We performed a comparison between Palo Alto Networks Cortex XSOAR and VMware Carbon Black Cloud based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR)."Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"We are able to deploy within half an hour and we only require one person to complete the implementation."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"Microsoft Sentinel enables you to ingest data from the entire ecosystem and that connection of data helps you to monitor critical resources and to know what's happening in the environment."
"Sentinel is a SIEM and SOAR tool, so its automation is the best feature; we can reduce human interaction, freeing up our human resources."
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service."
"Sentinel improved how we investigate incidents. We can create watchlists and update them to align with the latest threat intelligence. The information Microsoft provides enables us to understand thoroughly and improve as we go along. It allows us to provide monthly reports to our clients on their security posture."
"It is a scalable solution."
"I am satisfied with the product overall."
"I chose Cortex XSOAR because the client also has Palo Alto firewalls. I can incorporate the data from the Palo Alto firewalls into Cortex and send it into the same data lake to manipulate that data. It lets me manage and monitor the data in one place."
"The most valuable features are simplicity and ease of integration."
"It is quite scalable. I would rate it a ten out of ten."
"We use the solution to automate our SIEM tools and incidents."
"The solution provides threat intelligence with EDR."
"The Palo Alto ecosystem has a marketplace offering integration with Sentinel or other products."
"The most valuable feature is its ability to seek out abnormal activity and to create alerts."
"They're highly stable in comparison with other solutions I have."
"Setting up and managing the setup for this solution is okay. It is stable, scalable, and it runs just fine. No issues with technical support."
"The most valuable features are its lightweight design, ensuring minimal impact on end-users, and its real-time protection."
"For setup, the server can be given to you as a VM image and with minimal configuration needed."
"Carbon Black insures the probability that any ransomware will be stopped before spreading."
"VMware Carbon Black Cloud is a user-friendly solution that can isolate machines from the rest of the network."
"We are able to remotely isolate exploited endpoints in seconds and perform a live deep dive of any endpoint into its running processes (as necessary) without the need for extra scripts."
"The AI capabilities must be improved."
"I would like to be able to monitor applications outside of the Azure Cloud."
"There is room for improvement in entity behavior and the integration site."
"The solution could be more user-friendly; some query languages are required to operate it."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"Palo Alto Networks Cortex XSOAR could improve the Panorama feature. We had to turn it off because it was not working properly."
"We need a little hands-on experience to install the solution."
"It's only one cloud right now. It might be helpful for some companies to have an on-premies option."
"Palo Alto Networks Cortex XSOAR lacks to offer SIEM functionalities currently."
"XSOAR could have more integration options."
"There should be an on-premise version available for customers to have different choices."
"It is not a very scalable solution."
"The solution is very expensive."
"The dashboard should be more user-friendly."
"There have been some performance issues when deploying on Windows Server, but I believe Carbon Black is working on that."
"One area for improvement is the maturity of its vulnerability features."
"The product detects too many false positives initially and it could integrate better with other security solutions."
"It's not highly available, so you have to have a core server. If the primary server goes down, you need a new one. It's not available at the same time, however. It's not automatically swapped from one server to another."
"Technical support for the solution should be improved because there is a scarcity of support teams in the Middle East."
"Setup is incredibly complex and poorly documented. Every time an upgrade was needed we would need to engage Professional Services for troubleshooting help. Certificates and web services proved to be the most significant sticking points. Since the product runs on a Linux platform, perhaps having staff with more Linux experience could have alleviated some difficulty."
"The solution can only handle about 500 bans or blocks."
More Palo Alto Networks Cortex XSOAR Pricing and Cost Advice →
Palo Alto Networks Cortex XSOAR is ranked 2nd in Security Orchestration Automation and Response (SOAR) with 42 reviews while VMware Carbon Black Cloud is ranked 3rd in Security Incident Response with 18 reviews. Palo Alto Networks Cortex XSOAR is rated 8.4, while VMware Carbon Black Cloud is rated 8.4. The top reviewer of Palo Alto Networks Cortex XSOAR writes "Enables the investigators to go through the review process a lot quicker". On the other hand, the top reviewer of VMware Carbon Black Cloud writes " Shows promise for endpoint detection and response, with room for improvement in complexity and pricing ". Palo Alto Networks Cortex XSOAR is most compared with Cortex XSIAM, Splunk SOAR, Fortinet FortiSOAR, Swimlane and ServiceNow Security Operations, whereas VMware Carbon Black Cloud is most compared with VMware Carbon Black Endpoint, Fidelis Elevate, Rapid7 InsightIDR and Splunk SOAR.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.