The defensive abilities are not as advanced as CB Defense, though.
Conclusion
Both solutions protect endpoints with advanced features. CB Defense is more useful for organizations. CB EDR offers deeper investigation features so that it could be a better solution for SOCs.