• Home
  • Splunk SOAR vs. VMware Carbon Black Endpoint

Splunk SOAR vs VMware Carbon Black Endpoint comparison

Cancel
You must select at least 2 products to compare!
Microsoft Logo

Microsoft Sentinel

Read 85 Microsoft Sentinel reviews
17,980 views|10,109 comparisons
92% willing to recommend
Splunk Logo

Splunk SOAR

Read 30 Splunk SOAR reviews
6,753 views|4,009 comparisons
85% willing to recommend
VMware Logo

VMware Carbon Black Endpoint

Read 61 VMware Carbon Black Endpoint reviews
13,807 views|9,222 comparisons
90% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Security Orchestration Automation and Response (SOAR)
April 2024
Executive Summary

We performed a comparison between Splunk SOAR and VMware Carbon Black Endpoint based on real PeerSpot user reviews.

Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR).
To learn more, read our detailed Security Orchestration Automation and Response (SOAR) Report (Updated: April 2024).
Download the complete report
768,886 professionals have used our research since 2012.
Featured Review
Sachin Paul
Researched Splunk SOAR but chose Microsoft Sentinel: Makes data integration very easy for our SOC
It enables data integration within our hybrid, multi-cloud environment, and it makes this data integration very easy for our security operations... Read more →
Steven Bochniewicz
Takes most of the work away, but the time they take to implement new features is a little bit of concern
A lot of it comes down to the time and effort savings. For what we are doing with Splunk SOAR, a human would take a lot more time. Some things are... Read more →
Ricardo Franco Mahecha
Integrates with different software's log servers and easy to scale
We have a single point of view of all the security systems, and it has some interesting tools.
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found.""Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible.""The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning.""Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources.""Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases.""We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place.""Native integration with Microsoft security products or other Microsoft software is also crucial. For example, we can integrate Sentinel with Office 365 with one click. Other integrations aren't as easy. Sometimes, we have to do it manually.""Log aggregation and data connectors are the most valuable features."

More Microsoft Sentinel Pros →

"I'm just a beginner on the solution and it's pretty easy for me to use.""Very flexible integration with other tools""My understanding is the initial setup isn't too hard.""Technical support is helpful.""The solution allows us to customize playbooks and incorporate custom code, allowing us to drag and drop elements while still writing code to build the integrations we need.""It's pretty easy when it comes to setting up assets. If you want to fetch emails or call a REST API, you can set up an asset and grab that information.""The ability to automate Splunk SOAR and customize the playbook use cases is the most valuable feature and is very exciting for me.""The most valuable feature of Splunk SOAR is the automated playbooks, which saves analysts time."

More Splunk SOAR Pros →

"CB Defense is more powerful, and you can take more actions than others. Its security features and signatures are constantly updated, so it is more effective than other security solutions.""I like its protection very much. It protects and allows us to lock the environment pretty tightly. Nothing that is not approved through Carbon Black can run in the environment. There is no default. Everything goes through Carbon Black Protect, and everything has to be first approved. Every software is considered to be guilty before prove innocent.""The solution has a very nice API on the back end for remoting into a system and executing scripts or utilizing self automation.""It is a stable solution...The initial setup of VMware Carbon Black Endpoint was easy.""It is a very complete platform.""I like the historical features, interface, and integration.""​Provides visibility into the chain of attack and threats that use valid operating system processes to execute attacks.​""The initial setup is very easy."

More VMware Carbon Black Endpoint Pros →

Cons
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement.""They should integrate it with many other software-as-a-service providers and make connectors available so that you don't have to do any sort of log normalization.""They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good.""Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter.""The solution could be more user-friendly; some query languages are required to operate it.""Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect.""If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries.""Not all information shows up in Sentinel. Sometimes there are items provided in 365 and if you looked in Sentinel you would not see them and therefore think they do not exist. There can be discrepancies between Microsoft tools."

More Microsoft Sentinel Cons →

"The algorithm and machine learning have room for improvement and can be more user-friendly.""We've run into a few minor issues. Some of the playbook writing is a bit complicated. We've had a few hiccups with the source control. We'd really like to use GitHub deployment keys for a dedicated account. We haven't been able to do that. I think those are some of the major ones.""The Splunk SOAR platform was not designed specifically for case management which is why this area needs improvement.""The pricing could be a bit more reasonable. It would be great if it were feasible for smaller organizations.""The application does not work properly and does not pass the log-based configuration. I feel that some kind of review should happen in the application. This review should validate things so that we can get the right information. Splunk does not tell us where the IP address is associated with.""Some of the training materials are on a basic level.""Suppose I am initially granted user rights or analyst rights, but later on, I also get admin rights. SOAR is unable to amend the limitations of my role. I raised a support ticket with Splunk about this. They said it's a bug in their 5.3.5 version. To fix this, I had to reinstall the entire platform from scratch..""What we have seen is if the workflow gets halted or if we want to halt a workflow, it cannot be resumed."

More Splunk SOAR Cons →

"Carbon Black has limited capability to integrate with Rapid7.""The solution needs better overall compatibility with other products.""This solution could have greater granular control on how certain applications work.""Carbon Black CB Defense has helped improve my organization by allowing us to have better data so that we can do correlation and get visibility into the alerts.""In the next release, it would help if we can get better control over containers.""The solution needs expanded endpoint query tools.""I haven't run into anything that needs improvement. The website interface can be a little bit better, but it's still good as compared to most others.""The local technical support is very poor, but the support from headquarters is very nice."

More VMware Carbon Black Endpoint Cons →

Pricing and Cost Advice
  • "It comes with a Microsoft subscription which the customer has, so they don't have to invest somewhere else."
  • "It is a consumption-based license model. bands at 100, 200, 400 GB per day etc. Azure Sentinel Pricing | Microsoft Azure"
  • "Good monthly operational cost model for the detection and response outcomes delivered, M365 logs don't count toward the limits which is a good benefit."
  • "I have had mixed feedback. At one point, I heard a client say that it sometimes seems more expensive. Most of the clients are on Office 365 or M365, and they are forced to take Azure SIEM because of the integration."
  • "It is kind of like a sliding scale. There are different tiers of pricing that go from $100 per day up to $3,500 per day. So, it just kind of depends on how much data is being stored. There can be additional costs to the standard license other than the additional data. It just kind of depends on what other services you're spinning up in Azure, or if you're using something like Azure log analytics."
  • "I am just paying for the log space with Azure Sentinel. It costs us about $2,000 a month. Most of the logs are free. We are only paying money for Azure Firewall logs because email logs or Azure AD logs are free to use for us."
  • "Sentinel is a bit expensive. If you can figure a way of configuring it to meet your needs, then you can find a way around the cost."
  • "Azure Sentinel is very costly, or at least it appears to be very costly. The costs vary based on your ingestion and your retention charges."

    • More Microsoft Sentinel Pricing and Cost Advice →

  • "I don't know the exact price, but for my region, it is very expensive."
  • "In my opinion, the price is high, but if you want good products, you have to be willing to pay for them."
  • "It's very overpriced because it is based on the number of users. There is no bulk licensing."
  • "Splunk SOAR is more expensive compared to other options for SOAR."
  • "The licensing cost is reasonable."
  • "When we first purchased our Splunk SOAR license, it was based on an event-count model. It was based on the number of events. I had strong opinions at the time that automation should not be stifled by the amount of automation you can accomplish, so the previous structure was not as beneficial for us. Later that year, we got told or saw at a conference that they announced user-based pricing. We are now in a renewal period, so we migrated to a user-based license model, which is more appropriate for us so that we no longer have to worry about stifling our automation based on the quantity."
  • "Splunk SOAR is an expensive solution for an organization of our size."
  • "The cost is high and the licensing is on an annual basis."

    • More Splunk SOAR Pricing and Cost Advice →

  • "​The cost/benefit factor has great relevance in Cb Defense implementations​."
  • "The cost is a considerable factor, but the benefit factor is the most important. When you compare it with other products, the price is high. Carbon Black will negotiate the price."
  • "I am not really involved in the pricing of this product. But, from my understanding, it is OK for us."
  • "Carbon Black might be a touch more expensive than Symantec. They tend to get a premium for their capabilities. They're sort of an industry leader in a lot of areas with the functionality that they provide."
  • "We have branches, we have different companies, but we cannot buy less than 100 licenses. This does not make sense to me... It should be more flexible. I can understand their saying, "Okay, to be a customer you need 100," but to add on to that number it should be something very straightforward. If I need to add five, for example, I shouldn't need to add 100."
  • "The pricing [is] more or less the same as other similar solutions."
  • "It's reasonable in price"
  • "The price for the solution is completely at government level, meaning one which is very high."

    • More VMware Carbon Black Endpoint Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
    See Recommendations
    768,886 professionals have used our research since 2012.
    Questions from the Community
    Is there a common threat intelligence tool that aggregates multiple threa...
    Top Answer:Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and… more »
    Read all 10 answers   →
    What is a better choice, Splunk or Azure Sentinel?
    Top Answer:It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for… more »
    Which is better - Azure Sentinel or AWS Security Hub?
    Top Answer:We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is… more »
    Read all 2 answers   →
    What do you like most about Splunk Phantom?
    Top Answer:Splunk SOAR's quick response to incidents is the most valuable part.
    Read all 20 answers   →
    What is your experience regarding pricing and costs for Splunk Phantom?
    Top Answer:The cost is high and the licensing is on an annual basis.
    Read all 18 answers   →
    What needs improvement with Splunk Phantom?
    Top Answer:The cost of Splunk SOAR has room for improvement.
    Read all 19 answers   →
    What to choose: an endpoint antivirus, an EDR solution or both?
    Top Answer:I can recommend Carbon Black, an award-winning next-gen anti-virus (NGAV) and endpoint detection and response (EDR)… more »
    Read all 9 answers   →
    What's the difference between Carbon Black CB Response and Carbon Black C...
    Top Answer:Carbon Black offers two different levels of Endpoint Detection and Response. One is the VM Carbon Black Cloud Endpoint… more »
    Read all 2 answers   →
    What do you like most about Carbon Black CB Defense?
    Top Answer:VMware Carbon Black Endpoint is a highly stable solution.
    Read all 46 answers   →
    Comparisons
    Also Known As
    Azure Sentinel
    Phantom
    Carbon Black CB Defense, Bit9, Confer
    Learn More
    Microsoft
    Splunk
    VMware
    Overview

    Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

    - Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

    - Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

    - Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

    - Respond to incidents rapidly with built-in orchestration and automation of common tasks

    To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

    Splunk SOAR offers features like automation and orchestration of manual tasks, speeding up work, detection and response to advanced and emerging threats. 

    Go from overwhelmed to in-control

    Automate manual tasks. Address every alert, every day. Establish repeatable procedures that allow security analysts to stop being reactive and focus on mission-critical objectives to protect your business.

    Force multiply your team

    Orchestrate and automate repetitive tasks, investigation and response to increase efficiency and productivity, and do more with the people you already have. Make a team of three feel like a team of 10.

    From 30 minutes to 30 seconds

    Work faster with Splunk SOAR. Respond to threats in seconds. Lower your mean time to respond (MTTR) by automating security tasks and workflows across all of your security tools.

    End-to-end security operations made easy

    Take advantage of Splunk Enterprise Security and Splunk SOAR joining forces to provide a seamless and intuitive SecOps platform to prevent, detect and respond to advanced and emerging threats.

    VMware Carbon Black Endpoint Security is a comprehensive endpoint protection platform (EPP) designed to safeguard enterprises from advanced cyber threats, malware, ransomware, and other forms of malicious attacks. Leveraging cloud-native architecture, it provides a robust set of tools to detect, prevent, investigate, and respond to cybersecurity incidents across environment. The solution stands out for its advanced behavioral analytics, real-time threat hunting, and customizable policies, making it a preferred choice for businesses seeking to fortify their defenses in the evolving cybersecurity landscape.

    Modernize Your Endpoint Protection

    Legacy approaches to prevention leave organizations exposed. Get an endpoint platform that helps you strengthen and unify security tools to see more and stop more.

    Simplify Your Security Stack

    By simplifying endpoint security capabilities with one endpoint agent and console, you can minimize downtime, respond to incidents and return critical CPU cycles back to the business.

    Operate with Confidence

    Modern environments are increasingly complex. VMware Carbon Black is a single source of truth that provides an intuitive understanding of your environment, enabling confident decisions.

    Sample Customers
    Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
    Recorded Future, Blackstone
    Netflix, Progress Residential, Indeed, Hologic, Gentle Giant, Samsung Research America
    Top Industries
    REVIEWERS
    Financial Services Firm22%
    Computer Software Company11%
    Manufacturing Company8%
    Comms Service Provider8%
    VISITORS READING REVIEWS
    Computer Software Company16%
    Financial Services Firm10%
    Government9%
    Manufacturing Company7%
    REVIEWERS
    Financial Services Firm38%
    University13%
    Computer Software Company13%
    Manufacturing Company6%
    VISITORS READING REVIEWS
    Financial Services Firm14%
    Computer Software Company14%
    Government10%
    Manufacturing Company10%
    REVIEWERS
    Manufacturing Company20%
    Computer Software Company18%
    Financial Services Firm9%
    Construction Company9%
    VISITORS READING REVIEWS
    Computer Software Company15%
    Financial Services Firm10%
    Government9%
    Manufacturing Company7%
    Company Size
    REVIEWERS
    Small Business33%
    Midsize Enterprise21%
    Large Enterprise47%
    VISITORS READING REVIEWS
    Small Business25%
    Midsize Enterprise16%
    Large Enterprise59%
    REVIEWERS
    Small Business30%
    Midsize Enterprise20%
    Large Enterprise50%
    VISITORS READING REVIEWS
    Small Business18%
    Midsize Enterprise13%
    Large Enterprise69%
    REVIEWERS
    Small Business42%
    Midsize Enterprise15%
    Large Enterprise42%
    VISITORS READING REVIEWS
    Small Business26%
    Midsize Enterprise19%
    Large Enterprise55%
    Buyer's Guide
    Security Orchestration Automation and Response (SOAR)
    April 2024
    Download Free Report
    Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR). Updated: April 2024.
    DOWNLOAD NOW
    768,886 professionals have used our research since 2012.

    Splunk SOAR is ranked 3rd in Security Orchestration Automation and Response (SOAR) with 30 reviews while VMware Carbon Black Endpoint is ranked 17th in Endpoint Protection Platform (EPP) with 61 reviews. Splunk SOAR is rated 8.0, while VMware Carbon Black Endpoint is rated 8.0. The top reviewer of Splunk SOAR writes "Takes most of the work away, but the time they take to implement new features is a little bit of concern". On the other hand, the top reviewer of VMware Carbon Black Endpoint writes "Centralization via the cloud allows us to protect and control people working from home". Splunk SOAR is most compared with Palo Alto Networks Cortex XSOAR, Cortex XSIAM, ServiceNow Security Operations, Torq and Cisco SecureX, whereas VMware Carbon Black Endpoint is most compared with CrowdStrike Falcon, Microsoft Defender for Endpoint, Trend Micro Deep Security, SentinelOne Singularity Complete and Symantec Endpoint Security.

    We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.