We performed a comparison between Rapid7 InsightIDR and VMware Carbon Black Cloud based on real PeerSpot user reviews.
Find out in this report how the two Endpoint Detection and Response (EDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The most valuable feature is the analysis, because of the beta structure."
"Exceptions are easy to create and the interface is easy to follow with a nice appearance."
"Fortinet is very user-friendly for customers."
"The solution was relatively easy to deploy."
"It is stable and scalable."
"NGAV and EDR features are outstanding."
"Fortinet FortiEDR made our clients feel secure and more at ease, knowing that they had an EDR solution that would close the gap in their security posture."
"The main thing is that I feel safe. Because the processes that have been used to get a handle on the attackers are much better than other competitors"
"The alerting to drive investigations and remediation has been its most valuable feature."
"The solution is very scalable in terms of the licensing model."
"Another very important part of insightIDR is the ability to collect data from endpoint devices via agent software. With a large remote workforce, this allows visibility into the endpoints that are connected to the internet, but not to the corporate network."
"InsightIDR helps us investigate an environment to discover information about incidents."
"I am able to run automated actions based on the output of reports, leaving me extra time to focus on more pressing matters."
"I like that it's a cloud-based solution."
"Intelligent alerting to avoid the common problem of alert fatigue associated with traditional SIEMs."
"Simple configuration and automatically syncs to the cloud platform."
"The most valuable features are the threat-hunting and the batch console."
"The ability to isolate an endpoint with only the host name and a click of a button is a major time saver."
"Probably the most valuable feature of CB Response is its ability to isolate a host and take it off the network, so it's not spreading anything. We have two security operations centers around the globe. When an SOC analyst sees something on an endpoint, they can use Carbon Black Response to isolate that host from the customer's environment and prevent any kind of lateral spread."
"Carbon Black Cb Response excels at providing context to indicators when responding to incidents. It allows responders to understand the entire scope of an incident and quickly contain it to minimize impact and disruption."
"It is nice when you're in a situation where you think someone's device is compromised and that there's some malware getting into your fleet."
"The solution does very well as a baseline EDR and provides good process-level management."
"The enhanced logging and data analysis of the incident response and investigation components allowed us to quickly identify and resolve security issues before they could spread."
"We also took full advantage of its incident response reporting capabilities to act as a “black box” for our infrastructure around strings of suspicious activity. The reporting and incident response capabilities were incredibly helpful during active security concerns."
"There's room for improvement in the quick response time and technical support for integration issues, especially when dealing with multiple vendors."
"The support needs improvement."
"Everything with Fortinet having to do with their cloud services. They need to invest more in their internal infrastructure that they are running in the cloud. One of the things I find with their cloud environment compared to others' is that they go cheap on the equipment. So it causes some performance degradation."
"Once, we had an event that was locked and blocked, but information about it came to us two or three days later."
"FortiEDR could add a separate scanning dashboard. In incident management, we prefer to remove the endpoint system from the environment and scan the system. We typically use Symantec for that, but if we want to use FortiEDR for that, then we need a scanning tab to clarify things."
"We find the solution to be a bit expensive."
"Cannot be used on mobile devices with a secure connection."
"The only minor concern is occasional interference with desired programs."
"The product allows us to make only 30 custom rules."
"The reporting is the weakest aspect. There needs to be multi-level grouping for events (for example, group by user and destination). Right now, we can do a group by user and a separate table or group by destination. But I'd be more interested in where a person was logging into instead of who was logging in or where he was logging in."
"Rapid7 InsightIDR is not intuitive to search for logs. It should be more user-friendly and improve the dashboards. We should be able to use ready-made templates instead of having to build one."
"The dashboard is an area that could be simplified."
"InsightIDR's integration with other solutions could be improved. Also, I'd like more control from the portal over what's happening on the endpoint side. For example, when I see an attack on an endpoint, I want to be able to stop it from the portal."
"Needs a better ability to customize the check within the console."
"The solution needs improvement in threat intelligence. Increasing the depth of intelligence to help users understand more about threats is a possibility. My suggestion is to expand access to other websites or resources."
"One thing that springs to mind is easier API integration with ITSMs. We are evaluating a new ITSM and I would like to have InsightIDR create a ticket when an attack is identified, and the ticket would be closed in InsightIDR when the ITSM resolution is completed. This would take out the "single point of failure" we currently have, if the email recipient is somehow absent, in recording the risk appetite for the incident and the actions taken to mitigate or not."
"They have different products, but if we wanted to take their protection and their EPR, then we would need to have two agents"
"Technical support for the solution should be improved because there is a scarcity of support teams in the Middle East."
"Setup is incredibly complex and poorly documented. Every time an upgrade was needed we would need to engage Professional Services for troubleshooting help. Certificates and web services proved to be the most significant sticking points. Since the product runs on a Linux platform, perhaps having staff with more Linux experience could have alleviated some difficulty."
"It's not simple."
"There have been some performance issues when deploying on Windows Server, but I believe Carbon Black is working on that."
"The dashboard should be more user-friendly."
"The solution can only handle about 500 bans or blocks."
"The product detects too many false positives initially and it could integrate better with other security solutions."
Rapid7 InsightIDR is ranked 21st in Endpoint Detection and Response (EDR) with 29 reviews while VMware Carbon Black Cloud is ranked 28th in Endpoint Detection and Response (EDR) with 18 reviews. Rapid7 InsightIDR is rated 8.4, while VMware Carbon Black Cloud is rated 8.4. The top reviewer of Rapid7 InsightIDR writes "An affordable product that is easy to use and has many advanced features and default templates". On the other hand, the top reviewer of VMware Carbon Black Cloud writes " Shows promise for endpoint detection and response, with room for improvement in complexity and pricing ". Rapid7 InsightIDR is most compared with Darktrace, Microsoft Sentinel, Splunk Enterprise Security, Rapid7 InsightVM and IBM Security QRadar, whereas VMware Carbon Black Cloud is most compared with VMware Carbon Black Endpoint, Fidelis Elevate, Palo Alto Networks Cortex XSOAR and Splunk SOAR. See our Rapid7 InsightIDR vs. VMware Carbon Black Cloud report.
See our list of best Endpoint Detection and Response (EDR) vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.