We performed a comparison between Cisco Secure Endpoint and VMware Carbon Black Endpoint based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Cisco Secure Endpoint stands out for its threat-hunting capabilities, sandboxing, and swift response to attacks. Users also praised the solution's seamless integration with Talos for continuous protection. Carbon Black Endpoint is appreciated for its transparency, robust security measures, continuous monitoring, and utilization of cloud technology. Cisco Secure Endpoint could benefit from providing more scenario-based information and a simpler, more customizable main dashboard. Integration with artificial intelligence and IoT is another area for improvement. Carbon Black could enhance its reporting capabilities, endpoint query tools, and compatibility with other systems. Users also suggest improvements in the solution’s forensic tools.
Service and Support: Users said Cisco support is efficient and responsive, and customers also found it easy to find answers in the documentation without help. Some users recommend enhancing training programs and streamlining management consoles to further enhance the level of support provided. Carbon Black Endpoint customer service earned mixed reviews, with some users reporting delayed responses or unsatisfactory issue resolution.
Ease of Deployment: Users generally found Cisco Secure Endpoint easy to set up, but some users reported challenges related to agent behavior and configuration. The initial installation involves downloading an agent and installing it on endpoints, and the total deployment time ranged from a week to several months. Users say the deployment process for VMware Carbon Black Endpoint is relatively straightforward. The initial setup can be completed in a few minutes or hours, but the total deployment may take anywhere from a few days to several months.
Pricing: Cisco Secure Endpoint's pricing is seen as fair and reasonable. Some users requested additional discounts, particularly for educational purposes. Carbon Black Endpoint charges a fixed licensing fee per node. Some users noted that there are cheaper alternatives.
ROI: Cisco Secure Endpoint offers cost savings and the potential to earn money by extending services. While some said the ROI of VMware Carbon Black Endpoint was hard to quantify, other users reported successful defenses against malware attacks.
Comparison Results: Our users favor Cisco Secure Endpoint over VMware Carbon Black Endpoint. Cisco Secure Endpoint offers more comprehensive protection, better customer service, and support, making it the preferred choice. Cisco Secure Endpoint has some advanced features for finding and resolving threats that Carbon Black Endpoint lacks. Users also appreciate Cisco Secure Endpoint's pricing, whereas some users say Carbon Black Endpoint has room to improve on price.
"The most valuable feature is the analysis, because of the beta structure."
"The stability is very good."
"The solution was relatively easy to deploy."
"The product detects and blocks threats and is more proactive than firewalls."
"It is stable and scalable."
"Having all monitoring, response, tracking, and mitigation tools in one dashboard provides our analysts and SOC team with a comprehensive view at a glance."
"Fortinet FortiEDR's firewalling, rule creation, monitoring, and inspection profiles are great."
"Fortinet is very user-friendly for customers."
"Cisco has definitely improved our organization a lot. In terms of business, our company feels safer. We actually switched from legacy signature-based solutions to threat intelligence-based and machine learning-based solutions, which is Cisco Secure. This has improved our security significantly, from 10% of signature-based technology security to 99.9% of the current one which we are running. We were happy."
"The threat Grid with the ability to observe the sandboxing, analyze, and perform investigations of different malicious files has been great."
"I am really satisfied with the technical support."
"There are several valuable features including strong prevention and exceptional reporting capabilities."
"The most valuable feature at this moment is that Cisco AMP or Cisco Secure Endpoint solution is delivering a lot of things, and I always say to a lot of customers that if we didn't have Cisco AMP, we probably would have had ransomware somewhere. So, it's protecting us very well from a lot of hackers, malware, and especially ransomware."
"There are no issues or drops in the solution's performance...The solution's technical support was helpful."
"It doesn't impact the devices. It is an agent-based solution, and we see no performance knock on cell phones. That was a big thing for us, especially in the mobile world. We don't see battery degradation like you do with other solutions which really drain the battery, as they're constantly doing things. That can shorten the useful life of a device."
"The entirety of our network infrastructure is Cisco and the most valuable feature is the integration."
"The new feature that we're deploying, the new offering from Carbon Black, is MDR, which stands for manage, detect, and response. It's the most valuable feature because Carbon Black will be continuously checking the logs, and they will be advising us on how to improve some of the policies as well as review the logs. If there are any nefarious agents or things happening on the end points, they will know."
"Carbon Black has very good market strategies."
"The solution is extremely scalable."
"The visibility provided has been great."
"The product allows us to focus on endpoint and antivirus protection."
"The triage feature that shows you the whole chain of the malware is useful."
"The data analysis is the most valuable because of the whitelist database. It is different than standard IDS solutions."
"One of the most valuable features is that it will block vulnerable sites. If there was a connection between one of our devices to a known malware site, it will block it."
"The SIEM could be improved."
"We've had a lot of false positives; things incorrectly flagged that require manual configuration to allow. Even worse, after we allow a legitimate program, it sometimes gets flagged again after an update. This has caused a lot of extra work for my team."
"The solution is not stable."
"To improve Fortinet, we need to see more features and technology areas at the endpoint level introduced."
"I haven't seen the use of AI in the solution."
"Once, we had an event that was locked and blocked, but information about it came to us two or three days later."
"FortiEDR can be improved by providing more detailed reporting."
"They can include the automation for the realtime updates. We have a network infrastructure with remote sites. Whenever they send updates, they are not automated. We have to go into the console and push those updates. I wish it was more automated. The update file is currently around 31 MB. It could be smaller."
"An easier way to do deduplication of machines, or be alerted to the fact that there's more than one instance of a machine, would be useful... That way you could get a more accurate device count, so you're not having an inflated number."
"It does not include encryption and decryption of local file shares."
"In Orbital, there are tons of prebuilt queries, but there is not a lot of information in lay terms. There isn't enough information to help us with what we're looking for and why we are looking for it with this query. There are probably a dozen queries in there that really focus on what I need to focus on, but they are not always easy to find the first time through."
"Maybe there is room for improvement in some of the automated remediation. We have other tools in place that AMP feeds into that allow for that to happen, so I look at it as one seamless solution. But if you're buying AMP all by itself, I don't know if it can remove malicious software after the fact or if it requires the other tools that we use to do some of that."
"The initial setup is a bit complex because you need to execute existing antiviruses or security software that you have on your device."
"This product has issues with the number of false positives that it reports."
"The one challenge that I see is the use of multiple endpoint protection platforms. For instance, we have AMP, but we also have Microsoft Windows Defender, System Center Endpoint Protection, and Microsoft Malware Protection Engine deployed. So, we have a bunch of different things that do the same thing. What winds up happening is, e.g., if I get an alert for a potential incident or malware and want to pull the file, I'll go to fetch the file to analyze it. But, one of these other programs has already gotten it, so the file has already been quarantined by another endpoint protection system. AMP doesn't realize that and the file fetch fails, then you're left wondering what's going on."
"We had a lot of noise at the beginning, and we had to turn it down based on exclusions, application whitelisting, and excluding unknown benign applications. Cisco should understand the need for continuous updates on the custom Cisco exclusions and the custom applications that come out-of-the-box with the AMP for Endpoints."
"Right now, Carbon Black CB Defense doesn't support cloud computing and Kubernetes."
"The device control feature could also be compatible with the user’s profile as well."
"The solution needs better overall compatibility with other products."
"Occasionally, we'll have issues with the latest version and they'll basically tell us that they will improve it in the next iteration. They need to work on their version release quality."
"The product's reporting capabilities are an area of concern where improvements are required."
"There's some disparity between the on-premise and the cloud type of application."
"This product should be cheaper."
"It is difficult to extract reports for ongoing scans"
Cisco Secure Endpoint is ranked 10th in Endpoint Protection Platform (EPP) with 43 reviews while VMware Carbon Black Endpoint is ranked 17th in Endpoint Protection Platform (EPP) with 61 reviews. Cisco Secure Endpoint is rated 8.6, while VMware Carbon Black Endpoint is rated 8.0. The top reviewer of Cisco Secure Endpoint writes "Single dashboard management, quick infrastructure threat detection, and high level support". On the other hand, the top reviewer of VMware Carbon Black Endpoint writes "Centralization via the cloud allows us to protect and control people working from home". Cisco Secure Endpoint is most compared with Microsoft Defender for Endpoint, Cortex XDR by Palo Alto Networks, CrowdStrike Falcon, Check Point Harmony Endpoint and Cisco Umbrella, whereas VMware Carbon Black Endpoint is most compared with CrowdStrike Falcon, Microsoft Defender for Endpoint, Trend Micro Deep Security, SentinelOne Singularity Complete and Cortex XDR by Palo Alto Networks. See our Cisco Secure Endpoint vs. VMware Carbon Black Endpoint report.
See our list of best Endpoint Protection Platform (EPP) vendors and best Endpoint Detection and Response (EDR) vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.