We performed a comparison between Palo Alto Networks Cortex XSOAR and VMware Carbon Black Endpoint based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR)."The pricing of the product is excellent."
"Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing"
"Microsoft Sentinel comes preloaded with templates for teaching and analytics rules."
"The log analysis is excellent; it can predict what can or will happen regarding use patterns and vulnerabilities."
"The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"The product can integrate with any device."
"Microsoft Sentinel provides the capability to integrate different log sources. On top of having several data connectors in place, you can also do integration with a threat intelligence platform to enhance and enrich the data that's available. You can collect as many logs and build all the use cases."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"Palo Alto is easy to use."
"What I like most about Palo Alto Networks Cortex XSOAR is how user-friendly it is for development. It is much simpler to work with compared to similar tools I've used."
"For organizations that are stable with their security operations, like those with around 50 members in their security team running full-phased operations 24/7, Cortex is necessary."
"The solution is very reliable."
"It was useful as a ticketing tool."
"We use the solution to automate our SIEM tools and incidents."
"The most valuable feature is automation."
"The most valuable features of Palo Alto Networks Cortex XSOAR are its overall track record and features that fit our use case."
"The new feature that we're deploying, the new offering from Carbon Black, is MDR, which stands for manage, detect, and response. It's the most valuable feature because Carbon Black will be continuously checking the logs, and they will be advising us on how to improve some of the policies as well as review the logs. If there are any nefarious agents or things happening on the end points, they will know."
"I feel that the initial setup was straightforward and not complex."
"The threat analysis functionality is good."
"I like its reporting."
"The biggest feature out of CarbonBlack is its ability to dive in with more depth. You can look at the entire kill chain and understand, not only if an alarm or identified incident is truly a true security issue versus a false positive, and it allows us to backtrack and figure out why it actually happened and how it got into the environment."
"It uses machine learning and behavioral analytics for advanced threat detection and response."
"It gives you all of the information in a short and sweet fashion."
"The most valuable feature of the solution stems from the support it provides."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"I would like Microsoft Sentinel to enhance its SOAR capabilities."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"We'd like also a better ticketing system, which is older."
"We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"The AI capabilities must be improved."
"They should provide integration with machine learning platforms."
"I think they should increase their collaboration base."
"There is room for improvement in terms of the pricing model."
"We need a little hands-on experience to install the solution."
"It doesn't offer automatic internet reports out of the box."
"The formats are not compatible, are readily not available, and are not readable."
"Its dashboard features need improvement."
"Palo Alto Networks Cortex XSOAR could improve the Panorama feature. We had to turn it off because it was not working properly."
"I am not sure whether Carbon Black CB Defense can be considered as a stable solution or not."
"In the past, we've seen some stability issues in the latest version releases. We tend to hang back one version just to make sure issues are fully resolved to avoid user disruption."
"It would be a better solution if Carbon Black Cb Defense had an on-promise solution and a virus auto delete or quarantine."
"The endpoint machines need improvement."
"Integration is difficult, but CB Defense is more powerful than others. It is difficult to implement but easy to pick up many detections."
"I would like to see improvements made so that we can better see all of the processes."
"The UI interface needs improvement. The management needs further work in future versions."
"I haven't run into anything that needs improvement. The website interface can be a little bit better, but it's still good as compared to most others."
More Palo Alto Networks Cortex XSOAR Pricing and Cost Advice →
Palo Alto Networks Cortex XSOAR is ranked 2nd in Security Orchestration Automation and Response (SOAR) with 42 reviews while VMware Carbon Black Endpoint is ranked 17th in Endpoint Protection Platform (EPP) with 62 reviews. Palo Alto Networks Cortex XSOAR is rated 8.4, while VMware Carbon Black Endpoint is rated 8.0. The top reviewer of Palo Alto Networks Cortex XSOAR writes "Enables the investigators to go through the review process a lot quicker". On the other hand, the top reviewer of VMware Carbon Black Endpoint writes "Centralization via the cloud allows us to protect and control people working from home". Palo Alto Networks Cortex XSOAR is most compared with Cortex XSIAM, Splunk SOAR, Fortinet FortiSOAR, Swimlane and ServiceNow Security Operations, whereas VMware Carbon Black Endpoint is most compared with CrowdStrike Falcon, Microsoft Defender for Endpoint, SentinelOne Singularity Complete, Trend Micro Deep Security and Symantec Endpoint Security.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.