We performed a comparison between Cisco Secure Endpoint and VMware Carbon Black Endpoint based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Features: Cisco Secure Endpoint stands out for its threat-hunting capabilities, sandboxing, and swift response to attacks. Users also praised the solution's seamless integration with Talos for continuous protection. Carbon Black Endpoint is appreciated for its transparency, robust security measures, continuous monitoring, and utilization of cloud technology. Cisco Secure Endpoint could benefit from providing more scenario-based information and a simpler, more customizable main dashboard. Integration with artificial intelligence and IoT is another area for improvement. Carbon Black could enhance its reporting capabilities, endpoint query tools, and compatibility with other systems. Users also suggest improvements in the solution’s forensic tools.
Service and Support: Users said Cisco support is efficient and responsive, and customers also found it easy to find answers in the documentation without help. Some users recommend enhancing training programs and streamlining management consoles to further enhance the level of support provided. Carbon Black Endpoint customer service earned mixed reviews, with some users reporting delayed responses or unsatisfactory issue resolution.
Ease of Deployment: Users generally found Cisco Secure Endpoint easy to set up, but some users reported challenges related to agent behavior and configuration. The initial installation involves downloading an agent and installing it on endpoints, and the total deployment time ranged from a week to several months. Users say the deployment process for VMware Carbon Black Endpoint is relatively straightforward. The initial setup can be completed in a few minutes or hours, but the total deployment may take anywhere from a few days to several months.
Pricing: Cisco Secure Endpoint's pricing is seen as fair and reasonable. Some users requested additional discounts, particularly for educational purposes. Carbon Black Endpoint charges a fixed licensing fee per node. Some users noted that there are cheaper alternatives.
ROI: Cisco Secure Endpoint offers cost savings and the potential to earn money by extending services. While some said the ROI of VMware Carbon Black Endpoint was hard to quantify, other users reported successful defenses against malware attacks.
Comparison Results: Our users favor Cisco Secure Endpoint over VMware Carbon Black Endpoint. Cisco Secure Endpoint offers more comprehensive protection, better customer service, and support, making it the preferred choice. Cisco Secure Endpoint has some advanced features for finding and resolving threats that Carbon Black Endpoint lacks. Users also appreciate Cisco Secure Endpoint's pricing, whereas some users say Carbon Black Endpoint has room to improve on price.
"It is very easy to set up. I would rate my experience with the initial setup a ten out of ten, with ten being very easy to set up."
"Forensics is a valuable feature of Fortinet FortiEDR."
"The features that I have found most valuable are the ability to customize it and to reduce its size. It lets you run in a very small window in terms of memory and resources on legacy cash registers."
"Additionally, when it comes to EDR, there are more tools available to assist with client work."
"The main thing is that I feel safe. Because the processes that have been used to get a handle on the attackers are much better than other competitors"
"Having all monitoring, response, tracking, and mitigation tools in one dashboard provides our analysts and SOC team with a comprehensive view at a glance."
"Exceptions are easy to create and the interface is easy to follow with a nice appearance."
"We have FortiEDR installed on all our systems. This protects them from any threats."
"The product itself is pretty reliable. The security features that it has make it reliable."
"The product's initial setup phase was very simple."
"The most valuable feature of the solution is its technical support."
"The ability to detonate a particular problem in a sandbox environment and understand what the effects are, is helpful. We're trying, for example, to determine, when people send information in, if an attachment is legitimate or not. You just have to open it. If you can do that in a secure sandbox environment, that's an invaluable feature. What you would do otherwise would be very risky and tedious."
"The most valuable feature is its threat protection and data privacy, including its cyber attack and data protection, as we need to cover and protect data on user devices."
"It provides real-time visibility and control over endpoints, allowing its users to promptly respond to any security incidents and remediate any vulnerabilities."
"Among the most valuable features are the exclusions. And on the scalability side, we can integrate well with the SIEM orchestration engine and a number of applications that are proprietary or open source."
"The stability of the solution is perfect. I believe it's the most stable solution on the market right now."
"The software uses very few resources; it is almost invisible to the end user."
"One of the most valuable features is that it will block vulnerable sites. If there was a connection between one of our devices to a known malware site, it will block it."
"We have another piece of that infrastructure that does what they call threat emulation. It's like sandboxing where it takes files that it doesn't know about, puts them in a VM-type environment, and it kicks them off to see if there's any malware or tendencies that might look like malware, that kind of thing."
"This product has the capability of uploading scripts to the tool and this is a very comprehensive feature."
"It has the best live response feature."
"For Carbon Black Endpoint, the possibility of integration with different other software's log servers is the important thing. Having just one point of view is more interesting so you don't need to go to different places to see all the information."
"The solution is very useful and easy to handle. You don't need much intervention with this product."
"The most valuable asset is the time-lining capability for any breach activity."
"I would like the solution to extend beyond endpoint protection and include other attack surfaces such as other network components."
"The EDR console should have more extensive reporting. You shouldn't need to purchase FortiAnalyzer. It should be included in the EDR part. The security adviser cloud platform could be improved with more options for exclusive or intensive rules for devices."
"The solution is not stable."
"It takes about two business days for initial support, which is too slow in urgent situations."
"To improve Fortinet, we need to see more features and technology areas at the endpoint level introduced."
"We'd like to see more one-to-one product presentations for the distribution channels."
"Cannot be used on mobile devices with a secure connection."
"The dashboard isn't easy to access and manage."
"...the greatest value of all, would be to make the security into a single pane of glass. Whilst these products are largely integrated from a Talos perspective, they're not integrated from a portal perspective. For example, we have to look at an Umbrella portal and a separate AMP portal. We also have to look at a separate portal for the firewalls. If I could wave a magic wand and have one thing, I would put all the Cisco products into one, simple management portal."
"We have had some problems with updates not playing nice with our environment. This is important, because if there is a new version, we need to test it thoroughly before it goes into production. We cannot just say, "There's a new version. It's not going to give us any problems." With the complexity of the solution using multiple engines for multiple tasks, it can sometimes cause performance issues on our endpoints. Therefore, we need to test it before we deploy. That takes one to three days before we can be certain that the new version plays nice with our environment."
"The user interface is dull."
"I would recommend that the solution offer more availability in terms of the product portfolio and integration with third-party products."
"Maybe there is room for improvement in some of the automated remediation. We have other tools in place that AMP feeds into that allow for that to happen, so I look at it as one seamless solution. But if you're buying AMP all by itself, I don't know if it can remove malicious software after the fact or if it requires the other tools that we use to do some of that."
"It cannot currently block URLs over websites."
"In the next version of this solution, I would like to see the addition of local authentication."
"The room for improvement would be on event notifications. I have mine tuned fairly well. I do feel that if you subscribe to all the event notification types out-of-the-box, or don't really go through and take the time to filter out events, the notifications can become overwhelming with information. Sometimes, when you're overwhelmed with information, you just say, "I'm not going to look at anything because I'm receiving so much." I recommend the vendor come up with a white paper on the best practices for event notifications."
"The solution would be more effective if there was a way to block automatically based on behavior."
"The GUI and reporting should be addressed and the product's administration features need fine tuning."
"What was rolled out to my company are mixed versions of Carbon Black CB Defense, so what I'd like to see in the next release is more synchronization, where it can detect the endpoint that's running an old version and suggest updates."
"At this point, we're test-bedding several other providers right now to see if there's anything that does equally or better and that comes at a better price point."
"In the past, we've seen some stability issues in the latest version releases. We tend to hang back one version just to make sure issues are fully resolved to avoid user disruption."
"I'm not sure as to the logic of how we've decided to customize it. We've only really used it since February and therefore there may be more to do on that front. That's why it's hard to say if something is missing or if we just aren't utilizing it."
"The support is poor."
"The application control can be improved. It should also have an automatic update of the agents."
Cisco Secure Endpoint is ranked 9th in Endpoint Protection Platform (EPP) with 44 reviews while VMware Carbon Black Endpoint is ranked 16th in Endpoint Protection Platform (EPP) with 61 reviews. Cisco Secure Endpoint is rated 8.6, while VMware Carbon Black Endpoint is rated 8.0. The top reviewer of Cisco Secure Endpoint writes "Makes it possible to see a threat once and block it across all endpoints and your entire security platform". On the other hand, the top reviewer of VMware Carbon Black Endpoint writes "Centralization via the cloud allows us to protect and control people working from home". Cisco Secure Endpoint is most compared with Microsoft Defender for Endpoint, Cortex XDR by Palo Alto Networks, CrowdStrike Falcon, Check Point Harmony Endpoint and Cisco Umbrella, whereas VMware Carbon Black Endpoint is most compared with CrowdStrike Falcon, Microsoft Defender for Endpoint, Trend Micro Deep Security, SentinelOne Singularity Complete and Cortex XDR by Palo Alto Networks. See our Cisco Secure Endpoint vs. VMware Carbon Black Endpoint report.
See our list of best Endpoint Protection Platform (EPP) vendors and best Endpoint Detection and Response (EDR) vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.