We performed a comparison between Splunk SOAR and VMware Carbon Black Cloud based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR)."Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"The best feature is that onboarding to the SIM solution is quite easy. If you are using cloud-based solutions, it's just a few clicks to migrate it."
"The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"It is easy to implement (turn on) - does need a skilled analyst to develop queries and playbooks."
"It has basic out-of-the-box integrations with multiple log sources."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"Sentinel pricing is good"
"Technical support is helpful."
"The product’s integration with other Splunk products is valuable."
"The automation part of the product is great."
"Very flexible integration with other tools"
"The most valuable feature is the API connector, depending on how it's formatted and who made the actual app offering for it. The REST API is my favorite component. It's very easy to use. The filters are also really valuable. Those are the two primary features but I enjoy using the rest of it."
"My understanding is the initial setup isn't too hard."
"When you design a playbook, you can integrate multiple log sources and define rules... After that, the platform automatically compiles all these activities and, based on the results, the analyst only has to indicate whether the result is a true or false positive. That reduces the time and effort involved."
"Scalability is the best feature of the solution."
"Carbon Black insures the probability that any ransomware will be stopped before spreading."
"The solution does very well as a baseline EDR and provides good process-level management."
"We are able to remotely isolate exploited endpoints in seconds and perform a live deep dive of any endpoint into its running processes (as necessary) without the need for extra scripts."
"Setting up and managing the setup for this solution is okay. It is stable, scalable, and it runs just fine. No issues with technical support."
"The ability to isolate an endpoint with only the host name and a click of a button is a major time saver."
"The enhanced logging and data analysis of the incident response and investigation components allowed us to quickly identify and resolve security issues before they could spread."
"The market information they gather from the community is really good. Their configuration capabilities are good."
"The ability to quickly isolate a system from the network, while still being able to perform some forensics and mitigation work remotely, was of great value to us since we had many mobile and distributed systems."
"If we want to use more features, we have to pay more. There are multiple solutions on the cloud itself, but the pricing model package isn't consistent, which is confusing to clients."
"The dashboards can be improved. Creating dashboards is very easy, but the visualizations are not as good as Microsoft Power BI. People who are using Microsoft Power BI do not like Sentinel's dashboards."
"The reporting could be more structured."
"Sentinel should be improved with more connectors. At the moment, it only covers a few vendors. If I remember correctly, only 100 products are supported natively in Sentinel, although you can connect them with syslog. But Microsoft should increase the number of native connectors to get logs into Sentinel."
"It could have a better API to be able to automate many things more extensively and get more extensive data and more expensive deployment possibilities. It can gain some points on the automation part and the integration part. The API is very limited, and I would like to see it extended a bit more."
"If I see an alert and I want to drill down and get more details about the alert, it's not just one click. In other SIEM tools, you just have to click the IP address of the entity and they give you the complete picture. In Sentinel, you have to write queries or use saved queries to get details."
"There is room for improvement in entity behavior and the integration site."
"The only thing is sometimes you can have a false positive."
"It could be easier to implement."
"Splunk SOAR should improve its ease of upgrade, which is a pain point for us right now."
"There is a lot of room for improvement with the UI."
"The algorithm and machine learning have room for improvement and can be more user-friendly."
"We want to see improvements made to the APIs such that we can connect to many different systems and data sources."
"The number of playbooks on offer should be increased."
"The scalability could be better."
"In my opinion, the focus should be on improving its simplicity, specifically the interface, and configuration."
"Training and education for both partner and customer, including product marketing need to be improved."
"One area for improvement is the maturity of its vulnerability features."
"The dashboard should be more user-friendly."
"The solution can only handle about 500 bans or blocks."
"Additionally, it is complex to use, and the pricing should be improved."
"The solution needs to simplify the process of adding custom watchlists, as well as embrace YARA for rule creation."
"It's not highly available, so you have to have a core server. If the primary server goes down, you need a new one. It's not available at the same time, however. It's not automatically swapped from one server to another."
"The solution's support could be improved."
Splunk SOAR is ranked 3rd in Security Orchestration Automation and Response (SOAR) with 33 reviews while VMware Carbon Black Cloud is ranked 3rd in Security Incident Response with 18 reviews. Splunk SOAR is rated 8.0, while VMware Carbon Black Cloud is rated 8.4. The top reviewer of Splunk SOAR writes "Takes most of the work away, but the time they take to implement new features is a little bit of concern". On the other hand, the top reviewer of VMware Carbon Black Cloud writes " Shows promise for endpoint detection and response, with room for improvement in complexity and pricing ". Splunk SOAR is most compared with Palo Alto Networks Cortex XSOAR, Cortex XSIAM, ServiceNow Security Operations, Torq and Siemplify, whereas VMware Carbon Black Cloud is most compared with VMware Carbon Black Endpoint, Fidelis Elevate, Palo Alto Networks Cortex XSOAR and Rapid7 InsightIDR.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.