We performed a comparison between Palo Alto Networks Cortex XSOAR and VMware Carbon Black Cloud based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR)."The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"The connectivity and analytics are great."
"The standout feature of Sentinel is that, because it's cloud-based and because it's from Microsoft, it integrates really well with all the other Microsoft products. It's really simple to set up and get going."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"The main benefit is the ease of integration."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"The pricing of the product is excellent."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"It was useful as a ticketing tool."
"It is a scalable solution."
"The Palo Alto ecosystem has a marketplace offering integration with Sentinel or other products."
"It’s easy to install."
"It is quite scalable. I would rate it a ten out of ten."
"The automation is excellent."
"For organizations that are stable with their security operations, like those with around 50 members in their security team running full-phased operations 24/7, Cortex is necessary."
"The product can automate security tasks."
"The detection response and quarantining are very good features."
"The most valuable features are its lightweight design, ensuring minimal impact on end-users, and its real-time protection."
"Setting up and managing the setup for this solution is okay. It is stable, scalable, and it runs just fine. No issues with technical support."
"Carbon Black Cb Response excels at providing context to indicators when responding to incidents. It allows responders to understand the entire scope of an incident and quickly contain it to minimize impact and disruption."
"We are able to remotely isolate exploited endpoints in seconds and perform a live deep dive of any endpoint into its running processes (as necessary) without the need for extra scripts."
"The market information they gather from the community is really good. Their configuration capabilities are good."
"VMware Carbon Black Cloud is a user-friendly solution that can isolate machines from the rest of the network."
"Integration and scalability are the most valuable."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"The learning curve could be improved. I am still learning it. We were able to implement the basic features to get them up and running, but there are still so many things that I don't know about all its features. They have a lot of features that we have not been able to use or apply. If they could work on reducing the solution's learning curve, that would be good. While there is a training course held by Microsoft to learn more about this solution, there is a cost associated with it."
"They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization."
"We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers."
"The reporting could be more structured."
"I would like to be able to monitor applications outside of the Azure Cloud."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"It doesn't offer automatic internet reports out of the box."
"There should be an on-premise version available for customers to have different choices."
"The solution should be made a bit cheaper."
"The integration could be better. Cortex, for example, does not work with iPhone."
"The platform’s setup procedures could be streamlined compared to one of its competitors."
"The dashboard performance could be improved."
"The formats are not compatible, are readily not available, and are not readable."
"There is room for improvement in support. The response time could be faster."
"They need to improve the batch console. It needs more capabilities. We are limited by the ones it provides..."
"The solution can only handle about 500 bans or blocks."
"The dashboard should be more user-friendly."
"Technical support for the solution should be improved because there is a scarcity of support teams in the Middle East."
"We are subscribed to FS-ISAC threat indicator, but have been unsuccessful in adding it to our alliance feeds."
"Training and education for both partner and customer, including product marketing need to be improved."
"The biggest issue I encountered was one where old logs were not being overwritten as expected so the system drive kept filling up from time to time. However, support was usually quite responsive and happy to jump on a remote session to take a look at it for us. That log bug has probably been resolved with an update by now."
"They have different products, but if we wanted to take their protection and their EPR, then we would need to have two agents"
More Palo Alto Networks Cortex XSOAR Pricing and Cost Advice →
Palo Alto Networks Cortex XSOAR is ranked 2nd in Security Orchestration Automation and Response (SOAR) with 42 reviews while VMware Carbon Black Cloud is ranked 2nd in Security Incident Response with 18 reviews. Palo Alto Networks Cortex XSOAR is rated 8.4, while VMware Carbon Black Cloud is rated 8.4. The top reviewer of Palo Alto Networks Cortex XSOAR writes "Enables the investigators to go through the review process a lot quicker". On the other hand, the top reviewer of VMware Carbon Black Cloud writes " Shows promise for endpoint detection and response, with room for improvement in complexity and pricing ". Palo Alto Networks Cortex XSOAR is most compared with Cortex XSIAM, Splunk SOAR, Fortinet FortiSOAR, Swimlane and IBM Resilient, whereas VMware Carbon Black Cloud is most compared with VMware Carbon Black Endpoint, Fidelis Elevate and Splunk SOAR.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.