We performed a comparison between Splunk SOAR and VMware Carbon Black Endpoint based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR)."There are a lot of things you can explore as a user. You can even go and actively hunt for threats. You can go on the offensive rather than on the defensive."
"The AI capability is one of the main features of the solution because I believe that in the market, there are few solutions that are providing security solutions based on AI and machine learning."
"I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response."
"In Azure Sentinel, we have found, they do have a store in their capability. AI and intelligence features. We found that to be very helpful for us because some other things we do need to integrate again or find another vendor for the store"
"The product can integrate with any device."
"The ability of all these solutions to work together natively is essential. We have an Azure subscription, including Log Analytics. This feature automatically acts as one of the security baselines and detects recommendations because it also integrates with Defender. We can pull the sysadmin logs from Azure. It's all seamless and native."
"Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"Mainly, this is a cloud-native product. So, there are zero concerns about managing the whole infrastructure on-premises."
"When you design a playbook, you can integrate multiple log sources and define rules... After that, the platform automatically compiles all these activities and, based on the results, the analyst only has to indicate whether the result is a true or false positive. That reduces the time and effort involved."
"So far, the interface is very easy to use."
"The product’s integration with other Splunk products is valuable."
"The most valuable feature of Splunk SOAR is the automated playbooks, which saves analysts time."
"The most valuable features of Splunk SOAR are the easy integration with other solutions, including other Splunk solutions. The most important playbooks we need on the market come already on the Frontend. However, nowadays, Splunk changed its name, it's not Frontend anymore, it's Splunk Store. This is a very strong point."
"Splunk SOAR's quick response to incidents is the most valuable part."
"It has definitely saved a decent amount of time for our analysts so they can focus on other tasks."
"The most valuable feature is the risk-based access control."
"I like its protection very much. It protects and allows us to lock the environment pretty tightly. Nothing that is not approved through Carbon Black can run in the environment. There is no default. Everything goes through Carbon Black Protect, and everything has to be first approved. Every software is considered to be guilty before prove innocent."
"The biggest feature out of CarbonBlack is its ability to dive in with more depth. You can look at the entire kill chain and understand, not only if an alarm or identified incident is truly a true security issue versus a false positive, and it allows us to backtrack and figure out why it actually happened and how it got into the environment."
"The solution is stable."
"It actually does some heuristics, and some behavioral analysis."
"The whole purpose of the product, like application control, is very good, and also if you need to update some policies, it works well and instantly."
"I found the offline scanning to be particularly useful."
"I like the historical features, interface, and integration."
"The feature I found most valuable in Carbon Black CB Defense is the ongoing monitoring feature that works by emailing updates about any detections found."
"Its documentation is not so simple. It is easy for somebody who is Microsoft certified or more closely attached to Microsoft solutions. It is not easy for those who are working on open-source platforms. There isn't a central point where everything is documented, and there is no specific training or certification."
"The product can be improved by reducing the cost to use AI machine learning."
"The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations."
"They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good."
"There are certain delays. For example, if an alert has been rated on Microsoft Defender for Endpoint, it might take up to an hour for that alert to reach Sentinel. This should ideally take no more than one or two seconds."
"We've seen delays in getting the logs from third-party solutions and sometimes Microsoft products as well. It would be helpful if Microsoft created a list of the delays. That would make things more transparent for customers."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"Everyone has their favorites. There is always room for improvement, and everybody will say, "I wish you could do this for me or that for me." It is a personal thing based on how you use the tool. I do not necessarily have those thoughts, and they are probably not really valuable because they are unique to the context of the user, but broadly, where it can continue to improve is by adding more connectors to more systems."
"Splunk SOAR has room to improve its offering for small-sized customers. The price is not fair for smaller-sized customers."
"SOAR is probably the most unreliable product Splunk has and that's because most of it is content driven from what you put into it. There are certain parts of it that have a little bit of difficulty at volume too. It's always changing. There is new stuff coming out for it that's going to make it a little bit better, but it does have some drawbacks."
"What we have seen is if the workflow gets halted or if we want to halt a workflow, it cannot be resumed."
"Suppose I am initially granted user rights or analyst rights, but later on, I also get admin rights. SOAR is unable to amend the limitations of my role. I raised a support ticket with Splunk about this. They said it's a bug in their 5.3.5 version. To fix this, I had to reinstall the entire platform from scratch.."
"In my opinion, the focus should be on improving its simplicity, specifically the interface, and configuration."
"The algorithm and machine learning have room for improvement and can be more user-friendly."
"The pricing could be a bit more reasonable. It would be great if it were feasible for smaller organizations."
"The Splunk SOAR platform was not designed specifically for case management which is why this area needs improvement."
"I'm not sure as to the logic of how we've decided to customize it. We've only really used it since February and therefore there may be more to do on that front. That's why it's hard to say if something is missing or if we just aren't utilizing it."
"The product's stability could be improved."
"The product's reporting capabilities are an area of concern where improvements are required."
"In my company, we face issues sometimes when there is a need to write custom rules or we want to write for some rules that are different from the standard rules provided by the solution."
"The node management could be much better. The one thing that they cannot do very easily is change the tenant from a backend."
"The solution needs expanded endpoint query tools."
"With the on-prem one, the bug has been reported by the community in early January or February, something like that, at the beginning of the year, and it's still not addressed. They have released two versions since then, and yet neither of them addresses this specific issue."
"There are many different controls that are needed to be put into place for upgrading that makes it difficult. Having to re-engineer your IT infrastructure to match their software, as opposed to having it integrate and work independently causes difficulties. When there is an update to any software everyone has to be involved."
Splunk SOAR is ranked 3rd in Security Orchestration Automation and Response (SOAR) with 30 reviews while VMware Carbon Black Endpoint is ranked 17th in Endpoint Protection Platform (EPP) with 61 reviews. Splunk SOAR is rated 8.0, while VMware Carbon Black Endpoint is rated 8.0. The top reviewer of Splunk SOAR writes "Takes most of the work away, but the time they take to implement new features is a little bit of concern". On the other hand, the top reviewer of VMware Carbon Black Endpoint writes "Centralization via the cloud allows us to protect and control people working from home". Splunk SOAR is most compared with Palo Alto Networks Cortex XSOAR, Cortex XSIAM, ServiceNow Security Operations, Torq and Fortinet FortiSOAR, whereas VMware Carbon Black Endpoint is most compared with CrowdStrike Falcon, Microsoft Defender for Endpoint, Trend Micro Deep Security, SentinelOne Singularity Complete and Symantec Endpoint Security.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.
