Try our new research platform with insights from 80,000+ expert users

Splunk SOAR vs VMware Carbon Black Endpoint comparison

 

Comparison Buyer's Guide

Executive SummaryUpdated on Sep 21, 2025

Review summaries and opinions

We asked business professionals to review the solutions they use. Here are some excerpts of what they said:
 

ROI

Sentiment score
6.0
Organizations report mixed ROI from Splunk SOAR, with time to benefits varying based on familiarity and setup efforts.
Sentiment score
6.0
VMware Carbon Black Endpoint delivers strong ROI with enhanced security, reducing costs and malware incidents within six months.
We've seen a decrease in false positives and a significant increase in our containment.
 

Customer Service

Sentiment score
6.7
Splunk SOAR's support is praised for responsiveness and expertise, though some report slow resolutions and IoT-specific challenges.
Sentiment score
6.3
VMware Carbon Black Endpoint support is knowledgeable but inconsistent, with varied satisfaction and room for improvement in response times.
Discovering different troubleshooting methods is harder to do with Splunk SOAR than with Enterprise Security or other Splunk services.
Splunk's technical support is very good and generally not needed often due to the stable environment.
 

Scalability Issues

Sentiment score
6.9
Splunk SOAR scales well for various organizational sizes, though some face challenges with large clusters or hardware constraints.
Sentiment score
7.3
VMware Carbon Black Endpoint is highly scalable, supporting diverse environments efficiently, despite some data extraction and management complexities.
It can be extended and adapted as necessary.
Splunk SOAR has the ability to scale quite significantly.
 

Stability Issues

Sentiment score
7.5
Splunk SOAR is stable and reliable, though some users experience issues with traffic overloads, latency, and complex diagnostics.
Sentiment score
7.5
VMware Carbon Black Endpoint offers reliable security, but some users experience stability issues and update-related challenges for resource allocation.
We have not experienced any downtime, crashes, or performance issues.
Splunk SOAR provides a stable environment and technology.
It's been pretty reliable.
 

Room For Improvement

Splunk SOAR users seek better integrations, documentation, pricing, case management, training, and performance, with enhanced analytics and automation.
VMware Carbon Black Endpoint needs better integration, UI, mobile support, pricing, responsiveness, threat detection, and stability improvements.
Although it enhances alert handling, it still has a journey to compete with Palo Alto SOAR and FortiSOAR.
Splunk's Unified Platform does help consolidate networking security and IT observability tools.
To make Splunk SOAR a better solution, there could be better built-in debugging tools, smarter playbook suggestions, and enhanced lifecycle management.
 

Setup Cost

Splunk SOAR offers a subscription-based model; pricing varies with organization size, perceived valuable despite being pricey.
VMware Carbon Black Endpoint is seen as pricey, varying by deployment size, with mixed views on its value and flexibility.
Splunk SOAR is moderately priced, neither cheap nor overly expensive.
Splunk SOAR is affordable cost-wise only.
The solution is free for us, which is a beneficial aspect.
 

Valuable Features

Splunk SOAR excels in automation, integrations, and user-friendly features, enhancing threat response, scalability, and productivity.
VMware Carbon Black Endpoint excels in threat detection, management, and integration, providing scalable and efficient security with minimal resource use.
Creating playbooks using the Playbook Editor in Splunk SOAR is easy. The editor is designed to be user-friendly with visual drag and drop features, allowing for easy workflows without writing any code.
The customization of the playbook in Splunk SOAR is very beneficial.
It helps identify instances where an account is not being used or when someone has left the organization, making it unnecessary to manually look up accounts.
 

Categories and Ranking

Splunk SOAR
Average Rating
8.2
Reviews Sentiment
6.7
Number of Reviews
48
Ranking in other categories
Security Orchestration Automation and Response (SOAR) (3rd)
VMware Carbon Black Endpoint
Average Rating
7.8
Reviews Sentiment
6.8
Number of Reviews
63
Ranking in other categories
Endpoint Protection Platform (EPP) (33rd), Security Incident Response (4th), Endpoint Detection and Response (EDR) (27th), Ransomware Protection (7th)
 

Mindshare comparison

While both are Security Software solutions, they serve different purposes. Splunk SOAR is designed for Security Orchestration Automation and Response (SOAR) and holds a mindshare of 7.7%, down 8.0% compared to last year.
VMware Carbon Black Endpoint, on the other hand, focuses on Endpoint Protection Platform (EPP), holds 1.8% mindshare, down 2.2% since last year.
Security Orchestration Automation and Response (SOAR) Market Share Distribution
ProductMarket Share (%)
Splunk SOAR7.7%
Microsoft Sentinel15.9%
Palo Alto Networks Cortex XSOAR9.6%
Other66.8%
Security Orchestration Automation and Response (SOAR)
Endpoint Protection Platform (EPP) Market Share Distribution
ProductMarket Share (%)
VMware Carbon Black Endpoint1.8%
Microsoft Defender for Endpoint9.9%
CrowdStrike Falcon7.9%
Other80.4%
Endpoint Protection Platform (EPP)
 

Featured Reviews

Mack Scott - PeerSpot reviewer
Improves response time by consolidating tools and automating threat detection
I haven't gone too far into it to see anything that needs improvement yet. We can likely include some features related to the integration with on-premises resources, rather than focusing solely on the existing automation. These are the additional features that could be included in the future. Splunk's Unified Platform does help consolidate networking security and IT observability tools. They should integrate Splunk Enterprise Security better into Splunk Cloud.
Nikunj Kamboj - PeerSpot reviewer
Integrates well with our existing SIEM tool and helps in identifying suspicious activities
The solution's integration with our existing security infrastructure is good. Whenever we have any alert in VMware Carbon Black Endpoint, we can easily that alert in our SIEM tool and check logs from the SIEM tool itself. VMware Carbon Black Endpoint is just a secondary security tool for us, and we are just monitoring the alerts from it. The solution's behavioral analytics feature helps in identifying suspicious activities pretty well. Whenever we have even a small thing, we get an alert. The solution is deployed on the cloud in our organization. Performance-wise, the solution is doing great in terms of connecting to the host directly. Performing a malware scan usually takes a lot of time, more than 24 hours. A malware scan is something that we do only on Carbon Black for the old endpoint devices and servers. It used to take sometimes three days to perform. I would recommend the solution to other users. Overall, I rate the solution an eight out of ten.
report
Use our free recommendation engine to learn which Security Orchestration Automation and Response (SOAR) solutions are best for your needs.
871,358 professionals have used our research since 2012.
 

Top Industries

By visitors reading reviews
Financial Services Firm
12%
Computer Software Company
11%
Manufacturing Company
9%
University
7%
Financial Services Firm
12%
Computer Software Company
12%
Government
9%
Manufacturing Company
8%
 

Company Size

By reviewers
Large Enterprise
Midsize Enterprise
Small Business
By reviewers
Company SizeCount
Small Business11
Midsize Enterprise7
Large Enterprise29
By reviewers
Company SizeCount
Small Business31
Midsize Enterprise9
Large Enterprise30
 

Questions from the Community

What do you like most about Splunk Phantom?
Splunk SOAR's quick response to incidents is the most valuable part.
What is your experience regarding pricing and costs for Splunk Phantom?
I don't have experience with costs; management handles that aspect.
What needs improvement with Splunk Phantom?
I haven't gone too far into it to see anything that needs improvement yet. We can likely include some features related to the integration with on-premises resources, rather than focusing solely on ...
What to choose: an endpoint antivirus, an EDR solution or both?
I can recommend Carbon Black, an award-winning next-gen anti-virus (NGAV) and endpoint detection and response (EDR) security solution. The CB Predictive Security Cloud platform combines multiple hi...
What's the difference between Carbon Black CB Response and Carbon Black CB Defense?
Carbon Black offers two different levels of Endpoint Detection and Response. One is the VM Carbon Black Cloud Endpoint Standard (CB Defense), and the other is the Carbon Black Endpoint Detection an...
What do you like most about Carbon Black CB Defense?
VMware Carbon Black Endpoint is a highly stable solution.
 

Also Known As

Phantom
Carbon Black CB Defense, Bit9, Confer
 

Overview

 

Sample Customers

Recorded Future, Blackstone
Netflix, Progress Residential, Indeed, Hologic, Gentle Giant, Samsung Research America
Find out what your peers are saying about Microsoft, Palo Alto Networks, Splunk and others in Security Orchestration Automation and Response (SOAR). Updated: October 2025.
871,358 professionals have used our research since 2012.