We performed a comparison between NetWitness XDR and VMware Carbon Black Cloud based on real PeerSpot user reviews.
Find out in this report how the two Endpoint Detection and Response (EDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."Fortinet FortiEDR made our clients feel secure and more at ease, knowing that they had an EDR solution that would close the gap in their security posture."
"The product detects and blocks threats and is more proactive than firewalls."
"Forensics is a valuable feature of Fortinet FortiEDR."
"The price is low and quite competitive with others."
"Exceptions are easy to create and the interface is easy to follow with a nice appearance."
"It is stable and scalable."
"The product's initial setup phase is very easy."
"This is stable and scalable."
"The interface of this solution is very flexible and easy to use."
"The log correlation is good."
"RSA NetWitness does market analysis in a more granular form. It gives you full visibility."
"Technical support is knowledgeable."
"They have recently updated the features and the most valuable ones are the instant threat response, ease of use, web interface, integration, and easy access. RSA NetWitness Endpoint is very compatible with other solutions and technologies. However, they do not rely on third-party solutions and have most features built-in."
"It helps our security team respond more accurately when there are threats, then we get less false positives or negatives."
"It is stable. We have been using it for some time, without any issues."
"This solution allows us to locate the malware in real-time."
"The enhanced logging and data analysis of the incident response and investigation components allowed us to quickly identify and resolve security issues before they could spread."
"The market information they gather from the community is really good. Their configuration capabilities are good."
"Setting up and managing the setup for this solution is okay. It is stable, scalable, and it runs just fine. No issues with technical support."
"We are able to remotely isolate exploited endpoints in seconds and perform a live deep dive of any endpoint into its running processes (as necessary) without the need for extra scripts."
"They're highly stable in comparison with other solutions I have."
"Probably the most valuable feature of CB Response is its ability to isolate a host and take it off the network, so it's not spreading anything. We have two security operations centers around the globe. When an SOC analyst sees something on an endpoint, they can use Carbon Black Response to isolate that host from the customer's environment and prevent any kind of lateral spread."
"We also took full advantage of its incident response reporting capabilities to act as a “black box” for our infrastructure around strings of suspicious activity. The reporting and incident response capabilities were incredibly helpful during active security concerns."
"Carbon Black insures the probability that any ransomware will be stopped before spreading."
"We find the solution to be a bit expensive."
"The solution should address emerging threats like SQL injection."
"The solution is not stable."
"I haven't seen the use of AI in the solution."
"There's room for improvement in the quick response time and technical support for integration issues, especially when dealing with multiple vendors."
"The SIEM could be improved."
"The amount of usage, the number of details we get, or the number of options that can be tweaked is limited in comparison to that with other EDR solutions"
"The only minor concern is occasional interference with desired programs."
"The solution lacks a reporting engine."
"Threat detection could be better."
"When analyzing something, you have to click several times. It requires a lot of effort to find something."
"The threat intelligence could improve in RSA NetWitness Endpoint."
"Its price could be improved. It is an expensive product. Its training is also too expensive. It would be great if they can have a better pricing scheme for the training."
"The deployment process is complex. I don't know why, but this solution will suddenly stop working. Logs stop coming. Often, one thing or another stops working. Most of the time, one of my team members is working with troubleshooting and working with technical support. Log passing is also one of the biggest challenge."
"The contamination feature could be improved."
"We would like to see the hunting and investigation features of this solution improved, in order to provide better visibility of issues."
"Technical support for the solution should be improved because there is a scarcity of support teams in the Middle East."
"We are subscribed to FS-ISAC threat indicator, but have been unsuccessful in adding it to our alliance feeds."
"The cloud console has a lot of bugs and issues in the analysis part."
"It's not highly available, so you have to have a core server. If the primary server goes down, you need a new one. It's not available at the same time, however. It's not automatically swapped from one server to another."
"The product detects too many false positives initially and it could integrate better with other security solutions."
"Setup is incredibly complex and poorly documented. Every time an upgrade was needed we would need to engage Professional Services for troubleshooting help. Certificates and web services proved to be the most significant sticking points. Since the product runs on a Linux platform, perhaps having staff with more Linux experience could have alleviated some difficulty."
"The support team of Carbon Black CB Response needs improvement. At present, they need a lot of information. Then they give you an answer that they already gave you. You tell them it didn't work, and then they take a long time."
"The solution needs to simplify the process of adding custom watchlists, as well as embrace YARA for rule creation."
NetWitness XDR is ranked 35th in Endpoint Detection and Response (EDR) with 15 reviews while VMware Carbon Black Cloud is ranked 28th in Endpoint Detection and Response (EDR) with 18 reviews. NetWitness XDR is rated 8.0, while VMware Carbon Black Cloud is rated 8.4. The top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". On the other hand, the top reviewer of VMware Carbon Black Cloud writes " Shows promise for endpoint detection and response, with room for improvement in complexity and pricing ". NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), CrowdStrike Falcon, SentinelOne Singularity Complete and Microsoft Defender for Endpoint, whereas VMware Carbon Black Cloud is most compared with VMware Carbon Black Endpoint, Fidelis Elevate, Splunk SOAR and Palo Alto Networks Cortex XSOAR. See our NetWitness XDR vs. VMware Carbon Black Cloud report.
See our list of best Endpoint Detection and Response (EDR) vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.