We performed a comparison between Palo Alto Networks Cortex XSOAR and VMware Carbon Black Cloud based on real PeerSpot user reviews.
Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR)."Sentinel is a Microsoft product, so they provide very robust use cases and analytic groups, which are very beneficial for the security team. I also like the ability to integrate data sources into the software for on-premise and cloud-based solutions."
"The part that was very unexpected was Sentinel's ability to integrate with Azure Lighthouse, which, as a managed services solution provider, gives us the ability to also manage our customers' Sentinel environments or Sentinel workspaces. It is a big plus for us. With its integration with Lighthouse, we get the ability to monitor multiple workspaces from one portal. A lot of the Microsoft Sentinel workbooks already integrate with that capability, and we save countless amounts of money by simply being able to almost immediately realize multitenant capabilities. That alone is a big plus for us."
"The native integration of the Microsoft security solution has been essential because it helps reduce some false positives, especially with some of the impossible travel rules that may be configured in Microsoft 365. For some organizations, that might be benign because they're using VPNs, etc."
"The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources."
"The most valuable feature is the performance because unlike legacy SIEMs that were on-premises, it does not require as much maintenance."
"The best functionality that you can get from Azure Sentinel is the SOAR capability. So, you can estimate any type of activity, such as when an alert was triggered or an incident was found."
"You can fine-tune the SOAR and you'll be charged only when your playbooks are triggered. That is the beauty of the solution because the SOAR is the costliest component in the market today... but with Sentinel it is upside-down: the SOAR is the lowest-hanging fruit. It's the least costly and it delivers more value to the customer."
"We can use Sentinel's playbook to block threats. It covers all of the environment, giving us great visibility."
"Many different playbooks are available and can be customized."
"The solution is very reliable."
"It is a scalable solution. I would rate scalability a ten out of ten."
"The Palo Alto ecosystem has a marketplace offering integration with Sentinel or other products."
"The drag-and-drop interface enables analysts with no programming knowledge to create playbooks easily."
"The repository of playbooks and the integration between Palo Alto and IBM QRadar are some useful features"
"Cortex XSOAR's most valuable features are the playbooks, custom integration, the machine-learning model, and the layout, classifier, and mapper."
"The most valuable feature is automation."
"The most valuable feature is its ability to seek out abnormal activity and to create alerts."
"Threat hunting is the most valuable feature of VMware Carbon Black Cloud."
"They're highly stable in comparison with other solutions I have."
"For setup, the server can be given to you as a VM image and with minimal configuration needed."
"Carbon Black Cb Response excels at providing context to indicators when responding to incidents. It allows responders to understand the entire scope of an incident and quickly contain it to minimize impact and disruption."
"The most valuable features are the threat-hunting and the batch console."
"We are able to remotely isolate exploited endpoints in seconds and perform a live deep dive of any endpoint into its running processes (as necessary) without the need for extra scripts."
"The solution does very well as a baseline EDR and provides good process-level management."
"Only one thing is missing: NDR is not available out-of-the-box. The competitive cloud-native SIEM providers have the NDR component. Currently, Sentinel needs NDR to be powered from either Corelight or some other NDR provider."
"I can't think of anything other than just getting the name out there. I think a lot of customers don't fully understand the full capabilities of Azure Sentinel yet. It is kind of like when they're first starting to use Azure, it might not be something they first think about. So, they should just kind of get to the point where it is more widely used."
"I think the number one area of improvement for Sentinel would be the cost."
"Microsoft Sentinel should provide an alternative query language to KQL for users who lack KQL expertise."
"Sentinel could improve its ticketing and management. A few customers I have worked with liked to take the data created in Sentinel. You can make some basic efforts around that, but the customers wanted to push it to a third-party system so they could set up a proper ticketing management system, like ServiceNow, Jira, etc."
"The built-in SOAR is not really good out-of-the-box. The SOAR relies on logic apps and you almost need to have some kind of developer background to be able to make these logic apps. Most security people cannot develop anything..."
"Microsoft Sentinel is relatively expensive, and its cost should be improved."
"Sentinel can be used in two ways. With other tools like QRadar, I don't need to run queries. Using Sentinel requires users to learn KQL to run technical queries and check things. If they don't know KQL, they can't fully utilize the solution."
"With Palo Alto Networks Cortex XSOAR, managing its setup phase can be a complicated task."
"Palo Alto Networks Cortex XSOAR lacks to offer SIEM functionalities currently."
"Implementing this solution requires a lot of involvement from the vendor and it should be made easier for the partners."
"XSOAR could have more integration options."
"We need a little hands-on experience to install the solution."
"The solution’s price and technical support could be improved."
"The platform’s setup procedures could be streamlined compared to one of its competitors."
"The tool’s multi-tenancy feature must be improved."
"Technical support for the solution should be improved because there is a scarcity of support teams in the Middle East."
"The biggest issue I encountered was one where old logs were not being overwritten as expected so the system drive kept filling up from time to time. However, support was usually quite responsive and happy to jump on a remote session to take a look at it for us. That log bug has probably been resolved with an update by now."
"We are subscribed to FS-ISAC threat indicator, but have been unsuccessful in adding it to our alliance feeds."
"There have been some performance issues when deploying on Windows Server, but I believe Carbon Black is working on that."
"They have different products, but if we wanted to take their protection and their EPR, then we would need to have two agents"
"The support team of Carbon Black CB Response needs improvement. At present, they need a lot of information. Then they give you an answer that they already gave you. You tell them it didn't work, and then they take a long time."
"They need to improve the batch console. It needs more capabilities. We are limited by the ones it provides..."
"The product detects too many false positives initially and it could integrate better with other security solutions."
More Palo Alto Networks Cortex XSOAR Pricing and Cost Advice →
Palo Alto Networks Cortex XSOAR is ranked 2nd in Security Orchestration Automation and Response (SOAR) with 41 reviews while VMware Carbon Black Cloud is ranked 2nd in Security Incident Response with 18 reviews. Palo Alto Networks Cortex XSOAR is rated 8.4, while VMware Carbon Black Cloud is rated 8.4. The top reviewer of Palo Alto Networks Cortex XSOAR writes "Enables the investigators to go through the review process a lot quicker". On the other hand, the top reviewer of VMware Carbon Black Cloud writes " Shows promise for endpoint detection and response, with room for improvement in complexity and pricing ". Palo Alto Networks Cortex XSOAR is most compared with Cortex XSIAM, Splunk SOAR, Fortinet FortiSOAR, Swimlane and IBM Resilient, whereas VMware Carbon Black Cloud is most compared with VMware Carbon Black Endpoint, Fidelis Elevate and Splunk SOAR.
We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.