Splunk SOAR vs VMware Carbon Black Cloud comparison

Security Orchestration Automation and Response (SOAR)

Download the complete report

Helped 831,265 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Categories and Ranking

Splunk SOAR

Average Rating

8.2

Reviews Sentiment

6.8

Number of Reviews

Ranking in other categories

Security Orchestration Automation and Response (SOAR) (3rd)

VMware Carbon Black Cloud

Average Rating

8.4

Reviews Sentiment

7.2

Number of Reviews

Ranking in other categories

Security Incident Response (4th), Endpoint Detection and Response (EDR) (29th)

Mindshare comparison

While both are Security Software solutions, they serve different purposes. Splunk SOAR is designed for Security Orchestration Automation and Response (SOAR) and holds a mindshare of 8.3%, down 9.8% compared to last year.
VMware Carbon Black Cloud, on the other hand, focuses on Security Incident Response, holds 8.6% mindshare, down 11.6% since last year.

Security Orchestration Automation and Response (SOAR)

Security Incident Response

Featured Reviews

Shubham Sinha.

Senior Principal Information Security Analyst at Veritas Technologies LLC

Helped eliminate repetitive and redundant tasks, but custom functions and reporting need a lot of work

The visibility of the solution’s playbook viewer depends on the right you assign to the analyst. SOAR has the flexibility to distinguish between the roles of analyst and owner. If the analyst's role is to just work on a ticket, they cannot view the playbook design platform. That is limited to the owner. That can be both a good and bad thing. A major problem I have faced in SOAR's rights distribution is roles and responsibilities. Suppose I am initially granted user rights or analyst rights, but later on, I also get admin rights. SOAR is unable to amend the limitations of my role. I raised a support ticket with Splunk about this. They said it's a bug in their 5.3.5 version. To fix this, I had to reinstall the entire platform from scratch, just to amend the rights and responsibilities of one role. This bug was not fixed. Also, the latest GUI is terrible. The previous one was better. Another point is that while using Splunk SOAR in an investigation is not difficult, there are some complex parameters. We have SOAR case management, but the licensing is going to put a big hole in your pocket. Also, there is an issue with investigation node addition. When you are doing node additions you cannot grant the entire environment to have SOAR visibility into the incident. So when you integrate it with an ITSM tool, like ServiceNow or Jira for ticketing purposes, there is a challenge. When you do nodes for investigation on a regular basis, sometimes it does not update our ServiceNow platform, which is terrible. It is a redundant activity for an analyst to update that in the case management as well as in the ITSM tool. Although SOAR provides integration, the functionality of investigation and nodes is terrible when it comes to integration. An additional area for improvement is custom function creation. It's terrible. A newbie cannot create custom functions right away. They would require a solid understanding first. Also, the reporting is really awful. If I want to do a report for a customized time period, such as the last three days or the last four days, or from the 10th to the 12th of June, that is not available in SOAR at all. That kind of feature is available in Cortex XSOAR. Reporting is a real challenge.

Read full review

Tom Kar

Senior Security Specialist at Sopra

Shows promise for endpoint detection and response, with room for improvement in complexity and pricing

VMware Carbon Black Cloud is a user-friendly solution that can isolate machines from the rest of the network. When a machine is quarantined, it cannot communicate with any other machines on the network except for the Carbon Black Cloud server. This allows you to investigate the machine without the risk of malware escaping to the network. Carbon Black Cloud's server can communicate with the quarantined machine through DNS and VSCP. This allows you to collect data from the machine, such as system logs, process activity, and registry changes. This data can be used to investigate the infection and determine the next steps. CrowdStrike and Cybereason are also popular EDR solutions. They offer similar features to VMware Carbon Black Cloud but may have different strengths and weaknesses. It is important to evaluate all of your options before choosing an EDR solution. Additionally, it is complex to use, and the pricing should be improved.

Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:

Pros

"Before its use, analyzing each email would take at least 15 to 20 minutes, with some complex cases taking up to 30 minutes...With the automation provided by Splunk Phantom, we could significantly reduce the amount of time and human effort required to complete this task."

"I like the way Splunk interacts with various systems via the API. The ability to integrate Splunk with our ticketing system has been an immense help because we can maintain our workflow while blending Splunk with our support desk and other ways that we track work."

"It's pretty easy when it comes to setting up assets. If you want to fetch emails or call a REST API, you can set up an asset and grab that information."

"The tool's most valuable feature is its searchability and ease of action on the logs. I can easily search within the logs and take action on them, and I can trace them back to my environment because the way the logs are written is very helpful for us."

"I have found all the security automation platform features of Splunk SOAR to be good. The Automation playbook development is highly useful."

"The playbooks are valuable. They are the core component. Being able to implement and build a code process to work through and scale out what we want to do is valuable."

"The best feature is the integration and the custom Python code that we can write. Splunk SOAR provides us with both of these capabilities, allowing us to integrate different security solutions with Splunk SOAR and take remediation actions directly on those security tools."

"We are not a 24/7 SOC, so the most valuable feature of Splunk SOAR is the auto-response to threats when we are not in the office and the notifications that it sends to the on-call engineer."

More Splunk SOAR pros

"The solution does very well as a baseline EDR and provides good process-level management."

"The market information they gather from the community is really good. Their configuration capabilities are good."

"Threat hunting is the most valuable feature of VMware Carbon Black Cloud."

"The ability to isolate an endpoint with only the host name and a click of a button is a major time saver."

"The detection response and quarantining are very good features."

"Carbon Black Cb Response excels at providing context to indicators when responding to incidents. It allows responders to understand the entire scope of an incident and quickly contain it to minimize impact and disruption."

"The most valuable feature is its ability to seek out abnormal activity and to create alerts."

"The most valuable feature of VMware Carbon Black Cloud is the possibility of securing any PC worldwide."

More VMware Carbon Black Cloud pros

Cons

"It would be ideal for us if Splunk SOAR could integrate with Teams."

"We've had trouble implementing the solution with Microsoft products. There seems to be an integration gap."

"Improving the integration ecosystem can raise the quality of the bottom tier of the integrations so that they can work better out of the box."

"The dashboard could be improved and some other features. SOAR should integrate network capabilities, allowing us to also monitor the WLAN network. Splunk is also expensive and difficult for beginners to learn. It's hard for a new user to figure out how to visualize old threat data. It took two to three months to learn with hands-on experience how to use the dashboard, visualize events, and analyze threats."

"The technical support for the Splunk SIEM solution was average."

"Some of the training materials are on a basic level."

"The cost of Splunk SOAR has room for improvement."

"The algorithm and machine learning have room for improvement and can be more user-friendly."

More Splunk SOAR cons

"The support team of Carbon Black CB Response needs improvement. At present, they need a lot of information. Then they give you an answer that they already gave you. You tell them it didn't work, and then they take a long time."

"The product detects too many false positives initially and it could integrate better with other security solutions."

"The cloud console has a lot of bugs and issues in the analysis part."

"The solution can only handle about 500 bans or blocks."

"The dashboard should be more user-friendly."

"Additionally, it is complex to use, and the pricing should be improved."

"The biggest issue I encountered was one where old logs were not being overwritten as expected so the system drive kept filling up from time to time. However, support was usually quite responsive and happy to jump on a remote session to take a look at it for us. That log bug has probably been resolved with an update by now."

"We are subscribed to FS-ISAC threat indicator, but have been unsuccessful in adding it to our alliance feeds."

More VMware Carbon Black Cloud cons

Pricing and Cost Advice

"The tool is not cheap."

"The cost is high and the licensing is on an annual basis."

"We renewed it this year. This year was the first time there was a dramatic increase in the price. It was kind of non-negotiable. It was just a high increase. We had internal communications, and it was definitely a surprise to us. In a short time frame, we renewed it this year. Prices are going up everywhere, but they are not always justifiable, at least not to our eyes. The pricing this year was definitely a big shock."

"Splunk SOAR is more expensive compared to other options for SOAR."

"In my opinion, the price is high, but if you want good products, you have to be willing to pay for them."

"Splunk SOAR is an expensive solution for an organization of our size."

"It's very overpriced because it is based on the number of users. There is no bulk licensing."

"I found the price of Splunk SOAR to be good."

More Splunk SOAR pricing and cost advice

"You need to pay for the licensing of the product. The pricing is costly."

"Purchase Professional Services up front as part of the implementation package, then renew hours annually to ensure you have adequate support for upgrades and enhancements. Overbuy by at least 10% to account for infrastructure growth."

"VMware Carbon Black Cloud is an expensive solution."

"The solution is very inexpensive so there is great cost savings to using it."

"We had no issues purchasing through our preferred reseller and were able to get a fair price even when not purchasing direct. Carbon Black Enterprise Response didn’t break the bank, though adding on the matching antivirus and anti-malware components of the Protect product was more than we could afford, even with some discounting. Cb Response is really designed to complement Carbon Black’s Defense product. While Response can be used on its own, coupling with Defense seems like the best strategy if you can afford the price tag."

"Pricing for this solution could be made lower."

See which vendors are best for you

Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.

See recommendations

831,265 professionals have used our research since 2012.

Top Industries

By visitors reading reviews

Computer Software Company

14%

Financial Services Firm

14%

Manufacturing Company

12%

Government

10%

Computer Software Company

17%

Financial Services Firm

14%

Real Estate/Law Firm

12%

Healthcare Company

Company Size

By reviewers

Large Enterprise

Midsize Enterprise

Small Business

Questions from the Community

What do you like most about Splunk Phantom?

Splunk SOAR's quick response to incidents is the most valuable part.

What is your experience regarding pricing and costs for Splunk Phantom?

I rate Splunk SOAR two out of 10 for affordability. Splunk is a fast enterprise tool, but it costs too much. At the same time, it's worth what we pay, in my opinion. We can efficiently perform all ...

What needs improvement with Splunk Phantom?

The dashboard could be improved and some other features. SOAR should integrate network capabilities, allowing us to also monitor the WLAN network. Splunk is also expensive and difficult for beginne...

What to choose: an endpoint antivirus, an EDR solution or both?

I can recommend Carbon Black, an award-winning next-gen anti-virus (NGAV) and endpoint detection and response (EDR) security solution. The CB Predictive Security Cloud platform combines multiple hi...

What's the difference between Carbon Black CB Response and Carbon Black CB Defense?

Carbon Black offers two different levels of Endpoint Detection and Response. One is the VM Carbon Black Cloud Endpoint Standard (CB Defense), and the other is the Carbon Black Endpoint Detection an...

What do you like most about Carbon Black CB Response?

Threat hunting is the most valuable feature of VMware Carbon Black Cloud.

Cortex XSIAM vs Splunk SOAR

Comparisons

Compared 27% of the time

Palo Alto Networks Cortex XSOAR vs Splunk SOAR

Compared 18% of the time

Fortinet FortiSOAR vs Splunk SOAR

Compared 8% of the time

Tines vs Splunk SOAR

Compared 8% of the time

VMware Carbon Black Endpoint vs Splunk SOAR

Compared 1% of the time

More Splunk SOAR Competitors

VMware Carbon Black Endpoint vs VMware Carbon Black Cloud

Compared 29% of the time

Rapid7 InsightIDR vs VMware Carbon Black Cloud

Compared 29% of the time

Palo Alto Networks Cortex XSOAR vs VMware Carbon Black Cloud

Compared 14% of the time

More VMware Carbon Black Cloud Competitors

Product Reports

Splunk SOAR

Download Splunk SOAR product report

VMware Carbon Black Cloud

Download VMware Carbon Black Cloud product report

Also Known As

Phantom

Carbon Black CB Response

Learn More

Splunk

VMware

Overview

Splunk SOAR offers features like automation and orchestration of manual tasks, speeding up work, detection and response to advanced and emerging threats.

Go from overwhelmed to in-control

Automate manual tasks. Address every alert, every day. Establish repeatable procedures that allow security analysts to stop being reactive and focus on mission-critical objectives to protect your business.

Force multiply your team

Orchestrate and automate repetitive tasks, investigation and response to increase efficiency and productivity, and do more with the people you already have. Make a team of three feel like a team of 10.

From 30 minutes to 30 seconds

Work faster with Splunk SOAR. Respond to threats in seconds. Lower your mean time to respond (MTTR) by automating security tasks and workflows across all of your security tools.

End-to-end security operations made easy

Take advantage of Splunk Enterprise Security and Splunk SOAR joining forces to provide a seamless and intuitive SecOps platform to prevent, detect and respond to advanced and emerging threats.

Fortify Endpoint and Workload Protection Legacy approaches fall short as cybercriminals update tactics and obscure their actions. Get advanced cybersecurity fueled by behavioral analytics to spot minor fluctuations and adapt in response. Recognize New Threats Analyze attackers’ behavior patterns to detect and stop never-before-seen attacks with continuous endpoint activity data monitoring. Don’t get stuck analyzing only what’s worked in the past. Simplify Your Security Stack Streamline the response to potential incidents with a unified endpoint agent and console. Minimize downtime responding to incidents and return critical CPU cycles back to the business.

Sample Customers

Recorded Future, Blackstone

ALLETE belk

Security Orchestration Automation and Response (SOAR)