• Home
  • Splunk SOAR vs. VMware Carbon Black Endpoint

Splunk SOAR vs VMware Carbon Black Endpoint comparison

Cancel
You must select at least 2 products to compare!
Microsoft Logo
Microsoft Sentinel
Read 85 Microsoft Sentinel reviews
17,715 views|9,994 comparisons
92% willing to recommend
Splunk Logo
Splunk SOAR
Read 30 Splunk SOAR reviews
6,537 views|3,915 comparisons
85% willing to recommend
VMware Logo
VMware Carbon Black Endpoint
Read 61 VMware Carbon Black Endpoint reviews
12,844 views|8,607 comparisons
90% willing to recommend
Comparison Buyer's Guide
Download the complete report
Buyer's Guide
Security Orchestration Automation and Response (SOAR)
April 2024
Executive Summary

We performed a comparison between Splunk SOAR and VMware Carbon Black Endpoint based on real PeerSpot user reviews.

Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR).
To learn more, read our detailed Security Orchestration Automation and Response (SOAR) Report (Updated: April 2024).
Download the complete report
769,479 professionals have used our research since 2012.
Featured Review
Sachin Paul
Researched Splunk SOAR but chose Microsoft Sentinel: Makes data integration very easy for our SOC
It enables data integration within our hybrid, multi-cloud environment, and it makes this data integration very easy for our security operations... Read more →
Volodymyr-Savov
Is user-friendly, integrates well, and is stable
Splunk SOAR's UI is user-friendly for managing workflows. The integration of Splunk SOAR is good. When we implemented Splunk SOAR we were able to... Read more →
Luciano Batalha
A simple tool that offers good performance and stability
My company does benefit from the use of the solution since it detects live threats, malware threats, possible ransomware attacks, and other such... Read more →
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"I like the ability to run custom KQL queries. I don't know if that feature is specific to Sentinel. As far as I know, they are using technology built into Azure's Log Analytics app. Sentinel integrates with that, and we use this functionality heavily.""The solution has features that helped improve the security posture of our clients. It provides the ability to correlate a large variety of log sources very cost-effectively, especially for Microsoft sources.""The features that stand out are the detection engine and its integration with multiple data sources.""I like the unified security console. You can close incidents using Sentinel in all other Microsoft Security portals, when it comes to incident response.""Sentinel has an intuitive, user-friendly way to visualize the data properly. It gives me a solid overview of all the logs. We get a more detailed view that I can't get from the other SIEM tools. It has some IP and URL-specific allow listing""The analytic rule is the most valuable feature.""The SOAR playbooks are Sentinel's most valuable feature. It gives you a unified toolset for detecting, investigating, and responding to incidents. That's what clearly differentiates Sentinels from its competitors. It's cloud-native, offering end-to-end coverage with more than 120 connectors. All types of data logs can be poured into the system so analysis can happen. That end-to-end visibility gives it the advantage.""I've worked on most of the top SIEM solutions, and Sentinel has an edge in most areas. For example, it has built-in SOAR capabilities, allowing you to run playbooks automatically. Other vendors typically offer SOAR as a separate licensed solution or module, but you get it free with Sentinel. In-depth incident integration is available out of the box."

More Microsoft Sentinel Pros →

"The most valuable feature of Splunk SOAR is the automated playbooks, which saves analysts time.""The solution allows us to customize playbooks and incorporate custom code, allowing us to drag and drop elements while still writing code to build the integrations we need.""The most valuable features of Splunk SOAR are the easy integration with other solutions, including other Splunk solutions. The most important playbooks we need on the market come already on the Frontend. However, nowadays, Splunk changed its name, it's not Frontend anymore, it's Splunk Store. This is a very strong point.""The most valuable feature is the risk-based access control.""So far, the interface is very easy to use.""The product’s integration with other Splunk products is valuable.""The best feature is the integration and the custom Python code that we can write. Splunk SOAR provides us with both of these capabilities, allowing us to integrate different security solutions with Splunk SOAR and take remediation actions directly on those security tools.""I'm just a beginner on the solution and it's pretty easy for me to use."

More Splunk SOAR Pros →

"VMware Carbon Black Endpoint is a highly stable solution.""The threat analysis functionality is good.""The most valuable feature of the solution stems from the support it provides.""The tool is pretty stable.""Some of the valuable features I have found are the online documentation of the solution is well organized and thorough. I like the simplicity of bypass and the visualization of the active components.""Carbon Black CB Defense has helped improve my organization by allowing us to have better data so that we can do correlation and get visibility into the alerts.""The biggest feature out of CarbonBlack is its ability to dive in with more depth. You can look at the entire kill chain and understand, not only if an alarm or identified incident is truly a true security issue versus a false positive, and it allows us to backtrack and figure out why it actually happened and how it got into the environment.""The most valuable feature of the solution stems from the fact that it is one of the best EDR tools in the market."

More VMware Carbon Black Endpoint Pros →

Cons
"We are invoiced according to the amount of data generated within each log.""We do have in-built or out-of-the-box metrics that are shown on the dashboard, but it doesn't give the kind of metrics that we need from our environment whereby we need to check the meantime to detect and meantime to resolve an incident. I have to do it manually. I have to pull all the logs or all the alerts that are fed into Sentinel over a certain period. We do this on a monthly basis, so I go into Microsoft Sentinel and pull all the alerts or incidents we closed over a period of thirty days.""There is a wider thing called Jupyter Notebooks, which is around the automation side of things. It would be good if there are playbooks that you can utilize without having to have the developer experience to do it in-house. Microsoft could provide more playbooks or more Jupyter Notebooks around MITRE ATT&CK Framework.""We'd like also a better ticketing system, which is older.""When we pass KPIs to the governance department, there's no option to provide rights to the data or dashboard to colleagues. We can use Power BI for this, but it isn't easy or convenient. They should just come up with a way to provide limited role-based access to auditing personnel""The KQL query does not function effectively with Windows 11 machines, and in the majority of machine-based investigations, KQL queries are essential for organizing the data during investigations.""The solution could be more user-friendly; some query languages are required to operate it.""If their UI was a bit more streamlined and easy to find when I need it, then that would be a great improvement."

More Microsoft Sentinel Cons →

"It could be easier to implement.""The scalability could be better.""Some of the training materials are on a basic level.""What we have seen is if the workflow gets halted or if we want to halt a workflow, it cannot be resumed.""In the beginning, we couldn't find any specific documents for every function. It wasn't easy to navigate to what we needed.""Splunk SOAR can improve IoT/OT security-related case studies or your use cases. Their integration with identity and access management (IAM) solutions is a bit shaky. They don't have good integration with a lot of IAM solutions. They do have good capability in terms of user access management internally, but even with privileged user access, they have a good module. However, if they have to integrate with solutions, such as CyberArk or IBM IAM solutions they are lacking, the visibility of user access is not that much.""I haven't used it fully, but based on my usage, I could not find simulation tools and features. It currently lacks simulation features, which are important for me for creating a playbook. It is also very expensive for my region.""The application does not work properly and does not pass the log-based configuration. I feel that some kind of review should happen in the application. This review should validate things so that we can get the right information. Splunk does not tell us where the IP address is associated with."

More Splunk SOAR Cons →

"The device control feature could also be compatible with the user’s profile as well.""I'm not sure as to the logic of how we've decided to customize it. We've only really used it since February and therefore there may be more to do on that front. That's why it's hard to say if something is missing or if we just aren't utilizing it.""Carbon Black CB Defense has helped improve my organization by allowing us to have better data so that we can do correlation and get visibility into the alerts.""The product's reporting capabilities are an area of concern where improvements are required.""At this point, we're test-bedding several other providers right now to see if there's anything that does equally or better and that comes at a better price point.""The initial setup is complex.""There is room for improvement in the support and service team.""I haven't run into anything that needs improvement. The website interface can be a little bit better, but it's still good as compared to most others."

More VMware Carbon Black Endpoint Cons →

Pricing and Cost Advice
  • "It comes with a Microsoft subscription which the customer has, so they don't have to invest somewhere else."
  • "It is a consumption-based license model. bands at 100, 200, 400 GB per day etc. Azure Sentinel Pricing | Microsoft Azure"
  • "Good monthly operational cost model for the detection and response outcomes delivered, M365 logs don't count toward the limits which is a good benefit."
  • "I have had mixed feedback. At one point, I heard a client say that it sometimes seems more expensive. Most of the clients are on Office 365 or M365, and they are forced to take Azure SIEM because of the integration."
  • "It is kind of like a sliding scale. There are different tiers of pricing that go from $100 per day up to $3,500 per day. So, it just kind of depends on how much data is being stored. There can be additional costs to the standard license other than the additional data. It just kind of depends on what other services you're spinning up in Azure, or if you're using something like Azure log analytics."
  • "I am just paying for the log space with Azure Sentinel. It costs us about $2,000 a month. Most of the logs are free. We are only paying money for Azure Firewall logs because email logs or Azure AD logs are free to use for us."
  • "Sentinel is a bit expensive. If you can figure a way of configuring it to meet your needs, then you can find a way around the cost."
  • "Azure Sentinel is very costly, or at least it appears to be very costly. The costs vary based on your ingestion and your retention charges."

    • More Microsoft Sentinel Pricing and Cost Advice →

  • "I don't know the exact price, but for my region, it is very expensive."
  • "In my opinion, the price is high, but if you want good products, you have to be willing to pay for them."
  • "It's very overpriced because it is based on the number of users. There is no bulk licensing."
  • "Splunk SOAR is more expensive compared to other options for SOAR."
  • "The licensing cost is reasonable."
  • "When we first purchased our Splunk SOAR license, it was based on an event-count model. It was based on the number of events. I had strong opinions at the time that automation should not be stifled by the amount of automation you can accomplish, so the previous structure was not as beneficial for us. Later that year, we got told or saw at a conference that they announced user-based pricing. We are now in a renewal period, so we migrated to a user-based license model, which is more appropriate for us so that we no longer have to worry about stifling our automation based on the quantity."
  • "Splunk SOAR is an expensive solution for an organization of our size."
  • "The cost is high and the licensing is on an annual basis."

    • More Splunk SOAR Pricing and Cost Advice →

  • "​The cost/benefit factor has great relevance in Cb Defense implementations​."
  • "The cost is a considerable factor, but the benefit factor is the most important. When you compare it with other products, the price is high. Carbon Black will negotiate the price."
  • "I am not really involved in the pricing of this product. But, from my understanding, it is OK for us."
  • "Carbon Black might be a touch more expensive than Symantec. They tend to get a premium for their capabilities. They're sort of an industry leader in a lot of areas with the functionality that they provide."
  • "We have branches, we have different companies, but we cannot buy less than 100 licenses. This does not make sense to me... It should be more flexible. I can understand their saying, "Okay, to be a customer you need 100," but to add on to that number it should be something very straightforward. If I need to add five, for example, I shouldn't need to add 100."
  • "The pricing [is] more or less the same as other similar solutions."
  • "It's reasonable in price"
  • "The price for the solution is completely at government level, meaning one which is very high."

    • More VMware Carbon Black Endpoint Pricing and Cost Advice →

    report
    See Which Vendors Are Best For You
    Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
    See Recommendations
    769,479 professionals have used our research since 2012.
    Questions from the Community
    Is there a common threat intelligence tool that aggregates multiple threa...
    Top Answer:Yes, Azure Sentinel is a SIEM on the Cloud. Multiple data sources can be uploaded and analyzed with Azure Sentinel and… more »
    Read all 10 answers   →
    What is a better choice, Splunk or Azure Sentinel?
    Top Answer:It would really depend on (1) which logs you need to ingest and (2) what are your use cases Splunk is easy for… more »
    Which is better - Azure Sentinel or AWS Security Hub?
    Top Answer:We like that Azure Sentinel does not require as much maintenance as legacy SIEMs that are on-premises. Azure Sentinel is… more »
    Read all 2 answers   →
    What do you like most about Splunk Phantom?
    Top Answer:Splunk SOAR's quick response to incidents is the most valuable part.
    Read all 20 answers   →
    What is your experience regarding pricing and costs for Splunk Phantom?
    Top Answer:The cost is high and the licensing is on an annual basis.
    Read all 18 answers   →
    What needs improvement with Splunk Phantom?
    Top Answer:The cost of Splunk SOAR has room for improvement.
    Read all 19 answers   →
    What to choose: an endpoint antivirus, an EDR solution or both?
    Top Answer:I can recommend Carbon Black, an award-winning next-gen anti-virus (NGAV) and endpoint detection and response (EDR)… more »
    Read all 9 answers   →
    What's the difference between Carbon Black CB Response and Carbon Black C...
    Top Answer:Carbon Black offers two different levels of Endpoint Detection and Response. One is the VM Carbon Black Cloud Endpoint… more »
    Read all 2 answers   →
    What do you like most about Carbon Black CB Defense?
    Top Answer:VMware Carbon Black Endpoint is a highly stable solution.
    Read all 46 answers   →
    Comparisons
    Also Known As
    Azure Sentinel
    Phantom
    Carbon Black CB Defense, Bit9, Confer
    Learn More
    Microsoft
    Splunk
    VMware
    Overview

    Microsoft Sentinel is a scalable, cloud-native, security information event management (SIEM) and security orchestration automated response (SOAR) solution that lets you see and stop threats before they cause harm. Microsoft Sentinel delivers intelligent security analytics and threat intelligence across the enterprise, providing a single solution for alert detection, threat visibility, proactive hunting, and threat response. Eliminate security infrastructure setup and maintenance, and elastically scale to meet your security needs—while reducing IT costs. With Microsoft Sentinel, you can:

    - Collect data at cloud scale—across all users, devices, applications, and infrastructure, both on-premises and in multiple clouds

    - Detect previously uncovered threats and minimize false positives using analytics and unparalleled threat intelligence from Microsoft

    - Investigate threats with AI and hunt suspicious activities at scale, tapping into decades of cybersecurity work at Microsoft

    - Respond to incidents rapidly with built-in orchestration and automation of common tasks

    To learn more about our solution, ask questions, and share feedback, join our Microsoft Security, Compliance and Identity Community.

    Splunk SOAR offers features like automation and orchestration of manual tasks, speeding up work, detection and response to advanced and emerging threats. 

    Go from overwhelmed to in-control

    Automate manual tasks. Address every alert, every day. Establish repeatable procedures that allow security analysts to stop being reactive and focus on mission-critical objectives to protect your business.

    Force multiply your team

    Orchestrate and automate repetitive tasks, investigation and response to increase efficiency and productivity, and do more with the people you already have. Make a team of three feel like a team of 10.

    From 30 minutes to 30 seconds

    Work faster with Splunk SOAR. Respond to threats in seconds. Lower your mean time to respond (MTTR) by automating security tasks and workflows across all of your security tools.

    End-to-end security operations made easy

    Take advantage of Splunk Enterprise Security and Splunk SOAR joining forces to provide a seamless and intuitive SecOps platform to prevent, detect and respond to advanced and emerging threats.

    VMware Carbon Black Endpoint Security is a comprehensive endpoint protection platform (EPP) designed to safeguard enterprises from advanced cyber threats, malware, ransomware, and other forms of malicious attacks. Leveraging cloud-native architecture, it provides a robust set of tools to detect, prevent, investigate, and respond to cybersecurity incidents across environment. The solution stands out for its advanced behavioral analytics, real-time threat hunting, and customizable policies, making it a preferred choice for businesses seeking to fortify their defenses in the evolving cybersecurity landscape.

    Modernize Your Endpoint Protection

    Legacy approaches to prevention leave organizations exposed. Get an endpoint platform that helps you strengthen and unify security tools to see more and stop more.

    Simplify Your Security Stack

    By simplifying endpoint security capabilities with one endpoint agent and console, you can minimize downtime, respond to incidents and return critical CPU cycles back to the business.

    Operate with Confidence

    Modern environments are increasingly complex. VMware Carbon Black is a single source of truth that provides an intuitive understanding of your environment, enabling confident decisions.

    Sample Customers
    Microsoft Sentinel is trusted by companies of all sizes including ABM, ASOS, Uniper, First West Credit Union, Avanade, and more.
    Recorded Future, Blackstone
    Netflix, Progress Residential, Indeed, Hologic, Gentle Giant, Samsung Research America
    Top Industries
    REVIEWERS
    Financial Services Firm22%
    Computer Software Company11%
    Manufacturing Company8%
    Comms Service Provider8%
    VISITORS READING REVIEWS
    Computer Software Company16%
    Financial Services Firm10%
    Government9%
    Manufacturing Company7%
    REVIEWERS
    Financial Services Firm38%
    University13%
    Computer Software Company13%
    Manufacturing Company6%
    VISITORS READING REVIEWS
    Financial Services Firm14%
    Computer Software Company14%
    Government10%
    Manufacturing Company10%
    REVIEWERS
    Manufacturing Company20%
    Computer Software Company18%
    Financial Services Firm9%
    Construction Company9%
    VISITORS READING REVIEWS
    Computer Software Company15%
    Financial Services Firm10%
    Government9%
    Manufacturing Company7%
    Company Size
    REVIEWERS
    Small Business33%
    Midsize Enterprise21%
    Large Enterprise47%
    VISITORS READING REVIEWS
    Small Business25%
    Midsize Enterprise16%
    Large Enterprise59%
    REVIEWERS
    Small Business30%
    Midsize Enterprise20%
    Large Enterprise50%
    VISITORS READING REVIEWS
    Small Business18%
    Midsize Enterprise13%
    Large Enterprise69%
    REVIEWERS
    Small Business42%
    Midsize Enterprise15%
    Large Enterprise42%
    VISITORS READING REVIEWS
    Small Business26%
    Midsize Enterprise19%
    Large Enterprise55%
    Buyer's Guide
    Security Orchestration Automation and Response (SOAR)
    April 2024
    Download Free Report
    Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR). Updated: April 2024.
    DOWNLOAD NOW
    769,479 professionals have used our research since 2012.

    Splunk SOAR is ranked 3rd in Security Orchestration Automation and Response (SOAR) with 30 reviews while VMware Carbon Black Endpoint is ranked 16th in Endpoint Protection Platform (EPP) with 61 reviews. Splunk SOAR is rated 8.0, while VMware Carbon Black Endpoint is rated 8.0. The top reviewer of Splunk SOAR writes "Takes most of the work away, but the time they take to implement new features is a little bit of concern". On the other hand, the top reviewer of VMware Carbon Black Endpoint writes "Centralization via the cloud allows us to protect and control people working from home". Splunk SOAR is most compared with Palo Alto Networks Cortex XSOAR, Cortex XSIAM, ServiceNow Security Operations, Torq and Cisco SecureX, whereas VMware Carbon Black Endpoint is most compared with CrowdStrike Falcon, Microsoft Defender for Endpoint, Trend Micro Deep Security, SentinelOne Singularity Complete and Symantec Endpoint Security.

    We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.