• Home
  • DFLabs IncMan SOAR vs. VMware Carbon Black Cloud

DFLabs IncMan SOAR vs VMware Carbon Black Cloud comparison

Cancel
You must select at least 2 products to compare!
Microsoft Logo

Microsoft Sentinel

Read 85 Microsoft Sentinel reviews
17,980 views|10,109 comparisons
92% willing to recommend
DFLabs Logo

DFLabs IncMan SOAR

Read 1 DFLabs IncMan SOAR review
283 views|172 comparisons
0% willing to recommend
VMware Logo

VMware Carbon Black Cloud

Read 18 VMware Carbon Black Cloud reviews
615 views|458 comparisons
93% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Security Orchestration Automation and Response (SOAR)
April 2024
Executive Summary

We performed a comparison between DFLabs IncMan SOAR and VMware Carbon Black Cloud based on real PeerSpot user reviews.

Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR).
To learn more, read our detailed Security Orchestration Automation and Response (SOAR) Report (Updated: April 2024).
Download the complete report
767,319 professionals have used our research since 2012.
Featured Review
Anonymous User
Has built-in SOAR, user and entity behavior analytics, and threat intelligence capabilities
Sentinel's threat visibility is good. It has analytics and threat detection capabilities that we can add to our own playbooks. We can use the... Read more →
Anonymous User
Protects an organization from the threat of a data breach or cyberattack
Ricardo Franco Mahecha
A highly scalable solution that can be used to get a better view of the security of endpoints and workstations
VMware Carbon Black Cloud helped us to get a better view of the security of endpoints and workstations.
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"I like the KQL query. It simplifies getting data from the table and seeing the logs. All you need to know are the table names. It's quite easy to build use cases by using KQL.""One of the most valuable features is that it creates a kind of a single pane of glass for organizations that already use Microsoft software. So, when they have things like Microsoft 365, it is very easy for them to kind of plug in or enroll those endpoints into the Azure Sentinel service.""We are able to deploy within half an hour and we only require one person to complete the implementation.""The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage.""The product can integrate with any device.""The most valuable features in my experience are the UEBA, LDAP, the threat scheduler, and integration with third-party straight perform like the MISP.""What is most useful, is that it has a good connection to the Microsoft ecosystem, and I think that's the key part.""We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."

More Microsoft Sentinel Pros →

"The vendors themselves will actually help with any customizations a client may require"

More DFLabs IncMan SOAR Pros →

"We are able to remotely isolate exploited endpoints in seconds and perform a live deep dive of any endpoint into its running processes (as necessary) without the need for extra scripts.​""The market information they gather from the community is really good. Their configuration capabilities are good.""Setting up and managing the setup for this solution is okay. It is stable, scalable, and it runs just fine. No issues with technical support.""VMware Carbon Black Cloud is a user-friendly solution that can isolate machines from the rest of the network.""They're highly stable in comparison with other solutions I have.""Probably the most valuable feature of CB Response is its ability to isolate a host and take it off the network, so it's not spreading anything. We have two security operations centers around the globe. When an SOC analyst sees something on an endpoint, they can use Carbon Black Response to isolate that host from the customer's environment and prevent any kind of lateral spread.""The most valuable features are the threat-hunting and the batch console.""The most valuable feature is its ability to seek out abnormal activity and to create alerts."

More VMware Carbon Black Cloud Pros →

Cons
"I would like to see more AI used in processes.""They should just add more and more out-of-the-box connectors. It is quite a new product, and it has a lot of connectors, and even more would be good.""If you're looking to use canned queries, the interface could be a little more straightforward. It's not immediately intuitive regarding how you use it. You have to take a canned query and paste it into an operational box and then you hit a button... They could improve the ease of deploying these queries.""The solution could improve the playbooks.""It would be good to have some connectors for third-party SIEM solutions. Many customers are struggling with the integration of Azure Sentinel with their on-premise SIEM. Microsoft is changing the log structure many times a year, which can corrupt a custom integration. It would be good to have some connectors developed by Microsoft or supply vendors, but they are not providing such functionality or tools.""Sentinel's alerts and notifications are not fully optimized for mobile devices. The overall reporting and the analytics processes for the end user should also be improved. Also, the compatibility and availability of data sources and reports are not always perfect.""They can work on the EDR side of things... Every time we need to onboard these kinds of machines into the EDR, we need to do it with the help of Intune, to sync up the devices, and do the configuration. I'm looking for something on the EDR side that will reduce this kind of work.""There is some relatively advanced knowledge that you have to have to properly leverage Sentinel's full capabilities. I'm thinking about things like the creation of workbooks, how you do threat-hunting, and the kinds of notifications you're getting... It takes time for people to ramp up on that and develop a familiarity or expertise with it."

More Microsoft Sentinel Cons →

"The support is not 24/7."

More DFLabs IncMan SOAR Cons →

"It's not highly available, so you have to have a core server. If the primary server goes down, you need a new one. It's not available at the same time, however. It's not automatically swapped from one server to another.""The biggest issue I encountered was one where old logs were not being overwritten as expected so the system drive kept filling up from time to time. However, support was usually quite responsive and happy to jump on a remote session to take a look at it for us. That log bug has probably been resolved with an update by now.""The dashboard should be more user-friendly.""The solution's support could be improved.""They need to improve the batch console. It needs more capabilities. We are limited by the ones it provides...""The support team of Carbon Black CB Response needs improvement. At present, they need a lot of information. Then they give you an answer that they already gave you. You tell them it didn't work, and then they take a long time.""Training and education for both partner and customer, including product marketing need to be improved.""The product detects too many false positives initially and it could integrate better with other security solutions."

More VMware Carbon Black Cloud Cons →

Pricing and Cost Advice
  • "It comes with a Microsoft subscription which the customer has, so they don't have to invest somewhere else."
  • "It is a consumption-based license model. bands at 100, 200, 400 GB per day etc. Azure Sentinel Pricing | Microsoft Azure"
  • "Good monthly operational cost model for the detection and response outcomes delivered, M365 logs don't count toward the limits which is a good benefit."
  • "I have had mixed feedback. At one point, I heard a client say that it sometimes seems more expensive. Most of the clients are on Office 365 or M365, and they are forced to take Azure SIEM because of the integration."
  • "It is kind of like a sliding scale. There are different tiers of pricing that go from $100 per day up to $3,500 per day. So, it just kind of depends on how much data is being stored. There can be additional costs to the standard license other than the additional data. It just kind of depends on what other services you're spinning up in Azure, or if you're using something like Azure log analytics."
  • "I am just paying for the log space with Azure Sentinel. It costs us about $2,000 a month. Most of the logs are free. We are only paying money for Azure Firewall logs because email logs or Azure AD logs are free to use for us."
  • "Sentinel is a bit expensive. If you can figure a way of configuring it to meet your needs, then you can find a way around the cost."
  • "Azure Sentinel is very costly, or at least it appears to be very costly. The costs vary based on your ingestion and your retention charges."

    • More Microsoft Sentinel Pricing and Cost Advice →

    Information Not Available
  • "We had no issues purchasing through our preferred reseller and were able to get a fair price even when not purchasing direct. Carbon Black Enterprise Response didn’t break the bank, though adding on the matching antivirus and anti-malware components of the Protect product was more than we could afford, even with some discounting. Cb Response is really designed to complement Carbon Black’s Defense product. While Response can be used on its own, coupling with Defense seems like the best strategy if you can afford the price tag."
  • "Purchase Professional Services up front as part of the implementation package, then renew hours annually to ensure you have adequate support for upgrades and enhancements. Overbuy by at least 10% to account for infrastructure growth."
  • "Pricing for this solution could be made lower."
  • "The solution is very inexpensive so there is great cost savings to using it."
  • "You need to pay for the licensing of the product. The pricing is costly."
  • "VMware Carbon Black Cloud is an expensive solution."

    • More VMware Carbon Black Cloud Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
    See Recommendations
    767,319 professionals have used our research since 2012.
    Questions from the Community
    Is there a common threat intelligence tool that aggregates multiple threa...
    Top Answer:Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and… more »
    Read all 10 answers   →
    What is a better choice, Splunk or Azure Sentinel?
    Top Answer:It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for… more »
    Which is better - Azure Sentinel or AWS Security Hub?
    Top Answer:We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is… more »
    Read all 2 answers   →
    Ask a question

    Earn 20 points

    What to choose: an endpoint antivirus, an EDR solution or both?
    Top Answer:I can recommend Carbon Black, an award-winning next-gen anti-virus (NGAV) and endpoint detection and response (EDR)… more »
    Read all 9 answers   →
    What's the difference between Carbon Black CB Response and Carbon Black C...
    Top Answer:Carbon Black offers two different levels of Endpoint Detection and Response. One is the VM Carbon Black Cloud Endpoint… more »
    Read all 2 answers   →
    What do you like most about Carbon Black CB Response?
    Top Answer:Threat hunting is the most valuable feature of VMware Carbon Black Cloud.
    Read all 13 answers   →
    Comparisons
    Also Known As
    Azure Sentinel
    DFLabs IncMan Incident Response
    Carbon Black CB Response
    Learn More
    Microsoft
    DFLabs
    VMware
    Overview

    Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

    - Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

    - Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

    - Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

    - Respond to incidents rapidly with built-in orchestration and automation of common tasks

    To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

    DFLabs' Security Orchestration, Automation and Response (SOAR) platform, IncMan SOAR, is designed for SOCs, CSIRTs and MSSPs to automate, orchestrate and measure security operations and incident response processes and tasks, all from within one single, intuitive platform. By integrating security tools, fusing intelligence, sharing knowledge and implementing seamless workflows, IncMan SOAR enables every security incident to be detected, responded to, and remediated in the fastest possible time frame.

    DFLabs IncMan SOAR is the only Security Orchestration, Automation and Response (SOAR) platform capable of full incident lifecycle automation, that includes built-in, automated threat intelligence gathering, risk assessment, triage and notification, context enrichment, hunting and investigating, threat containment and more. This feature rich, unique and scalable SOAR platform provides context to security incidents, automates actions, orchestrates response to activities, while enabling full reporting and measurement functionality across all stakeholders.

    DFLabs covers the entire spectrum of security orchestration, automation and response components as outlined by Gartner, with a unique combination of features and capabilities, driven through continuous improvement and innovation. IncMan SOAR is the only platform to offer full incident response lifecycle management with machine learning and threat hunting. Acting as a force multiplier, it enables security teams to do more with less, empowering security analysts, while ensuring organizations stay one step ahead of any potential threat.

    Automate. Orchestrate. Measure.

    IncMan SOAR provides three critical functions as an enabler to your security program. Automation and orchestration which in turn enables response, as well as measurement.

    Automate

    Augment analysts by automating common, repetitive and menial tasks driven by machine learning for faster response to all alerts.

    Orchestrate

    Establish repeatable, enforceable, measurable and effective incident response workflows, orchestrating your security tool set into one seamless response process.

    Measure

    Measure, benchmark and optimize security operations and incident response activities and performance from one intuitive and collaborative platform.

    Seamlessly Integrate and Orchestrate Your Tools Together as One.

    Improve efficiencies by enabling your security analysts to access and manage all tools, technologies and processes from one intuitive platform. IncMan SOAR supports hundreds of 3rd party security technologies via QIC, API, CEF, Syslog and Email, with a constantly growing list of certified bidirectional integrations and Open Integration Framework for custom integrations.

    Dramatically reduce the mean time to detection, response and remediation of all potential security incidents, ensuring no alert goes untouched.

    See IncMan SOAR in Action.

    Fortify Endpoint and Workload Protection Legacy approaches fall short as cybercriminals update tactics and obscure their actions. Get advanced cybersecurity fueled by behavioral analytics to spot minor fluctuations and adapt in response. Recognize New Threats Analyze attackers’ behavior patterns to detect and stop never-before-seen attacks with continuous endpoint activity data monitoring. Don’t get stuck analyzing only what’s worked in the past. Simplify Your Security Stack Streamline the response to potential incidents with a unified endpoint agent and console. Minimize downtime responding to incidents and return critical CPU cycles back to the business.
    Sample Customers
    Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
    University of Advancing Technology, Cybersecurity Ventures
    ALLETE belk
    Top Industries
    REVIEWERS
    Financial Services Firm22%
    Computer Software Company11%
    Manufacturing Company8%
    Comms Service Provider8%
    VISITORS READING REVIEWS
    Computer Software Company16%
    Financial Services Firm10%
    Government9%
    Manufacturing Company7%
    VISITORS READING REVIEWS
    Financial Services Firm19%
    Energy/Utilities Company15%
    Government11%
    Insurance Company10%
    REVIEWERS
    Financial Services Firm27%
    Computer Software Company18%
    Healthcare Company18%
    Insurance Company9%
    VISITORS READING REVIEWS
    Computer Software Company17%
    Financial Services Firm14%
    Real Estate/Law Firm8%
    Energy/Utilities Company8%
    Company Size
    REVIEWERS
    Small Business33%
    Midsize Enterprise21%
    Large Enterprise47%
    VISITORS READING REVIEWS
    Small Business25%
    Midsize Enterprise16%
    Large Enterprise59%
    VISITORS READING REVIEWS
    Small Business31%
    Midsize Enterprise15%
    Large Enterprise55%
    REVIEWERS
    Small Business31%
    Midsize Enterprise25%
    Large Enterprise44%
    VISITORS READING REVIEWS
    Small Business25%
    Midsize Enterprise11%
    Large Enterprise65%
    Buyer's Guide
    Security Orchestration Automation and Response (SOAR)
    April 2024
    Download Free Report
    Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR). Updated: April 2024.
    DOWNLOAD NOW
    767,319 professionals have used our research since 2012.

    DFLabs IncMan SOAR is ranked 28th in Security Orchestration Automation and Response (SOAR) while VMware Carbon Black Cloud is ranked 2nd in Security Incident Response with 18 reviews. DFLabs IncMan SOAR is rated 0.0, while VMware Carbon Black Cloud is rated 8.4. The top reviewer of DFLabs IncMan SOAR writes "Protects an organization from the threat of a data breach or cyberattack". On the other hand, the top reviewer of VMware Carbon Black Cloud writes " Shows promise for endpoint detection and response, with room for improvement in complexity and pricing ". DFLabs IncMan SOAR is most compared with IBM Resilient and Palo Alto Networks Cortex XSOAR, whereas VMware Carbon Black Cloud is most compared with VMware Carbon Black Endpoint, Fidelis Elevate, Splunk SOAR and Palo Alto Networks Cortex XSOAR.

    We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.