We performed a comparison between Proofpoint Threat Response and VMware Carbon Black Cloud based on real PeerSpot user reviews.
Find out what your peers are saying about VMware, ServiceNow, IBM and others in Security Incident Response."The best part of Proofpoint Threat Response is the Auto-Pull feature. Being able to pull an email back from a user's mailbox is very useful, yet I have noticed that not a lot of organizations use this kind of feature."
"It has reduced our manual efforts to remove emails from each user's inbox, and in this case we do not have to ask our IT department or users to do so."
"Support is very responsive."
"It is nice when you're in a situation where you think someone's device is compromised and that there's some malware getting into your fleet."
"Probably the most valuable feature of CB Response is its ability to isolate a host and take it off the network, so it's not spreading anything. We have two security operations centers around the globe. When an SOC analyst sees something on an endpoint, they can use Carbon Black Response to isolate that host from the customer's environment and prevent any kind of lateral spread."
"VMware Carbon Black Cloud is a user-friendly solution that can isolate machines from the rest of the network."
"The most valuable features are its lightweight design, ensuring minimal impact on end-users, and its real-time protection."
"Carbon Black insures the probability that any ransomware will be stopped before spreading."
"The most valuable feature is its ability to seek out abnormal activity and to create alerts."
"Carbon Black Cb Response excels at providing context to indicators when responding to incidents. It allows responders to understand the entire scope of an incident and quickly contain it to minimize impact and disruption."
"We also took full advantage of its incident response reporting capabilities to act as a “black box” for our infrastructure around strings of suspicious activity. The reporting and incident response capabilities were incredibly helpful during active security concerns."
"The interface within Threat Response could be made simpler."
"Has some quirks."
"If the reporting gets improved then it would be better, but the product is running amazing as it is."
"The solution needs to simplify the process of adding custom watchlists, as well as embrace YARA for rule creation."
"The solution can only handle about 500 bans or blocks."
"The biggest issue I encountered was one where old logs were not being overwritten as expected so the system drive kept filling up from time to time. However, support was usually quite responsive and happy to jump on a remote session to take a look at it for us. That log bug has probably been resolved with an update by now."
"We are subscribed to FS-ISAC threat indicator, but have been unsuccessful in adding it to our alliance feeds."
"It's not highly available, so you have to have a core server. If the primary server goes down, you need a new one. It's not available at the same time, however. It's not automatically swapped from one server to another."
"Additionally, it is complex to use, and the pricing should be improved."
"It's not simple."
"The cloud console has a lot of bugs and issues in the analysis part."
Proofpoint Threat Response is ranked 5th in Security Incident Response with 3 reviews while VMware Carbon Black Cloud is ranked 2nd in Security Incident Response with 18 reviews. Proofpoint Threat Response is rated 8.4, while VMware Carbon Black Cloud is rated 8.4. The top reviewer of Proofpoint Threat Response writes "Tracks and mitigates email security incidents with Auto-Pull, and has good stability and performance". On the other hand, the top reviewer of VMware Carbon Black Cloud writes " Shows promise for endpoint detection and response, with room for improvement in complexity and pricing ". Proofpoint Threat Response is most compared with ServiceNow Security Operations and Cofense Triage, whereas VMware Carbon Black Cloud is most compared with VMware Carbon Black Endpoint, Fidelis Elevate, Splunk SOAR and Palo Alto Networks Cortex XSOAR.
See our list of best Security Incident Response vendors.
We monitor all Security Incident Response reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.