We performed a comparison between Carbon Black CB Defense and Cortex XDR by Palo Alto Networks based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Carbon Black comes out on top in this comparison because more of its users find deployment easier than Cortex XDR. In addition, users of Carbon Black report a positive ROI.
"Fortinet is very user-friendly for customers."
"Fortinet has helped free up around 20 percent of our staff's time to help us out."
"The product's initial setup phase is very easy."
"Fortinet FortiEDR made our clients feel secure and more at ease, knowing that they had an EDR solution that would close the gap in their security posture."
"The solution was relatively easy to deploy."
"The setup is pretty simple."
"The console is easy to read. I also like the scanning part and the ability to move assets from one to the other."
"I like FortiClient EMS. FortiEDR has a lot of great features like lockdown mode, remote wipes, and encryption. I can set malware outbreak policies and controls for detecting abnormalities. You can also simulate phishing attacks."
"We can use Cortex XDR to get the entire graph of the incidents from source to destination, and we can take remedial action."
"The solution is a new generation XDR that has a lot of artificial intelligence modules."
"It collects and caches and the knowledge of machine learning from different customers to take to the cloud. It makes it better to use for everybody. It allows for quick learning and updates and can, therefore, offer zero-day malware security. This sharing of metadata helps make the solution very safe."
"The product's most valuable features are massive user and feature intelligence exploit detection."
"It blocks malicious files. It prevents attacks. It doesn't require many updates, it's a very light application."
"Monitoring is most valuable."
"If the user leaves our premises or network, Palo Alto Traps will still be on that endpoint and will still apply our policies."
"Since they've done their most recent update, the ease to isolate endpoints is valuable. If we find one where there is a virus on it, we can easily isolate it. We don't even have to contact the user. We don't have to manually take them off the network. We can easily isolate them."
"The solution is very useful and easy to handle. You don't need much intervention with this product."
"The feature I found most valuable in Carbon Black CB Defense is the ongoing monitoring feature that works by emailing updates about any detections found."
"Provides visibility into the chain of attack and threats that use valid operating system processes to execute attacks."
"Once the solution is installed and configured correctly it does not require a lot of hands-on attention until you need upgrading."
"The product is pretty strong in terms of security and their features are very good in that respect."
"This product has the capability of uploading scripts to the tool and this is a very comprehensive feature."
"The initial setup is very easy."
"I like the historical features, interface, and integration."
"The solution should address emerging threats like SQL injection."
"The solution is not stable."
"We find the solution to be a bit expensive."
"The only minor concern is occasional interference with desired programs."
"We'd like to see more one-to-one product presentations for the distribution channels."
"FortiEDR could add a separate scanning dashboard. In incident management, we prefer to remove the endpoint system from the environment and scan the system. We typically use Symantec for that, but if we want to use FortiEDR for that, then we need a scanning tab to clarify things."
"It takes about two business days for initial support, which is too slow in urgent situations."
"The EDR console should have more extensive reporting. You shouldn't need to purchase FortiAnalyzer. It should be included in the EDR part. The security adviser cloud platform could be improved with more options for exclusive or intensive rules for devices."
"Every 30 or 40 days, there's a new version and we need to go and make sure our customer's laptops are upgraded."
"The server sometimes stops continuously to check things so it would be helpful to receive access updates or technical reasons."
"The solution lacks real-time, on-demand antivirus."
"Previously, the endpoint would leave the environment, not being on our VPN, essentially unable to interact with the server to upload files. It was unable to retrieve new file verdicts. It was using a thing called "local analysis" to determine if something was a malicious file or not. There was no dynamic analysis."
"Impact on system performance is horrible, adding a lot of delays for users."
"The product's pricing needs improvement. They could provide more discounts. Additionally, the dashboard and control panel could be enhanced."
"We have found that there are times Cortex XDR by Palo Alto Networks does not detect some of the viruses, we have to use another protection solution called Kaspersky."
"I don't like that they have different types of licenses. For example, if users select a license, they think they will have all the platforms they need to improve their network or security. But after some time, Palo Alto Networks changed their licensing, and some of the features that, for example, were free at the beginning now have a cost. I think the integration can be improved. For example, a lot of tools are just integrated through APIs."
"The solution needs better overall compatibility with other products."
"The solution needs expanded endpoint query tools."
"The initial setup is complex."
"There could be more knowledge. I think they made a mistake when they took away the Check Point integration, because it provides more automation and also more threat intelligence."
"At this point, we're test-bedding several other providers right now to see if there's anything that does equally or better and that comes at a better price point."
"It could be a bit complicated. You have to be very familiar with Carbon Black to understand what it is doing and why it is doing. I would like to have more explanations and simplification in the user interface. It would be good to get help and see more explanations. It should tell us that a software is blocked and the reason for it. It would be good to be able to build chains in terms of what caused what, what worked, and what caused an issue. We are now moving from Carbon Black to Cortex XDR. While choosing antivirus software, we were also looking at Carbon Black because it also has an antivirus package, and it is next-generation, but we were told that Carbon Black doesn't support firewalls. We have Palo Alto firewalls. We would have chosen this solution if it supported firewalls, in particular next-generation firewalls, but unfortunately, it doesn't. Therefore, we decided on Cortex XDR because it integrates with Palo Alto firewalls."
"The EDR portion could be better. I'm not a big fan, but it works."
"Report generation can be improved."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Endpoint Protection Platform (EPP) with 80 reviews while VMware Carbon Black Endpoint is ranked 17th in Endpoint Protection Platform (EPP) with 61 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while VMware Carbon Black Endpoint is rated 8.0. The top reviewer of Cortex XDR by Palo Alto Networks writes "It provides a whole new level of visibility and integrates with most other vendors". On the other hand, the top reviewer of VMware Carbon Black Endpoint writes "Centralization via the cloud allows us to protect and control people working from home". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, Symantec Endpoint Security and SentinelOne Singularity Complete, whereas VMware Carbon Black Endpoint is most compared with CrowdStrike Falcon, Microsoft Defender for Endpoint, Trend Micro Deep Security, SentinelOne Singularity Complete and Tanium. See our Cortex XDR by Palo Alto Networks vs. VMware Carbon Black Endpoint report.
See our list of best Endpoint Protection Platform (EPP) vendors, best Ransomware Protection vendors, and best Endpoint Detection and Response (EDR) vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.