Sec consultant at a tech services company with 5,001-10,000 employees
Consultant
Top 20
Oct 29, 2025
I am not really looking for a new solution, actually, I was preparing for an interview and wanted to have a comparison between both tools. I have not worked with any of these products before, but we had a training demonstration yesterday with Dynatrace, and I have investigated the Wiz solution better. In terms of experience, it will be my first time with CDR. I am working with something for EDR, specifically, we have an EDR, it's VMware Carbon Black Cloud. They have a hybrid environment, both on-prem and cloud. I would usually recommend this product for big companies, because it's not cheap, so only big companies would I expect to pay for that. The review rating for VMware Carbon Black Cloud is 6 out of 10.
My advice to anyone considering implementing Carbon Black Cloud for their environment would be to go for it, especially if you are using a Workspace ONE environment from VMware for client management. The integration between Carbon Black Cloud and Workspace ONE is excellent. Overall, I would rate the solution as an eight out of ten.
So far, it has been easy to quarantine a machine if it has been affected by a threat in the network. If you suspect that a machine is infected, you can quarantine it from the network. Tools themselves are not that different. They may have a few different features, but you have to understand how they are analyzing things. This is the most important part of a tool. The analysis is what makes a tool complex, simple and user-friendly. However, there is a balance between a tool's ability to investigate something thoroughly and its user-friendliness. Thorough investigations obviously require more complexity. Some tools are more simple and eye-catching, but some don’t look very user-friendly, but they are good at deep analysis. Overall, I would rate the solution a six out of ten.
Information Technology System Administrator at General Assembly
Real User
Jun 8, 2023
So it is straightforward when I've had to interact with the console, manage devices there, responding to security incidents. It is nice when you're in a situation where you think someone's device is compromised and that there's some malware getting into your fleet. In that case, if you are trying to solve the problem you're dealing with regarding the security event, then it works great. I rate the solution a nine out of ten.
We are SI (system integrator), so we are not implementing for ourselves, but implementing for our customers. We are familiar with the Workspace ONE or Microsoft EMS which includes Intune and other products for EMS, e.g. Sophos Mobile or ManageEngine. Mostly what we are using is CB Response, because we have a product on Carbon Black CB Response. I'm rating Carbon Black CB Response a nine for the technical part, but for the pricing, it's a seven for me, so my overall rating is an eight out of ten.
Sales Engineer at a computer software company with 201-500 employees
MSP
Oct 12, 2021
I rate Carbon Black CB Respons nine out of 10. I don't have much to say about it because endpoint detection and response tools are pretty much a commodity nowadays. There are so many good tools out there. What matters is the ability to manage those tools and utilize them in a threat-hunting mode.
Senior Manager at a financial services firm with 1,001-5,000 employees
Real User
Feb 13, 2020
I do not think I have a lot of advice for people who are considering implementing the product at this point because most of our experience with the product has been relatively straightforward. I would just suggest that you have your white list set up before deploying if you are using automatic quarantine. Otherwise, it can cause issues in your operating environment. This is especially important if you are a sensitive location like a bank. In that case, automatic quarantine could be a big issue. On a scale from one to ten where one is the worst and ten is the best, I would rate Carbon Black CB Response as between an eight or nine. For our use case, I would say it is an eight.
Senior Manager at a financial services firm with 1,001-5,000 employees
Real User
Feb 13, 2020
I do not think I have a lot of advice for people who are considering implementing the product at this point because most of our experience with the product has been relatively straightforward. I would just suggest that you have your white list set up before deploying if you are using automatic quarantine. Otherwise, it can cause issues in your operating environment. This is especially important if you are a sensitive location like a bank. In that case, automatic quarantine could be a big issue. On a scale from one to ten where one is the worst and ten is the best, I would rate Carbon Black CB Response as between an eight or nine. For our use case, I would say it is an eight.
Senior Software Developer Engineer at Diyar United Company
Reseller
Aug 7, 2019
We are using both on-premises and cloud deployment models. I would rate the solution eight out of ten. Carbon Black is a very good product, but you still have to work on it from the perspective of MLA analyzing and installation. You have to fine-tune it to create a watch list and so on. These are the main things that they need to work on in order to improve the EDR services on their product.
Senior Software Developer Engineer at Diyar United Company
Reseller
Aug 7, 2019
We are using both on-premises and cloud deployment models. I would rate the solution eight out of ten. Carbon Black is a very good product, but you still have to work on it from the perspective of MLA analyzing and installation. You have to fine-tune it to create a watch list and so on. These are the main things that they need to work on in order to improve the EDR services on their product.
Group CIO at a construction company with 10,001+ employees
Real User
Jul 2, 2019
I recommend using Carbon Black, but get enough training before deploying. This is very important. On a scale from 1 to 10, I would rate this product an 8.5 overall.
Group CIO at a construction company with 10,001+ employees
Real User
Jul 2, 2019
I recommend using Carbon Black, but get enough training before deploying. This is very important. On a scale from 1 to 10, I would rate this product an 8.5 overall.
Cyber Defense Consulunt at a security firm with 11-50 employees
Reseller
Jun 26, 2019
I would recommend anyone to go ahead with Carbon Black if they are looking for an EDR solution. From my experience with selling, some people have a misunderstanding of what it is they are supposed to do. I would recommend going with it but be aware that you will be overwhelmed with the number of receipts which require somebody to begin to follow up and investigate each incident. This is not something bad, it's something good because of the way that security goes, you need to go through every incident to understand whether it is a false positive or true positive so they need to be reviewed. This is not an automated solution, it's something that somebody needs to take care of. I would rate this solution as a 9.5 out of 10. We know what we are doing. We know we bought Carbon Black for a reason so we are aware of everything and it's doing its job. We see that there is an area for enhancement, I think the product or business unit or product management, they need to look more into an area for enhancement which is just part of it. So that is why I didn't give it a ten. A 9.5 fair for them. Maybe other people would think to get it lowered but because they have a misunderstanding about what Carbon Black is about.
Cyber Defense Consulunt at a security firm with 11-50 employees
Reseller
Jun 26, 2019
I would recommend anyone to go ahead with Carbon Black if they are looking for an EDR solution. From my experience with selling, some people have a misunderstanding of what it is they are supposed to do. I would recommend going with it but be aware that you will be overwhelmed with the number of receipts which require somebody to begin to follow up and investigate each incident. This is not something bad, it's something good because of the way that security goes, you need to go through every incident to understand whether it is a false positive or true positive so they need to be reviewed. This is not an automated solution, it's something that somebody needs to take care of. I would rate this solution as a 9.5 out of 10. We know what we are doing. We know we bought Carbon Black for a reason so we are aware of everything and it's doing its job. We see that there is an area for enhancement, I think the product or business unit or product management, they need to look more into an area for enhancement which is just part of it. So that is why I didn't give it a ten. A 9.5 fair for them. Maybe other people would think to get it lowered but because they have a misunderstanding about what Carbon Black is about.
Security Analyst at a financial services firm with 10,001+ employees
Real User
Mar 11, 2019
You need to analyze your organization's needs. If you just want to protect things, it's very useful. I rate the solution at eight out of ten because they need to improve the console. We would like it to let us type commands that are native to the operating system, not the ones that are included in the product. The product, in terms of maturity, is still at the very beginning.
Fortify Endpoint and Workload Protection
Legacy approaches fall short as cybercriminals update tactics and obscure their actions. Get advanced cybersecurity fueled by behavioral analytics to spot minor fluctuations and adapt in response.
Recognize New Threats
Analyze attackers’ behavior patterns to detect and stop never-before-seen attacks with continuous endpoint activity data monitoring. Don’t get stuck analyzing only what’s worked in the past.
Simplify Your Security Stack
Streamline the...
I am not really looking for a new solution, actually, I was preparing for an interview and wanted to have a comparison between both tools. I have not worked with any of these products before, but we had a training demonstration yesterday with Dynatrace, and I have investigated the Wiz solution better. In terms of experience, it will be my first time with CDR. I am working with something for EDR, specifically, we have an EDR, it's VMware Carbon Black Cloud. They have a hybrid environment, both on-prem and cloud. I would usually recommend this product for big companies, because it's not cheap, so only big companies would I expect to pay for that. The review rating for VMware Carbon Black Cloud is 6 out of 10.
Overall, I rate VMware Carbon Black Cloud an eight out of ten.
My advice to anyone considering implementing Carbon Black Cloud for their environment would be to go for it, especially if you are using a Workspace ONE environment from VMware for client management. The integration between Carbon Black Cloud and Workspace ONE is excellent. Overall, I would rate the solution as an eight out of ten.
So far, it has been easy to quarantine a machine if it has been affected by a threat in the network. If you suspect that a machine is infected, you can quarantine it from the network. Tools themselves are not that different. They may have a few different features, but you have to understand how they are analyzing things. This is the most important part of a tool. The analysis is what makes a tool complex, simple and user-friendly. However, there is a balance between a tool's ability to investigate something thoroughly and its user-friendliness. Thorough investigations obviously require more complexity. Some tools are more simple and eye-catching, but some don’t look very user-friendly, but they are good at deep analysis. Overall, I would rate the solution a six out of ten.
So it is straightforward when I've had to interact with the console, manage devices there, responding to security incidents. It is nice when you're in a situation where you think someone's device is compromised and that there's some malware getting into your fleet. In that case, if you are trying to solve the problem you're dealing with regarding the security event, then it works great. I rate the solution a nine out of ten.
I rate the solution an eight out of ten.
We are SI (system integrator), so we are not implementing for ourselves, but implementing for our customers. We are familiar with the Workspace ONE or Microsoft EMS which includes Intune and other products for EMS, e.g. Sophos Mobile or ManageEngine. Mostly what we are using is CB Response, because we have a product on Carbon Black CB Response. I'm rating Carbon Black CB Response a nine for the technical part, but for the pricing, it's a seven for me, so my overall rating is an eight out of ten.
I rate Carbon Black CB Respons nine out of 10. I don't have much to say about it because endpoint detection and response tools are pretty much a commodity nowadays. There are so many good tools out there. What matters is the ability to manage those tools and utilize them in a threat-hunting mode.
I do not think I have a lot of advice for people who are considering implementing the product at this point because most of our experience with the product has been relatively straightforward. I would just suggest that you have your white list set up before deploying if you are using automatic quarantine. Otherwise, it can cause issues in your operating environment. This is especially important if you are a sensitive location like a bank. In that case, automatic quarantine could be a big issue. On a scale from one to ten where one is the worst and ten is the best, I would rate Carbon Black CB Response as between an eight or nine. For our use case, I would say it is an eight.
I do not think I have a lot of advice for people who are considering implementing the product at this point because most of our experience with the product has been relatively straightforward. I would just suggest that you have your white list set up before deploying if you are using automatic quarantine. Otherwise, it can cause issues in your operating environment. This is especially important if you are a sensitive location like a bank. In that case, automatic quarantine could be a big issue. On a scale from one to ten where one is the worst and ten is the best, I would rate Carbon Black CB Response as between an eight or nine. For our use case, I would say it is an eight.
We are using both on-premises and cloud deployment models. I would rate the solution eight out of ten. Carbon Black is a very good product, but you still have to work on it from the perspective of MLA analyzing and installation. You have to fine-tune it to create a watch list and so on. These are the main things that they need to work on in order to improve the EDR services on their product.
We are using both on-premises and cloud deployment models. I would rate the solution eight out of ten. Carbon Black is a very good product, but you still have to work on it from the perspective of MLA analyzing and installation. You have to fine-tune it to create a watch list and so on. These are the main things that they need to work on in order to improve the EDR services on their product.
I recommend using Carbon Black, but get enough training before deploying. This is very important. On a scale from 1 to 10, I would rate this product an 8.5 overall.
I recommend using Carbon Black, but get enough training before deploying. This is very important. On a scale from 1 to 10, I would rate this product an 8.5 overall.
On a scale from one to ten, I would rate Carbon Black CB Response at a nine. They should improve the dashboard and provide more helpful tools.
I would rate this solution a nine out of ten.
On a scale from one to ten, I would rate Carbon Black CB Response at a nine. They should improve the dashboard and provide more helpful tools.
I would rate this solution a nine out of ten.
I would recommend anyone to go ahead with Carbon Black if they are looking for an EDR solution. From my experience with selling, some people have a misunderstanding of what it is they are supposed to do. I would recommend going with it but be aware that you will be overwhelmed with the number of receipts which require somebody to begin to follow up and investigate each incident. This is not something bad, it's something good because of the way that security goes, you need to go through every incident to understand whether it is a false positive or true positive so they need to be reviewed. This is not an automated solution, it's something that somebody needs to take care of. I would rate this solution as a 9.5 out of 10. We know what we are doing. We know we bought Carbon Black for a reason so we are aware of everything and it's doing its job. We see that there is an area for enhancement, I think the product or business unit or product management, they need to look more into an area for enhancement which is just part of it. So that is why I didn't give it a ten. A 9.5 fair for them. Maybe other people would think to get it lowered but because they have a misunderstanding about what Carbon Black is about.
I would recommend anyone to go ahead with Carbon Black if they are looking for an EDR solution. From my experience with selling, some people have a misunderstanding of what it is they are supposed to do. I would recommend going with it but be aware that you will be overwhelmed with the number of receipts which require somebody to begin to follow up and investigate each incident. This is not something bad, it's something good because of the way that security goes, you need to go through every incident to understand whether it is a false positive or true positive so they need to be reviewed. This is not an automated solution, it's something that somebody needs to take care of. I would rate this solution as a 9.5 out of 10. We know what we are doing. We know we bought Carbon Black for a reason so we are aware of everything and it's doing its job. We see that there is an area for enhancement, I think the product or business unit or product management, they need to look more into an area for enhancement which is just part of it. So that is why I didn't give it a ten. A 9.5 fair for them. Maybe other people would think to get it lowered but because they have a misunderstanding about what Carbon Black is about.
You need to analyze your organization's needs. If you just want to protect things, it's very useful. I rate the solution at eight out of ten because they need to improve the console. We would like it to let us type commands that are native to the operating system, not the ones that are included in the product. The product, in terms of maturity, is still at the very beginning.