NetWitness NDR vs VMware Carbon Black Endpoint comparison

NetWitness and VMware are both solutions in the Endpoint Protection Platform (EPP) category. NetWitness is ranked #58, while VMware is ranked #18 with an average rating of 7.7. NetWitness holds a 0.2% mindshare in EPP, compared to VMware’s 2.0% mindshare. Additionally, 87% of NetWitness users are willing to recommend the solution, compared to 88% of VMware users who would recommend it.

NetWitness NDR

Read 15 NetWitness NDR reviews

667 Views
513 Comparison Views

87% willing to recommend

VMware Carbon Black Endpoint

Read 63 VMware Carbon Black Endpoint reviews

7,867 Views
5,334 Comparison Views

88% willing to recommend

NetWitness NDR

VMware Carbon Black Endpoint

Comparison Buyer's Guide

Download the report

Executive SummaryUpdated on Sep 9, 2024

VMware Carbon Black Endpoint and NetWitness NDR are leading solutions in endpoint detection and response and network detection and response, respectively. VMware Carbon Black Endpoint is often preferred for its comprehensive threat detection capabilities, while NetWitness NDR stands out for its superior network visibility and data insights.

Features: VMware Carbon Black Endpoint offers real-time threat monitoring, extensive endpoint control, and rapid threat detection and response capabilities. NetWitness NDR provides in-depth network traffic analysis, robust incident response, and detailed network insights.

Room for Improvement: VMware Carbon Black Endpoint could benefit from better integration with other security tools, enhancements in system performance, and a more intuitive user interface. NetWitness NDR needs improvements in scalability, advanced analytics capabilities, and easier setup procedures.

Ease of Deployment and Customer Service: VMware Carbon Black Endpoint is noted for its straightforward deployment and strong customer support services. NetWitness NDR, while offering flexible deployment options, receives feedback for needing more responsive customer service and simpler installation processes.

Pricing and ROI: VMware Carbon Black Endpoint is viewed as competitively priced, with users reporting satisfactory ROI due to its robust features. NetWitness NDR, despite its higher cost, is considered to offer good ROI because of its advanced network detection capabilities, justifying the investment for its comprehensive insights.

To learn more, read our detailed NetWitness NDR vs. VMware Carbon Black Endpoint Report (Updated: November 2024).

Buyer's Guide

NetWitness NDR vs. VMware Carbon Black Endpoint

November 2024

Download the complete report

Helped 824,067 peers since 2012

Categories and Ranking

NetWitness NDR

Ranking in Endpoint Protection Platform (EPP)

58th

Ranking in Endpoint Detection and Response (EDR)

60th

Average Rating

8.0

Reviews Sentiment

6.9

Number of Reviews

Ranking in other categories

Threat Intelligence Platforms (33rd), Security Orchestration Automation and Response (SOAR) (25th), Network Detection and Response (NDR) (20th), Extended Detection and Response (XDR) (34th)

VMware Carbon Black Endpoint

Ranking in Endpoint Protection Platform (EPP)

18th

Ranking in Endpoint Detection and Response (EDR)

15th

Average Rating

7.8

Reviews Sentiment

6.9

Number of Reviews

Ranking in other categories

Security Incident Response (1st), Ransomware Protection (4th)

Mindshare comparison

As of December 2024, in the Endpoint Protection Platform (EPP) category, the mindshare of NetWitness NDR is 0.2%, up from 0.2% compared to the previous year. The mindshare of VMware Carbon Black Endpoint is 2.0%, down from 2.6% compared to the previous year. It is calculated based on PeerSpot user engagement data.

Endpoint Protection Platform (EPP)

Featured Reviews

SupravatMaji

Associate Vice President - IT Security at Inspira Enterprise

Beneficial single unified dashboard, good native application integration, and high availability

My advice to those wanting to implement RSA NetWitness Network is they have to first do a little due diligence, such as the exact requirement based on their needs. That will give them a direction for their investment because otherwise, the bill of material or bill of quantity (BOQ) may be higher side. It is important to do good due intelligence on the environment, see the exact requirement, and then go ahead with the solution. The solution is perfectly stable. I rate RSA NetWitness Network a nine out of ten.

Read full review

Matthew Weisler

Sole Proprietor at Core-Infosec

Great granularity for policies or applications without needing hash values

The solution is cloud based which makes it easy to use for remote devices or work-at-home situations. The solution supports full trust or signature-based approvals. You can get very granular and band out policies or applications without having to do hash values. You can band through the entire environment by execution of the name or desk IDXE. This can be achieved on the policy side because of the signature, IOC, or naming convention itself. This is very effective for pushing more blockage or removing threats across the board. The solution has a very nice API on the back end for remoting into a system and executing scripts or utilizing self automation. This is useful for monitoring several different companies in a workspace or workbook-type format. For example, I report and send out mass emails from a clickable button in an Excel workbook. The APIs all exist for each client. I push out automatic endpoint monitoring and reports every single day at a particular time, with a simple clickable button that serves as a scheduled task for fifty clients.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"RSA NetWitness does market analysis in a more granular form. It gives you full visibility."

"It is very easy to use, and its usability is great. The use cases are also very easy. The visualizations of the use cases are magnificent. You cannot find this in any other solution. From my point of view, it is great."

"Technical support is knowledgeable."

"They have recently updated the features and the most valuable ones are the instant threat response, ease of use, web interface, integration, and easy access. RSA NetWitness Endpoint is very compatible with other solutions and technologies. However, they do not rely on third-party solutions and have most features built-in."

"It helps our security team respond more accurately when there are threats, then we get less false positives or negatives."

"NetWitness Endpoint's most valuable features are its interoperability across many different operating systems and the ease of pivoting from network to endpoint via a single console."

"The most valuable feature is the way it captures the traffic, and it contains every detail of the communication."

"This solution allows us to locate the malware in real-time."

More NetWitness NDR pros

"Carbon Black CB Defense has helped improve my organization by allowing us to have better data so that we can do correlation and get visibility into the alerts."

"It is a very complete platform."

"Carbon Black Defense has a higher detection ratio because it's cloud-based and it also does a lookup to virus total."

"It is a stable solution...The initial setup of VMware Carbon Black Endpoint was easy."

"I like its reporting."

"The software uses very few resources; it is almost invisible to the end user."

"I like the historical features, interface, and integration."

"The triage feature that shows you the whole chain of the malware is useful."

More VMware Carbon Black Endpoint pros

Cons

"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious."

"RSA NetWitness Network could improve on integration with non-native application integration."

"The deployment process is complex. I don't know why, but this solution will suddenly stop working. Logs stop coming. Often, one thing or another stops working. Most of the time, one of my team members is working with troubleshooting and working with technical support. Log passing is also one of the biggest challenge."

"The integration of the solution needs to be improved. The dashboard needs lots of updates as well. In the next release, we would like to see advanced fraud detection features."

"I would like to see Security Orchestration and Response Automation (SOAR) integration."

"The contamination feature could be improved."

"This solution needs an upgrade in reporting. I have heard from RSA that they are working on this, but as of yet it is not available."

"The solution lacks a reporting engine."

More NetWitness NDR cons

"Sensor deployment requires extensive fine-tuning, and creating deployment packages is time-consuming."

"CB Defense could be more compatible with Linux, and its cloud provision could be improved."

"It is difficult to extract reports for ongoing scans"

"The product cannot perform an on-demand scan. They could add this particular feature."

"Based on all the security roles and the release privilege, it could take time for an application to be whitelisted and approved for use."

"The node management could be much better. The one thing that they cannot do very easily is change the tenant from a backend."

"The support is poor."

"In our company, we also wanted to have network detection, like a host-based IDS on VMware Carbon Black Endpoint, but we did not get it."

More VMware Carbon Black Endpoint cons

Pricing and Cost Advice

"The price of the solution depends on the environment. If the environment is large then it will cost more. However, the larger the environment with more endpoints, you will receive an increased discount. If the environment is very small, then you might think it is expensive. It is always better to buy in bulk to receive a discount. The minimum number of assets is usually 500, with discounts on 1000 and 2000."

"NetWitness Endpoint is less costly than its competitors, but it offers fewer features."

"It is an expensive product."

"We are on a three-year contract to use RSA NetWitness Network."

"It is highly scalable. It can be bought based on your requirements."

"The pricing is not very economical. It is a quite costly product for India. One thing is that when you purchase it, you have to purchase a module separately."

"I do not have any opinion on the pricing or licensing of the product."

"With RSA, there is flexibility in choosing the service, products, and the range that meets your requirement, as well as they are flexible in terms of pricing."

More NetWitness NDR pricing and cost advice

"The price for the solution is completely at government level, meaning one which is very high."

"Overall, it was cost-effective too."

"The cost/benefit factor has great relevance in Cb Defense implementations."

"We have branches, we have different companies, but we cannot buy less than 100 licenses. This does not make sense to me... It should be more flexible. I can understand their saying, "Okay, to be a customer you need 100," but to add on to that number it should be something very straightforward. If I need to add five, for example, I shouldn't need to add 100."

"The product is quite reasonable."

"The pricing [is] more or less the same as other similar solutions."

"Price-wise, VMware Carbon Black Endpoint is a highly-priced solution. Regarding the licensing cost of the solution, one needs to opt for an annual subscription."

"The product is expensive. There are some additional costs apart from the standard licensing charges attached to the solution."

More VMware Carbon Black Endpoint pricing and cost advice

See which vendors are best for you

Use our free recommendation engine to learn which Endpoint Protection Platform (EPP) solutions are best for your needs.

See recommendations

824,067 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Financial Services Firm

17%

Computer Software Company

15%

Manufacturing Company

Government

Computer Software Company

15%

Financial Services Firm

10%

Government

10%

Manufacturing Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

Ask a question

Earn 20 points

What to choose: an endpoint antivirus, an EDR solution or both?

I can recommend Carbon Black, an award-winning next-gen anti-virus (NGAV) and endpoint detection and response (EDR) security solution. The CB Predictive Security Cloud platform combines multiple hi...

See all answers

What's the difference between Carbon Black CB Response and Carbon Black CB Defense?

Carbon Black offers two different levels of Endpoint Detection and Response. One is the VM Carbon Black Cloud Endpoint Standard (CB Defense), and the other is the Carbon Black Endpoint Detection an...

See all answers

What do you like most about Carbon Black CB Defense?

VMware Carbon Black Endpoint is a highly stable solution.

See all answers

Comparisons

Darktrace vs NetWitness NDR

Compared 14% of the time

Vectra AI vs NetWitness NDR

Compared 12% of the time

Fidelis Elevate vs NetWitness NDR

Compared 10% of the time

CrowdStrike Falcon vs NetWitness NDR

Compared 8% of the time

Corelight vs NetWitness NDR

Compared 8% of the time

More NetWitness NDR Competitors

CrowdStrike Falcon vs VMware Carbon Black Endpoint

Compared 16% of the time

Microsoft Defender for Endpoint vs VMware Carbon Black Endpoint

Compared 14% of the time

SentinelOne Singularity Complete vs VMware Carbon Black Endpoint

Compared 8% of the time

Trellix Endpoint Security vs VMware Carbon Black Endpoint

Compared 8% of the time

Trend Micro Deep Security vs VMware Carbon Black Endpoint

Compared 7% of the time

More VMware Carbon Black Endpoint Competitors

Product Reports

Buyer's Guide

NetWitness NDR

December 2024

Download NetWitness NDR product report

Buyer's Guide

VMware Carbon Black Endpoint

November 2024

Download VMware Carbon Black Endpoint product report

Also Known As

RSA ECAT, NetWitness Network

Carbon Black CB Defense, Bit9, Confer

Learn More

Video not available

NetWitness

VMware

Overview

Using a centralized combination of network and endpoint analysis, behavioral analysis, data science techniques and threat intelligence, NetWitness NDR helps analysts detect and resolve known and unknown attacks while automating and orchestrating the incident response lifecycle. With these capabilities on one platform, security teams can collapse disparate tools and data into a powerful, blazingly fast user interface.

VMware Carbon Black Endpoint provides comprehensive endpoint security against ransomware, spyware, malware, and viruses, catering to both cloud and on-premise environments.

VMware Carbon Black Endpoint facilitates endpoint detection and response, threat hunting, application control, antivirus support, and protection for virtual and physical machines. Features include intelligent learning, whitelisting, and integration with other security tools, making it suitable for distributors, MSPs, and enterprises seeking advanced threat defense and real-time monitoring. With its capability to detect and stop malicious executables, it supports both offline and online environments and offers tools like command shell access for deeper investigation.

What are the key features of VMware Carbon Black Endpoint?

Intelligent learning: Improves detection capabilities over time.
Whitelisting: Allows only approved applications to run.
Integration with other security tools: Enhances overall security posture.
Centralized cloud control: Manages endpoints from a single interface.
Command shell access: Offers deeper investigation capabilities.
Dynamic grouping: Facilitates organized endpoint management.
Simplified policy management: Streamlines security policy implementation.
API for system remoting: Allows remote system access and management.
Twenty-four-seven support: Provides continuous assistance and response.

What are the benefits of VMware Carbon Black Endpoint?

Real-time monitoring: Offers constant vigilance against threats.
Threat hunting: Identifies and mitigates threats proactively.
Historical data analysis: Assists in understanding past incidents and patterns.
Improved endpoint protection: Enhances overall endpoint security.
Enhanced threat detection: Reduces exposure to advanced threats.

VMware Carbon Black Endpoint is implemented across various industries including technology, healthcare, and finance. Organizations utilize it in cloud and hybrid environments, enhancing their security frameworks with real-time monitoring, intelligent learning, and robust threat detection capabilities tailored to their specific industry needs.

Sample Customers

ADP, Ameritas, Partners Healthcare

Netflix, Progress Residential, Indeed, Hologic, Gentle Giant, Samsung Research America

Buyer's Guide

NetWitness NDR vs. VMware Carbon Black Endpoint

November 2024

Free Report: NetWitness NDR vs. VMware Carbon Black Endpoint

Find out what your peers are saying about NetWitness NDR vs. VMware Carbon Black Endpoint and other solutions. Updated: November 2024.

DOWNLOAD NOW

824,067 professionals have used our research since 2012.

See our NetWitness NDR vs. VMware Carbon Black Endpoint report.

See our list of best Endpoint Protection Platform (EPP) vendors and best Endpoint Detection and Response (EDR) vendors.

We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.