We performed a comparison between VMware Carbon Black Cloud and VMware Carbon Black Endpoint based on real PeerSpot user reviews.
Find out in this report how the two Security Incident Response solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."NGAV and EDR features are outstanding."
"We have FortiEDR installed on all our systems. This protects them from any threats."
"It is stable and scalable."
"Exceptions are easy to create and the interface is easy to follow with a nice appearance."
"The stability is very good."
"The console is easy to read. I also like the scanning part and the ability to move assets from one to the other."
"Having all monitoring, response, tracking, and mitigation tools in one dashboard provides our analysts and SOC team with a comprehensive view at a glance."
"The product detects and blocks threats and is more proactive than firewalls."
"The solution does very well as a baseline EDR and provides good process-level management."
"The most valuable features are its lightweight design, ensuring minimal impact on end-users, and its real-time protection."
"The most valuable features are the threat-hunting and the batch console."
"It is nice when you're in a situation where you think someone's device is compromised and that there's some malware getting into your fleet."
"The ability to quickly isolate a system from the network, while still being able to perform some forensics and mitigation work remotely, was of great value to us since we had many mobile and distributed systems."
"Probably the most valuable feature of CB Response is its ability to isolate a host and take it off the network, so it's not spreading anything. We have two security operations centers around the globe. When an SOC analyst sees something on an endpoint, they can use Carbon Black Response to isolate that host from the customer's environment and prevent any kind of lateral spread."
"The market information they gather from the community is really good. Their configuration capabilities are good."
"The detection response and quarantining are very good features."
"Carbon Black Defense has a higher detection ratio because it's cloud-based and it also does a lookup to virus total."
"The most valuable asset is the time-lining capability for any breach activity."
"The most valuable feature is that it detects and stops malicious executables."
"The solution is very useful and easy to handle. You don't need much intervention with this product."
"What I like the most about it is the dynamic grouping, where you get to group endpoints based on setup criteria. That's pretty cool. I like the simplified policy management and simplified white-listing process."
"The most valuable feature of the solution stems from the fact that it is one of the best EDR tools in the market."
"The offline networking is the most important feature. Some of our users are engineers that work offsite, and they can still be on the solution, which is also great."
"I found it very valuable as a whole. It is good at detecting anything and has kept us very safe. It is also very easy to use."
"The EDR console should have more extensive reporting. You shouldn't need to purchase FortiAnalyzer. It should be included in the EDR part. The security adviser cloud platform could be improved with more options for exclusive or intensive rules for devices."
"It takes about two business days for initial support, which is too slow in urgent situations."
"The dashboard isn't easy to access and manage."
"Detections could be improved."
"The support needs improvement."
"FortiEDR can be improved by providing more detailed reporting."
"The SIEM could be improved."
"I would like the solution to extend beyond endpoint protection and include other attack surfaces such as other network components."
"The solution's support could be improved."
"Setup is incredibly complex and poorly documented. Every time an upgrade was needed we would need to engage Professional Services for troubleshooting help. Certificates and web services proved to be the most significant sticking points. Since the product runs on a Linux platform, perhaps having staff with more Linux experience could have alleviated some difficulty."
"The threat intelligence feed could use some fine tweaking."
"The dashboard should be more user-friendly."
"It's not simple."
"Additionally, it is complex to use, and the pricing should be improved."
"We are subscribed to FS-ISAC threat indicator, but have been unsuccessful in adding it to our alliance feeds."
"They have different products, but if we wanted to take their protection and their EPR, then we would need to have two agents"
"Carbon Black needs to do a better job of proving their platform in the industry, and providing a bit more access to do industry testing with real world examples to help prove their platform."
"Needs improvement in the area of infrastructure for on-premise installation."
"Right now, Carbon Black CB Defense doesn't support cloud computing and Kubernetes."
"The solution would be more effective if there was a way to block automatically based on behavior."
"Report generation can be improved."
"The endpoint machines need improvement."
"The solution has to mature on container security and a lot of cloud environment security."
"I am not sure whether Carbon Black CB Defense can be considered as a stable solution or not."
VMware Carbon Black Cloud is ranked 2nd in Security Incident Response with 18 reviews while VMware Carbon Black Endpoint is ranked 1st in Security Incident Response with 61 reviews. VMware Carbon Black Cloud is rated 8.4, while VMware Carbon Black Endpoint is rated 8.0. The top reviewer of VMware Carbon Black Cloud writes " Shows promise for endpoint detection and response, with room for improvement in complexity and pricing ". On the other hand, the top reviewer of VMware Carbon Black Endpoint writes "Centralization via the cloud allows us to protect and control people working from home". VMware Carbon Black Cloud is most compared with Fidelis Elevate, Splunk SOAR and Palo Alto Networks Cortex XSOAR, whereas VMware Carbon Black Endpoint is most compared with CrowdStrike Falcon, Microsoft Defender for Endpoint, Trend Micro Deep Security, SentinelOne Singularity Complete and Cortex XDR by Palo Alto Networks. See our VMware Carbon Black Cloud vs. VMware Carbon Black Endpoint report.
See our list of best Security Incident Response vendors and best Endpoint Detection and Response (EDR) vendors.
We monitor all Security Incident Response reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
Carbon Black offers two different levels of Endpoint Detection and Response. One is the VM Carbon Black Cloud Endpoint Standard (CB Defense), and the other is the Carbon Black Endpoint Detection and Response (EDR). We reviewed both and chose the CB Defense.
CB Defense is a next-generation antivirus and endpoint security solution. It uses machine learning and behavioral analytics to monitor endpoint activity and discover malicious activity. Once CB Defense detects a threat, it efficiently blocks harmful apps. It not only prevents any known threats but also prevents suspicious applications from running.
One of the advantages of CB Defense is that it protects multiple types of devices (desktops, laptops, and servers). It is a solution that works well for small and large organizations. We like the ease of use and visibility of the management portal. You can see the activity on all protected endpoints. Configuring policies is simple, too.
The only downside of CB Defense is that you cannot scan individual files on the endpoint.
Carbon Black Endpoint Detection and Response (EDR) is geared more to security operation center teams (SOC) with hybrid or on-premises environments. Unlike CB Defense, Carbon Black EDR stores endpoint activity data. This feature helps security analysts visualize the attack kill chain. Although focused on an on-premises environment, the platform uses the VMWare Carbon Black Cloud’s threat intelligence.
CB Response enables security teams to investigate an endpoint for suspicious activity. An advantage is that you can perform different types of investigations. Other advantages include seeing the process tree view of the endpoint and isolating and pulling files from a host. We also liked that you can see a timeline of changes made to a system. The defensive abilities are not as advanced as CB Defense, though.
Conclusion
Both solutions protect endpoints with advanced features. CB Defense is more useful for organizations. CB EDR offers deeper investigation features so that it could be a better solution for SOCs.