We performed a comparison between VMware Carbon Black Cloud and VMware Carbon Black Endpoint based on real PeerSpot user reviews.
Find out in this report how the two Security Incident Response solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Forensics is a valuable feature of Fortinet FortiEDR."
"The setup is pretty simple."
"Fortinet FortiEDR's firewalling, rule creation, monitoring, and inspection profiles are great."
"NGAV and EDR features are outstanding."
"The product detects and blocks threats and is more proactive than firewalls."
"Fortinet has helped free up around 20 percent of our staff's time to help us out."
"The stability is very good."
"Fortinet is very user-friendly for customers."
"We are able to remotely isolate exploited endpoints in seconds and perform a live deep dive of any endpoint into its running processes (as necessary) without the need for extra scripts."
"The solution does very well as a baseline EDR and provides good process-level management."
"Carbon Black insures the probability that any ransomware will be stopped before spreading."
"Probably the most valuable feature of CB Response is its ability to isolate a host and take it off the network, so it's not spreading anything. We have two security operations centers around the globe. When an SOC analyst sees something on an endpoint, they can use Carbon Black Response to isolate that host from the customer's environment and prevent any kind of lateral spread."
"We also took full advantage of its incident response reporting capabilities to act as a “black box” for our infrastructure around strings of suspicious activity. The reporting and incident response capabilities were incredibly helpful during active security concerns."
"Carbon Black Cb Response excels at providing context to indicators when responding to incidents. It allows responders to understand the entire scope of an incident and quickly contain it to minimize impact and disruption."
"The most valuable features are its lightweight design, ensuring minimal impact on end-users, and its real-time protection."
"The most valuable feature of VMware Carbon Black Cloud is the possibility of securing any PC worldwide."
"It has intelligent learning behind it and we have been very successful in preventing attacks."
"The biggest feature out of CarbonBlack is its ability to dive in with more depth. You can look at the entire kill chain and understand, not only if an alarm or identified incident is truly a true security issue versus a false positive, and it allows us to backtrack and figure out why it actually happened and how it got into the environment."
"Behavioral Monitoring stops known malicious events before they even begin."
"The product allows us to focus on endpoint and antivirus protection."
"Once the solution is installed and configured correctly it does not require a lot of hands-on attention until you need upgrading."
"The offline networking is the most important feature. Some of our users are engineers that work offsite, and they can still be on the solution, which is also great."
"Some of the valuable features I have found are the online documentation of the solution is well organized and thorough. I like the simplicity of bypass and the visualization of the active components."
"It actually does some heuristics, and some behavioral analysis."
"The security should be strong for the cloud. Some applications are on-prem and some are on the cloud. Fortinet should also have strong security for the cloud. There should be more security for the cloud."
"Making the portal mobile friendly would be helpful when I am out of office."
"I think cloud security and SASE are areas of concern in the product where improvements are required. The tool's cloud version has to be improved in terms of the security it offers."
"It takes about two business days for initial support, which is too slow in urgent situations."
"To improve Fortinet, we need to see more features and technology areas at the endpoint level introduced."
"The solution's installation from a central installation server could be improved because the engineers had a little bit of trouble getting it installed from a central location."
"The solution is not stable."
"The dashboard isn't easy to access and manage."
"There have been some performance issues when deploying on Windows Server, but I believe Carbon Black is working on that."
"The product detects too many false positives initially and it could integrate better with other security solutions."
"Additionally, it is complex to use, and the pricing should be improved."
"The biggest issue I encountered was one where old logs were not being overwritten as expected so the system drive kept filling up from time to time. However, support was usually quite responsive and happy to jump on a remote session to take a look at it for us. That log bug has probably been resolved with an update by now."
"One area for improvement is the maturity of its vulnerability features."
"The cloud console has a lot of bugs and issues in the analysis part."
"The solution's support could be improved."
"The support team of Carbon Black CB Response needs improvement. At present, they need a lot of information. Then they give you an answer that they already gave you. You tell them it didn't work, and then they take a long time."
"It would be nice to have additional forensic tools that you can build into the back end."
"The EDR portion could be better. I'm not a big fan, but it works."
"There is room for improvement in the support and service team."
"Sensor deployment requires extensive fine-tuning, and creating deployment packages is time-consuming."
"The UI interface needs improvement. The management needs further work in future versions."
"In our company, we also wanted to have network detection, like a host-based IDS on VMware Carbon Black Endpoint, but we did not get it."
"Performing a malware scan usually takes a lot of time, more than 24 hours."
"There are many different controls that are needed to be put into place for upgrading that makes it difficult. Having to re-engineer your IT infrastructure to match their software, as opposed to having it integrate and work independently causes difficulties. When there is an update to any software everyone has to be involved."
VMware Carbon Black Cloud is ranked 2nd in Security Incident Response with 18 reviews while VMware Carbon Black Endpoint is ranked 1st in Security Incident Response with 61 reviews. VMware Carbon Black Cloud is rated 8.4, while VMware Carbon Black Endpoint is rated 8.0. The top reviewer of VMware Carbon Black Cloud writes " Shows promise for endpoint detection and response, with room for improvement in complexity and pricing ". On the other hand, the top reviewer of VMware Carbon Black Endpoint writes "Centralization via the cloud allows us to protect and control people working from home". VMware Carbon Black Cloud is most compared with Fidelis Elevate, Splunk SOAR and Palo Alto Networks Cortex XSOAR, whereas VMware Carbon Black Endpoint is most compared with CrowdStrike Falcon, Microsoft Defender for Endpoint, Trend Micro Deep Security, SentinelOne Singularity Complete and Tanium. See our VMware Carbon Black Cloud vs. VMware Carbon Black Endpoint report.
See our list of best Security Incident Response vendors and best EDR (Endpoint Detection and Response) vendors.
We monitor all Security Incident Response reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Carbon Black offers two different levels of Endpoint Detection and Response. One is the VM Carbon Black Cloud Endpoint Standard (CB Defense), and the other is the Carbon Black Endpoint Detection and Response (EDR). We reviewed both and chose the CB Defense.
CB Defense is a next-generation antivirus and endpoint security solution. It uses machine learning and behavioral analytics to monitor endpoint activity and discover malicious activity. Once CB Defense detects a threat, it efficiently blocks harmful apps. It not only prevents any known threats but also prevents suspicious applications from running.
One of the advantages of CB Defense is that it protects multiple types of devices (desktops, laptops, and servers). It is a solution that works well for small and large organizations. We like the ease of use and visibility of the management portal. You can see the activity on all protected endpoints. Configuring policies is simple, too.
The only downside of CB Defense is that you cannot scan individual files on the endpoint.
Carbon Black Endpoint Detection and Response (EDR) is geared more to security operation center teams (SOC) with hybrid or on-premises environments. Unlike CB Defense, Carbon Black EDR stores endpoint activity data. This feature helps security analysts visualize the attack kill chain. Although focused on an on-premises environment, the platform uses the VMWare Carbon Black Cloud’s threat intelligence.
CB Response enables security teams to investigate an endpoint for suspicious activity. An advantage is that you can perform different types of investigations. Other advantages include seeing the process tree view of the endpoint and isolating and pulling files from a host. We also liked that you can see a timeline of changes made to a system. The defensive abilities are not as advanced as CB Defense, though.
Conclusion
Both solutions protect endpoints with advanced features. CB Defense is more useful for organizations. CB EDR offers deeper investigation features so that it could be a better solution for SOCs.