We performed a comparison between D3 Security, Palo Alto Networks Cortex XSOAR, and VMware Carbon Black Cloud based on real PeerSpot user reviews.
Find out what your peers are saying about VMware, ServiceNow, IBM and others in Security Incident Response."It is an out-of-the-box automated integration with our 20 departments. We perform L1 LiveOps automatically through the portal."
"It’s easy to install."
"The automation part and the playbook creation part are awesome. The way it is responding to the customers and incidents is also very good. In the SOC environment, I guess it will carry out around 50% of the work."
"The pricing is very good."
"The most valuable features of Palo Alto Networks Cortex XSOAR are its overall track record and features that fit our use case."
"I have found the solution very useful, it integrates well with other platforms."
"I chose Cortex XSOAR because the client also has Palo Alto firewalls. I can incorporate the data from the Palo Alto firewalls into Cortex and send it into the same data lake to manipulate that data. It lets me manage and monitor the data in one place."
"The most valuable features of Palo Alto Networks Cortex XSOAR are the remote controller from the workstation that can execute commands and isolate the systems outside of the network. Only the system with an internet connection can execute the task because the main console is in the cloud."
"It is a scalable solution. I would rate scalability a ten out of ten."
"The enhanced logging and data analysis of the incident response and investigation components allowed us to quickly identify and resolve security issues before they could spread."
"The solution does very well as a baseline EDR and provides good process-level management."
"Setting up and managing the setup for this solution is okay. It is stable, scalable, and it runs just fine. No issues with technical support."
"The most valuable features are the threat-hunting and the batch console."
"We also took full advantage of its incident response reporting capabilities to act as a “black box” for our infrastructure around strings of suspicious activity. The reporting and incident response capabilities were incredibly helpful during active security concerns."
"Carbon Black Cb Response excels at providing context to indicators when responding to incidents. It allows responders to understand the entire scope of an incident and quickly contain it to minimize impact and disruption."
"The detection response and quarantining are very good features."
"VMware Carbon Black Cloud is a user-friendly solution that can isolate machines from the rest of the network."
"Reporting needs improvement. MTTR and MTTD metrics aren't directly available in playbooks and require manual effort to achieve."
"The user interface could be a bit better."
"The platform’s setup procedures could be streamlined compared to one of its competitors."
"It is been decommissioned by Palo Alto."
"Previously, when Demisto was, there was a community edition; we could use it, reinstall it, and customize it. Since Palo Alto took over, it has become more financially oriented. It's business, but they could offer a pro model and a lighter model for different needs."
"The integration could be better. Cortex, for example, does not work with iPhone."
"The solution's technical support could be better."
"There is room for improvement in terms of the pricing model."
"The dashboard performance could be improved."
"The cloud console has a lot of bugs and issues in the analysis part."
"We are subscribed to FS-ISAC threat indicator, but have been unsuccessful in adding it to our alliance feeds."
"The product detects too many false positives initially and it could integrate better with other security solutions."
"The support team of Carbon Black CB Response needs improvement. At present, they need a lot of information. Then they give you an answer that they already gave you. You tell them it didn't work, and then they take a long time."
"The solution needs to simplify the process of adding custom watchlists, as well as embrace YARA for rule creation."
"It's not highly available, so you have to have a core server. If the primary server goes down, you need a new one. It's not available at the same time, however. It's not automatically swapped from one server to another."
"They need to improve the batch console. It needs more capabilities. We are limited by the ones it provides..."
"The solution can only handle about 500 bans or blocks."
More Palo Alto Networks Cortex XSOAR Pricing and Cost Advice →