Cortex XDR vs. VMware Carbon Black

Learn why organizations choose Cortex XDR over Carbon Black for attack prevention, detection and response.

Cortex XDR is the better choice to stop modern threats


Cortex XDR® consistently outperforms Carbon Black and other EDR/XDR vendors, with stellar results in both the AV-Comparatives EPR and MITRE ATT&CK Evaluations. Building upon proven best-in-class endpoint protection, Cortex XDR accurately uncovers stealthy attacks, so SOC teams can quickly analyze and contain threats. Carbon Black’s inferior test results reflect their reliance on a third-party partner for threat prevention and lack of comprehensive detection and response capabilities.


Carbon Black customers should also be concerned about potential problems following Broadcom’s acquisition of VMware. Can you risk potential price increases and reduced R&D investment for a solution that already falls behind in prevention and detection? It’s time to seek a better EDR solution from an innovative security partner you can trust to stop future threats.

 Cortex XDR scores 100% overall active prevention in AV-Comparatives Endpoint Prevention and Response (EPR) evaluation.

The Best Threat Prevention

With Behavioral Threat Protection and AI-driven local analysis, Cortex XDR bests Carbon Black in independent third-party testing, stopping real-world attacks like the Log4Shell, SpringShell and Follina exploits. In the 2022 MITRE ATT&CK Evaluation, Cortex XDR blocked all 10 attacks and 99% of all protection substeps, compared to nine attacks and just 53% of substeps for Carbon Black.

These results reflect the better protection Cortex XDR provides over Carbon Black, which relies on a third-party partner to fill the gap in prevention. Don’t partner with a provider that has to outsource such a critical capability.

Cortex XDR provides the best-combined protection and technique detection in round 4 of the MITRE ATT&CK evaluations.

Clearly Superior Detection

When it comes to detection and visibility, performance matters. In the 2022 MITRE ATT&CK evaluations, Cortex XDR detected all 19 steps as well as 107 of 109 substeps with technique-level detections, while Carbon Black only detected 46 of 109 substeps. Missed detections can result in significant and costly consequences.

Cortex XDR has broad detection capabilities, using machine learning and user and entity behavior analytics (UEBA) to uncover stealthy threats. It can take EDR a step further by extending visibility across endpoint, network, cloud and third-party data. Carbon Black only collects data from endpoints with no integration from other tools or data sources.

Cortex XDR provides broad visibility across all data to enable efficient and effective investigation and response.

Faster, More Complete Investigation & Response

Cortex XDR reduces investigation time by 88%,* automating many of the investigation and response activities required of an analyst using Carbon Black. Related alerts are automatically grouped into incidents, revealing the root cause and full detail associated with each alert. Carbon Black does not provide incident-level management, leaving analysts to contend with alert overload and manual correlation and enrichment. This can result in alert fatigue, overlooked threats, and critical delays in attack response.

* Palo Alto Networks SOC analysis showing reduced investigation time from 40 minutes to 5 minutes.


cortex-icon

Compare Cortex XDR to VMware Carbon Black

Cortex XDR
VMware Carbon Black
The Best Threat Prevention
Cortex XDR
    Leading the pack in threat prevention
  • Blocked 10 of 10 attack steps, with 99% protection efficacy rate across all substeps in 2022 MITRE ATT&CK Evaluation.
  • Built-in endpoint firewall, device control and integration with our own Wildfire malware analysis to identify and stop new threats.
VMware Carbon Black
    Missing what should be prevented
  • Blocked 9 of 10 attack steps and received only a 55% protection efficacy rate across all substeps in 2022 MITRE ATT&CK evaluation.
  • Prevention is key to endpoint security, yet Carbon Black outsources this capability to a third party.
Clearly Superior Detection
Cortex XDR
    Analytics-based detections drive results
  • Detected all 19 steps as well as 107 of 109 substeps with technique-level detections – the highest of any vendor.
  • Can extend visibility across endpoint, network, cloud and third-party data.
  • Data can be stored for an unlimited length of time.
VMware Carbon Black
    Incomplete visibility and missed detections
  • Only detected 46 of 109 substeps with technique-level detections in the 2022 MITRE ATT&CK evaluation.
  • No visibility into data beyond the endpoint, and no automatic stitching of data sources.
  • Only stores data for six months.
Faster, More Complete Investigation & Response
Cortex XDR
    Automation speeds results
  • Reduces investigation time by 88% by revealing the root cause of any alert with cross-data insights.
  • Reduces alerts by 98% with intelligent alert grouping and deduplication.
  • Forensics module collects all artifacts needed for forensic analysis in a single intuitive console.
VMware Carbon Black
    Manual effort adds delays
  • Extensive manual correlation increases alert fatigue and investigation times.
  • Lack of incident-level management and alert grouping requires more time and effort for analysis.
  • Response options are limited to their own endpoint agent.
Continued Product Innovation
Cortex XDR
    Setting the bar for security
  • Innovative and committed to delivering new features to stay ahead of evolving threats, enhance security efficacy and streamline SecOps.
VMware Carbon Black
    An uncertain future
  • Recent Broadcom acquisition may negatively impact the product roadmap, support, services and licensing costs for Carbon Black.

Gartner Market Guide for Extended Detection and Response

Is Your Endpoint Security Solution Good Enough?

epr cyber risk quadrant report image

In the 2022 MITRE ATT&CK Evaluations, Carbon Black either missed entirely or provided an inferior level of detail about attack actions in 68% of all possible technique-level detections.

Cortex XDR delivered 100% threat protection and 100% detection of all attack steps for the second year in a row, with 97% of technique detections providing the highest level of detail into attack steps to enable analysts to more quickly and accurately respond to events.

Need more proofpoints?

Check out more but don’t delay – your endpoint security and SOC productivity depend on it!

Request your Personal Cortex XDR Demo

Let's explore ways to find fewer alerts, build end-to-end automation and enable smarter security operations.

Request your Personal Cortex XDR Demo

Request your Personal Cortex XDR Demo

Let's explore ways to find fewer alerts, build end-to-end automation and enable smarter security operations.
Schedule your Cortex XDR Demo:
By submitting this form, you agree to our Terms. View our Privacy Statement.