Try our new research platform with insights from 80,000+ expert users

Splunk SOAR vs VMware Carbon Black Endpoint comparison

The compared Splunk and VMware solutions aren't in the same category. Splunk is ranked #3 in SOAR , with an average rating of 8.1, and holds a 7.2% mindshare in the category. VMware is ranked #21 in EPP , with an average rating of 7.7, and holds a 1.9% mindshare. Additionally, 87% of Splunk users are willing to recommend the solution, compared to 88% of VMware users who would recommend it.
Splunk SOAR
Read 43 Splunk SOAR reviews
  • 4,898 Views
  • 2,961 Comparison Views
87% willing to recommend
VMware Carbon Black Endpoint
Read 63 VMware Carbon Black Endpoint reviews
  • 6,949 Views
  • 4,774 Comparison Views
88% willing to recommend
 

Comparison Buyer's Guide

Download the report
Executive SummaryUpdated on Dec 8, 2024

VMware Carbon Black Endpoint and Splunk SOAR both compete in the cybersecurity solutions category, with Splunk SOAR generally having the upper hand due to its comprehensive features and perceived value. Users favor Splunk SOAR for its superior integration capabilities and automation features.

Features: VMware Carbon Black Endpoint is lightweight, intercepts threats early, and allows cloud-based management. It highlights high detection rates, behavioral monitoring, and threat analysis. Splunk SOAR excels in seamless integration with other tools, automation through playbooks, and customizable workflows, centralizing incident response effectively.

Room for Improvement: VMware Carbon Black Endpoint should improve mobile device support, EDR capabilities, and report generation, while addressing compatibility and integration issues. Splunk SOAR requires enhancement in integration breadth, search capabilities, and API functionality. Its pricing may be challenging for smaller firms.

Ease of Deployment and Customer Service: VMware Carbon Black Endpoint offers flexibility in cloud configurations but may face integration challenges. Its customer service is generally responsive, needing improvement in technical support, especially during off-hours. Splunk SOAR supports diverse deployment options with better cloud compatibility but requires faster problem resolution.

Pricing and ROI: VMware Carbon Black Endpoint pricing is perceived as high but justified by its features, although licensing could be more flexible. Splunk SOAR is seen as expensive but worth the investment for its functional capabilities. The higher upfront costs of Splunk SOAR are acknowledged, yet both products anticipate significant ROI with cost savings on cybersecurity incidents.

DOWNLOAD THE COMPLETE REPORT
To learn more, read our detailed Security Orchestration Automation and Response (SOAR) Report (Updated: February 2025).
Buyer's Guide
Security Orchestration Automation and Response (SOAR)
February 2025
Download the complete report
Helped 838,713 peers since 2012

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Categories and Ranking

Splunk SOAR
Average Rating
8.2
Reviews Sentiment
6.8
Number of Reviews
43
Ranking in other categories
Security Orchestration Automation and Response (SOAR) (3rd)
VMware Carbon Black Endpoint
Average Rating
7.8
Reviews Sentiment
7.0
Number of Reviews
63
Ranking in other categories
Endpoint Protection Platform (EPP) (21st), Security Incident Response (1st), Endpoint Detection and Response (EDR) (15th), Ransomware Protection (4th)
 

Mindshare comparison

While both are Security Software solutions, they serve different purposes. Splunk SOAR is designed for Security Orchestration Automation and Response (SOAR) and holds a mindshare of 7.2%, down 8.7% compared to last year.
VMware Carbon Black Endpoint, on the other hand, focuses on Endpoint Protection Platform (EPP), holds 1.9% mindshare, down 2.5% since last year.
Security Orchestration Automation and Response (SOAR)
Endpoint Protection Platform (EPP)
 

Featured Reviews

Shubham Sinha. - PeerSpot reviewer
Helped eliminate repetitive and redundant tasks, but custom functions and reporting need a lot of work
The visibility of the solution’s playbook viewer depends on the right you assign to the analyst. SOAR has the flexibility to distinguish between the roles of analyst and owner. If the analyst's role is to just work on a ticket, they cannot view the playbook design platform. That is limited to the owner. That can be both a good and bad thing. A major problem I have faced in SOAR's rights distribution is roles and responsibilities. Suppose I am initially granted user rights or analyst rights, but later on, I also get admin rights. SOAR is unable to amend the limitations of my role. I raised a support ticket with Splunk about this. They said it's a bug in their 5.3.5 version. To fix this, I had to reinstall the entire platform from scratch, just to amend the rights and responsibilities of one role. This bug was not fixed. Also, the latest GUI is terrible. The previous one was better. Another point is that while using Splunk SOAR in an investigation is not difficult, there are some complex parameters. We have SOAR case management, but the licensing is going to put a big hole in your pocket. Also, there is an issue with investigation node addition. When you are doing node additions you cannot grant the entire environment to have SOAR visibility into the incident. So when you integrate it with an ITSM tool, like ServiceNow or Jira for ticketing purposes, there is a challenge. When you do nodes for investigation on a regular basis, sometimes it does not update our ServiceNow platform, which is terrible. It is a redundant activity for an analyst to update that in the case management as well as in the ITSM tool. Although SOAR provides integration, the functionality of investigation and nodes is terrible when it comes to integration. An additional area for improvement is custom function creation. It's terrible. A newbie cannot create custom functions right away. They would require a solid understanding first. Also, the reporting is really awful. If I want to do a report for a customized time period, such as the last three days or the last four days, or from the 10th to the 12th of June, that is not available in SOAR at all. That kind of feature is available in Cortex XSOAR. Reporting is a real challenge.
Read full review
Matthew Weisler - PeerSpot reviewer
Great granularity for policies or applications without needing hash values
The solution is cloud based which makes it easy to use for remote devices or work-at-home situations. The solution supports full trust or signature-based approvals. You can get very granular and band out policies or applications without having to do hash values. You can band through the entire environment by execution of the name or desk IDXE. This can be achieved on the policy side because of the signature, IOC, or naming convention itself. This is very effective for pushing more blockage or removing threats across the board. The solution has a very nice API on the back end for remoting into a system and executing scripts or utilizing self automation. This is useful for monitoring several different companies in a workspace or workbook-type format. For example, I report and send out mass emails from a clickable button in an Excel workbook. The APIs all exist for each client. I push out automatic endpoint monitoring and reports every single day at a particular time, with a simple clickable button that serves as a scheduled task for fifty clients.
Read full review

Quotes from Members

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

Pros

"The ability to automate Splunk SOAR and customize the playbook use cases is the most valuable feature and is very exciting for me."
"The most valuable feature is the risk-based access control."
"Surprisingly, the mobile app is valuable because it is very convenient for our on-call analysts to respond and get alerted to security alerts and events wherever they are. We are able to harness the power of Splunk SOAR and everything that we are doing, and we are also able to alert our on-call analysts 24/7. From their mobile phone, they can respond to those alerts."
"Workflow management is most valuable. It is easily customizable"
"Splunk has many features that make work easier, and it's simple to implement in a large production environment. Splunk collects a massive amount of data from cloud servers and handles it perfectly."
"The product’s integration with other Splunk products is valuable."
"The most valuable feature is the API connector, depending on how it's formatted and who made the actual app offering for it. The REST API is my favorite component. It's very easy to use. The filters are also really valuable. Those are the two primary features but I enjoy using the rest of it."
"In Splunk SOAR, I find the playbooks valuable. We get to create multiple playbooks, and within each playbook, there is a different type of investigation attached to it, which helps out an analyst or new analysts coming on board."
More Splunk SOAR pros
"It actually does some heuristics, and some behavioral analysis."
"Some of the valuable features I have found are the online documentation of the solution is well organized and thorough. I like the simplicity of bypass and the visualization of the active components."
"The solution is very useful and easy to handle. You don't need much intervention with this product."
"I found the offline scanning to be particularly useful."
"I feel that the initial setup was straightforward and not complex."
"CB Defense is more powerful, and you can take more actions than others. Its security features and signatures are constantly updated, so it is more effective than other security solutions."
"There's lots of very useful documentation online to help troubleshoot and learn about the product."
"VMware Carbon Black Endpoint is a highly stable solution."
More VMware Carbon Black Endpoint pros
 

Cons

"Splunk SOAR should improve its ease of upgrade, which is a pain point for us right now."
"It would be ideal for us if Splunk SOAR could integrate with Teams."
"The Splunk SOAR platform was not designed specifically for case management which is why this area needs improvement."
"I haven't used it fully, but based on my usage, I could not find simulation tools and features. It currently lacks simulation features, which are important for me for creating a playbook. It is also very expensive for my region."
"In my opinion, the focus should be on improving its simplicity, specifically the interface, and configuration."
"Unfortunately, not all of our analysts are iPhone users or iOS users. The mobile app is only supported on iOS. Our analysts who have Android do not have that benefit. That would be a nice thing to have so that we can have it across the board and not just for iOS."
"In the beginning, we couldn't find any specific documents for every function. It wasn't easy to navigate to what we needed."
"We've run into a few minor issues. Some of the playbook writing is a bit complicated. We've had a few hiccups with the source control. We'd really like to use GitHub deployment keys for a dedicated account. We haven't been able to do that. I think those are some of the major ones."
More Splunk SOAR cons
"Needs improvement in the area of infrastructure for on-premise installation.​"
"Carbon Black needs to do a better job of proving their platform in the industry, and providing a bit more access to do industry testing with real world examples to help prove their platform."
"The product cannot perform an on-demand scan. They could add this particular feature."
"I would like to see the user credentials feature improved. I would also like to see more reporting features and better ways to roll the reports out."
"At this point, we're test-bedding several other providers right now to see if there's anything that does equally or better and that comes at a better price point."
"The feature set for the firewall needs improvement."
"This solution works well but needs lots of tuning and optimization."
"The directions for Splunk are spot on, but it is difficult to find anything on integration with AlienVault,"
More VMware Carbon Black Endpoint cons
 

Pricing and Cost Advice

"I don't know the exact price, but for my region, it is very expensive."
"The tool is not cheap."
"The cost is high and the licensing is on an annual basis."
"Splunk SOAR is an expensive solution for an organization of our size."
"While I can't confirm the exact pricing, some colleagues have mentioned that Splunk SOAR may be on the costlier side."
"Splunk is a fast enterprise tool, but it costs too much. At the same time, it's worth what we pay, in my opinion. We can efficiently perform all the functions and tie together the data. It's the perfect tool for our needs."
"The licensing cost is reasonable."
"In my opinion, the price is high, but if you want good products, you have to be willing to pay for them."
More Splunk SOAR pricing and cost advice
"The pricing [is] more or less the same as other similar solutions."
"The product’s price is less expensive than other vendors."
"​The cost/benefit factor has great relevance in Cb Defense implementations​."
"It's reasonable in price"
"CB Defense is available on a yearly subscription and is priced by the number of endpoints."
"The pricing is annually based and operates through another department than mine."
"I am not really involved in the pricing of this product. But, from my understanding, it is OK for us."
"It is more expensive, but it's worth it. There are no additional costs beyond the standard licensing fee."
More VMware Carbon Black Endpoint pricing and cost advice
report
See which vendors are best for you
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
See recommendations
838,713 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Computer Software Company
14%
Financial Services Firm
13%
Manufacturing Company
11%
Government
9%
Computer Software Company
15%
Financial Services Firm
10%
Government
10%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
 

Questions from the Community

What do you like most about Splunk Phantom?
Splunk SOAR's quick response to incidents is the most valuable part.
See all answers
What is your experience regarding pricing and costs for Splunk Phantom?
I rate Splunk SOAR two out of 10 for affordability. Splunk is a fast enterprise tool, but it costs too much. At the same time, it's worth what we pay, in my opinion. We can efficiently perform all ...
See all answers
What needs improvement with Splunk Phantom?
The dashboard could be improved and some other features. SOAR should integrate network capabilities, allowing us to also monitor the WLAN network. Splunk is also expensive and difficult for beginne...
See all answers
What to choose: an endpoint antivirus, an EDR solution or both?
I can recommend Carbon Black, an award-winning next-gen anti-virus (NGAV) and endpoint detection and response (EDR) security solution. The CB Predictive Security Cloud platform combines multiple hi...
See all answers
What's the difference between Carbon Black CB Response and Carbon Black CB Defense?
Carbon Black offers two different levels of Endpoint Detection and Response. One is the VM Carbon Black Cloud Endpoint Standard (CB Defense), and the other is the Carbon Black Endpoint Detection an...
See all answers
What do you like most about Carbon Black CB Defense?
VMware Carbon Black Endpoint is a highly stable solution.
See all answers
 

Comparisons

Cortex XSIAM vs Splunk SOAR Logo
Cortex XSIAM vs Splunk SOAR
Compared 26% of the time
Palo Alto Networks Cortex XSOAR vs Splunk SOAR Logo
Palo Alto Networks Cortex XSOAR vs Splunk SOAR
Compared 18% of the time
Tines vs Splunk SOAR Logo
Tines vs Splunk SOAR
Compared 9% of the time
Fortinet FortiSOAR vs Splunk SOAR Logo
Fortinet FortiSOAR vs Splunk SOAR
Compared 9% of the time
More Splunk SOAR Competitors
CrowdStrike Falcon vs VMware Carbon Black Endpoint Logo
CrowdStrike Falcon vs VMware Carbon Black Endpoint
Compared 15% of the time
Microsoft Defender for Endpoint vs VMware Carbon Black Endpoint Logo
Microsoft Defender for Endpoint vs VMware Carbon Black Endpoint
Compared 15% of the time
SentinelOne Singularity Complete vs VMware Carbon Black Endpoint Logo
SentinelOne Singularity Complete vs VMware Carbon Black Endpoint
Compared 10% of the time
Trellix Endpoint Security vs VMware Carbon Black Endpoint Logo
Trellix Endpoint Security vs VMware Carbon Black Endpoint
Compared 9% of the time
Trend Micro Deep Security vs VMware Carbon Black Endpoint Logo
Trend Micro Deep Security vs VMware Carbon Black Endpoint
Compared 8% of the time
More VMware Carbon Black Endpoint Competitors
 

Product Reports

Buyer's Guide
Splunk SOAR
February 2025
Splunk SOAR reportDownload Splunk SOAR product report
Buyer's Guide
VMware Carbon Black Endpoint
February 2025
VMware Carbon Black Endpoint reportDownload VMware Carbon Black Endpoint product report
 

Also Known As

Phantom
Carbon Black CB Defense, Bit9, Confer
 

Overview

Splunk SOAR offers features like automation and orchestration of manual tasks, speeding up work, detection and response to advanced and emerging threats. 

Go from overwhelmed to in-control

Automate manual tasks. Address every alert, every day. Establish repeatable procedures that allow security analysts to stop being reactive and focus on mission-critical objectives to protect your business.

Force multiply your team

Orchestrate and automate repetitive tasks, investigation and response to increase efficiency and productivity, and do more with the people you already have. Make a team of three feel like a team of 10.

From 30 minutes to 30 seconds

Work faster with Splunk SOAR. Respond to threats in seconds. Lower your mean time to respond (MTTR) by automating security tasks and workflows across all of your security tools.

End-to-end security operations made easy

Take advantage of Splunk Enterprise Security and Splunk SOAR joining forces to provide a seamless and intuitive SecOps platform to prevent, detect and respond to advanced and emerging threats.

Splunk

VMware Carbon Black Endpoint provides comprehensive endpoint security against ransomware, spyware, malware, and viruses, catering to both cloud and on-premise environments.

VMware Carbon Black Endpoint facilitates endpoint detection and response, threat hunting, application control, antivirus support, and protection for virtual and physical machines. Features include intelligent learning, whitelisting, and integration with other security tools, making it suitable for distributors, MSPs, and enterprises seeking advanced threat defense and real-time monitoring. With its capability to detect and stop malicious executables, it supports both offline and online environments and offers tools like command shell access for deeper investigation.

What are the key features of VMware Carbon Black Endpoint?
  • Intelligent learning: Improves detection capabilities over time.
  • Whitelisting: Allows only approved applications to run.
  • Integration with other security tools: Enhances overall security posture.
  • Centralized cloud control: Manages endpoints from a single interface.
  • Command shell access: Offers deeper investigation capabilities.
  • Dynamic grouping: Facilitates organized endpoint management.
  • Simplified policy management: Streamlines security policy implementation.
  • API for system remoting: Allows remote system access and management.
  • Twenty-four-seven support: Provides continuous assistance and response.
What are the benefits of VMware Carbon Black Endpoint?
  • Real-time monitoring: Offers constant vigilance against threats.
  • Threat hunting: Identifies and mitigates threats proactively.
  • Historical data analysis: Assists in understanding past incidents and patterns.
  • Improved endpoint protection: Enhances overall endpoint security.
  • Enhanced threat detection: Reduces exposure to advanced threats.

VMware Carbon Black Endpoint is implemented across various industries including technology, healthcare, and finance. Organizations utilize it in cloud and hybrid environments, enhancing their security frameworks with real-time monitoring, intelligent learning, and robust threat detection capabilities tailored to their specific industry needs.

VMware
 

Sample Customers

Recorded Future, Blackstone
Netflix, Progress Residential, Indeed, Hologic, Gentle Giant, Samsung Research America
Buyer's Guide
Security Orchestration Automation and Response (SOAR)
February 2025
Download Free Report
Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR). Updated: February 2025.
DOWNLOAD NOW
838,713 professionals have used our research since 2012.

We monitor all Security Orchestration Automation and Response (SOAR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.