We performed a comparison between Carbon Black CB Defense and Cortex XDR by Palo Alto Networks based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Carbon Black comes out on top in this comparison because more of its users find deployment easier than Cortex XDR. In addition, users of Carbon Black report a positive ROI.
"We have FortiEDR installed on all our systems. This protects them from any threats."
"The ease of deployment and configuration is valuable. It's very easy compared to other vendors like Sophos. Sophos' configuration is complex. Fortinet is a lot easier to understand. You don't need a lot of admin knowledge to do the configuration."
"It is stable and scalable."
"The price is low and quite competitive with others."
"he solution is an anti-malware product that integrates well with other vendor products such as firewalls, SIEM, etc. It captures threat intelligence and gives you better visibility. The product also has sandboxing features."
"Exceptions are easy to create and the interface is easy to follow with a nice appearance."
"I like FortiClient EMS. FortiEDR has a lot of great features like lockdown mode, remote wipes, and encryption. I can set malware outbreak policies and controls for detecting abnormalities. You can also simulate phishing attacks."
"Fortinet FortiEDR's scalability is quite good, and you can add licenses to the solution."
"Threat identification and detection are the most valuable features of this solution."
"The live terminal is probably the best thing ever. It gives you the access to get straight onto any machine."
"Its interface and pricing are most valuable. It is better than other vendors in terms of security."
"The ability to kind of stitch everything together and see the actual complete picture is very useful. I guess you'd call it a playbook. Some people call it the forensics analysis of what was happening on particular endpoints when they detected some malicious behavior, and what transpired before that to cause that. It is also very user friendly. The way they have done everything and integrated all the solutions that they've purchased over the years to make it a very seamless, effective product is very good. One thing about Palo Alto is that they take the products or services that they purchase and make them seamless for the end user as compared to some companies that purchase other companies and then just kind of have their products off to the side or keep different interfaces. Palo Alto doesn't do that."
"The stability of the solution is very good. We have about 100 users on it right now, and we use it twice a week."
"The initial setup is easy."
"The most valuable feature of Cortex XDR by Palo Alto Networks is its machine-learning capabilities. Additionally, there is full integration with other solutions."
"We can use Cortex XDR to get the entire graph of the incidents from source to destination, and we can take remedial action."
"The solution is extremely scalable."
"It has intelligent learning behind it and we have been very successful in preventing attacks."
"It is stable and easy to set up."
"The visibility provided has been great."
"The initial setup was fairly easy."
"Once the solution is installed and configured correctly it does not require a lot of hands-on attention until you need upgrading."
"Some of the valuable features I have found are the online documentation of the solution is well organized and thorough. I like the simplicity of bypass and the visualization of the active components."
"I like its protection very much. It protects and allows us to lock the environment pretty tightly. Nothing that is not approved through Carbon Black can run in the environment. There is no default. Everything goes through Carbon Black Protect, and everything has to be first approved. Every software is considered to be guilty before prove innocent."
"The solution's installation from a central installation server could be improved because the engineers had a little bit of trouble getting it installed from a central location."
"We'd like to see more one-to-one product presentations for the distribution channels."
"The security should be strong for the cloud. Some applications are on-prem and some are on the cloud. Fortinet should also have strong security for the cloud. There should be more security for the cloud."
"FortiEDR can be improved by providing more detailed reporting."
"Once, we had an event that was locked and blocked, but information about it came to us two or three days later."
"The SIEM could be improved."
"There's room for improvement in the quick response time and technical support for integration issues, especially when dealing with multiple vendors."
"The EDR console should have more extensive reporting. You shouldn't need to purchase FortiAnalyzer. It should be included in the EDR part. The security adviser cloud platform could be improved with more options for exclusive or intensive rules for devices."
"In general, the price could be more competitive."
"There is a severe gap in functionality between Windows, Linux, and Mac versions. For example all folder restriction settings are Windows only. Traps 5.0+ does not have SAML / LDAP integration."
"Palo Alto Networks Cortex XDR does not detect malicious activity like in other anti-virus solutions like Trend Micro and Windows with Cisco."
"When it comes to core analysis, and security analysis, Cortex needs to provide more information."
"It is a complex solution to implement."
"Although I would say this product is highly-rated, it could probably do more because nothing does everything that you want."
"Traps doesn't work with McAfee. You need to remove McAfee to install Traps. This is very common, and its nothing that should be an issue. Some antivirus engines recognize Traps as an threat component, so maybe they need to shake hands somewhere."
"It is an enterprise-level solution. Its price could be less expensive."
"The solution needs expanded endpoint query tools."
"Based on all the security roles and the release privilege, it could take time for an application to be whitelisted and approved for use."
"I would like to see the user credentials feature improved. I would also like to see more reporting features and better ways to roll the reports out."
"Occasionally, we'll have issues with the latest version and they'll basically tell us that they will improve it in the next iteration. They need to work on their version release quality."
"Carbon Black has limited capability to integrate with Rapid7."
"There could be more knowledge. I think they made a mistake when they took away the Check Point integration, because it provides more automation and also more threat intelligence."
"The UI interface needs improvement. The management needs further work in future versions."
"The initial setup is complex."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Endpoint Protection Platform (EPP) with 80 reviews while VMware Carbon Black Endpoint is ranked 16th in Endpoint Protection Platform (EPP) with 61 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while VMware Carbon Black Endpoint is rated 8.0. The top reviewer of Cortex XDR by Palo Alto Networks writes "Perfect correlation and XDR capabilities for network traffic plus endpoint security". On the other hand, the top reviewer of VMware Carbon Black Endpoint writes "Centralization via the cloud allows us to protect and control people working from home". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, Symantec Endpoint Security and Check Point Harmony Endpoint, whereas VMware Carbon Black Endpoint is most compared with CrowdStrike Falcon, Microsoft Defender for Endpoint, Trend Micro Deep Security, SentinelOne Singularity Complete and Tanium. See our Cortex XDR by Palo Alto Networks vs. VMware Carbon Black Endpoint report.
See our list of best Endpoint Protection Platform (EPP) vendors, best Ransomware Protection vendors, and best Endpoint Detection and Response (EDR) vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.