We performed a comparison between NetWitness XDR and VMware Carbon Black Cloud based on real PeerSpot user reviews.
Find out in this report how the two Endpoint Detection and Response (EDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The features that I have found most valuable are the ability to customize it and to reduce its size. It lets you run in a very small window in terms of memory and resources on legacy cash registers."
"The ease of deployment and configuration is valuable. It's very easy compared to other vendors like Sophos. Sophos' configuration is complex. Fortinet is a lot easier to understand. You don't need a lot of admin knowledge to do the configuration."
"he solution is an anti-malware product that integrates well with other vendor products such as firewalls, SIEM, etc. It captures threat intelligence and gives you better visibility. The product also has sandboxing features."
"Ability to get forensics details and also memory exfiltration."
"The console is easy to read. I also like the scanning part and the ability to move assets from one to the other."
"The stability is very good."
"It is stable and scalable."
"Having all monitoring, response, tracking, and mitigation tools in one dashboard provides our analysts and SOC team with a comprehensive view at a glance."
"We've contacted technical support several times. They've been very good. They have been able to help us resolve our issues."
"The most valuable feature is the way it captures the traffic, and it contains every detail of the communication."
"It is stable. We have been using it for some time, without any issues."
"It helps our security team respond more accurately when there are threats, then we get less false positives or negatives."
"It is very easy to use, and its usability is great. The use cases are also very easy. The visualizations of the use cases are magnificent. You cannot find this in any other solution. From my point of view, it is great."
"Technical support is knowledgeable."
"The stability of the RSA NetWitness Endpoint is very good."
"They have recently updated the features and the most valuable ones are the instant threat response, ease of use, web interface, integration, and easy access. RSA NetWitness Endpoint is very compatible with other solutions and technologies. However, they do not rely on third-party solutions and have most features built-in."
"VMware Carbon Black Cloud is a user-friendly solution that can isolate machines from the rest of the network."
"Threat hunting is the most valuable feature of VMware Carbon Black Cloud."
"The solution does very well as a baseline EDR and provides good process-level management."
"Probably the most valuable feature of CB Response is its ability to isolate a host and take it off the network, so it's not spreading anything. We have two security operations centers around the globe. When an SOC analyst sees something on an endpoint, they can use Carbon Black Response to isolate that host from the customer's environment and prevent any kind of lateral spread."
"The most valuable features are its lightweight design, ensuring minimal impact on end-users, and its real-time protection."
"The detection response and quarantining are very good features."
"Carbon Black Cb Response excels at providing context to indicators when responding to incidents. It allows responders to understand the entire scope of an incident and quickly contain it to minimize impact and disruption."
"The most valuable feature is its ability to seek out abnormal activity and to create alerts."
"Making the portal mobile friendly would be helpful when I am out of office."
"The support needs improvement."
"I haven't seen the use of AI in the solution."
"Cannot be used on mobile devices with a secure connection."
"To improve Fortinet, we need to see more features and technology areas at the endpoint level introduced."
"The SIEM could be improved."
"Everything with Fortinet having to do with their cloud services. They need to invest more in their internal infrastructure that they are running in the cloud. One of the things I find with their cloud environment compared to others' is that they go cheap on the equipment. So it causes some performance degradation."
"The solution is not stable."
"When analyzing something, you have to click several times. It requires a lot of effort to find something."
"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious."
"RSA NetWitness Network could improve on integration with non-native application integration."
"Threat detection could be better."
"The deployment process is complex. I don't know why, but this solution will suddenly stop working. Logs stop coming. Often, one thing or another stops working. Most of the time, one of my team members is working with troubleshooting and working with technical support. Log passing is also one of the biggest challenge."
"We would like to see the hunting and investigation features of this solution improved, in order to provide better visibility of issues."
"The threat intelligence could improve in RSA NetWitness Endpoint."
"The integration of the solution needs to be improved. The dashboard needs lots of updates as well. In the next release, we would like to see advanced fraud detection features."
"Training and education for both partner and customer, including product marketing need to be improved."
"The product detects too many false positives initially and it could integrate better with other security solutions."
"Additionally, it is complex to use, and the pricing should be improved."
"We are subscribed to FS-ISAC threat indicator, but have been unsuccessful in adding it to our alliance feeds."
"One area for improvement is the maturity of its vulnerability features."
"It's not highly available, so you have to have a core server. If the primary server goes down, you need a new one. It's not available at the same time, however. It's not automatically swapped from one server to another."
"The solution needs to simplify the process of adding custom watchlists, as well as embrace YARA for rule creation."
"They have different products, but if we wanted to take their protection and their EPR, then we would need to have two agents"
NetWitness XDR is ranked 37th in Endpoint Detection and Response (EDR) with 15 reviews while VMware Carbon Black Cloud is ranked 28th in Endpoint Detection and Response (EDR) with 18 reviews. NetWitness XDR is rated 8.0, while VMware Carbon Black Cloud is rated 8.4. The top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". On the other hand, the top reviewer of VMware Carbon Black Cloud writes " Shows promise for endpoint detection and response, with room for improvement in complexity and pricing ". NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), CrowdStrike Falcon, SentinelOne Singularity Complete and Vectra AI, whereas VMware Carbon Black Cloud is most compared with VMware Carbon Black Endpoint, Fidelis Elevate, Palo Alto Networks Cortex XSOAR, Splunk SOAR and Rapid7 InsightIDR. See our NetWitness XDR vs. VMware Carbon Black Cloud report.
See our list of best Endpoint Detection and Response (EDR) vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.