We performed a comparison between Carbon Black CB Defense and Microsoft Defender for Endpoint based on our users’ reviews in four categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Based on the above comparison, Carbon Black CB Defense finishes ahead of Microsoft Defender Endpoint. Carbon Black CB Defense is very easy to deploy, is extremely scalable, and offers outstanding security protection. Users indicate that they feel the processor-based definitions is one of the features that make this solution most effective in keeping environments secure.
"Definitely, the best feature for Cisco Secure Endpoint is the integration with Talos. On the backend, Talos checks all the signatures, all the malware, and for any attacks going on around the world... Because Secure Endpoint has a connection to it, we get protected by it right then and there."
"I'm only using the AMP (advanced malware protection) which is protecting my file system from all the malicious things that might happen. It should protect all kinds of things that might happen on the servers, things that I cannot see."
"The biggest lesson that I have learned from using this product is that there is a lot more malware slipping through my email filters than I expected."
"The entirety of our network infrastructure is Cisco and the most valuable feature is the integration."
"appreciate the File Trajectory feature, as it's excellent for an analyst or mobile analyst. I can track everything that happens on our server from my PC or device. Integration with SecureX is a welcome feature because it connects Cisco's integrated security portfolio with our complete infrastructure. Sandboxing is helpful, and integration with the Cisco environment is excellent as we use many of their products, and that's very valuable for us."
"It is extensive in terms of providing visibility and insights into threats. It allows for research into a threat, and you can chart your progress on how you're resolving it."
"The threat Grid with the ability to observe the sandboxing, analyze, and perform investigations of different malicious files has been great."
"Among the most valuable features are the exclusions. And on the scalability side, we can integrate well with the SIEM orchestration engine and a number of applications that are proprietary or open source."
"The initial setup is pretty straightforward."
"The best feature of this solution is that we have a live response, which is really tailored to our needs."
"CB Defense is more powerful, and you can take more actions than others. Its security features and signatures are constantly updated, so it is more effective than other security solutions."
"We can access computers remotely if we need to."
"The product allows us to focus on endpoint and antivirus protection."
"I like the historical features, interface, and integration."
"Some of the valuable features I have found are the online documentation of the solution is well organized and thorough. I like the simplicity of bypass and the visualization of the active components."
"The solution is stable."
"It automatically detects intrusion and malware."
"It is quite stable. We have not had any cases, i.e., viruses, that would require a reboot, etc. We have never had a situation where we needed to reinstall the tools as a result of the Defender application or a feature being corrupt."
"Provides good security features and you can view it in the central console."
"The folders and files protection are its most valuable features. These have been valuable because of the increase in ransomware attacks. With these two features, I can ensure that no changes have been made to our system or endpoint folders and files without the user being aware."
"It can reach our applications and PC activities in the cloud."
"The scalability is good."
"The performance of Microsoft Defender for Endpoint has been good."
"Defender is stable enough and is competitive with the other products in the market."
"We had a lot of noise at the beginning, and we had to turn it down based on exclusions, application whitelisting, and excluding unknown benign applications. Cisco should understand the need for continuous updates on the custom Cisco exclusions and the custom applications that come out-of-the-box with the AMP for Endpoints."
"An easier way to do deduplication of machines, or be alerted to the fact that there's more than one instance of a machine, would be useful... That way you could get a more accurate device count, so you're not having an inflated number."
"In Orbital, there are tons of prebuilt queries, but there is not a lot of information in lay terms. There isn't enough information to help us with what we're looking for and why we are looking for it with this query. There are probably a dozen queries in there that really focus on what I need to focus on, but they are not always easy to find the first time through."
"I would like to see integration with Cisco Analytics."
"In terms of the user experience, if the UX design could be much simpler [that would improve things]... if they could make it more intuitive for someone who is not an engineer so that they still can read what's going on in their webpage and understand, that would be something."
"This product has issues with the number of false positives that it reports."
"The thing I hate the most, which they have not fixed, is when it creates duplicate entries within a console. If you have a computer and you upgrade from Windows 7 to Windows 10, or you upgrade your agent from version 6 to 7, it creates a new instance in there instead of updating the information. Instead of paying a license for one computer, I have to license two computers until I manually go in, search for all the duplicate entries, and clean them out myself."
"It could be improved in connection with artificial intelligence and IoT."
"There are many different controls that are needed to be put into place for upgrading that makes it difficult. Having to re-engineer your IT infrastructure to match their software, as opposed to having it integrate and work independently causes difficulties. When there is an update to any software everyone has to be involved."
"This product should be cheaper."
"What was rolled out to my company are mixed versions of Carbon Black CB Defense, so what I'd like to see in the next release is more synchronization, where it can detect the endpoint that's running an old version and suggest updates."
"The node management could be much better. The one thing that they cannot do very easily is change the tenant from a backend."
"I would like to see improvements made so that we can better see all of the processes."
"The application control can be improved. It should also have an automatic update of the agents."
"The solution needs better overall compatibility with other products."
"They will most likely need to create or include a feature that checks the network."
"Defender's cloud integration could be improved."
"There are some areas in the proactive threats that are just overwhelming the SOC, so we've had to turn those off until we can figure out how to filter out the false positives."
"They can improve it on the online protection front since people nowadays are moving online and working from home."
"It needs to improve the cybersecurity for lateral movements. For example, when a hacker tries to enter a machine, they try to get the password by doing a lateral movement."
"Microsoft Defender for Endpoint could provide us with a more holistic approach, such as collaboration. They can provide us with an environment from where we can manage all the endpoints from one central location, such as overall management."
"I think Microsoft needs to improve some of the security aspects of Defender. The email part, in particular, needs to be improved in terms of security effectiveness."
"Phishing and Malware detection could be better."
"A concern is ransomware, whether people can penetrate and encrypt my data or steal my credit card/banking information."
More Microsoft Defender for Endpoint Pricing and Cost Advice →
Carbon Black CB Defense is ranked 11th in EPP (Endpoint Protection for Business) with 28 reviews while Microsoft Defender for Endpoint is ranked 2nd in EPP (Endpoint Protection for Business) with 121 reviews. Carbon Black CB Defense is rated 7.6, while Microsoft Defender for Endpoint is rated 8.0. The top reviewer of Carbon Black CB Defense writes "The manage, detect, and response feature enables Carbon Black to continuously check logs and advise us on how to improve some of the policies". On the other hand, the top reviewer of Microsoft Defender for Endpoint writes "Enables ingestion of events directly into your SIEM/SOAR, but requires integration with all Defender products to work optimally". Carbon Black CB Defense is most compared with CrowdStrike Falcon, SentinelOne, Trend Micro Deep Security, Carbon Black CB Response and Fortinet FortiEDR, whereas Microsoft Defender for Endpoint is most compared with Sophos Intercept X, CrowdStrike Falcon, Symantec Endpoint Security, Cortex XDR by Palo Alto Networks and Malwarebytes. See our Carbon Black CB Defense vs. Microsoft Defender for Endpoint report.
See our list of best EPP (Endpoint Protection for Business) vendors and best EDR (Endpoint Detection and Response) vendors.
We monitor all EPP (Endpoint Protection for Business) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
