We performed a comparison between Rapid7 InsightIDR and VMware Carbon Black Cloud based on real PeerSpot user reviews.
Find out in this report how the two Endpoint Detection and Response (EDR) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."We have FortiEDR installed on all our systems. This protects them from any threats."
"NGAV and EDR features are outstanding."
"This is stable and scalable."
"The product's initial setup phase is very easy."
"I like FortiClient EMS. FortiEDR has a lot of great features like lockdown mode, remote wipes, and encryption. I can set malware outbreak policies and controls for detecting abnormalities. You can also simulate phishing attacks."
"Forensics is a valuable feature of Fortinet FortiEDR."
"It notifies us if there's any suspicious file on any PC. If any execution or similar kind of thing is happening, it just alerts us. It doesn't only alert. It also blocks the execution until we allow it. We check whether the execution is legitimate or not, and then approve it or keep it blocked. This gives us a little bit of control over this mechanism. Fortinet FortiEDR is also very straightforward and easy to maintain."
"It is stable and scalable."
"The solution is very scalable in terms of the licensing model."
"Very intuitive and easy to set up."
"The ability to ingest Office 365 log files, then process them into events and display them on a map."
"Log search allows us to dive deep into aggregated logs and query all event types at once."
"During simulations or demonstrations, the tool generates alerts, providing details such as the specific application, its origin, and potential threats. For instance, it can identify if an application belongs to a known ransomware group. The system rates the threat, offering a clear detection ratio, such as 97 out of 100. It not only identifies threats but also illustrates the associated behaviors, helping us understand the potential risk to a particular endpoint."
"The log aggregation and storage provided by InsightIDR has shown no issues with scalability; aggregating over one hundred millions events daily."
"It is a very stable solution."
"If you were on other solutions, you would notice that they use agents from third-party, from open-source, from a native OS, or from other tools. Here, however, it is an agent from Rapid7 itself. This adds to the solution's overall capabilities."
"The most valuable feature is its ability to seek out abnormal activity and to create alerts."
"Probably the most valuable feature of CB Response is its ability to isolate a host and take it off the network, so it's not spreading anything. We have two security operations centers around the globe. When an SOC analyst sees something on an endpoint, they can use Carbon Black Response to isolate that host from the customer's environment and prevent any kind of lateral spread."
"We are able to remotely isolate exploited endpoints in seconds and perform a live deep dive of any endpoint into its running processes (as necessary) without the need for extra scripts."
"Integration and scalability are the most valuable."
"The detection response and quarantining are very good features."
"The most valuable feature of VMware Carbon Black Cloud is the possibility of securing any PC worldwide."
"The ability to isolate an endpoint with only the host name and a click of a button is a major time saver."
"The most valuable features are the threat-hunting and the batch console."
"Integration with Azure and SaaS provisioning tools could improve Fortinet FortiEDR."
"To improve Fortinet, we need to see more features and technology areas at the endpoint level introduced."
"It takes about two business days for initial support, which is too slow in urgent situations."
"The security should be strong for the cloud. Some applications are on-prem and some are on the cloud. Fortinet should also have strong security for the cloud. There should be more security for the cloud."
"Everything with Fortinet having to do with their cloud services. They need to invest more in their internal infrastructure that they are running in the cloud. One of the things I find with their cloud environment compared to others' is that they go cheap on the equipment. So it causes some performance degradation."
"FortiEDR could add a separate scanning dashboard. In incident management, we prefer to remove the endpoint system from the environment and scan the system. We typically use Symantec for that, but if we want to use FortiEDR for that, then we need a scanning tab to clarify things."
"They can include the automation for the realtime updates. We have a network infrastructure with remote sites. Whenever they send updates, they are not automated. We have to go into the console and push those updates. I wish it was more automated. The update file is currently around 31 MB. It could be smaller."
"Making the portal mobile friendly would be helpful when I am out of office."
"The reporting is the weakest aspect. There needs to be multi-level grouping for events (for example, group by user and destination). Right now, we can do a group by user and a separate table or group by destination. But I'd be more interested in where a person was logging into instead of who was logging in or where he was logging in."
"They should add more configuration and security features to it."
"Rapid7 doesn't integrate well with all our security tools from various vendors, so we plan to switch. Many of our solutions work with Rapid7, but some do not. We are already searching for a replacement already."
"Needs a better ability to customize the check within the console."
"Customised alert recipients need to be added to allow better first-line action and quicker response. Configurable honeypots would be a welcome addition."
"The integration capabilities of the solution have certain shortcomings where improvements are required."
"The solution needs improvement in threat intelligence. Increasing the depth of intelligence to help users understand more about threats is a possibility. My suggestion is to expand access to other websites or resources."
"One of the things that could be better is digital forensics. It is there, but it can be better. They could provide more on the endpoint detection level."
"There have been some performance issues when deploying on Windows Server, but I believe Carbon Black is working on that."
"The solution's support could be improved."
"One area for improvement is the maturity of its vulnerability features."
"We are subscribed to FS-ISAC threat indicator, but have been unsuccessful in adding it to our alliance feeds."
"The solution needs to simplify the process of adding custom watchlists, as well as embrace YARA for rule creation."
"The threat intelligence feed could use some fine tweaking."
"The biggest issue I encountered was one where old logs were not being overwritten as expected so the system drive kept filling up from time to time. However, support was usually quite responsive and happy to jump on a remote session to take a look at it for us. That log bug has probably been resolved with an update by now."
"The dashboard should be more user-friendly."
Rapid7 InsightIDR is ranked 21st in Endpoint Detection and Response (EDR) with 29 reviews while VMware Carbon Black Cloud is ranked 28th in Endpoint Detection and Response (EDR) with 18 reviews. Rapid7 InsightIDR is rated 8.4, while VMware Carbon Black Cloud is rated 8.4. The top reviewer of Rapid7 InsightIDR writes "An affordable product that is easy to use and has many advanced features and default templates". On the other hand, the top reviewer of VMware Carbon Black Cloud writes " Shows promise for endpoint detection and response, with room for improvement in complexity and pricing ". Rapid7 InsightIDR is most compared with Darktrace, Microsoft Sentinel, Splunk Enterprise Security, Rapid7 InsightVM and IBM Security QRadar, whereas VMware Carbon Black Cloud is most compared with VMware Carbon Black Endpoint, Fidelis Elevate, Palo Alto Networks Cortex XSOAR and Splunk SOAR. See our Rapid7 InsightIDR vs. VMware Carbon Black Cloud report.
See our list of best Endpoint Detection and Response (EDR) vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.