We performed a comparison between Palo Alto Networks Cortex XSOAR and VMware Carbon Black Cloud based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR)."Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"It has basic out-of-the-box integrations with multiple log sources."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"It is always correlating to IOCs for normal attacks, using Azure-related resources. For example, if any illegitimate IP starts unusual activity on our Azure firewall, then it automatically generates an alarm for us."
"We didn't have anything similar. So, it really provides value from the incidents and automation point of view. The overview of the security fabric is most valuable."
"The dashboard that allows me to view all the incidents is the most valuable feature."
"There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"The most valuable features are the orchestration because of the way in which it coordinates the loss from all the devices and it provides us with a high-level overview of the critical log information."
"The solution is easy to deploy."
"It is a scalable solution. I would rate scalability a ten out of ten."
"The product’s stability is good."
"It has an extensive list of integrations that are available out of the box which makes it easy to start."
"From the security team's standpoint, the solution has improved our organization's overall cybersecurity."
"I chose Cortex XSOAR because the client also has Palo Alto firewalls. I can incorporate the data from the Palo Alto firewalls into Cortex and send it into the same data lake to manipulate that data. It lets me manage and monitor the data in one place."
"The automation part and the playbook creation part are awesome. The way it is responding to the customers and incidents is also very good. In the SOC environment, I guess it will carry out around 50% of the work."
"The market information they gather from the community is really good. Their configuration capabilities are good."
"The most valuable feature of VMware Carbon Black Cloud is the possibility of securing any PC worldwide."
"We are able to remotely isolate exploited endpoints in seconds and perform a live deep dive of any endpoint into its running processes (as necessary) without the need for extra scripts."
"The ability to isolate an endpoint with only the host name and a click of a button is a major time saver."
"VMware Carbon Black Cloud is a user-friendly solution that can isolate machines from the rest of the network."
"They're highly stable in comparison with other solutions I have."
"Integration and scalability are the most valuable."
"For setup, the server can be given to you as a VM image and with minimal configuration needed."
"There is room for improvement in entity behavior and the integration site."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"One key area that can be improved is by building a strong integration with our XDR platform."
"I would like to be able to monitor applications outside of the Azure Cloud."
"The dashboards can be improved. Creating dashboards is very easy, but the visualizations are not as good as Microsoft Power BI. People who are using Microsoft Power BI do not like Sentinel's dashboards."
"The performance could be improved. If I create 15 to 20 lines for a single-use case in KQL, sometimes it takes more time to execute. If I create use cases within a certain timeline, the result will show in .01 seconds. A complex query takes more time to get results."
"There should be an on-premise version available for customers to have different choices."
"It's only one cloud right now. It might be helpful for some companies to have an on-premies option."
"The formats are not compatible, are readily not available, and are not readable."
"There is room for improvement in support. The response time could be faster."
"They should provide integration with machine learning platforms."
"The solution is complicated to learn."
"Palo Alto Networks Cortex XSOAR could improve the Panorama feature. We had to turn it off because it was not working properly."
"There is room for improvement in terms of the pricing model."
"We are subscribed to FS-ISAC threat indicator, but have been unsuccessful in adding it to our alliance feeds."
"They need to improve the batch console. It needs more capabilities. We are limited by the ones it provides..."
"The solution can only handle about 500 bans or blocks."
"The support team of Carbon Black CB Response needs improvement. At present, they need a lot of information. Then they give you an answer that they already gave you. You tell them it didn't work, and then they take a long time."
"The product detects too many false positives initially and it could integrate better with other security solutions."
"They have different products, but if we wanted to take their protection and their EPR, then we would need to have two agents"
"The threat intelligence feed could use some fine tweaking."
"The solution's support could be improved."
More Palo Alto Networks Cortex XSOAR Pricing and Cost Advice →
Palo Alto Networks Cortex XSOAR is ranked 2nd in Security Orchestration Automation and Response (SOAR) with 42 reviews while VMware Carbon Black Cloud is ranked 2nd in Security Incident Response with 18 reviews. Palo Alto Networks Cortex XSOAR is rated 8.4, while VMware Carbon Black Cloud is rated 8.4. The top reviewer of Palo Alto Networks Cortex XSOAR writes "Enables the investigators to go through the review process a lot quicker". On the other hand, the top reviewer of VMware Carbon Black Cloud writes " Shows promise for endpoint detection and response, with room for improvement in complexity and pricing ". Palo Alto Networks Cortex XSOAR is most compared with Cortex XSIAM, Splunk SOAR, Fortinet FortiSOAR, Swimlane and ServiceNow Security Operations, whereas VMware Carbon Black Cloud is most compared with VMware Carbon Black Endpoint, Fidelis Elevate, Splunk SOAR and Rapid7 InsightIDR.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
