We performed a comparison between Palo Alto Networks Cortex XSOAR and VMware Carbon Black Endpoint based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR).
"The log query feature has been the most valuable because it's very good. You can put your data on the cloud and run queues from Sentinel. It will do it all very fast. I love that I don't have to upload it to an Excel file and then manually look for a piece of information. Sentinel is much faster and is good for big databases."
"The main benefit is the ease of integration."
"Previously, it was a little bit difficult to find where an incident came from, including which IP address and which country. So in Sentinel, it's very easy to find where the incident came from since we can easily get the information from the dashboard, after which we take action quickly."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"The most valuable feature is the onboarding of the workloads. You can see all that has been onboarded in your account on the dashboards."
"It has basic out-of-the-box integrations with multiple log sources."
"Another area where it is helping us is in creating a single dashboard for our environment. We can collect all the logs into a log analytics workset and run queries on top of it. We get all the results in the dashboard. Even a layman can understand this stuff. The way Microsoft presents it is really incredible."
"It is able to connect to an ever-growing number of platforms and systems within the Microsoft ecosystem, such as Azure Active Directory and Microsoft 365 or Office 365, as well as to external services and systems that can be brought in and managed. We can manage on-premises infrastructure. We can manage not just the things that are running in Azure in the public cloud, but through Azure Arc and the hybrid capabilities, we can monitor on-premises servers and endpoints. We can monitor VMware infrastructure, for instance, running as part of a hybrid environment."
"I am satisfied with the product overall."
"The solution is user-friendly and easy to configure."
"The most valuable features of Palo Alto Networks Cortex XSOAR are the remote controller from the workstation that can execute commands and isolate the systems outside of the network. Only the system with an internet connection can execute the task because the main console is in the cloud."
"The Palo Alto ecosystem has a marketplace offering integration with Sentinel or other products."
"It is a scalable solution. I would rate scalability a ten out of ten."
"From the security team's standpoint, the solution has improved our organization's overall cybersecurity."
"The drag-and-drop interface enables analysts with no programming knowledge to create playbooks easily."
"Its agility and scalability are valuable."
"It is a scalable solution...The initial setup was straightforward."
"There's lots of very useful documentation online to help troubleshoot and learn about the product."
"It is a stable solution...The initial setup of VMware Carbon Black Endpoint was easy."
"Some of the valuable features I have found are the online documentation of the solution is well organized and thorough. I like the simplicity of bypass and the visualization of the active components."
"The triage feature that shows you the whole chain of the malware is useful."
"It gives you all of the information in a short and sweet fashion."
"VMware Carbon Black Endpoint is a highly stable solution."
"The tool is pretty stable."
"I believe one of the challenges I encountered was the absence of live training sessions, even with the option to pay for them."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"Given that I am in the small business space, I wish they would make it easier to operate Sentinel without being a Sentinel expert. Examples of things that could be easier are creating alerts and automations from scratch and designing workbooks."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework."
"The solution could be more user-friendly; some query languages are required to operate it."
"They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work."
"Palo Alto Networks Cortex XSOAR could improve the look, feel, and management of the cloud console. Additionally, the user could be more easily integrated."
"With Palo Alto Networks Cortex XSOAR, managing its setup phase can be a complicated task."
"The configuration of the solution could improve it is difficult."
"The solution requires DV but does not support open-source DV elastic searches."
"The dashboard could be better."
"Palo Alto Networks Cortex XSOAR lacks to offer SIEM functionalities currently."
"When Palo Alto bought the solution, the pricing increased by 1.5 times. There's been a 50% increase, which is a lot."
"Corex XSOAR could be improved by reducing the time it takes to process large amounts of data and increasing the number of integrations."
"I would like to see improvements made so that we can better see all of the processes."
"Carbon Black has limited capability to integrate with Rapid7."
"What was rolled out to my company are mixed versions of Carbon Black CB Defense, so what I'd like to see in the next release is more synchronization, where it can detect the endpoint that's running an old version and suggest updates."
"There is room for improvement in the support and service team."
"This product should be cheaper."
"The solution needs better overall compatibility with other products."
"It would be a better solution if Carbon Black Cb Defense had an on-promise solution and a virus auto delete or quarantine."
"Carbon Black CB Defense has helped improve my organization by allowing us to have better data so that we can do correlation and get visibility into the alerts."
More Palo Alto Networks Cortex XSOAR Pricing and Cost Advice →
Palo Alto Networks Cortex XSOAR is ranked 2nd in Security Orchestration Automation and Response (SOAR) with 42 reviews while VMware Carbon Black Endpoint is ranked 17th in Endpoint Protection Platform (EPP) with 63 reviews. Palo Alto Networks Cortex XSOAR is rated 8.4, while VMware Carbon Black Endpoint is rated 7.8. The top reviewer of Palo Alto Networks Cortex XSOAR writes "Enables the investigators to go through the review process a lot quicker". On the other hand, the top reviewer of VMware Carbon Black Endpoint writes "Centralization via the cloud allows us to protect and control people working from home". Palo Alto Networks Cortex XSOAR is most compared with Cortex XSIAM, Splunk SOAR, Fortinet FortiSOAR, Swimlane and ServiceNow Security Operations, whereas VMware Carbon Black Endpoint is most compared with CrowdStrike Falcon, Microsoft Defender for Endpoint, SentinelOne Singularity Complete, Trend Micro Deep Security and Symantec Endpoint Security.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
