We performed a comparison between VMware Carbon Black Cloud and VMware Carbon Black Endpoint based on real PeerSpot user reviews.
Find out in this report how the two Security Incident Response solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Having all monitoring, response, tracking, and mitigation tools in one dashboard provides our analysts and SOC team with a comprehensive view at a glance."
"Fortinet is very user-friendly for customers."
"Forensics is a valuable feature of Fortinet FortiEDR."
"It is very easy to set up. I would rate my experience with the initial setup a ten out of ten, with ten being very easy to set up."
"This is stable and scalable."
"Fortinet FortiEDR's firewalling, rule creation, monitoring, and inspection profiles are great."
"The most valuable feature is the analysis, because of the beta structure."
"Fortinet FortiEDR made our clients feel secure and more at ease, knowing that they had an EDR solution that would close the gap in their security posture."
"Carbon Black Cb Response excels at providing context to indicators when responding to incidents. It allows responders to understand the entire scope of an incident and quickly contain it to minimize impact and disruption."
"The ability to isolate an endpoint with only the host name and a click of a button is a major time saver."
"The detection response and quarantining are very good features."
"The most valuable features are its lightweight design, ensuring minimal impact on end-users, and its real-time protection."
"We are able to remotely isolate exploited endpoints in seconds and perform a live deep dive of any endpoint into its running processes (as necessary) without the need for extra scripts."
"They're highly stable in comparison with other solutions I have."
"Setting up and managing the setup for this solution is okay. It is stable, scalable, and it runs just fine. No issues with technical support."
"Probably the most valuable feature of CB Response is its ability to isolate a host and take it off the network, so it's not spreading anything. We have two security operations centers around the globe. When an SOC analyst sees something on an endpoint, they can use Carbon Black Response to isolate that host from the customer's environment and prevent any kind of lateral spread."
"The whole purpose of the product, like application control, is very good, and also if you need to update some policies, it works well and instantly."
"The initial setup is very easy."
"What I like the most about it is the dynamic grouping, where you get to group endpoints based on setup criteria. That's pretty cool. I like the simplified policy management and simplified white-listing process."
"For Carbon Black Endpoint, the possibility of integration with different other software's log servers is the important thing. Having just one point of view is more interesting so you don't need to go to different places to see all the information."
"The threat analysis functionality is good."
"It gives you all of the information in a short and sweet fashion."
"The biggest feature out of CarbonBlack is its ability to dive in with more depth. You can look at the entire kill chain and understand, not only if an alarm or identified incident is truly a true security issue versus a false positive, and it allows us to backtrack and figure out why it actually happened and how it got into the environment."
"I feel that the initial setup was straightforward and not complex."
"The security should be strong for the cloud. Some applications are on-prem and some are on the cloud. Fortinet should also have strong security for the cloud. There should be more security for the cloud."
"We'd like to see more one-to-one product presentations for the distribution channels."
"We find the solution to be a bit expensive."
"I would like the solution to extend beyond endpoint protection and include other attack surfaces such as other network components."
"We've encountered challenges during API deployment, occasionally resulting in unstable environments."
"The dashboard isn't easy to access and manage."
"The support needs improvement."
"There's room for improvement in the quick response time and technical support for integration issues, especially when dealing with multiple vendors."
"The solution's support could be improved."
"Additionally, it is complex to use, and the pricing should be improved."
"There have been some performance issues when deploying on Windows Server, but I believe Carbon Black is working on that."
"The product detects too many false positives initially and it could integrate better with other security solutions."
"It's not highly available, so you have to have a core server. If the primary server goes down, you need a new one. It's not available at the same time, however. It's not automatically swapped from one server to another."
"Setup is incredibly complex and poorly documented. Every time an upgrade was needed we would need to engage Professional Services for troubleshooting help. Certificates and web services proved to be the most significant sticking points. Since the product runs on a Linux platform, perhaps having staff with more Linux experience could have alleviated some difficulty."
"Training and education for both partner and customer, including product marketing need to be improved."
"One area for improvement is the maturity of its vulnerability features."
"The initial setup is complex."
"There are many different controls that are needed to be put into place for upgrading that makes it difficult. Having to re-engineer your IT infrastructure to match their software, as opposed to having it integrate and work independently causes difficulties. When there is an update to any software everyone has to be involved."
"Right now, Carbon Black CB Defense doesn't support cloud computing and Kubernetes."
"There could be more knowledge. I think they made a mistake when they took away the Check Point integration, because it provides more automation and also more threat intelligence."
"The endpoint machines need improvement."
"The solution would be more effective if there was a way to block automatically based on behavior."
"I haven't run into anything that needs improvement. The website interface can be a little bit better, but it's still good as compared to most others."
"The product's reporting capabilities are an area of concern where improvements are required."
VMware Carbon Black Cloud is ranked 2nd in Security Incident Response with 18 reviews while VMware Carbon Black Endpoint is ranked 1st in Security Incident Response with 61 reviews. VMware Carbon Black Cloud is rated 8.4, while VMware Carbon Black Endpoint is rated 8.0. The top reviewer of VMware Carbon Black Cloud writes " Shows promise for endpoint detection and response, with room for improvement in complexity and pricing ". On the other hand, the top reviewer of VMware Carbon Black Endpoint writes "Centralization via the cloud allows us to protect and control people working from home". VMware Carbon Black Cloud is most compared with Fidelis Elevate, Palo Alto Networks Cortex XSOAR, Splunk SOAR and Rapid7 InsightIDR, whereas VMware Carbon Black Endpoint is most compared with CrowdStrike Falcon, Microsoft Defender for Endpoint, Trend Micro Deep Security, SentinelOne Singularity Complete and Cortex XDR by Palo Alto Networks. See our VMware Carbon Black Cloud vs. VMware Carbon Black Endpoint report.
See our list of best Security Incident Response vendors and best Endpoint Detection and Response (EDR) vendors.
We monitor all Security Incident Response reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Carbon Black offers two different levels of Endpoint Detection and Response. One is the VM Carbon Black Cloud Endpoint Standard (CB Defense), and the other is the Carbon Black Endpoint Detection and Response (EDR). We reviewed both and chose the CB Defense.
CB Defense is a next-generation antivirus and endpoint security solution. It uses machine learning and behavioral analytics to monitor endpoint activity and discover malicious activity. Once CB Defense detects a threat, it efficiently blocks harmful apps. It not only prevents any known threats but also prevents suspicious applications from running.
One of the advantages of CB Defense is that it protects multiple types of devices (desktops, laptops, and servers). It is a solution that works well for small and large organizations. We like the ease of use and visibility of the management portal. You can see the activity on all protected endpoints. Configuring policies is simple, too.
The only downside of CB Defense is that you cannot scan individual files on the endpoint.
Carbon Black Endpoint Detection and Response (EDR) is geared more to security operation center teams (SOC) with hybrid or on-premises environments. Unlike CB Defense, Carbon Black EDR stores endpoint activity data. This feature helps security analysts visualize the attack kill chain. Although focused on an on-premises environment, the platform uses the VMWare Carbon Black Cloud’s threat intelligence.
CB Response enables security teams to investigate an endpoint for suspicious activity. An advantage is that you can perform different types of investigations. Other advantages include seeing the process tree view of the endpoint and isolating and pulling files from a host. We also liked that you can see a timeline of changes made to a system. The defensive abilities are not as advanced as CB Defense, though.
Conclusion
Both solutions protect endpoints with advanced features. CB Defense is more useful for organizations. CB EDR offers deeper investigation features so that it could be a better solution for SOCs.