Try our new research platform with insights from 80,000+ expert users

Splunk SOAR vs VMware Carbon Black Endpoint comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 4, 2024
 

Categories and Ranking

Splunk SOAR
Average Rating
8.2
Number of Reviews
43
Ranking in other categories
Security Orchestration Automation and Response (SOAR) (3rd)
VMware Carbon Black Endpoint
Average Rating
7.8
Number of Reviews
63
Ranking in other categories
Endpoint Protection Platform (EPP) (18th), Security Incident Response (1st), Endpoint Detection and Response (EDR) (15th), Ransomware Protection (4th)
 

Mindshare comparison

While both are Security Software solutions, they serve different purposes. Splunk SOAR is designed for Security Orchestration Automation and Response (SOAR) and holds a mindshare of 8.8%, down 9.8% compared to last year.
VMware Carbon Black Endpoint, on the other hand, focuses on Endpoint Protection Platform (EPP), holds 2.0% mindshare, down 2.6% since last year.
Security Orchestration Automation and Response (SOAR)
Endpoint Protection Platform (EPP)
 

Featured Reviews

Ryan Plas - PeerSpot reviewer
Jun 12, 2024
Offers playbook automation that helps reduce the manual and tedious work for users
When it comes to Splunk SOAR's ability to provide end-to-end visibility into our company's cloud-native environment, I would say that we are not using the cloud portions of it. I don't know if that's super relevant to what we are doing in our organization. I am 100 percent sure that Splunk SOAR helped reduce your mean time to resolve, but I don't have any metrics on hand but I know it has dramatically decreased. The tool has helped with the business resilience part. I think having it as a platform has been a solid portion of the product that we offer to people. Spunk SOAR has definitely saved my time in alert triage. When some of the tedious enrichment and lookup stuff happens, the analyst doesn't have to deal with such areas, and they can just jump in and see relevant data all in one pane of glass, which has been super helpful for speeding things up. The unified platform helps consolidate networking, security, and IT observability tools. The consolidation of tools impacts our organization as it just helps focus the SOC analyst on a single unified place to find information. It helps keep things streamlined and regular so they know where to look for certain stuff they want. It really helps people with training. It is a really easy tool to onboard people into because everything is right there in the product itself. The product is really great. I would love to see more SOAR innovation going into the tool, especially the on-premises version since it is what we use in our company. I feel the tool needs to encourage continuous improvements, but as a product itself, my company is really happy with the solution. I rate the tool an eight out of ten.
Durai  Singh - PeerSpot reviewer
Oct 25, 2023
The solution is expensive, support is poor, and it takes time to understand the product
Customers want solutions that provide endpoint detection and response. The traditional antivirus solutions and the market trend are changing. Customers are asking for the latest technologies. Carbon Black has very good market strategies. We do the marketing activities and promote the product to the…

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The customizable playbook is the most valuable aspect of the solution."
"Splunk integrates with so many products. It provides us with good information for us to be able to do our jobs."
"So far, the interface is very easy to use."
"The customization continues to be excellent."
"Its ability to integrate with other systems and applications in our environment is pretty easy. Sometimes if we see any complexity we try to involve a consultant to help us. Everything is through the built-in app. Splunk can connect to any assets through the built-in app. It could be in a platform, firewalls, or endpoints. It's easy if it's an app integration."
"Before its use, analyzing each email would take at least 15 to 20 minutes, with some complex cases taking up to 30 minutes...With the automation provided by Splunk Phantom, we could significantly reduce the amount of time and human effort required to complete this task."
"The most valuable feature is the API connector, depending on how it's formatted and who made the actual app offering for it. The REST API is my favorite component. It's very easy to use. The filters are also really valuable. Those are the two primary features but I enjoy using the rest of it."
"My understanding is the initial setup isn't too hard."
"For Carbon Black Endpoint, the possibility of integration with different other software's log servers is the important thing. Having just one point of view is more interesting so you don't need to go to different places to see all the information."
"The product allows us to focus on endpoint and antivirus protection."
"You can deploy it through the cloud so that even if your stuff is outside of your controlled environment, you are still under control, based on the policies you create. The policies are controlled through the cloud. For example, if I don't allow anyone to do a certain activity or to install a particular app, and a consultant or a partner who is not part of our environment is doing so, it will stop them as well."
"The triage feature that shows you the whole chain of the malware is useful."
"It uses machine learning and behavioral analytics for advanced threat detection and response."
"Carbon Black Cb Defense has a nice component called Alert Triage. It contains full details of the process execution "kill chain" and "go live" for immediate remediation."
"The whole purpose of the product, like application control, is very good, and also if you need to update some policies, it works well and instantly."
"It is a very complete platform."
 

Cons

"While there have been improvements to the investigation process, particularly with the playbook data, the current log review method is cumbersome."
"The dashboard could be improved and some other features. SOAR should integrate network capabilities, allowing us to also monitor the WLAN network. Splunk is also expensive and difficult for beginners to learn. It's hard for a new user to figure out how to visualize old threat data. It took two to three months to learn with hands-on experience how to use the dashboard, visualize events, and analyze threats."
"We want to see improvements made to the APIs such that we can connect to many different systems and data sources."
"Splunk SOAR should improve its ease of upgrade, which is a pain point for us right now."
"Splunk SOAR can improve IoT/OT security-related case studies or your use cases. Their integration with identity and access management (IAM) solutions is a bit shaky. They don't have good integration with a lot of IAM solutions. They do have good capability in terms of user access management internally, but even with privileged user access, they have a good module. However, if they have to integrate with solutions, such as CyberArk or IBM IAM solutions they are lacking, the visibility of user access is not that much."
"The pricing could be a bit more reasonable. It would be great if it were feasible for smaller organizations."
"Improving the integration ecosystem can raise the quality of the bottom tier of the integrations so that they can work better out of the box."
"It would be ideal for us if Splunk SOAR could integrate with Teams."
"It would be nice to have additional forensic tools that you can build into the back end."
"Right now, Carbon Black CB Defense doesn't support cloud computing and Kubernetes."
"I would like to see the user credentials feature improved. I would also like to see more reporting features and better ways to roll the reports out."
"It is difficult to extract reports for ongoing scans"
"The product's reporting capabilities are an area of concern where improvements are required."
"I would like to see improvements made so that we can better see all of the processes."
"The endpoint machines need improvement."
"The directions for Splunk are spot on, but it is difficult to find anything on integration with AlienVault,"
 

Pricing and Cost Advice

"It's very overpriced because it is based on the number of users. There is no bulk licensing."
"Splunk is a fast enterprise tool, but it costs too much. At the same time, it's worth what we pay, in my opinion. We can efficiently perform all the functions and tie together the data. It's the perfect tool for our needs."
"I don't know the exact price, but for my region, it is very expensive."
"We renewed it this year. This year was the first time there was a dramatic increase in the price. It was kind of non-negotiable. It was just a high increase. We had internal communications, and it was definitely a surprise to us. In a short time frame, we renewed it this year. Prices are going up everywhere, but they are not always justifiable, at least not to our eyes. The pricing this year was definitely a big shock."
"While I can't confirm the exact pricing, some colleagues have mentioned that Splunk SOAR may be on the costlier side."
"The licensing cost is reasonable."
"I found the price of Splunk SOAR to be good."
"The cost is high and the licensing is on an annual basis."
"The solution has almost the same price as other different kinds of infrastructures, but it offers a lot of different features."
"The licensing cost is on the more expensive side, but I thought it was worth it because they did a good job. It was one of the vendors I truly didn't have to worry about too much until this latest upgrade."
"The product’s price is less expensive than other vendors."
"In terms of licensing costs, Carbon Black CB Defense was all associated with CROW and the services my company is using with them, so it came all-inclusive."
"VMware Carbon Black Endpoint is an expensive product."
"The cost is a considerable factor, but the benefit factor is the most important. When you compare it with other products, the price is high. Carbon Black will negotiate the price."
"Its pricing was very good, which is one of the reasons I went to it as an alternative. It is on a yearly basis. There are no additional fees."
"This is a really expensive product and we pay licensing fees on a yearly basis."
report
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
814,763 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
15%
Financial Services Firm
13%
Manufacturing Company
11%
Government
9%
Computer Software Company
15%
Financial Services Firm
10%
Government
9%
Manufacturing Company
7%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Splunk Phantom?
Splunk SOAR's quick response to incidents is the most valuable part.
What is your experience regarding pricing and costs for Splunk Phantom?
I rate Splunk SOAR two out of 10 for affordability. Splunk is a fast enterprise tool, but it costs too much. At the same time, it's worth what we pay, in my opinion. We can efficiently perform all ...
What needs improvement with Splunk Phantom?
The dashboard could be improved and some other features. SOAR should integrate network capabilities, allowing us to also monitor the WLAN network. Splunk is also expensive and difficult for beginne...
What to choose: an endpoint antivirus, an EDR solution or both?
I can recommend Carbon Black, an award-winning next-gen anti-virus (NGAV) and endpoint detection and response (EDR) security solution. The CB Predictive Security Cloud platform combines multiple hi...
What's the difference between Carbon Black CB Response and Carbon Black CB Defense?
Carbon Black offers two different levels of Endpoint Detection and Response. One is the VM Carbon Black Cloud Endpoint Standard (CB Defense), and the other is the Carbon Black Endpoint Detection an...
What do you like most about Carbon Black CB Defense?
VMware Carbon Black Endpoint is a highly stable solution.
 

Also Known As

Phantom
Carbon Black CB Defense, Bit9, Confer
 

Learn More

 

Overview

 

Sample Customers

Recorded Future, Blackstone
Netflix, Progress Residential, Indeed, Hologic, Gentle Giant, Samsung Research America
Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR). Updated: November 2024.
814,763 professionals have used our research since 2012.