We compared CrowdStrike Falcon and VMware Carbon Black Endpoint based on our users reviews in five parameters. After reading the collected data, you can find our conclusion below:
Comparison Results: Comparing CrowdStrike Falcon to VMware Carbon Black Endpoint, both have straightforward setup processes, although CrowdStrike Falcon is considered relatively more manageable. CrowdStrike Falcon offers comprehensive protection, ease of deployment, crowdsourced intelligence, and strong detection and prevention features. Users also find it easy and straightforward. However, it may require expertise and guidance during setup and lacks certain features like ransomware protection and additional antivirus functionality. On the other hand, VMware Carbon Black Endpoint also provides a straightforward setup process but might be challenging for users unfamiliar with Carbon Black. It offers continuous monitoring, threat detection and response, prevention of zero-day threats, extensive threat intel, and good integration capabilities. However, there are difficulties in making changes at the tenant level and GUI improvements are needed. Additionally, some users mention slower technical support as a drawback.
"We have FortiEDR installed on all our systems. This protects them from any threats."
"It is stable and scalable."
"The ease of deployment and configuration is valuable. It's very easy compared to other vendors like Sophos. Sophos' configuration is complex. Fortinet is a lot easier to understand. You don't need a lot of admin knowledge to do the configuration."
"Fortinet has helped free up around 20 percent of our staff's time to help us out."
"Having all monitoring, response, tracking, and mitigation tools in one dashboard provides our analysts and SOC team with a comprehensive view at a glance."
"It notifies us if there's any suspicious file on any PC. If any execution or similar kind of thing is happening, it just alerts us. It doesn't only alert. It also blocks the execution until we allow it. We check whether the execution is legitimate or not, and then approve it or keep it blocked. This gives us a little bit of control over this mechanism. Fortinet FortiEDR is also very straightforward and easy to maintain."
"Additionally, when it comes to EDR, there are more tools available to assist with client work."
"This is stable and scalable."
"The feature that I find to be the most valuable, is being able to look at the system analysis and being able to baseline what is installed on the system."
"The CrowdStrike Falcon agent is very lightweight. Users never complain about their PCs getting stuck and things like that."
"The threat intelligence is the most valuable feature."
"It is an easy product to deploy."
"Cyberattack detection is very good. We use it for detecting different vulnerabilities, such as ransomware, virus, and malware. It is a good product today when compared to Symantec that we used previously."
"The CS falcon agent is a lightweight agent compared with other agents of EDR products."
"Since we deployed CrowdStrike, the network has become much calmer, and we now understand the sources of infections, which helps us prevent them from spreading."
"I like the dashboard nature of it. Everything is clickable, linkable, and information is easy to obtain and find. How it presents that information is probably the biggest win as far as the information correlation aspect. The presentation of it is very good."
"The threat analysis functionality is good."
"I found it very valuable as a whole. It is good at detecting anything and has kept us very safe. It is also very easy to use."
"Carbon Black Cb Defense has a nice component called Alert Triage. It contains full details of the process execution "kill chain" and "go live" for immediate remediation."
"The product allows us to focus on endpoint and antivirus protection."
"You can deploy it through the cloud so that even if your stuff is outside of your controlled environment, you are still under control, based on the policies you create. The policies are controlled through the cloud. For example, if I don't allow anyone to do a certain activity or to install a particular app, and a consultant or a partner who is not part of our environment is doing so, it will stop them as well."
"The new feature that we're deploying, the new offering from Carbon Black, is MDR, which stands for manage, detect, and response. It's the most valuable feature because Carbon Black will be continuously checking the logs, and they will be advising us on how to improve some of the policies as well as review the logs. If there are any nefarious agents or things happening on the end points, they will know."
"The feature I found most valuable in Carbon Black CB Defense is the ongoing monitoring feature that works by emailing updates about any detections found."
"It is a very complete platform."
"We've encountered challenges during API deployment, occasionally resulting in unstable environments."
"FortiEDR can be improved by providing more detailed reporting."
"FortiEDR could add a separate scanning dashboard. In incident management, we prefer to remove the endpoint system from the environment and scan the system. We typically use Symantec for that, but if we want to use FortiEDR for that, then we need a scanning tab to clarify things."
"To improve Fortinet, we need to see more features and technology areas at the endpoint level introduced."
"The solution's installation from a central installation server could be improved because the engineers had a little bit of trouble getting it installed from a central location."
"I would like the solution to extend beyond endpoint protection and include other attack surfaces such as other network components."
"The dashboard isn't easy to access and manage."
"Everything with Fortinet having to do with their cloud services. They need to invest more in their internal infrastructure that they are running in the cloud. One of the things I find with their cloud environment compared to others' is that they go cheap on the equipment. So it causes some performance degradation."
"The performance could be better."
"Too many false positives."
"For CrowdStrike to work, all the machines need to have an internet connection. This makes it challenging to assist customers without an internet connection. We would like to have a mechanism or relay to make this possible."
"CrowdStrike should provide better visibility in its reporting. There should be more forensic details about detected threats."
"The current database schema presents challenges and has potential for improvement."
"The product could be more accurate in terms of performance."
"I would like them to improve the correlation of data in the search algorithms. When we run an investigation, malware, phishing, etc., I want to look at multiple endpoints at once to correlate that data to see the likenesses, e.g., how are they not alike or what systems and processes are running across those systems? I don't want to have to run the same search in their Spotlight module five, 10, 15, or 100 times to get 100 different results, copy that data out, and then correlate it on my own. In a very simple way, I want to be able to load up a comma-delimited list giving me the spotlight data on these X amount of hosts, letting me search for it quickly. We have had to go back to CrowdStrike, and say, "Our search are taking far too long for even one host." They did bump up the cores and that did improve performance, but it is still kind of slow to get that Spotlight data. That is probably our biggest pain point. I think that needs some help. I understand this kind of information access is probably not the easiest thing to do. It is probably a big ask depending on how their back-end is setup."
"There is room for improvement in managing multiple customer IDs."
"In the past, we've seen some stability issues in the latest version releases. We tend to hang back one version just to make sure issues are fully resolved to avoid user disruption."
"The EDR portion could be better. I'm not a big fan, but it works."
"The directions for Splunk are spot on, but it is difficult to find anything on integration with AlienVault,"
"Needs improvement in the area of infrastructure for on-premise installation."
"The endpoint machines need improvement."
"There could be more knowledge. I think they made a mistake when they took away the Check Point integration, because it provides more automation and also more threat intelligence."
"This product should be cheaper."
"The product's reporting capabilities are an area of concern where improvements are required."
CrowdStrike Falcon is ranked 3rd in Endpoint Protection Platform (EPP) with 107 reviews while VMware Carbon Black Endpoint is ranked 16th in Endpoint Protection Platform (EPP) with 61 reviews. CrowdStrike Falcon is rated 8.8, while VMware Carbon Black Endpoint is rated 8.0. The top reviewer of CrowdStrike Falcon writes "Easy to set up with good behavior-based analysis but needs a single-click recovery option". On the other hand, the top reviewer of VMware Carbon Black Endpoint writes "Centralization via the cloud allows us to protect and control people working from home". CrowdStrike Falcon is most compared with Microsoft Defender XDR, Darktrace, Microsoft Defender for Endpoint, Trend Micro Deep Security and Tanium, whereas VMware Carbon Black Endpoint is most compared with Microsoft Defender for Endpoint, Trend Micro Deep Security, SentinelOne Singularity Complete, Symantec Endpoint Security and Cortex XDR by Palo Alto Networks. See our CrowdStrike Falcon vs. VMware Carbon Black Endpoint report.
See our list of best Endpoint Protection Platform (EPP) vendors, best Endpoint Detection and Response (EDR) vendors, and best Ransomware Protection vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.