2019-06-09 22:31:00 UTC

I would like to compare CrowdStrike and Carbon Black. On what basis should I decide?


Hi. I need to compare CrowdStrike and Carbon Black. What is the advantage of CrowdStrike over Carbon Black and vice versa? For an enterprise, how do I decide which one is better for my needs?

Guest
77 Answers

author avatar
Top 5Real User

While Carbon Black is great for good detections and incident Response, Crowdstrike is EDR on steroids. It's everything you require from an Endpoint Detection, Response and Visibility perspective. An all-in-one arsenal for best in the class Threat Intelligence, Threat Analytics, very capable Sandboxing, Attack Chain Visibility, Patching Systems, File-less malware detection and termination upon execution along with a graphical visualization of the Process, Child-process etc. Only drawback for organization with isolated / offline networks is, Crowdstrike is on the Cloud.

As this point in time, nothing comes close to CrowdStrike.

2020-01-02 12:21:36 UTC
author avatar
User

In a nutshell:

Carbon Black:
- Using the PSC is like your home alarm system being connected to every neighbor!
- The product has rich and unmatched set of features in the end point protection space. Very focused on capabilities and domain expertise.

Crowdstrike:
- Easy out of the box, and provides so much more value than just an AV product.

2019-07-10 16:10:28 UTC
author avatar
Real User

Pointers are based on the tests performed during the evaluation a few months back)

CrowdStrike:
- Artificial Intelligence and Machine Learning
- Is a cloud solution
- Offers protection from known threats.
- Offers advanced threat protection
- ATP Technology: AI+ML on the Agent blocks threats before they execute. Also has sandbox capability
- Predictive / Proactive
- Offers memory defense and script control
- Is cloud/server dependent
- Requires constant Internet connectivity, cannot work offline
- Footprint: 1-2 % CPU/ 40MB
- Requires Scanning
- Requires Human Intervention
- Servers are required
- Offers Endpoint Detection and Response (EDR), Endpoint Protection Platform (EPP), Threat Intelligence
- Easy to use
- 2FA
- Does not require hourly updates
- Does not require traditional AV

Does not offer:
- Application Control
- Web Reputation Control
- Web Category Protection
- Host Firewall
- Port Control System
- Full Disk Encryption
- File-Based Encryption
- Removable Media Encryption

Carbon Black:
- Detection & Response
- Cloud or On-Premise architecture
- Requires constant hash lookup. If not connected, there will be no protection from known threats.
- Offers advanced threat prevention
- ATP Technology: Hash-based, behavior-based
- Reactive
- Offers memory defense and script control
- Application control: CB protection Product
- Cannot work offline (only cached hashes)
- Cloud / Server Dependent
- Requires constant Internet connectivity, cannot work offline
- Footprint: Large - high utilization + network utilization
- Does not require scanning.
- Requires constant requires hourly updates.
- Requires Traditional AV
- Requires Human Intervention, behavioral rules & malware signatures.
- Requires Multiple servers if on-premise.
- Endpoint Detection and Response (EDR), Endpoint Protection Platform (EPP), Threat Intelligence
- Is not easy to use.

Does not offer:
- Web Reputation Control
- Web Category Protection
- Host Firewall
- Port Control System
- Full Disk Encryption
- File-Based Encryption
- Removable Media Encryption

Few additional pointers:
1) There are commercials aspects and CB is costlier than CrowdStrike
2) CB is little heavy on the endpoint as compared to CrowdStrike
3) CrowdStrike is coming up with EDR agents for mobiles as well ( Beta is out and GA is expected in June-July 2019). This could be the game changer

2019-06-10 12:14:45 UTC
author avatar
Top 5Real User

Depends on your sec-engineering staff size, the number of agents, integration with other tools. I would start by listing your use cases and break down what you mean by "better for my needs". Too many variables.

2019-06-10 21:15:24 UTC
author avatar
Consultant

Why are you just looking at those solutions? You should also consider Microsoft Defender ATP (https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp) which is no longer just limited to monitoring Windows and which Gartner has stated as being influential in this market.

2019-06-10 16:37:54 UTC
author avatar
Consultant

Since both are an EDR solution, I would suggest analyzing which provides end to end mitigation. I know CB has 3 modules for the detailed analysis but not sure on the CrowdStrike.

2019-06-10 03:05:09 UTC
author avatar
Top 5LeaderboardReseller

CrowdStrike provides both a streaming and query REST API for accessing many of the features available through the Falcon Platform's UI. Carbon Black also provides a well-documented REST API for building custom integrations with the platform.
Technical comparison can be found at Gartner page: https://www.gartner.com/reviews/market/endpoint-protection-platforms/compare/carbon-black-vs-crowdstrike

Highly recommended for use is Crowdstrike.

2020-05-04 07:24:11 UTC
Find out what your peers are saying about Carbon Black CB Defense vs. CrowdStrike Falcon and other solutions. Updated: May 2020.
419,536 professionals have used our research since 2012.