We performed a comparison between Carbon Black CB Defense and Cortex XDR by Palo Alto Networks based on our users’ reviews in five categories. After reading all of the collected data, you can find our conclusion below.
Comparison Results: Carbon Black comes out on top in this comparison because more of its users find deployment easier than Cortex XDR. In addition, users of Carbon Black report a positive ROI.
"Having all monitoring, response, tracking, and mitigation tools in one dashboard provides our analysts and SOC team with a comprehensive view at a glance."
"NGAV and EDR features are outstanding."
"Fortinet FortiEDR's firewalling, rule creation, monitoring, and inspection profiles are great."
"The most valuable feature is the analysis, because of the beta structure."
"The console is easy to read. I also like the scanning part and the ability to move assets from one to the other."
"It is stable and scalable."
"The main thing is that I feel safe. Because the processes that have been used to get a handle on the attackers are much better than other competitors"
"Forensics is a valuable feature of Fortinet FortiEDR."
"If the user leaves our premises or network, Palo Alto Traps will still be on that endpoint and will still apply our policies."
"The most valuable feature of Cortex XDR by Palo Alto Networks is its machine-learning capabilities. Additionally, there is full integration with other solutions."
"The solution doesn't need a high level of technical training."
"Cortex XDR by Palo Alto Networks is easy to use and does not consume a lot of hardware resources."
"We've had a significant increase in blocking with a decrease in false positives, because it's looking at how the files work, not just a list of files that it's been told to look for."
"It's very stable. I've never experienced downtime for the ASM console or ASM core."
"The live terminal is probably the best thing ever. It gives you the access to get straight onto any machine."
"Stability is a primary factor, and then there's the ease of distribution and policy management."
"The solution has a very nice API on the back end for remoting into a system and executing scripts or utilizing self automation."
"It is a stable solution...The initial setup of VMware Carbon Black Endpoint was easy."
"The feature I found most valuable in Carbon Black CB Defense is the ongoing monitoring feature that works by emailing updates about any detections found."
"What I like the most about it is the dynamic grouping, where you get to group endpoints based on setup criteria. That's pretty cool. I like the simplified policy management and simplified white-listing process."
"The software uses very few resources; it is almost invisible to the end user."
"I rate Carbon Black CB Defense an eight out of ten for the ease of its initial setup."
"Carbon Black CB Defense has helped improve my organization by allowing us to have better data so that we can do correlation and get visibility into the alerts."
"There's lots of very useful documentation online to help troubleshoot and learn about the product."
"The solution is not stable."
"I would like the solution to extend beyond endpoint protection and include other attack surfaces such as other network components."
"FortiEDR could add a separate scanning dashboard. In incident management, we prefer to remove the endpoint system from the environment and scan the system. We typically use Symantec for that, but if we want to use FortiEDR for that, then we need a scanning tab to clarify things."
"Everything with Fortinet having to do with their cloud services. They need to invest more in their internal infrastructure that they are running in the cloud. One of the things I find with their cloud environment compared to others' is that they go cheap on the equipment. So it causes some performance degradation."
"The SIEM could be improved."
"There's room for improvement in the quick response time and technical support for integration issues, especially when dealing with multiple vendors."
"The EDR console should have more extensive reporting. You shouldn't need to purchase FortiAnalyzer. It should be included in the EDR part. The security adviser cloud platform could be improved with more options for exclusive or intensive rules for devices."
"The solution should address emerging threats like SQL injection."
"Cortex does not offer an on-premises solution. However, some customers would prefer not to be on the cloud. It would be ideal if it could offer something on-prem as well."
"I would like to see some additional features related to email protection included."
"We have found that there are times Cortex XDR by Palo Alto Networks does not detect some of the viruses, we have to use another protection solution called Kaspersky."
"Every 30 or 40 days, there's a new version and we need to go and make sure our customer's laptops are upgraded."
"We had a problem with getting our older endpoints up to date, but their newest updates have been really good. I've been pleased with it in terms of what our needs are. It's doing what we want it to do."
"Managing the product should be easier."
"Cortex XDR by Palo Alto Networks could improve by adding a sandbox feature to better compete with their competitors which have it."
"I would like to see them include NDR (Network Detection Response)."
"The tech support communicates, but it's just not with movement."
"When you view the triage, it will show you everything within a given time frame, and not only the attack that caused the alert, which is what I want to see. It shows you all the events during that time, and that can be quite confusing."
"I am not sure whether Carbon Black CB Defense can be considered as a stable solution or not."
"It could be a bit complicated. You have to be very familiar with Carbon Black to understand what it is doing and why it is doing. I would like to have more explanations and simplification in the user interface. It would be good to get help and see more explanations. It should tell us that a software is blocked and the reason for it. It would be good to be able to build chains in terms of what caused what, what worked, and what caused an issue. We are now moving from Carbon Black to Cortex XDR. While choosing antivirus software, we were also looking at Carbon Black because it also has an antivirus package, and it is next-generation, but we were told that Carbon Black doesn't support firewalls. We have Palo Alto firewalls. We would have chosen this solution if it supported firewalls, in particular next-generation firewalls, but unfortunately, it doesn't. Therefore, we decided on Cortex XDR because it integrates with Palo Alto firewalls."
"It would be nice to have additional forensic tools that you can build into the back end."
"But here, we hardly can take any kind of a report out of Carbon Black, so I think that should be something that should be more user-friendly."
"The solution would be more effective if there was a way to block automatically based on behavior."
"The solution needs expanded endpoint query tools."
More Cortex XDR by Palo Alto Networks Pricing and Cost Advice →
Cortex XDR by Palo Alto Networks is ranked 4th in Endpoint Protection Platform (EPP) with 80 reviews while VMware Carbon Black Endpoint is ranked 16th in Endpoint Protection Platform (EPP) with 61 reviews. Cortex XDR by Palo Alto Networks is rated 8.4, while VMware Carbon Black Endpoint is rated 8.0. The top reviewer of Cortex XDR by Palo Alto Networks writes "Perfect correlation and XDR capabilities for network traffic plus endpoint security". On the other hand, the top reviewer of VMware Carbon Black Endpoint writes "Centralization via the cloud allows us to protect and control people working from home". Cortex XDR by Palo Alto Networks is most compared with Microsoft Defender for Endpoint, CrowdStrike Falcon, Darktrace, Symantec Endpoint Security and Check Point Harmony Endpoint, whereas VMware Carbon Black Endpoint is most compared with CrowdStrike Falcon, Microsoft Defender for Endpoint, Trend Micro Deep Security, SentinelOne Singularity Complete and Tanium. See our Cortex XDR by Palo Alto Networks vs. VMware Carbon Black Endpoint report.
See our list of best Endpoint Protection Platform (EPP) vendors, best Ransomware Protection vendors, and best Endpoint Detection and Response (EDR) vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.