We performed a comparison between VMware Carbon Black Cloud and VMware Carbon Black Endpoint based on real PeerSpot user reviews.
Find out in this report how the two Security Incident Response solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The product's initial setup phase is very easy."
"Fortinet is very user-friendly for customers."
"It is a scalable solution...The initial setup of Fortinet FortiEDR was straightforward."
"Forensics is a valuable feature of Fortinet FortiEDR."
"The price is low and quite competitive with others."
"The console is easy to read. I also like the scanning part and the ability to move assets from one to the other."
"The main thing is that I feel safe. Because the processes that have been used to get a handle on the attackers are much better than other competitors"
"Fortinet FortiEDR's firewalling, rule creation, monitoring, and inspection profiles are great."
"The most valuable feature is its ability to seek out abnormal activity and to create alerts."
"VMware Carbon Black Cloud is a user-friendly solution that can isolate machines from the rest of the network."
"The ability to isolate an endpoint with only the host name and a click of a button is a major time saver."
"The enhanced logging and data analysis of the incident response and investigation components allowed us to quickly identify and resolve security issues before they could spread."
"The most valuable features are its lightweight design, ensuring minimal impact on end-users, and its real-time protection."
"The detection response and quarantining are very good features."
"Integration and scalability are the most valuable."
"Threat hunting is the most valuable feature of VMware Carbon Black Cloud."
"Carbon Black CB Defense has helped improve my organization by allowing us to have better data so that we can do correlation and get visibility into the alerts."
"It has intelligent learning behind it and we have been very successful in preventing attacks."
"The data analysis is the most valuable because of the whitelist database. It is different than standard IDS solutions."
"It gives you all of the information in a short and sweet fashion."
"The tool is pretty stable."
"It is a stable solution...The initial setup of VMware Carbon Black Endpoint was easy."
"I found it very valuable as a whole. It is good at detecting anything and has kept us very safe. It is also very easy to use."
"It is a scalable solution...The initial setup was straightforward."
"Integration with Azure and SaaS provisioning tools could improve Fortinet FortiEDR."
"FortiEDR can be improved by providing more detailed reporting."
"We've had a lot of false positives; things incorrectly flagged that require manual configuration to allow. Even worse, after we allow a legitimate program, it sometimes gets flagged again after an update. This has caused a lot of extra work for my team."
"We'd like to see more one-to-one product presentations for the distribution channels."
"The amount of usage, the number of details we get, or the number of options that can be tweaked is limited in comparison to that with other EDR solutions"
"The dashboard isn't easy to access and manage."
"The EDR console should have more extensive reporting. You shouldn't need to purchase FortiAnalyzer. It should be included in the EDR part. The security adviser cloud platform could be improved with more options for exclusive or intensive rules for devices."
"I think cloud security and SASE are areas of concern in the product where improvements are required. The tool's cloud version has to be improved in terms of the security it offers."
"They have different products, but if we wanted to take their protection and their EPR, then we would need to have two agents"
"The dashboard should be more user-friendly."
"One area for improvement is the maturity of its vulnerability features."
"Training and education for both partner and customer, including product marketing need to be improved."
"The cloud console has a lot of bugs and issues in the analysis part."
"The biggest issue I encountered was one where old logs were not being overwritten as expected so the system drive kept filling up from time to time. However, support was usually quite responsive and happy to jump on a remote session to take a look at it for us. That log bug has probably been resolved with an update by now."
"The solution needs to simplify the process of adding custom watchlists, as well as embrace YARA for rule creation."
"The threat intelligence feed could use some fine tweaking."
"When you view the triage, it will show you everything within a given time frame, and not only the attack that caused the alert, which is what I want to see. It shows you all the events during that time, and that can be quite confusing."
"The local technical support is very poor, but the support from headquarters is very nice."
"They will most likely need to create or include a feature that checks the network."
"Adding an application and a device control feature would be a great help for this solution."
"This product should be cheaper."
"I would like to see improvements made so that we can better see all of the processes."
"It would be a better solution if Carbon Black Cb Defense had an on-promise solution and a virus auto delete or quarantine."
"Carbon Black CB Defense has helped improve my organization by allowing us to have better data so that we can do correlation and get visibility into the alerts."
VMware Carbon Black Cloud is ranked 2nd in Security Incident Response with 18 reviews while VMware Carbon Black Endpoint is ranked 1st in Security Incident Response with 61 reviews. VMware Carbon Black Cloud is rated 8.4, while VMware Carbon Black Endpoint is rated 8.0. The top reviewer of VMware Carbon Black Cloud writes " Shows promise for endpoint detection and response, with room for improvement in complexity and pricing ". On the other hand, the top reviewer of VMware Carbon Black Endpoint writes "Centralization via the cloud allows us to protect and control people working from home". VMware Carbon Black Cloud is most compared with Fidelis Elevate, Splunk SOAR and Palo Alto Networks Cortex XSOAR, whereas VMware Carbon Black Endpoint is most compared with CrowdStrike Falcon, Microsoft Defender for Endpoint, Trend Micro Deep Security, SentinelOne Singularity Complete and Cortex XDR by Palo Alto Networks. See our VMware Carbon Black Cloud vs. VMware Carbon Black Endpoint report.
See our list of best Security Incident Response vendors and best Endpoint Detection and Response (EDR) vendors.
We monitor all Security Incident Response reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Carbon Black offers two different levels of Endpoint Detection and Response. One is the VM Carbon Black Cloud Endpoint Standard (CB Defense), and the other is the Carbon Black Endpoint Detection and Response (EDR). We reviewed both and chose the CB Defense.
CB Defense is a next-generation antivirus and endpoint security solution. It uses machine learning and behavioral analytics to monitor endpoint activity and discover malicious activity. Once CB Defense detects a threat, it efficiently blocks harmful apps. It not only prevents any known threats but also prevents suspicious applications from running.
One of the advantages of CB Defense is that it protects multiple types of devices (desktops, laptops, and servers). It is a solution that works well for small and large organizations. We like the ease of use and visibility of the management portal. You can see the activity on all protected endpoints. Configuring policies is simple, too.
The only downside of CB Defense is that you cannot scan individual files on the endpoint.
Carbon Black Endpoint Detection and Response (EDR) is geared more to security operation center teams (SOC) with hybrid or on-premises environments. Unlike CB Defense, Carbon Black EDR stores endpoint activity data. This feature helps security analysts visualize the attack kill chain. Although focused on an on-premises environment, the platform uses the VMWare Carbon Black Cloud’s threat intelligence.
CB Response enables security teams to investigate an endpoint for suspicious activity. An advantage is that you can perform different types of investigations. Other advantages include seeing the process tree view of the endpoint and isolating and pulling files from a host. We also liked that you can see a timeline of changes made to a system. The defensive abilities are not as advanced as CB Defense, though.
Conclusion
Both solutions protect endpoints with advanced features. CB Defense is more useful for organizations. CB EDR offers deeper investigation features so that it could be a better solution for SOCs.