We performed a comparison between NetWitness XDR and VMware Carbon Black Endpoint based on real PeerSpot user reviews.
Find out in this report how the two Endpoint Protection Platform (EPP) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The ease of deployment and configuration is valuable. It's very easy compared to other vendors like Sophos. Sophos' configuration is complex. Fortinet is a lot easier to understand. You don't need a lot of admin knowledge to do the configuration."
"The price is low and quite competitive with others."
"he solution is an anti-malware product that integrates well with other vendor products such as firewalls, SIEM, etc. It captures threat intelligence and gives you better visibility. The product also has sandboxing features."
"I like FortiClient EMS. FortiEDR has a lot of great features like lockdown mode, remote wipes, and encryption. I can set malware outbreak policies and controls for detecting abnormalities. You can also simulate phishing attacks."
"The console is easy to read. I also like the scanning part and the ability to move assets from one to the other."
"The product's initial setup phase is very easy."
"Additionally, when it comes to EDR, there are more tools available to assist with client work."
"Fortinet FortiEDR's firewalling, rule creation, monitoring, and inspection profiles are great."
"The interface of this solution is very flexible and easy to use."
"RSA NetWitness does market analysis in a more granular form. It gives you full visibility."
"NetWitness Endpoint's most valuable features are its interoperability across many different operating systems and the ease of pivoting from network to endpoint via a single console."
"It is stable. We have been using it for some time, without any issues."
"The most valuable feature is the way it captures the traffic, and it contains every detail of the communication."
"It helps our security team respond more accurately when there are threats, then we get less false positives or negatives."
"We've contacted technical support several times. They've been very good. They have been able to help us resolve our issues."
"It's a scalable solution. We have around five to eight customers using RSA NetWitness Endpoint, and we hope to increase the number of users."
"Once the solution is installed and configured correctly it does not require a lot of hands-on attention until you need upgrading."
"The most valuable feature of the solution stems from the support it provides."
"The biggest feature out of CarbonBlack is its ability to dive in with more depth. You can look at the entire kill chain and understand, not only if an alarm or identified incident is truly a true security issue versus a false positive, and it allows us to backtrack and figure out why it actually happened and how it got into the environment."
"The initial setup is very easy."
"The tool is pretty stable."
"The EDR and reports were helpful in improving our organization."
"The most valuable feature is that it detects and stops malicious executables."
"The data analysis is the most valuable because of the whitelist database. It is different than standard IDS solutions."
"To improve Fortinet, we need to see more features and technology areas at the endpoint level introduced."
"The only minor concern is occasional interference with desired programs."
"FortiEDR could add a separate scanning dashboard. In incident management, we prefer to remove the endpoint system from the environment and scan the system. We typically use Symantec for that, but if we want to use FortiEDR for that, then we need a scanning tab to clarify things."
"ZTNA can improve latency."
"Everything with Fortinet having to do with their cloud services. They need to invest more in their internal infrastructure that they are running in the cloud. One of the things I find with their cloud environment compared to others' is that they go cheap on the equipment. So it causes some performance degradation."
"The solution's installation from a central installation server could be improved because the engineers had a little bit of trouble getting it installed from a central location."
"The support needs improvement."
"Making the portal mobile friendly would be helpful when I am out of office."
"The solution lacks a reporting engine."
"The deployment process is complex. I don't know why, but this solution will suddenly stop working. Logs stop coming. Often, one thing or another stops working. Most of the time, one of my team members is working with troubleshooting and working with technical support. Log passing is also one of the biggest challenge."
"The contamination feature could be improved."
"The solution is modular, for example you can buy the RSA ePack, which you buy as a module is not part of the conduit solution. They could include it and have it as an all-in-one solution."
"Its price could be improved. It is an expensive product. Its training is also too expensive. It would be great if they can have a better pricing scheme for the training."
"RSA NetWitness Network could improve on integration with non-native application integration."
"The initial setup requires a high level of skill."
"Threat detection could be better."
"There are many different controls that are needed to be put into place for upgrading that makes it difficult. Having to re-engineer your IT infrastructure to match their software, as opposed to having it integrate and work independently causes difficulties. When there is an update to any software everyone has to be involved."
"The pricing could be more reasonable."
"The feature set for the firewall needs improvement."
"Right now, Carbon Black CB Defense doesn't support cloud computing and Kubernetes."
"The product's stability could be improved."
"It would be a better solution if Carbon Black Cb Defense had an on-promise solution and a virus auto delete or quarantine."
"There could be more knowledge. I think they made a mistake when they took away the Check Point integration, because it provides more automation and also more threat intelligence."
"I would like to see the user credentials feature improved. I would also like to see more reporting features and better ways to roll the reports out."
NetWitness XDR is ranked 40th in Endpoint Protection Platform (EPP) with 15 reviews while VMware Carbon Black Endpoint is ranked 17th in Endpoint Protection Platform (EPP) with 61 reviews. NetWitness XDR is rated 8.0, while VMware Carbon Black Endpoint is rated 8.0. The top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". On the other hand, the top reviewer of VMware Carbon Black Endpoint writes "Centralization via the cloud allows us to protect and control people working from home". NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), CrowdStrike Falcon, SentinelOne Singularity Complete and Bitdefender GravityZone EDR, whereas VMware Carbon Black Endpoint is most compared with CrowdStrike Falcon, Microsoft Defender for Endpoint, Trend Micro Deep Security, SentinelOne Singularity Complete and Cortex XDR by Palo Alto Networks. See our NetWitness XDR vs. VMware Carbon Black Endpoint report.
See our list of best Endpoint Protection Platform (EPP) vendors and best Endpoint Detection and Response (EDR) vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.