2019-06-09T22:31:00Z

I would like to compare CrowdStrike and Carbon Black. On what basis should I decide?

Janet Peng - PeerSpot reviewer
  • 7
  • 388
PeerSpot user
10

10 Answers

NS
Real User
2019-06-10T12:14:45Z
Jun 10, 2019

Pointers are based on the tests performed during the evaluation a few months back)

CrowdStrike:
- Artificial Intelligence and Machine Learning
- Is a cloud solution
- Offers protection from known threats.
- Offers advanced threat protection
- ATP Technology: AI+ML on the Agent blocks threats before they execute. Also has sandbox capability
- Predictive / Proactive
- Offers memory defense and script control
- Is cloud/server dependent
- Requires constant Internet connectivity, cannot work offline
- Footprint: 1-2 % CPU/ 40MB
- Requires Scanning
- Requires Human Intervention
- Servers are required
- Offers Endpoint Detection and Response (EDR), Endpoint Protection Platform (EPP), Threat Intelligence
- Easy to use
- 2FA
- Does not require hourly updates
- Does not require traditional AV

Does not offer:
- Application Control
- Web Reputation Control
- Web Category Protection
- Host Firewall
- Port Control System
- Full Disk Encryption
- File-Based Encryption
- Removable Media Encryption

Carbon Black:
- Detection & Response
- Cloud or On-Premise architecture
- Requires constant hash lookup. If not connected, there will be no protection from known threats.
- Offers advanced threat prevention
- ATP Technology: Hash-based, behavior-based
- Reactive
- Offers memory defense and script control
- Application control: CB protection Product
- Cannot work offline (only cached hashes)
- Cloud / Server Dependent
- Requires constant Internet connectivity, cannot work offline
- Footprint: Large - high utilization + network utilization
- Does not require scanning.
- Requires constant requires hourly updates.
- Requires Traditional AV
- Requires Human Intervention, behavioral rules & malware signatures.
- Requires Multiple servers if on-premise.
- Endpoint Detection and Response (EDR), Endpoint Protection Platform (EPP), Threat Intelligence
- Is not easy to use.

Does not offer:
- Web Reputation Control
- Web Category Protection
- Host Firewall
- Port Control System
- Full Disk Encryption
- File-Based Encryption
- Removable Media Encryption

Few additional pointers:
1) There are commercials aspects and CB is costlier than CrowdStrike
2) CB is little heavy on the endpoint as compared to CrowdStrike
3) CrowdStrike is coming up with EDR agents for mobiles as well ( Beta is out and GA is expected in June-July 2019). This could be the game changer

Product comparison that may be of interest to you
RL
User
2021-03-18T11:42:37Z
Mar 18, 2021

I agree with some of the comments. Crowdstrike is way ahead of CB. However, both are cloud solutions, and depending on your business regulatory guidelines, you may have challenges having to send raw data to the cloud directly from the endpoints. 

it_user1071018 - PeerSpot reviewer
Real User
2020-01-02T12:21:36Z
Jan 2, 2020

While Carbon Black is great for good detections and incident Response, Crowdstrike is EDR on steroids. It's everything you require from an Endpoint Detection, Response and Visibility perspective. An all-in-one arsenal for best in the class Threat Intelligence, Threat Analytics, very capable Sandboxing, Attack Chain Visibility, Patching Systems, File-less malware detection and termination upon execution along with a graphical visualization of the Process, Child-process etc. Only drawback for organization with isolated / offline networks is, Crowdstrike is on the Cloud.

As this point in time, nothing comes close to CrowdStrike.

GO
MSP
2019-07-10T16:10:28Z
Jul 10, 2019

In a nutshell:

Carbon Black:
- Using the PSC is like your home alarm system being connected to every neighbor!
- The product has rich and unmatched set of features in the end point protection space. Very focused on capabilities and domain expertise.

Crowdstrike:
- Easy out of the box, and provides so much more value than just an AV product.

JP
Real User
2019-06-10T21:15:24Z
Jun 10, 2019

Depends on your sec-engineering staff size, the number of agents, integration with other tools. I would start by listing your use cases and break down what you mean by "better for my needs". Too many variables.

it_user784911 - PeerSpot reviewer
Real User
2019-06-10T16:37:54Z
Jun 10, 2019

Why are you just looking at those solutions? You should also consider Microsoft Defender ATP (https://www.microsoft.com/en-us/WindowsForBusiness/windows-atp) which is no longer just limited to monitoring Windows and which Gartner has stated as being influential in this market.

Find out what your peers are saying about CrowdStrike Falcon vs. VMware Carbon Black Endpoint and other solutions. Updated: March 2024.
763,955 professionals have used our research since 2012.
SN
Consultant
2019-06-10T03:05:09Z
Jun 10, 2019

Since both are an EDR solution, I would suggest analyzing which provides end to end mitigation. I know CB has 3 modules for the detailed analysis but not sure on the CrowdStrike.

RL
User
2021-04-13T01:59:12Z
Apr 13, 2021

I think the one thing you want to do is to review how much each solution will help you reduce your investigative workload... Each and every organization will have its own strength and requirements. If you're looking for an on premise solution, then maybe CB is your choice... cause as far as I know, CS only work from the cloud.

However, if your team is small and you don't want to be bogged down by alerts after alerts, try finding a solution that gives you conclusive and actionable intelligence - one that specifically points out the problem file/folder/endpoint for you.


Contact me if you want to know more - rodney@cybotsai.com


Hope it helps!
 

LM
User
2021-04-12T15:56:29Z
Apr 12, 2021

Both are great products. The cons are overcome partially resolved by other products.

TM
Real User
Top 10
2020-05-04T07:24:11Z
May 4, 2020

CrowdStrike provides both a streaming and query REST API for accessing many of the features available through the Falcon Platform's UI. Carbon Black also provides a well-documented REST API for building custom integrations with the platform.
Technical comparison can be found at Gartner page: https://www.gartner.com/reviews/market/endpoint-protection-platforms/compare/carbon-black-vs-crowdstrike

Highly recommended for use is Crowdstrike.

CrowdStrike Falcon vs. VMware Carbon Black Endpoint comparison
We compared CrowdStrike Falcon and VMware Carbon Black Endpoint based on our users reviews in five parameters. After reading the collected data, you can find our conclusion below: Ease of Deployment: The setup process for CrowdStrike can be time-consuming, ranging from a few hours to several months. Users find it easy to deploy with minimal maintenance. The setup for Carbon Black can be difficult for those unfamiliar with Carbon Black. Some users encountered problems with unsupported...
Download CrowdStrike Falcon vs. VMware Carbon Black Endpoint comparison ReportRead more

Related Q&As