We performed a comparison between Siemplify and VMware Carbon Black Endpoint based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR)."Sentinel also enables you to ingest data from your entire ecosystem and not just from the Microsoft ecosystem. It can receive data from third-party vendors' products such firewalls, network devices, and antivirus solutions. It's not only a Microsoft solution, it's for everything."
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"Sentinel has features that have helped improve our security poster. It helped us in going ahead and identifying the gaps via analysis and focusing on the key elements."
"Its inbuilt Kusto Query Language is a valuable feature. It provides the flexibility needed to leverage advanced data analytics rules and policies and enables us to easily navigate all our security events in a single view. It helps any user easily understand the data or any security lags in their data and applications."
"We’ve got process improvement that's happened across multiple different fronts within the organization, within our IT organization based on this tool being in place."
"Sentinel's most important feature is the ability to centralize all the logs in one place. There's no need to search multiple systems for information."
"Investigations are something really remarkable. We can drill down right to the raw logs by running different queries and getting those on the console itself."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"The playbooks feature in Siemplify is crucial for automation. We've utilized both standard and custom integrations with other security operation solutions, enhancing our flexibility. The user interface is generally straightforward, although recent changes may require some adjustment and Siemplify's integrations and capabilities offer potential support for various compliance requirements."
"The most valuable feature of Siemplify is the playbooks that can be created."
"Without hyperbole, I have never, in my entire career, encountered a vendor or a vendor community as awesome as Siemplify. Siemplify and the Siemplify Community quite literally made it possible for our SOC to increase almost five-fold in our number of clients and number of analysts and to go from a Monday to Friday 9-5 shop to a 24/7 shop all in the span of under a year and a half and all while continually adding capabilities and improving the services we offer to our clients."
"The product allows us to focus on endpoint and antivirus protection."
"It is a stable solution...The initial setup of VMware Carbon Black Endpoint was easy."
"The triage feature that shows you the whole chain of the malware is useful."
"Technical support is excellent."
"It gives you all of the information in a short and sweet fashion."
"This product has the capability of uploading scripts to the tool and this is a very comprehensive feature."
"Carbon Black Cb Defense has a nice component called Alert Triage. It contains full details of the process execution "kill chain" and "go live" for immediate remediation."
"We have another piece of that infrastructure that does what they call threat emulation. It's like sandboxing where it takes files that it doesn't know about, puts them in a VM-type environment, and it kicks them off to see if there's any malware or tendencies that might look like malware, that kind of thing."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"Microsoft Defender has a built-in threat expert option that enables you to contact an expert. That feature isn't available in Sentinel because it's a huge product that integrates all the technologies. I would like Microsoft to add the threat expert option so we can contact them. There are a few other features, like threat assessment that the PG team is working on. I expect them to release this feature in the next quarter."
"For certain vendors, some of the data that Microsoft Sentinel captures is redacted due to privacy reasons."
"Currently, the watchlist feature is being utilized, and although there have been improvements, it is still not fully optimized."
"They could use some kind of workbook. There is some limitation doing the editing and creating the workbook."
"If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."
"When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel"
"In terms of features I would like to see in future releases, I'm interested in a few more use cases around automation. I do believe a lot of automation is available, and more is in progress, but that would be my area of interest."
"We often encounter minor issues that could be improved, but we maintain communication with the developers and submit feature requests. Recently, I requested enhancements such as improved search functionality within playbooks and expanded options for exporting case data."
"Building the playbooks could be easier and the integration could improve. It is a difficult process, such as what API connections need to be made."
"I'm inclined to say that I'd love to see some Machine Learning capabilities integrated into the platform, however, I just attended a demo this morning where Siemplify gave a sneak peek into some Machine Learning capabilities that they are currently developing and have roadmapped for release soon."
"When you view the triage, it will show you everything within a given time frame, and not only the attack that caused the alert, which is what I want to see. It shows you all the events during that time, and that can be quite confusing."
"It would be a better solution if Carbon Black Cb Defense had an on-promise solution and a virus auto delete or quarantine."
"Certain settings have limitations. For example, I cannot manually block some malware activities."
"Its compatibility can be improved. It did crash a server during deployment, which is not something that I want to happen. Its deployment should also be easier. The whole deployment cycle needs to be simplified. It is an enterprise solution, and to set it up right now, you have to be an expert."
"The support is poor."
"Sensor deployment requires extensive fine-tuning, and creating deployment packages is time-consuming."
"But here, we hardly can take any kind of a report out of Carbon Black, so I think that should be something that should be more user-friendly."
"In my company, we face issues sometimes when there is a need to write custom rules or we want to write for some rules that are different from the standard rules provided by the solution."
Siemplify is ranked 16th in Security Orchestration Automation and Response (SOAR) with 3 reviews while VMware Carbon Black Endpoint is ranked 17th in Endpoint Protection Platform (EPP) with 63 reviews. Siemplify is rated 8.6, while VMware Carbon Black Endpoint is rated 7.8. The top reviewer of Siemplify writes "Great for reporting and ticketing for SOC MxDR client environments and has a great, supportive community". On the other hand, the top reviewer of VMware Carbon Black Endpoint writes "Centralization via the cloud allows us to protect and control people working from home". Siemplify is most compared with Splunk SOAR, Palo Alto Networks Cortex XSOAR, ServiceNow Security Operations and Fortinet FortiSOAR, whereas VMware Carbon Black Endpoint is most compared with CrowdStrike Falcon, Microsoft Defender for Endpoint, SentinelOne Singularity Complete, Trend Micro Deep Security and Symantec Endpoint Security.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.