Most Helpful Review
Researched Carbon Black CB Defense but chose Cisco AMP for Endpoints: Targets issues more accurately, helping us to focus high-cost engineering resources more accurately
Researched Symantec End-user Endpoint Security but chose Carbon Black CB Defense: Easy to install, stable, with good historical features and integration
Find out what your peers are saying about Carbon Black CB Defense vs. Symantec End-user Endpoint Security and other solutions. Updated: September 2020.
442,517 professionals have used our research since 2012.
We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
"Its most valuable features are its scalability and advanced threat protection for customers."
"I am told that we get over 100 million emails a month. This filters them down and allows only somewhere about three million emails, which is a great help."
"For the initial first level of support, we provide it from our side. If there's escalation required, we use Cisco tech for the AMP. And again, they are perfect. I mean, one of the best, compared to any other vendors."
"The most valuable features of this solution are the IPS and the integration with ISE."
"The simplicity of use is its most valuable feature. You can very clearly see things."
"The stability of the solution is perfect. I believe it's the most stable solution on the market right now."
"I am really satisfied with the technical support."
"It is a very stable program."
"The data analysis is the most valuable because of the whitelist database. It is different than standard IDS solutions."
"The biggest feature out of CarbonBlack is its ability to dive in with more depth. You can look at the entire kill chain and understand, not only if an alarm or identified incident is truly a true security issue versus a false positive, and it allows us to backtrack and figure out why it actually happened and how it got into the environment."
"The offline networking is the most important feature. Some of our users are engineers that work offsite, and they can still be on the solution, which is also great."
"The most valuable feature is that it detects and stops malicious executables."
"You can deploy it through the cloud so that even if your stuff is outside of your controlled environment, you are still under control, based on the policies you create. The policies are controlled through the cloud. For example, if I don't allow anyone to do a certain activity or to install a particular app, and a consultant or a partner who is not part of our environment is doing so, it will stop them as well."
"The triage feature that shows you the whole chain of the malware is useful."
"What I like the most about it is the dynamic grouping, where you get to group endpoints based on setup criteria. That's pretty cool. I like the simplified policy management and simplified white-listing process."
"It has intelligent learning behind it and we have been very successful in preventing attacks."
"I find it is the most reliable solution on the market."
"When they started they found it very easy; not easy to implement but easy to use. We started with the headquarters here and later we also implemented it for all the subsidiaries in the region, in other countries. They have a centralized solution, so they can help other countries in management."
"Endpoint Protection is the next generation. It covers antivirus, spamware, ransomware..."
"The technical support is very good. They have an Indian support team, so there are no delays in receiving support."
"Symantec has cloud-based endpoint protection, so whether a user is off the network or on the network, the endpoint will be protected by the cloud."
"The fact that it has centralized management is the most valuable feature."
"Endpoint protection has improved our operations by protecting our servers from potential cyber threats."
"Threat protection has always worked well."
"We would like to have an API integration with a SIEM solution, because as far as I know, it currently hasn't yet been released."
"I would like them to add whatever makes filtering more advanced in scanning and blocking for malware in emails."
"The solution needs more in-depth analytics."
"In the next version of this solution, I would like to see the addition of local authentication."
"The initial setup is a bit complex because you need to execute existing antiviruses or security software that you have on your device."
"In the next release, I would for it to have back up abilities. I would like the ability to go back to a point in time to when my PC was uninfected and to the moment of when the infection happened."
"The reporting and analytics areas of the solution need to be improved."
"I would like more seamless integration."
"The UI interface needs improvement. The management needs further work in future versions."
"Carbon Black needs to do a better job of proving their platform in the industry, and providing a bit more access to do industry testing with real world examples to help prove their platform."
"The endpoint machines need improvement."
"This solution works well but needs lots of tuning and optimization."
"As far as I know, Carbon Defense has nothing that can be installed on mobile devices. It lacks a defense solution for mobile devices, especially mobile tablets. I would like to see support for mobile devices and the pricing should be less than the pricing for a normal workstation."
"When you view the triage, it will show you everything within a given time frame, and not only the attack that caused the alert, which is what I want to see. It shows you all the events during that time, and that can be quite confusing."
"The EDR portion could be better. I'm not a big fan, but it works."
"At this point, we're test-bedding several other providers right now to see if there's anything that does equally or better and that comes at a better price point."
"I think the CPU dependence should be enhanced."
"There are a few negative points. They should separate the feature for each separate solution for mobile devices. The second one is about the price, it's expensive. Finally, the third would be the complexity of implementation."
"About four years back, Symantec's signature was very heavy and their signature patch was around 200MB or 300MB files."
"Any external device which is inserted into a computer should be subject to an auto-scan policy, to automatically scan it before accepting the device... They need to make it more user-friendly, so that when anyone puts in a USB stick it will be scanned, popping up any problems before it is used."
"We must have complete dissolution with advance care protection but we are finding out that we need more Symantec technical specialists. We have identified a need to hire at least one more technical specialist familiar with Symantec to improve our solutions capabilities."
"This latest version has proven unreliable for management and installation."
"Sometimes, when we are creating a new policy, some of the clients are not being updated with the latest policy."
"This solution needs better compatibility with services and applications."
Pricing and Cost Advice
"The costs of 50 licenses of AMP for three years is around $9,360."
"The price is very good."
"The visibility that we have into the endpoint and the forensics that we're able to collect give us value for the price. This is not an overly expensive solution, considering all the things that are provided. You get great performance and value for the cost."
"Whenever you are doing the licensing process, I would highly advise to look at what other Cisco solutions you have in your organization, then evaluate if an Enterprise Agreement is the best way to go. In our case, it was the best way to go. Since we had so many other Cisco products, we were able to tie those in. We were actually able to get several Cisco security solutions for less than if we had bought three or four Cisco security solutions independently or ad hoc."
"In our case, it is a straightforward annual payment through our Enterprise Agreement."
"Our company was very happy with the price of Cisco AMP. It was about a third of what we were paying for System Center Endpoint Protection."
"There are a couple of different consumption models: Pay up front, or if you have an enterprise agreement, you can do a monthly thing. Check your licensing possibilities and see what's best for your organization."
"The Enterprise Agreement is like an all-you-can-eat buffet of Cisco products. In that vein, it was very affordable."
"I am not really involved in the pricing of this product. But, from my understanding, it is OK for us."
"Carbon Black might be a touch more expensive than Symantec. They tend to get a premium for their capabilities. They're sort of an industry leader in a lot of areas with the functionality that they provide."
"We have branches, we have different companies, but we cannot buy less than 100 licenses. This does not make sense to me... It should be more flexible. I can understand their saying, "Okay, to be a customer you need 100," but to add on to that number it should be something very straightforward. If I need to add five, for example, I shouldn't need to add 100."
"The pricing [is] more or less the same as other similar solutions."
"It's reasonable in price"
"Pricing and licensing for our country is very good. It's not that expensive and the endpoint security is very good. It's not as cheap as some others, but they are not as good."
"Zero-day threat or advanced attacks should be part of the endpoint. The product should not require you to buy a separate license."
"Each annual client license is around 1200 or 1600 INR."
"We pay on a yearly basis..."
"Compared to other products and brands here in Mexico, the price is okay, somewhere in the middle. Our solution is unique in that it can adapt to a variety of pricing and licensing constraints considering we have the corporate, government, and academic mandates. The"
"We receive a discounted price for this solution because we are a non-profit organization."
"The problem is Symantec is more expensive than other vendors."
"The pricing is a little bit more expensive than other competitors, if you compare it to Kaspersky, for example, or McAfee."
Symantec opened our eyes to be able to see what's out there, but then we needed Carbon Black to be able to actively fix it
What is our primary use case?We are a partner in the managed security service provider (MSSP) space. We service hundreds of customers globally. We implement these solutions on behalf of our customers. With Carbon Black, we've been using them for about six years. We're an MSSP and channel partner with them, as well as an incident response partner. We were like the second incident response company registered with them (through that program) to start using the cb Defense platform. We also integrate it with SIEM. However, we're using it in a managed service capacity. We usually implement it, then manage the platform for our clients long-term. It's used for traditional antivirus, real-time threat protection and prevention, and it also provides us with the ability to do more in-depth investigations into endpoints. With the product, we can do a bit of threat hunting along with managed detection and response. The platform works quite well using it in this capacity. With Symantec, we have been using it for about six years. We integrate it with our SIEM products. We have a lot of customers who actually run it, so we see it quite often. We collect a lot of data from Symantec and help with responding to anything that Symantec finds. We've had a chance to use the product quite a lot.
What is most valuable?The biggest feature out of Carbon Black is its ability to dive in with more depth. You can look at the entire kill chain and understand, not only if an alarm or identified… Read more »
Questions from the Community
Top Answer: The solution's integration capabilities are excellent. It's one of the best features.
Top Answer: Nice to have URL management, password protection of the app, more details of the machine & user running the app.
Top Answer: The primary use case is for endpoint protection. For the larger deployments, we use it for our policy enforcement as… more »
Top Answer: CrowdStrike provides both a streaming and query REST API for accessing many of the features available through the Falcon… more »
Question: What is the biggest difference between Carbon Black CB Defense, CrowdStrike, and SentinelOne?
Top Answer: SentinelOne is hands down my recommended solution. SentinelOne has not been breached and offers upto $1,000,000… more »
Top Answer: The triage feature that shows you the whole chain of the malware is useful.
Top Answer: The firewall, malware, and anti-virus protection have earned its keep in times past by catching the unexpected.
Top Answer: Managements' number one item on the "Wish List" would have to do with the real-time scan of external media inserted into… more »
Top Answer: This solution has been installed within a LAN/WAN topology, with slightly more than 300 clients, give or take.
Compared 14% of the time.
Compared 11% of the time.
Compared 7% of the time.
Compared 5% of the time.
Compared 5% of the time.
Compared 13% of the time.
Compared 8% of the time.
Compared 8% of the time.
Compared 8% of the time.
Compared 3% of the time.
Compared 28% of the time.
Compared 7% of the time.
Compared 7% of the time.
Compared 7% of the time.
Compared 2% of the time.
Also Known As
|Bit9, Confer||Symantec EPP, Symantec Endpoint Protection (SEP)|
Advanced Malware Protection (AMP) is subscription-based, managed through a web-based management console, and deployed on a variety of platforms that protects endpoints, network, email and web Traffic. AMP key features include the following: Global threat intelligence to proactively defend against known and emerging threats, Advanced sandboxing that performs automated static and dynamic analysis of files against more than 700 behavioral indicators, Point-in-time malware detection and blocking in real time and Continuous analysis and retrospective security regardless of the file's disposition and Continuous analysis and retrospective security.
CB Defense is an industry-leading next-generation antivirus (NGAV) and endpoint detection and response (EDR) solution. CB Defense is delivered through the CB Predictive Security Cloud, an endpoint protection platform that consolidates security in the cloud using a single agent, console and data set. CB Defense is certified to replace AV and designed to deliver the best endpoint security with the least amount of administrative effort. It protects against the full spectrum of modern cyber attacks, including the ability to detect and prevent both known and unknown attacks. CB Defense leverages the powerful capabilities of the CB Predictive Security Cloud, applying our unique streaming analytics to unfiltered endpoint data in order to predict, detect, prevent, respond to and remediate cyber threats. In addition, CB Defense provides a suite of response and remediation tools, including Live Response, which allows security personnel to perform remote live investigations, intervene with ongoing attacks and instantly remediate endpoint threats. For peace of mind, CB Defense customers can also leverage CB ThreatSight, Carbon Black’s managed threat alert service, to validate alerts and uncover new threats.
Unmatched Endpoint Safety for Your OrganizationAs an on-premises, hybrid, or cloud-based solution, the single-agent Symantec platform protects all your traditional and mobile endpoint devices, and uses artificial intelligence (AI) to optimize security decisions.
Learn more about Cisco AMP for Endpoints
Learn more about Carbon Black CB Defense
Learn more about Symantec End-user Endpoint Security
|Heritage Bank, Mobile County Schools, NHL University, Thunder Bay Regional, Yokogawa Electric, Sam Houston State University, First Financial Bank||Netflix, Progress Residential, Indeed, Hologic, Gentle Giant, Samsung Research America||Audio Visual Dynamics, Red Deer Advocate, Asia Pacific Telecom Co. Ltd., Kibbutz Ein Gedi, and AMETEK, Inc.|
Comms Service Provider7%
Computer Software Company26%
Comms Service Provider26%
Computer Software Company8%
Computer Software Company35%
Comms Service Provider10%
Financial Services Firm8%
Computer Software Company31%
Comms Service Provider15%
See our list of best Endpoint Protection (EPP) for Business vendors.