We performed a comparison between Carbon Black CB Defense and CrowdStrike Falcon based on real PeerSpot user reviews.
Find out in this report how the two EPP (Endpoint Protection for Business) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."appreciate the File Trajectory feature, as it's excellent for an analyst or mobile analyst. I can track everything that happens on our server from my PC or device. Integration with SecureX is a welcome feature because it connects Cisco's integrated security portfolio with our complete infrastructure. Sandboxing is helpful, and integration with the Cisco environment is excellent as we use many of their products, and that's very valuable for us."
"The most valuable feature is its threat protection and data privacy, including its cyber attack and data protection, as we need to cover and protect data on user devices."
"Definitely, the best feature for Cisco Secure Endpoint is the integration with Talos. On the backend, Talos checks all the signatures, all the malware, and for any attacks going on around the world... Because Secure Endpoint has a connection to it, we get protected by it right then and there."
"The integration with other Cisco products seemed to be really effective. We had Umbrella in place and we were using AnyConnect as well as Firepower. Once a threat was detected, being able to do the threat lookups and the live tracking was really useful."
"The threat Grid with the ability to observe the sandboxing, analyze, and perform investigations of different malicious files has been great."
"It's quite simple, and the advantage I see is that I get the trajectory of what happened inside the network, how a file has been transmitted to the workstation, and which files have got corrupted."
"Cisco has definitely improved our organization a lot. In terms of business, our company feels safer. We actually switched from legacy signature-based solutions to threat intelligence-based and machine learning-based solutions, which is Cisco Secure. This has improved our security significantly, from 10% of signature-based technology security to 99.9% of the current one which we are running. We were happy."
"Another of my favorite features is called the Device Trajectory, where it shows everything that's going on, on a computer. It shows the point in time when a virus is downloaded, so you can see if the user was surfing the internet or had a program open. It shows every running process and file access on the computer and saves it like a snapshot when it detects something malicious. It also has a File Trajectory, so you can even see if that file has been found on any of your other computers that have AMP."
"The best feature of this solution is that we have a live response, which is really tailored to our needs."
"The initial setup is very easy."
"The solution is stable."
"The solution has a library where we can have multiple threat intels onboarded. We just have to subscribe to a particular site intel and they'll provide us with all of the truncated details so that we can create IOCs and alerts on the basis of those IOCs."
"It is a scalable solution...The initial setup was straightforward."
"The product is pretty strong in terms of security and their features are very good in that respect."
"It is a very complete platform."
"We can access computers remotely if we need to."
"The scalability is good."
"The EDR is amazing and ease of integration with Splunk is a big plus. Integration with BigQuery is also a plus for me and workflow creation is easy. Overall, CrowdStrike Falcon is a great product."
"CrowdStrike Falcon's most valuable features are the lightweight agent which has absolutely zero performance issues. There is no performance deterioration on the laptop on the network. It is a signature-less antivirus and anti-malware solution, it doesn't depend on signatures which better protects the systems."
"The most valuable feature is the machine learning that they use to check certain patterns in the endpoint devices. It checks the whole ecosystem or entire environment."
"The most valuable features in CrowdStrike Falcon are the full EDR with antivirus, hunting, reporting, and RTR remote control."
"CrowdStrike Falcon is effortless to use, and it's a cloud-specific platform. You only need to deploy the light agents on the licensed endpoints, and you're ready to work. Your dashboards will tell you the number of the endpoints being protected and the incidents. There are also incident dashboards with alerts that will tell you about the details."
"Easy to use, intelligent, and stable threat detection software."
"The most valuable feature of CrowdStrike Falcon is its accuracy."
"In Orbital, there are tons of prebuilt queries, but there is not a lot of information in lay terms. There isn't enough information to help us with what we're looking for and why we are looking for it with this query. There are probably a dozen queries in there that really focus on what I need to focus on, but they are not always easy to find the first time through."
"It could be improved in connection with artificial intelligence and IoT."
"They could improve the main dashboard to more clearly show me the things that I want to see. When I open the dashboard right now, I see a million things and they are not always the things that I need."
"An easier way to do deduplication of machines, or be alerted to the fact that there's more than one instance of a machine, would be useful... That way you could get a more accurate device count, so you're not having an inflated number."
"We don't have issues. We think that Cisco covers all of the security aspects on the market. They continue to innovate in the right way."
"Logging could be better in terms of sending more logs to Cisco Firepower or Cisco ASA. That's an area where it could be made better."
"The Linux agent is a simple offline classic agent, and it doesn't support Secure Boot, which is important to have on a Linux machine. The Linux agent has conflicts with other solutions, including the Exploit Prevention system found in Windows servers. We didn't find a fix during troubleshooting, and Cisco couldn't offer one either. Eventually, we had to shut down the Exploit Prevention system. We didn't like that as we always want a solution that can fit smoothly into the setup without causing problems, especially where security is concerned. The tool also caused CPU spikes on our production machine, and we were seriously considering moving to another product."
"Cisco is good in terms of threat intelligence plus machine learning-based solutions, but we feel Cisco is lagging behind in using artificial intelligence in its systems."
"I haven't run into anything that needs improvement. The website interface can be a little bit better, but it's still good as compared to most others."
"The local technical support is very poor, but the support from headquarters is very nice."
"They will most likely need to create or include a feature that checks the network."
"I am not sure whether Carbon Black CB Defense can be considered as a stable solution or not."
"A search bar in the investigation page and some AI-related tasks like outgoing alerts, or recent tactics that are being used in the market, must be embedded in the tool so that it's easier to find alerts."
"The solution would be more effective if there was a way to block automatically based on behavior."
"There could be more knowledge. I think they made a mistake when they took away the Check Point integration, because it provides more automation and also more threat intelligence."
"Occasionally, we'll have issues with the latest version and they'll basically tell us that they will improve it in the next iteration. They need to work on their version release quality."
"Dashboard creation is one of the areas for improvement in CrowdStrike Falcon. Sometimes, management asks for a custom dashboard, so my team has to collect data from CrowdStrike Falcon, integrate that in Splunk, then create the dashboard in Splunk. The Splunk dashboard is more elaborate, so the CrowdStrike Falcon dashboard needs improvement. Another area for improvement in the tool is the malware detection report, as it needs to be more detailed and include some graphics so that if you want to present that data in a nutshell, it's easier to do. For example, the report should consist of some graphical representation that shows a month's worth of data. In terms of an additional feature I'd like CrowdStrike Falcon to have, it's the device posture assessment feature that detects the device posture within the network. Whichever device connects to the corporate network, my company should be able to analyze the device posture. Then there should be communication with the network, which means that as soon as a device connects, CrowdStrike Falcon can assess the device posture, detect its corporate asset, and decide whether it should be allowed on the network."
"CrowdStrike Falcon could improve the EDR functionality. Once the functionality of the solution improves, it will be even better in the market and able to compete with Carbon Black."
"CrowdStrike costs a little more than its competitors."
"CrowdStrike Falcon could improve the logs by making them free to the API."
"CrowdStrike should add support for ransomware protection."
"CrowdStrike Falcon could improve if it became an XDR. When we look only to an end-point, we lost the context of the environment. I know it's another line of design of the product. However, if CrowdStrike becomes an XDR, it could be very good."
"The performance could be better."
"Forensic controls have room for improvement."
Protect your organization from all threats - not just malware - even when computers and servers aren’t connected to the internet. Start your free trial and deploy CrowdStrike Falcon within minutes to start receiving full threat protection.
Carbon Black CB Defense is ranked 15th in EPP (Endpoint Protection for Business) with 25 reviews while CrowdStrike Falcon is ranked 2nd in EPP (Endpoint Protection for Business) with 50 reviews. Carbon Black CB Defense is rated 7.6, while CrowdStrike Falcon is rated 8.6. The top reviewer of Carbon Black CB Defense writes "The manage, detect, and response feature enables Carbon Black to continuously check logs and advise us on how to improve some of the policies". On the other hand, the top reviewer of CrowdStrike Falcon writes "Robust threat hunting and great ability to do on-keyboard remote response and quarantining of devices". Carbon Black CB Defense is most compared with Microsoft Defender for Endpoint, SentinelOne Singularity Complete, Trend Micro Deep Security, Secureworks Red Cloak Threat Detection and Response and Symantec Endpoint Security, whereas CrowdStrike Falcon is most compared with Microsoft Defender for Endpoint, SentinelOne Singularity Complete, Darktrace and Trend Micro Deep Security. See our Carbon Black CB Defense vs. CrowdStrike Falcon report.
See our list of best EPP (Endpoint Protection for Business) vendors, best Ransomware Protection vendors, and best EDR (Endpoint Detection and Response) vendors.
We monitor all EPP (Endpoint Protection for Business) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.