We performed a comparison between NetWitness XDR and VMware Carbon Black Endpoint based on real PeerSpot user reviews.
Find out in this report how the two Endpoint Protection Platform (EPP) solutions compare in terms of features, pricing, service and support, easy of deployment, and ROI."The console is easy to read. I also like the scanning part and the ability to move assets from one to the other."
"Forensics is a valuable feature of Fortinet FortiEDR."
"Fortinet is very user-friendly for customers."
"Exceptions are easy to create and the interface is easy to follow with a nice appearance."
"It notifies us if there's any suspicious file on any PC. If any execution or similar kind of thing is happening, it just alerts us. It doesn't only alert. It also blocks the execution until we allow it. We check whether the execution is legitimate or not, and then approve it or keep it blocked. This gives us a little bit of control over this mechanism. Fortinet FortiEDR is also very straightforward and easy to maintain."
"The product's initial setup phase is very easy."
"The product detects and blocks threats and is more proactive than firewalls."
"Fortinet FortiEDR's firewalling, rule creation, monitoring, and inspection profiles are great."
"The interface of this solution is very flexible and easy to use."
"It helps our security team respond more accurately when there are threats, then we get less false positives or negatives."
"RSA NetWitness does market analysis in a more granular form. It gives you full visibility."
"The stability of the RSA NetWitness Endpoint is very good."
"The most valuable feature is the way it captures the traffic, and it contains every detail of the communication."
"NetWitness Endpoint's most valuable features are its interoperability across many different operating systems and the ease of pivoting from network to endpoint via a single console."
"Ability to isolate the machine when there are malicious files."
"They have recently updated the features and the most valuable ones are the instant threat response, ease of use, web interface, integration, and easy access. RSA NetWitness Endpoint is very compatible with other solutions and technologies. However, they do not rely on third-party solutions and have most features built-in."
"Carbon Black CB Defense has helped improve my organization by allowing us to have better data so that we can do correlation and get visibility into the alerts."
"I like the historical features, interface, and integration."
"The biggest feature out of CarbonBlack is its ability to dive in with more depth. You can look at the entire kill chain and understand, not only if an alarm or identified incident is truly a true security issue versus a false positive, and it allows us to backtrack and figure out why it actually happened and how it got into the environment."
"Carbon Black Defense has a higher detection ratio because it's cloud-based and it also does a lookup to virus total."
"Carbon Black Cb Defense has a nice component called Alert Triage. It contains full details of the process execution "kill chain" and "go live" for immediate remediation."
"The product is pretty strong in terms of security and their features are very good in that respect."
"The whole purpose of the product, like application control, is very good, and also if you need to update some policies, it works well and instantly."
"The threat analysis functionality is good."
"FortiEDR could add a separate scanning dashboard. In incident management, we prefer to remove the endpoint system from the environment and scan the system. We typically use Symantec for that, but if we want to use FortiEDR for that, then we need a scanning tab to clarify things."
"We've encountered challenges during API deployment, occasionally resulting in unstable environments."
"Integration with Azure and SaaS provisioning tools could improve Fortinet FortiEDR."
"FortiEDR can be improved by providing more detailed reporting."
"We find the solution to be a bit expensive."
"They can include the automation for the realtime updates. We have a network infrastructure with remote sites. Whenever they send updates, they are not automated. We have to go into the console and push those updates. I wish it was more automated. The update file is currently around 31 MB. It could be smaller."
"I would like the solution to extend beyond endpoint protection and include other attack surfaces such as other network components."
"Detections could be improved."
"The threat intelligence could improve in RSA NetWitness Endpoint."
"The contamination feature could be improved."
"When analyzing something, you have to click several times. It requires a lot of effort to find something."
"Its price could be improved. It is an expensive product. Its training is also too expensive. It would be great if they can have a better pricing scheme for the training."
"The solution lacks a reporting engine."
"We would like to see the hunting and investigation features of this solution improved, in order to provide better visibility of issues."
"NetWitness Endpoint's blocking feature does not work properly - if there's a malicious process, it's not possible to kill it via a custom rule unless and until it's flagged as malicious."
"Threat detection could be better."
"The endpoint machines need improvement."
"Performing a malware scan usually takes a lot of time, more than 24 hours."
"The node management could be much better. The one thing that they cannot do very easily is change the tenant from a backend."
"The GUI and reporting should be addressed and the product's administration features need fine tuning."
"In my company, we face issues sometimes when there is a need to write custom rules or we want to write for some rules that are different from the standard rules provided by the solution."
"Carbon Black needs to do a better job of proving their platform in the industry, and providing a bit more access to do industry testing with real world examples to help prove their platform."
"This solution could have greater granular control on how certain applications work."
"This product should be cheaper."
NetWitness XDR is ranked 41st in Endpoint Protection Platform (EPP) with 15 reviews while VMware Carbon Black Endpoint is ranked 16th in Endpoint Protection Platform (EPP) with 61 reviews. NetWitness XDR is rated 8.0, while VMware Carbon Black Endpoint is rated 8.0. The top reviewer of NetWitness XDR writes "Beneficial single unified dashboard, good native application integration, and high availability". On the other hand, the top reviewer of VMware Carbon Black Endpoint writes "Centralization via the cloud allows us to protect and control people working from home". NetWitness XDR is most compared with Darktrace, ExtraHop Reveal(x), CrowdStrike Falcon, SentinelOne Singularity Complete and Check Point Harmony Endpoint, whereas VMware Carbon Black Endpoint is most compared with CrowdStrike Falcon, Microsoft Defender for Endpoint, Trend Micro Deep Security, SentinelOne Singularity Complete and Cortex XDR by Palo Alto Networks. See our NetWitness XDR vs. VMware Carbon Black Endpoint report.
See our list of best Endpoint Protection Platform (EPP) vendors and best Endpoint Detection and Response (EDR) vendors.
We monitor all Endpoint Protection Platform (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.