No more typing reviews! Try our Samantha, our new voice AI agent.

Sangfor Endpoint Secure vs VMware Carbon Black Cloud comparison

Sponsored
 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 9, 2024

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Cortex XDR by Palo Alto Net...
Sponsored
Ranking in Endpoint Detection and Response (EDR)
6th
Average Rating
8.4
Reviews Sentiment
6.8
Number of Reviews
114
Ranking in other categories
Endpoint Protection Platform (EPP) (4th), Extended Detection and Response (XDR) (4th), Ransomware Protection (2nd), AI-Powered Cybersecurity Platforms (1st)
Sangfor Endpoint Secure
Ranking in Endpoint Detection and Response (EDR)
36th
Average Rating
8.2
Reviews Sentiment
7.4
Number of Reviews
11
Ranking in other categories
No ranking in other categories
VMware Carbon Black Cloud
Ranking in Endpoint Detection and Response (EDR)
57th
Average Rating
8.2
Reviews Sentiment
6.8
Number of Reviews
19
Ranking in other categories
Security Incident Response (4th)
 

Mindshare comparison

As of July 2026, in the Endpoint Detection and Response (EDR) category, the mindshare of Cortex XDR by Palo Alto Networks is 3.6%, down from 3.9% compared to the previous year. The mindshare of Sangfor Endpoint Secure is 0.7%, up from 0.7% compared to the previous year. The mindshare of VMware Carbon Black Cloud is 0.6%, up from 0.2% compared to the previous year. It is calculated based on PeerSpot user engagement data.
Endpoint Detection and Response (EDR) Mindshare Distribution
ProductMindshare (%)
Cortex XDR by Palo Alto Networks3.6%
Sangfor Endpoint Secure0.7%
VMware Carbon Black Cloud0.6%
Other95.1%
Endpoint Detection and Response (EDR)
 

Featured Reviews

ABHISHEK_SINGH - PeerSpot reviewer
Senior Process Expert at A.P. Moller - Maersk
Gained full visibility and streamlined threat detection through behavior-based insights and AI integration
Initially, we got to have a lot of false positives when we onboarded, but nowadays it's quite smooth. We have fine-tuned our security policies and allowed different levels of policies to get rid of those false positives. Currently, we are getting a fairly good amount of incidents that are not false positives or benign, but actionable items. The process is streamlined. In the initial days, the operations used to get involved in a lot of benign and other activities, but now the process is streamlined. We are leveraging the auto-detection and remediation plans. The operations teams are now more involved in other business roles as well, not just looking into the logs and fetching out what's happening there. They have fixed a lot of things. Initially, they didn't have IAC code drift detection, cloud posture management, or security posture management, but they have those now. They purchased different vendors and did a merger with that. They have now Prisma Cloud that gets integrated and now they are working with Cortex Cloud. Everything that was negative has now been addressed, and the product altogether looks to be in a very better and mature shape now. Currently, it's more or less detecting the workloads with AI-based best practices. Since most organizations are consuming AI agents and other things, we are looking forward to seeing what other feature enhancements Palo Alto can support in that.
OA
Coordinator Associate at National Institute of Cardiovascular Diseases
Quick threat response and behavior analysis while enhancing network security
The main use case is usually related to security. It deals with attacks that come day-to-day such as zero-day attacks and APT attacks. Our main task is to secure the network infrastructure in the hospital where I work It facilitates the departments of IT and other departments to procure and…
reviewer2771742 - PeerSpot reviewer
Sec consultant at a tech services company with 5,001-10,000 employees
Has supported consistent deployment across departments but needs better OS compatibility and detection performance
I am not really looking for a new solution, actually, I was preparing for an interview and wanted to have a comparison between both tools. I have not worked with any of these products before, but we had a training demonstration yesterday with Dynatrace, and I have investigated the Wiz solution better. In terms of experience, it will be my first time with CDR. I am working with something for EDR, specifically, we have an EDR, it's VMware Carbon Black Cloud. They have a hybrid environment, both on-prem and cloud. I would usually recommend this product for big companies, because it's not cheap, so only big companies would I expect to pay for that. The review rating for VMware Carbon Black Cloud is 6 out of 10.

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"Its ability to react to cyber data attacks is awesome. That is pretty much the use of it. What blows your mind is the ability to access your assets remotely and see what is actually going on with them. You can not only see them in a console. You can also react very rapidly to your assets that are compromised."
"Cortex covers everything I need. It's a perfect solution. Cortex provides a different level of visibility because it's an extended EDR, allowing you to grab logs from the network and firewalls. Palo Alto invented the concept of the extended EDR or XDR."
"The anti-exploit is impenetrable."
"We switched because there were a lot of added features with Palo Alto that Check Point didn't have, and it was an upgrade for us."
"I recognize that Cortex XDR by Palo Alto Networks is one of the best products in its category regarding capabilities."
"The tool's use cases are relevant to security."
"If you are looking for security, mainly for advanced threat prevention from ransomware and malware attacks, I would recommend Cortex."
"Cortex XDR can integrate the firewalls and determine the tendencies of the attacks. It's a new generation antivirus, with protection endpoints and detection response. It is very easy to use and everybody can operate the solution."
"The product's initial setup phase was straightforward."
"What stands out to me is the dual-end user interface they provide."
"I like the tool's honeypot feature. Some features include having a honeypot to detect attacks in a certain area. Additionally, there is RDP protection, which means that when we remote into our server or any endpoint, we must enter a password as a second layer of security. It can also integrate with next-generation firewalls."
"The most valuable feature I have found in the system is its comprehensive end-to-end protection."
"It has a quick response time, threat intelligence, cybersecurity features, quick report generation, behavior analysis, dynamic detection, and quarantine features."
"The user-friendliness of Sangfor Endpoint Secure is particularly impressive. Even with basic technical knowledge, users can easily navigate the system, make changes, and implement updates."
"The real-time monitoring feature of Sangfor Endpoint Secure is truly real-time, with no delay compared to other solutions."
"Sangfor Endpoint Secure has some good policy certificates."
"They're highly stable in comparison with other solutions I have."
"Integration and scalability are the most valuable."
"Setting up and managing the setup for this solution is okay. It is stable, scalable, and it runs just fine. No issues with technical support."
"The solution does very well as a baseline EDR and provides good process-level management."
"The most valuable features are the threat-hunting and the batch console."
"Carbon Black Cb Response excels at providing context to indicators when responding to incidents. It allows responders to understand the entire scope of an incident and quickly contain it to minimize impact and disruption."
"​The ability to isolate an endpoint with only the host name and a click of a button is a major time saver."
"Carbon Black insures the probability that any ransomware will be stopped before spreading."
 

Cons

"It is not very strong in terms of endpoint management. It should have additional features like DLP, encryption, or advanced device control. Currently, Cortex is good in terms of the security of the endpoints, but it is not as good as other vendors in terms of the management of the endpoint."
"The playbooks could be improved to include more functionalities or actions."
"In general, the price could be more competitive."
"However, if you do not have Palo Alto in your environment, you are paying these additional services just for Cortex XDR by Palo Alto Networks, so it is not a cost-effective solution."
"The solution needs better reports. I think they should let the customer go in and customize the reports."
"The GUI could be improved. It's a little bit cumbersome. It could be more user-friendly."
"It is an enterprise-level solution. Its price could be less expensive."
"Cortex XDR could be improved with more GUI features."
"It is complicated to establish a tunnel due to technical issues in the VPN system."
"The interface has too many buttons, making it cluttered."
"Currently, the tool lacks reporting functionalities."
"Sangfor Endpoint Secure performs poorly."
"I face issues while migrating from Kaspersky to Sangfor Endpoint Secure."
"Sometimes, the VPN is not secure and doesn't work properly in Sangfor Endpoint Secure."
"It would be much more convenient if the migration tool could be installed directly on the customer's VMs, enabling a smoother migration process to the new infrastructure, with potential restrictions addressed accordingly."
"When an issue occurs, the response time for first-level support and the time taken for meetings could be improved."
"The product detects too many false positives initially and it could integrate better with other security solutions."
"They have different products, but if we wanted to take their protection and their EPR, then we would need to have two agents"
"The dashboard should be more user-friendly."
"Training and education for both partner and customer, including product marketing need to be improved."
"The solution can only handle about 500 bans or blocks."
"The education and awareness of customers here in Vietnam for Carbon Black CB Response is not good at the moment."
"They need to improve the batch console. It needs more capabilities. We are limited by the ones it provides..."
"One area for improvement is the maturity of its vulnerability features."
 

Pricing and Cost Advice

"I feel it is fairly priced."
"The cost depends on your chosen license type, like Pro or other licenses."
"The return on investment is from the user side because we have seen the performance of it increase the delivery time of the product if we are using too many web-based and on-premise applications. In indirect ways, we saw the return of investment in terms of performance and user satisfaction increase."
"It is cost-effective compared to similar solutions. It fits for the small businesses through to the big businesses."
"The pricing is okay, although direct support can be expensive."
"Cortex XDR's pricing is ok."
"Our license will require renewal in August, after which the maintenance will continue as usual."
"Cortex XDR’s pricing is very reasonable."
"Price-wise, Sangfor Endpoint Secure can be considered a competitively priced product in the market as it offers quite low prices compared to other solutions."
"We were using Hyper-V. So, we switched to Sangfor because of the pricing."
"The product is expensive compared to other vendors."
"Its "pay as you grow" model offers cost-effectiveness compared to major cloud providers."
"Sangfor Endpoint Secure is not a cheap solution."
"Sangfor Endpoint Secure's pricing is cheap. I rate it seven out of ten."
"The solution is cheap. It is cheaper than other products by 15-20 percent."
"You need to pay for the licensing of the product. The pricing is costly."
"The solution is very inexpensive so there is great cost savings to using it."
"VMware Carbon Black Cloud is an expensive solution."
"We had no issues purchasing through our preferred reseller and were able to get a fair price even when not purchasing direct. Carbon Black Enterprise Response didn’t break the bank, though adding on the matching antivirus and anti-malware components of the Protect product was more than we could afford, even with some discounting. Cb Response is really designed to complement Carbon Black’s Defense product. While Response can be used on its own, coupling with Defense seems like the best strategy if you can afford the price tag."
"Pricing for this solution could be made lower."
"Purchase Professional Services up front as part of the implementation package, then renew hours annually to ensure you have adequate support for upgrades and enhancements. Overbuy by at least 10% to account for infrastructure growth."
report
Use our free recommendation engine to learn which Endpoint Detection and Response (EDR) solutions are best for your needs.
902,988 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Construction Company
12%
Financial Services Firm
11%
Manufacturing Company
10%
Comms Service Provider
9%
Financial Services Firm
17%
Comms Service Provider
11%
University
7%
Media Company
7%
Construction Company
14%
Comms Service Provider
10%
Manufacturing Company
9%
Financial Services Firm
9%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business46
Midsize Enterprise21
Large Enterprise53
By reviewers
Company SizeCount
Small Business5
Midsize Enterprise3
Large Enterprise3
By reviewers
Company SizeCount
Small Business5
Midsize Enterprise3
Large Enterprise9
 

Questions from the Community

Cortex XDR by Palo Alto vs. Sentinel One
Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks. ...
Comparing CrowdStrike Falcon to Cortex XDR (Palo Alto)
Cortex XDR by Palo Alto vs. CrowdStrike Falcon Both Cortex XDR and Crowd Strike Falcon offer cloud-based solutions th...
How is Cortex XDR compared with Microsoft Defender?
Microsoft Defender for Endpoint is a cloud-delivered endpoint security solution. The tool reduces the attack surface,...
What needs improvement with Sangfor Endpoint Secure?
The interface has too many buttons, making it cluttered. It would be better if it were a simplified version with fewe...
What is your primary use case for Sangfor Endpoint Secure?
Sangfor Endpoint Secure is easy to handle with its user-friendly interface. The four engines it utilizes for endpoint...
What advice do you have for others considering Sangfor Endpoint Secure?
At first, people might not understand the interface, which is why it should be simplified. However, once they underst...
What to choose: an endpoint antivirus, an EDR solution or both?
I can recommend Carbon Black, an award-winning next-gen anti-virus (NGAV) and endpoint detection and response (EDR) s...
What's the difference between Carbon Black CB Response and Carbon Black CB Defense?
Carbon Black offers two different levels of Endpoint Detection and Response. One is the VM Carbon Black Cloud Endpoin...
What needs improvement with Carbon Black CB Response?
I see room for improvement as I remember some problems on compatibility with some operating systems; I recall we coul...
 

Also Known As

Cyvera, Cortex XDR, Palo Alto Networks Traps
No data available
Carbon Black CB Response
 

Overview

 

Sample Customers

CBI Health Group, University Honda, VakifBank
Information Not Available
ALLETE belk
Find out what your peers are saying about Sangfor Endpoint Secure vs. VMware Carbon Black Cloud and other solutions. Updated: June 2026.
902,988 professionals have used our research since 2012.