We performed a comparison between Palo Alto Networks Cortex XSOAR and VMware Carbon Black Endpoint based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR)."The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning."
"The product can integrate with any device."
"The UI-based analytics are excellent."
"The pricing of the product is excellent."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"The Identity Behavior tab furnishes us with the entire history linked to each IP or domain that has either accessed or attempted to access our system."
"There are some very powerful features to Sentinel, such as the integration of various connectors. We have a lot of departments that use both IaaS and SaaS services, including M365 as well as Azure services. The ability to leverage connectors into these environments allows for large-scale data injection."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"The product can automate security tasks."
"They have a portal where you can find any kind of integration that you need."
"Cortex XSOAR's most valuable features are the playbooks, custom integration, the machine-learning model, and the layout, classifier, and mapper."
"I am satisfied with the product overall."
"It’s easy to install."
"The product is quite easy to use."
"The solution is user-friendly and easy to configure."
"For organizations that are stable with their security operations, like those with around 50 members in their security team running full-phased operations 24/7, Cortex is necessary."
"We can access computers remotely if we need to."
"Carbon Black Defense has a higher detection ratio because it's cloud-based and it also does a lookup to virus total."
"The solution has a very nice API on the back end for remoting into a system and executing scripts or utilizing self automation."
"It is a scalable solution...The initial setup was straightforward."
"I like its reporting."
"It is a stable solution...The initial setup of VMware Carbon Black Endpoint was easy."
"I like the historical features, interface, and integration."
"I found the offline scanning to be particularly useful."
"Improvement-wise, I would like to see more integration with third-party solutions or old-school antivirus products that have some kind of logging capability. I wouldn't mind having that exposed within Sentinel. We do have situations where certain companies have bought licensing or have made an investment in a product, and that product will be there for the next two or three years. To be able to view information from those legacy products would be great. We can then better leverage the Sentinel solution and its capabilities."
"The solution should allow for a streamlined CI/CD procedure."
"There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."
"Microsoft should improve Sentinel, considering that from the legacy systems, it cannot collect logs."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"The only thing is sometimes you can have a false positive."
"When it comes to ingesting Azure native log sources, some of the log sources are specific to the subscription, and it is not always very clear."
"If Azure Sentinel had the ability to ingest Azure services from different tenants into another tenant that was hosting Azure Sentinel, and not lose any metadata, that would be a huge benefit to a lot of companies."
"The solution's correlation rules and playbooks should be improved."
"The solution requires DV but does not support open-source DV elastic searches."
"The dashboard could be better."
"It is been decommissioned by Palo Alto."
"The solution is complicated to learn."
"Palo Alto needs to develop more AI-centric products."
"The integration could be better. Cortex, for example, does not work with iPhone."
"The tool’s multi-tenancy feature must be improved."
"The device control feature could also be compatible with the user’s profile as well."
"This solution works well but needs lots of tuning and optimization."
"Report generation can be improved."
"This product should be cheaper."
"In my company, we face issues sometimes when there is a need to write custom rules or we want to write for some rules that are different from the standard rules provided by the solution."
"They will most likely need to create or include a feature that checks the network."
"Sensor deployment requires extensive fine-tuning, and creating deployment packages is time-consuming."
"In our company, we also wanted to have network detection, like a host-based IDS on VMware Carbon Black Endpoint, but we did not get it."
More Palo Alto Networks Cortex XSOAR Pricing and Cost Advice →
Palo Alto Networks Cortex XSOAR is ranked 2nd in Security Orchestration Automation and Response (SOAR) with 42 reviews while VMware Carbon Black Endpoint is ranked 16th in Endpoint Protection Platform (EPP) with 62 reviews. Palo Alto Networks Cortex XSOAR is rated 8.4, while VMware Carbon Black Endpoint is rated 8.0. The top reviewer of Palo Alto Networks Cortex XSOAR writes "Enables the investigators to go through the review process a lot quicker". On the other hand, the top reviewer of VMware Carbon Black Endpoint writes "Centralization via the cloud allows us to protect and control people working from home". Palo Alto Networks Cortex XSOAR is most compared with Cortex XSIAM, Splunk SOAR, Fortinet FortiSOAR, Swimlane and ServiceNow Security Operations, whereas VMware Carbon Black Endpoint is most compared with CrowdStrike Falcon, Microsoft Defender for Endpoint, SentinelOne Singularity Complete, Trend Micro Deep Security and Symantec Endpoint Security.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
