Janet Peng - PeerSpot reviewer
Manager of IT at a financial services firm with 10,001+ employees
  • 7
  • 676

I would like to compare CrowdStrike and Carbon Black. On what basis should I decide?

Hi. I need to compare CrowdStrike and Carbon Black. What is the advantage of CrowdStrike over Carbon Black and vice versa? For an enterprise, how do I decide which one is better for my needs?

PeerSpot user
10 Answers
Rodney Lee - PeerSpot reviewer
Executive Vice President, APAC at Cybots
Top 20
Mar 18, 2021

I agree with some of the comments. Crowdstrike is way ahead of CB. However, both are cloud solutions, and depending on your business regulatory guidelines, you may have challenges having to send raw data to the cloud directly from the endpoints. 

Product comparison that may be of interest to you
Rodney Lee - PeerSpot reviewer
Executive Vice President, APAC at Cybots
Top 20
Apr 13, 2021

I think the one thing you want to do is to review how much each solution will help you reduce your investigative workload... Each and every organization will have its own strength and requirements. If you're looking for an on premise solution, then maybe CB is your choice... cause as far as I know, CS only work from the cloud.

However, if your team is small and you don't want to be bogged down by alerts after alerts, try finding a solution that gives you conclusive and actionable intelligence - one that specifically points out the problem file/folder/endpoint for you.

Contact me if you want to know more - rodney@cybotsai.com

Hope it helps!

CEO at Computer Solutions & Security, Ltd
Apr 12, 2021

Both are great products. The cons are overcome partially resolved by other products.

NachiketSathaye - PeerSpot reviewer
Security Consultant at Freelancer
Real User
Jun 10, 2019

Pointers are based on the tests performed during the evaluation a few months back)

- Artificial Intelligence and Machine Learning
- Is a cloud solution
- Offers protection from known threats.
- Offers advanced threat protection
- ATP Technology: AI+ML on the Agent blocks threats before they execute. Also has sandbox capability
- Predictive / Proactive
- Offers memory defense and script control
- Is cloud/server dependent
- Requires constant Internet connectivity, cannot work offline
- Footprint: 1-2 % CPU/ 40MB
- Requires Scanning
- Requires Human Intervention
- Servers are required
- Offers Endpoint Detection and Response (EDR), Endpoint Protection Platform (EPP), Threat Intelligence
- Easy to use
- 2FA
- Does not require hourly updates
- Does not require traditional AV

Does not offer:
- Application Control
- Web Reputation Control
- Web Category Protection
- Host Firewall
- Port Control System
- Full Disk Encryption
- File-Based Encryption
- Removable Media Encryption

Carbon Black:
- Detection & Response
- Cloud or On-Premise architecture
- Requires constant hash lookup. If not connected, there will be no protection from known threats.
- Offers advanced threat prevention
- ATP Technology: Hash-based, behavior-based
- Reactive
- Offers memory defense and script control
- Application control: CB protection Product
- Cannot work offline (only cached hashes)
- Cloud / Server Dependent
- Requires constant Internet connectivity, cannot work offline
- Footprint: Large - high utilization + network utilization
- Does not require scanning.
- Requires constant requires hourly updates.
- Requires Traditional AV
- Requires Human Intervention, behavioral rules & malware signatures.
- Requires Multiple servers if on-premise.
- Endpoint Detection and Response (EDR), Endpoint Protection Platform (EPP), Threat Intelligence
- Is not easy to use.

Does not offer:
- Web Reputation Control
- Web Category Protection
- Host Firewall
- Port Control System
- Full Disk Encryption
- File-Based Encryption
- Removable Media Encryption

Few additional pointers:
1) There are commercials aspects and CB is costlier than CrowdStrike
2) CB is little heavy on the endpoint as compared to CrowdStrike
3) CrowdStrike is coming up with EDR agents for mobiles as well ( Beta is out and GA is expected in June-July 2019). This could be the game changer

it_user1071018 - PeerSpot reviewer
Former CISO | Cyber Security Enthusiast at a tech services company with 51-200 employees
Real User
Jan 2, 2020

While Carbon Black is great for good detections and incident Response, Crowdstrike is EDR on steroids. It's everything you require from an Endpoint Detection, Response and Visibility perspective. An all-in-one arsenal for best in the class Threat Intelligence, Threat Analytics, very capable Sandboxing, Attack Chain Visibility, Patching Systems, File-less malware detection and termination upon execution along with a graphical visualization of the Process, Child-process etc. Only drawback for organization with isolated / offline networks is, Crowdstrike is on the Cloud.

As this point in time, nothing comes close to CrowdStrike.

Sr. Account Executive at a tech services company with 1,001-5,000 employees
Jul 10, 2019

In a nutshell:

Carbon Black:
- Using the PSC is like your home alarm system being connected to every neighbor!
- The product has rich and unmatched set of features in the end point protection space. Very focused on capabilities and domain expertise.

- Easy out of the box, and provides so much more value than just an AV product.

Find out what your peers are saying about Carbon Black CB Defense vs. CrowdStrike Falcon and other solutions. Updated: November 2022.
653,522 professionals have used our research since 2012.
Prinicipal Security Sales Engineer at a computer software company with 501-1,000 employees
Real User
Jun 10, 2019

Depends on your sec-engineering staff size, the number of agents, integration with other tools. I would start by listing your use cases and break down what you mean by "better for my needs". Too many variables.

it_user784911 - PeerSpot reviewer
Threat Management GBB at Microsoft
Real User
Jun 10, 2019

Why are you just looking at those solutions? You should also consider Microsoft Defender ATP (https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp) which is no longer just limited to monitoring Windows and which Gartner has stated as being influential in this market.

Specialist at XYZ
Jun 10, 2019

Since both are an EDR solution, I would suggest analyzing which provides end to end mitigation. I know CB has 3 modules for the detailed analysis but not sure on the CrowdStrike.

Dr Trust Tshepo Mapoka - PeerSpot reviewer
Senior Cybersecurity Consultant at CIA Botswana
Real User
Top 5
May 4, 2020

CrowdStrike provides both a streaming and query REST API for accessing many of the features available through the Falcon Platform's UI. Carbon Black also provides a well-documented REST API for building custom integrations with the platform.
Technical comparison can be found at Gartner page: https://www.gartner.com/reviews/market/endpoint-protection-platforms/compare/carbon-black-vs-crowdstrike

Highly recommended for use is Crowdstrike.

Related Questions
CIO & Information manager at a leisure / travel company with 501-1,000 employees
Apr 26, 2022
Hi peers,   I work as the CIO & Information Manager in the gaming and gambling industry. The company has 650 employees and >30.000 customers. I'm not able to find a study where Darktrace is compared against Crowdstrike Falcon (or other solutions for endpoint security, e.g. Sentinel One).  Can anyone help and share their insights?  Thanks, Regards from the Netherlands
See 2 answers
Consultant at a computer software company with 51-200 employees
Mar 31, 2022
Hi @reviewer1799568, Most of these comparisons are opinions and some tests are done in specific conditions that might not suit or reflect your organization's needs and roadmap. Ultimately, the cost of a mistake is a data breach and not just an audit finding or operational discomfort. I mention this because there are no viable shortcuts. I suggest you test the solutions thoroughly in your own environment to see what works for you. The gaming floor is hopefully "air-gapped" and the solution should respect that segregation and still provide great security and visibility. One of the challenges is security updates. For such an environment you would need comprehensive AI and machine learning. I suggest you look at the difference between IOC and IOA. IOA vs IOC: Defining & Understanding The Differences | CrowdStrike. (Please also check other sources). Good luck and stay safe!  
Partner Account Manager 🔆 at SEC DataCom A/S
Apr 26, 2022
Hi. I am told that Darktrace is a complimentary product that doesn't do any endpoint protection.
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
Nov 24, 2021
Which is better and why?
See 1 answer
Jairo Willian Pereira - PeerSpot reviewer
Information Security Manager at a financial services firm with 5,001-10,000 employees
Nov 24, 2021
I don't know these 2 solutions but a very important point to consider is called Linux (or Macintosh - non-Windows platforms that must be inspected by the tool.
Download Free Report
Download our FREE report comparing Carbon Black CB Defense and CrowdStrike Falcon based on reviews, features, and more! Updated: November 2022.
653,522 professionals have used our research since 2012.