I would like to compare CrowdStrike and Carbon Black. On what basis should I decide?
Hi. I need to compare CrowdStrike and Carbon Black. What is the advantage of CrowdStrike over Carbon Black and vice versa? For an enterprise, how do I decide which one is better for my needs?
Pointers are based on the tests performed during the evaluation a few months back)
CrowdStrike:
- Artificial Intelligence and Machine Learning
- Is a cloud solution
- Offers protection from known threats.
- Offers advanced threat protection
- ATP Technology: AI+ML on the Agent blocks threats before they execute. Also has sandbox capability
- Predictive / Proactive
- Offers memory defense and script control
- Is cloud/server dependent
- Requires constant Internet connectivity, cannot work offline
- Footprint: 1-2 % CPU/ 40MB
- Requires Scanning
- Requires Human Intervention
- Servers are required
- Offers Endpoint Detection and Response (EDR), Endpoint Protection Platform (EPP), Threat Intelligence
- Easy to use
- 2FA
- Does not require hourly updates
- Does not require traditional AV
Does not offer:
- Application Control
- Web Reputation Control
- Web Category Protection
- Host Firewall
- Port Control System
- Full Disk Encryption
- File-Based Encryption
- Removable Media Encryption
Carbon Black:
- Detection & Response
- Cloud or On-Premise architecture
- Requires constant hash lookup. If not connected, there will be no protection from known threats.
- Offers advanced threat prevention
- ATP Technology: Hash-based, behavior-based
- Reactive
- Offers memory defense and script control
- Application control: CB protection Product
- Cannot work offline (only cached hashes)
- Cloud / Server Dependent
- Requires constant Internet connectivity, cannot work offline
- Footprint: Large - high utilization + network utilization
- Does not require scanning.
- Requires constant requires hourly updates.
- Requires Traditional AV
- Requires Human Intervention, behavioral rules & malware signatures.
- Requires Multiple servers if on-premise.
- Endpoint Detection and Response (EDR), Endpoint Protection Platform (EPP), Threat Intelligence
- Is not easy to use.
Does not offer:
- Web Reputation Control
- Web Category Protection
- Host Firewall
- Port Control System
- Full Disk Encryption
- File-Based Encryption
- Removable Media Encryption
Few additional pointers:
1) There are commercials aspects and CB is costlier than CrowdStrike
2) CB is little heavy on the endpoint as compared to CrowdStrike
3) CrowdStrike is coming up with EDR agents for mobiles as well ( Beta is out and GA is expected in June-July 2019). This could be the game changer
I agree with some of the comments. Crowdstrike is way ahead of CB. However, both are cloud solutions, and depending on your business regulatory guidelines, you may have challenges having to send raw data to the cloud directly from the endpoints.
Former CISO | Cyber Security Enthusiast at a tech services company with 51-200 employees
Real User
2020-01-02T12:21:36Z
Jan 2, 2020
While Carbon Black is great for good detections and incident Response, Crowdstrike is EDR on steroids. It's everything you require from an Endpoint Detection, Response and Visibility perspective. An all-in-one arsenal for best in the class Threat Intelligence, Threat Analytics, very capable Sandboxing, Attack Chain Visibility, Patching Systems, File-less malware detection and termination upon execution along with a graphical visualization of the Process, Child-process etc. Only drawback for organization with isolated / offline networks is, Crowdstrike is on the Cloud.
As this point in time, nothing comes close to CrowdStrike.
Sr. Account Executive at a tech services company with 1,001-5,000 employees
MSP
2019-07-10T16:10:28Z
Jul 10, 2019
In a nutshell:
Carbon Black:
- Using the PSC is like your home alarm system being connected to every neighbor!
- The product has rich and unmatched set of features in the end point protection space. Very focused on capabilities and domain expertise.
Crowdstrike:
- Easy out of the box, and provides so much more value than just an AV product.
Prinicipal Security Sales Engineer at a computer software company with 501-1,000 employees
Real User
2019-06-10T21:15:24Z
Jun 10, 2019
Depends on your sec-engineering staff size, the number of agents, integration with other tools. I would start by listing your use cases and break down what you mean by "better for my needs". Too many variables.
Why are you just looking at those solutions? You should also consider Microsoft Defender ATP (www.microsoft.com) which is no longer just limited to monitoring Windows and which Gartner has stated as being influential in this market.
Since both are an EDR solution, I would suggest analyzing which provides end to end mitigation. I know CB has 3 modules for the detailed analysis but not sure on the CrowdStrike.
I think the one thing you want to do is to review how much each solution will help you reduce your investigative workload... Each and every organization will have its own strength and requirements. If you're looking for an on premise solution, then maybe CB is your choice... cause as far as I know, CS only work from the cloud.
However, if your team is small and you don't want to be bogged down by alerts after alerts, try finding a solution that gives you conclusive and actionable intelligence - one that specifically points out the problem file/folder/endpoint for you.
CrowdStrike provides both a streaming and query REST API for accessing many of the features available through the Falcon Platform's UI. Carbon Black also provides a well-documented REST API for building custom integrations with the platform.
Technical comparison can be found at Gartner page: www.gartner.com
CrowdStrike Falcon and VMware Carbon Black Endpoint compete in the endpoint security category. CrowdStrike Falcon seems to have the upper hand due to its flexible cloud-native architecture which offers real-time threat detection and response, resulting in improved threat management efficiency.Features: CrowdStrike Falcon provides real-time threat detection, the OverWatch service for continuous monitoring, and robust machine learning capabilities. These features ensure high efficacy in threat...
Pointers are based on the tests performed during the evaluation a few months back)
CrowdStrike:
- Artificial Intelligence and Machine Learning
- Is a cloud solution
- Offers protection from known threats.
- Offers advanced threat protection
- ATP Technology: AI+ML on the Agent blocks threats before they execute. Also has sandbox capability
- Predictive / Proactive
- Offers memory defense and script control
- Is cloud/server dependent
- Requires constant Internet connectivity, cannot work offline
- Footprint: 1-2 % CPU/ 40MB
- Requires Scanning
- Requires Human Intervention
- Servers are required
- Offers Endpoint Detection and Response (EDR), Endpoint Protection Platform (EPP), Threat Intelligence
- Easy to use
- 2FA
- Does not require hourly updates
- Does not require traditional AV
Does not offer:
- Application Control
- Web Reputation Control
- Web Category Protection
- Host Firewall
- Port Control System
- Full Disk Encryption
- File-Based Encryption
- Removable Media Encryption
Carbon Black:
- Detection & Response
- Cloud or On-Premise architecture
- Requires constant hash lookup. If not connected, there will be no protection from known threats.
- Offers advanced threat prevention
- ATP Technology: Hash-based, behavior-based
- Reactive
- Offers memory defense and script control
- Application control: CB protection Product
- Cannot work offline (only cached hashes)
- Cloud / Server Dependent
- Requires constant Internet connectivity, cannot work offline
- Footprint: Large - high utilization + network utilization
- Does not require scanning.
- Requires constant requires hourly updates.
- Requires Traditional AV
- Requires Human Intervention, behavioral rules & malware signatures.
- Requires Multiple servers if on-premise.
- Endpoint Detection and Response (EDR), Endpoint Protection Platform (EPP), Threat Intelligence
- Is not easy to use.
Does not offer:
- Web Reputation Control
- Web Category Protection
- Host Firewall
- Port Control System
- Full Disk Encryption
- File-Based Encryption
- Removable Media Encryption
Few additional pointers:
1) There are commercials aspects and CB is costlier than CrowdStrike
2) CB is little heavy on the endpoint as compared to CrowdStrike
3) CrowdStrike is coming up with EDR agents for mobiles as well ( Beta is out and GA is expected in June-July 2019). This could be the game changer
I agree with some of the comments. Crowdstrike is way ahead of CB. However, both are cloud solutions, and depending on your business regulatory guidelines, you may have challenges having to send raw data to the cloud directly from the endpoints.
While Carbon Black is great for good detections and incident Response, Crowdstrike is EDR on steroids. It's everything you require from an Endpoint Detection, Response and Visibility perspective. An all-in-one arsenal for best in the class Threat Intelligence, Threat Analytics, very capable Sandboxing, Attack Chain Visibility, Patching Systems, File-less malware detection and termination upon execution along with a graphical visualization of the Process, Child-process etc. Only drawback for organization with isolated / offline networks is, Crowdstrike is on the Cloud.
As this point in time, nothing comes close to CrowdStrike.
In a nutshell:
Carbon Black:
- Using the PSC is like your home alarm system being connected to every neighbor!
- The product has rich and unmatched set of features in the end point protection space. Very focused on capabilities and domain expertise.
Crowdstrike:
- Easy out of the box, and provides so much more value than just an AV product.
Depends on your sec-engineering staff size, the number of agents, integration with other tools. I would start by listing your use cases and break down what you mean by "better for my needs". Too many variables.
Why are you just looking at those solutions? You should also consider Microsoft Defender ATP (www.microsoft.com) which is no longer just limited to monitoring Windows and which Gartner has stated as being influential in this market.
Since both are an EDR solution, I would suggest analyzing which provides end to end mitigation. I know CB has 3 modules for the detailed analysis but not sure on the CrowdStrike.
I think the one thing you want to do is to review how much each solution will help you reduce your investigative workload... Each and every organization will have its own strength and requirements. If you're looking for an on premise solution, then maybe CB is your choice... cause as far as I know, CS only work from the cloud.
However, if your team is small and you don't want to be bogged down by alerts after alerts, try finding a solution that gives you conclusive and actionable intelligence - one that specifically points out the problem file/folder/endpoint for you.
Contact me if you want to know more - rodney@cybotsai.com
Hope it helps!
Both are great products. The cons are overcome partially resolved by other products.
CrowdStrike provides both a streaming and query REST API for accessing many of the features available through the Falcon Platform's UI. Carbon Black also provides a well-documented REST API for building custom integrations with the platform.
Technical comparison can be found at Gartner page: www.gartner.com
Highly recommended for use is Crowdstrike.