No more typing reviews! Try our Samantha, our new voice AI agent.

Rapid7 InsightIDR vs VMware Carbon Black Endpoint comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 9, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Endpoint Detection and Response (EDR)
6th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
114
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Extended Detection and Response (XDR) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
Rapid7 InsightIDR
Ranking in Endpoint Detection and Response (EDR)
47th
Average Rating
8.4
Reviews Sentiment
7.0
Number of Reviews
32
Ranking in other categories
Security Information and Event Management (SIEM) (25th), User Entity Behavior Analytics (UEBA) (11th), Threat Deception Platforms (6th), Extended Detection and Response (XDR) (28th)
VMware Carbon Black Endpoint
Ranking in Endpoint Detection and Response (EDR)
31st
Average Rating
7.8
Reviews Sentiment
6.6
Number of Reviews
65
Ranking in other categories
Endpoint Protection Platform (EPP) (31st), Security Incident Response (6th), Ransomware Protection (8th)
 

Mindshare comparison

As of July 2026, in the Endpoint Detection and Response (EDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.6%, down from 3.9% compared to the previous year. The mindshare of Rapid7 InsightIDR is 1.2%, up from 1.1% compared to the previous year. The mindshare of VMware Carbon Black Endpoint is 1.8%, up from 1.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Detection and Response (EDR) Mindshare Distribution
ProductMindshare (%)
Cortex XDR by Palo Alto Networks3.6%
VMware Carbon Black Endpoint1.8%
Rapid7 InsightIDR1.2%
Other93.4%
Endpoint Detection and Response (EDR)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
SohailHyder - PeerSpot reviewer
Head Of Cyber Security at Super Secure
Has supported compliance needs for mid-sized organizations but lacks customization and advanced integration
If we pitch Rapid7 InsightIDR against solutions such as SIEMs from Splunk or LogRhythm, it is not as customizable as a SIEM solution is. This is where it can improve if we keep in front the feature sets of a complete SIEM solution. Most common in the market is QRadar, but it is depleting now. It has been taken over by some other products such as Splunk and LogRhythm. If we compare these things with Rapid7 InsightIDR, then there are definitely some gaps that need to be filled. Data retention is also one concern because Rapid7 InsightIDR is cloud-based and operates on a subscription model. Whatever data you want to retain, it has to be paid for separately or it has a cost. Other solutions that are on-premises can have their own infrastructure or they provide some data retention for a month or in some capacity-wise, they provide that solution to them which makes them more attractive.
PM
CTO at Microsoft
Improved incident investigation has supported response while core protection still needs progress
VMware Carbon Black Endpoint does not have easy integration, as there are many complexities with the Ribitava API, which is very deep. I rate this solution overall as a five or six on a scale from one to ten. I have integrated VMware Carbon Black Endpoint with other tools that are helpful. I think this solution should be targeted at small clients, because adoption will grow more with small businesses tomorrow.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The anti-exploit is impenetrable."
"I don't have to do much monitoring with it; I don't have to have anybody manually looking at this, it gives us reports, and it lets us know if something needs to be addressed, and we can easily address it."
"Monitoring is most valuable."
"The initial setup isn't too bad."
"Palo Alto is the best security solution in the market."
"We switched because there were a lot of added features with Palo Alto that Check Point didn't have, and it was an upgrade for us."
"I recognize that Cortex XDR by Palo Alto Networks is one of the best products in its category regarding capabilities."
"If any application performs suspicious activities, such as changing registries or modifying other applications, Cortex XDR detects and blocks the entire application."
"During simulations or demonstrations, the tool generates alerts, providing details such as the specific application, its origin, and potential threats. For instance, it can identify if an application belongs to a known ransomware group. The system rates the threat, offering a clear detection ratio, such as 97 out of 100. It not only identifies threats but also illustrates the associated behaviors, helping us understand the potential risk to a particular endpoint."
"The UI is very good."
"Scalability-wise, I rate the solution a ten out of ten. As a cloud tool, the product is highly scalable."
"Rapid7 InsightIDR is budget-friendly and has a good market position because not everybody can afford to go for LogRhythm or Splunk or QRadar."
"The web interface is great — very useful and user-friendly."
"Simple configuration and automatically syncs to the cloud platform."
"Another very important part of insightIDR is the ability to collect data from endpoint devices via agent software. With a large remote workforce, this allows visibility into the endpoints that are connected to the internet, but not to the corporate network."
"Intelligent alerting to avoid the common problem of alert fatigue associated with traditional SIEMs."
"The most valuable feature of the solution stems from the support it provides."
"For Carbon Black Endpoint, the possibility of integration with different other software's log servers is the important thing. Having just one point of view is more interesting so you don't need to go to different places to see all the information."
"What I find most interesting is the performance of the end-point client, as well as the capability of detecting any activity on the end-user while using their browsers to navigate the internet."
"The solution is stable."
"It uses machine learning and behavioral analytics for advanced threat detection and response."
"The portal is easy to use and manage."
"The most valuable feature is that it detects and stops malicious executables."
"There's lots of very useful documentation online to help troubleshoot and learn about the product."
 

Cons

"There are some third-party solutions that are difficult to integrate with, which is something that can be improved."
"Technology evolves every day, so it would be nice if it gets more secure. It can also have more integration with other platforms."
"In the next release, I would like to see more UI improvements. Their UI is a bit basic. When we are speaking about Palo Alto Networks they are the big company, so they can improve the UI a little bit. The UI, the reports, the log system can all be improved."
"We have found that there are times Cortex XDR by Palo Alto Networks does not detect some of the viruses, we have to use another protection solution called Kaspersky."
"It takes time to scan the servers and devices."
"There are some default policies which sometimes affect our applications and cause them to run around. In the hotel industry, we use a different type of data versus Oracle and SQL. By default, there are some policies which stop us from running properly. Because of this, the support level is also not that strong. We have to wait to get a results."
"Cortex XDR by Palo Alto Networks could improve its user interface, which is more complicated compared to competitors such as SentinelOne."
"Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth."
"The integration capabilities of the solution have certain shortcomings where improvements are required."
"Lacks a mobile application."
"If we pitch Rapid7 InsightIDR against solutions such as SIEMs from Splunk or LogRhythm, it is not as customizable as a SIEM solution is."
"Rapid7 doesn't integrate well with all our security tools from various vendors, so we plan to switch. Many of our solutions work with Rapid7, but some do not. We are already searching for a replacement already."
"I would like the ability to adjust the threshold of certain existing alerts. Currently the only option is to change the notifications or create my own alert."
"Tenable Nessus is easier to deal with. It's more efficient and accurate. InsightIDR is heavier than Tenable in terms of performance and scanning. Rapid7 would be much easier to use if it had a network connector like Tenable. Tenable's connector allows continuous monitoring over the B caps."
"It takes time for the product's support team to resolve issues, making it an area of concern where improvements are required."
"The solution needs improvement in threat intelligence. Increasing the depth of intelligence to help users understand more about threats is a possibility. My suggestion is to expand access to other websites or resources."
"But here, we hardly can take any kind of a report out of Carbon Black, so I think that should be something that should be more user-friendly."
"Stability is one thing that's not robust. Other products are faster, but as far as the CB Defense, it's slow."
"As far as I know, Carbon Defense has nothing that can be installed on mobile devices. It lacks a defense solution for mobile devices, especially mobile tablets. I would like to see support for mobile devices and the pricing should be less than the pricing for a normal workstation."
"It would be nice to have additional forensic tools that you can build into the back end."
"Right now, Carbon Black CB Defense doesn't support cloud computing and Kubernetes."
"The EDR portion could be better. I'm not a big fan, but it works."
"I'm not happy with the way they are treating existing customers for adding licenses."
"Performing a malware scan usually takes a lot of time, more than 24 hours."
 

Pricing and Cost Advice

"I am using the Community edition."
"It is "expensive" and flexible."
"Compared to CrowdStrike, Cortex XDR is an expensive solution."
"I did PoCs on products called Cylance and CrowdStrike. Although, I consider these products and they were also good, when it come to cost and budgetary factors, Traps has been proven to be better than the other two products. It is quite cost-effective and delivers all the entire solution which we require."
"Its pricing is kind of in line with its competitors and everybody else out there."
"Licensing for Palo Alto Networks Cortex XDR can be costly, especially when it comes to a hundred users. A license is required for each user, and the subscription must be renewed on a yearly basis."
"This is an expensive solution."
"The price is on the higher side, but it's okay."
"It is on a yearly basis. For our own company, for about 250 users, it was 16,000 euros a year."
"Licensing is straightforward. If, for some reason, you don’t meet the minimum licensing requirements, there is a third-party managed service that can help."
"Rapid7 InsightIDR charges us based on the endpoints we connect to."
"The pricing is good, and it is not very expensive."
"It is more reasonably priced than other vendors."
"Rapid7 InsightIDR's pricing is reasonable but we have challenges with the Minimum Order Quantity. It is not reasonable for customers who have less than one hundred devices. If they can reduce Minimum Order Quantity, it is good. You have to pay around 5000-6000 dollars per year for the product. The pricing includes maintenance and support costs."
"The team is very willing to work with companies. My suggestion is to call the Rapid7 sales department and see how they can help.​"
"It is a reasonably priced solution."
"The pricing [is] more or less the same as other similar solutions."
"Price-wise, VMware Carbon Black Endpoint is a highly-priced solution. Regarding the licensing cost of the solution, one needs to opt for an annual subscription."
"I am not really involved in the pricing of this product. But, from my understanding, it is OK for us."
"VMware Carbon Black Endpoint is an expensive product."
"In terms of licensing costs, Carbon Black CB Defense was all associated with CROW and the services my company is using with them, so it came all-inclusive."
"The product is quite reasonable."
"It is more expensive, but it's worth it. There are no additional costs beyond the standard licensing fee."
"The pricing is annually based and operates through another department than mine."
report
Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Manufacturing Company
9%
Financial Services Firm
9%
Computer Software Company
8%
Comms Service Provider
7%
Financial Services Firm
10%
Construction Company
9%
Manufacturing Company
8%
Comms Service Provider
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise53
By reviewers
Company SizeCount
Small Business21
Midsize Enterprise5
Large Enterprise6
By reviewers
Company SizeCount
Small Business31
Midsize Enterprise9
Large Enterprise33
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
What SOC product do you recommend?
For tools I’d recommend: -SIEM- LogRhythm -SOAR- Palo Alto XSOAR Doing commercial w/o both (or at least an XDR) is a...
What needs improvement with Rapid7 InsightIDR?
If we pitch Rapid7 InsightIDR against solutions such as SIEMs from Splunk or LogRhythm, it is not as customizable as ...
What is your primary use case for Rapid7 InsightIDR?
I am working with Rapid7 InsightOps and Rapid7 InsightIDR because the requirement is as such from the customer side, ...
What to choose: an endpoint antivirus, an EDR solution or both?
I can recommend Carbon Black, an award-winning next-gen anti-virus (NGAV) and endpoint detection and response (EDR) s...
What's the difference between Carbon Black CB Response and Carbon Black CB Defense?
Carbon Black offers two different levels of Endpoint Detection and Response. One is the VM Carbon Black Cloud Endpoin...
What is your experience regarding pricing and costs for Carbon Black CB Defense?
My rating for the pricing of VMware Carbon Black Endpoint is that it is not cheap, but it is also not as inexpensive ...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
InsightIDR
Carbon Black CB Defense, Bit9, Confer
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Liberty Wines, Pioneer Telephone, Visier
Netflix, Progress Residential, Indeed, Hologic, Gentle Giant, Samsung Research America
Find out what your peers are saying about Rapid7 InsightIDR vs. VMware Carbon Black Endpoint and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.