We changed our name from IT Central Station: Here's why

Carbon Black CB Defense vs SentinelOne comparison

Cancel
You must select at least 2 products to compare!
Cisco Secure Endpoint Logo
21,131 views|13,711 comparisons
Carbon Black CB Defense Logo
36,978 views|28,888 comparisons
SentinelOne Logo
45,492 views|30,806 comparisons
Comparison Summary
Question: What is the biggest difference between Carbon Black CB Defense, CrowdStrike, and SentinelOne?
Answer: A short answer: Perhaps the biggest IMO is SentinelOne is the only one of these 3 that does not have to go to the cloud for any behavior protection. It allows for full execution and blocks specific patterns rather than go to the cloud sandbox. Crowdstrike has a lite version of blocking without a sandbox. Additionally, Active EDR and intuitive storyline indicating patient zero is a plus with SentinelOne (this without any consulting or threat analyst).
Featured Review
Find out what your peers are saying about Carbon Black CB Defense vs. SentinelOne and other solutions. Updated: January 2022.
563,327 professionals have used our research since 2012.
Quotes From Members
We asked business professionals to review the solutions they use.
Here are some excerpts of what they said:
Pros
"The solution makes it possible to see a threat once and block it everywhere across all endpoints and the entire security platform. It has the ability to block right down to the file and application level across all devices based on policies, such as, blacklisting and whitelisting of software and applications. This is good. Its strength is the ability to identify threats very quickly, then lock them and the network down and block the threats across the organization and all devices, which is what you want. You don't want to be spending time working out how to block something. You want to block something very quickly, letting that flow through to all the devices and avoiding the same scenario on different operating systems.""Integration is a key selling factor for Cisco security products. We have a Cisco Enterprise Agreement with access to Cisco Email Security, Cisco Firepower, Cisco Stealthwatch, Cisco Talos, Cisco Threat Grid, Cisco Umbrella, and also third-party solutions. This is key to our security and maximizing operations. Because we do have the Email Security appliance and it is integrated with Threat Response, we have everything tied together. Additionally, we are using the Cisco SecureX platform, as we were a beta test for that new solution. With SecureX, we are able to pull all those applications into one pane for visibility and maintenance. This greatly maximizes our security operations.""Among the most valuable features are the exclusions. And on the scalability side, we can integrate well with the SIEM orchestration engine and a number of applications that are proprietary or open source.""It is extensive in terms of providing visibility and insights into threats. It allows for research into a threat, and you can chart your progress on how you're resolving it.""The entirety of our network infrastructure is Cisco and the most valuable feature is the integration.""The ability to detonate a particular problem in a sandbox environment and understand what the effects are, is helpful. We're trying, for example, to determine, when people send information in, if an attachment is legitimate or not. You just have to open it. If you can do that in a secure sandbox environment, that's an invaluable feature. What you would do otherwise would be very risky and tedious.""The threat Grid with the ability to observe the sandboxing, analyze, and perform investigations of different malicious files has been great.""Any alert that we get is an actionable alert. Immediately, there is information that we can just click through, see the point in time, what happened, what caused it, and what automatic actions were taken. We can then choose to take any manual actions, if we want, or start our investigation. We're no longer looking at digging into information or wading through hundreds of incidents. There's a list which says where the status is assigned, e.g., under investigation or investigation finished. That is all in the console. It has taken away a lot of the administration, which we would normally be doing, and integrated it into the console for us."

More Cisco Secure Endpoint Pros →

"The product is pretty strong in terms of security and their features are very good in that respect.""CB Defense is more powerful, and you can take more actions than others. Its security features and signatures are constantly updated, so it is more effective than other security solutions.""The EDR and reports were helpful in improving our organization.""It is a very complete platform.""The visibility provided has been great.""The initial setup is very easy.""The triage feature that shows you the whole chain of the malware is useful.""The threat analysis functionality is good."

More Carbon Black CB Defense Pros →

"Another valuable feature is that if a machine is infected, one that may infect other computers within the network, we have the capability of segregating that machine in the network so that it remains connected to the internet but is cut off from the other machines in the network. That helps prevent spreading of the infection. That's a very unique feature, one I have not seen in the last 10 to 15 years from any other antivirus program. That's amazing.""It has a one-click button that we can use to reverse all those dodgy changes made by the virus program and bring the system quickly back to what it was. That's one of the most important features.""It delivers the type of security which we were hoping for, since we have a lot of different endpoint users utilizing different types of software. We have people who only use Office software, like email, Word, and PDFs. Then, we have people who use some applications that other people wrote. We also write applications in-house using people who develop software. Therefore, we have some machines using very high-end developer software for mechanical development, electronic development, and software development. Those users are used to managing their PC on their own. The centralize platform allows us to differentiate between those three groups of people. We have overall control and can oversee the security levels at all the endpoints. They have not yet been blocked in any way when performing the functions""The detection rate for Sentinel One has been excellent and we have been able to resolve many potential threats with zero client impact. The ability to deploy via our RMM allows us to quickly secure new clients and provides peace of mind.""In terms of the engines that SentinelOne uses, it has stopped various scripts from running and it's highlighted lateral movement that we weren't expecting.""SentinelOne also provides equal protection across Windows, Linux, and macOS. I have all of them and every flavor of them you could possibly imagine. They've done a great job because I still have a lot of legacy infrastructure to support. It can support legacy environments as well as newer environments, including all the latest OS's... There are cost savings not only on licensing but because I don't have to have different people managing different consoles.""Previously, we had some processes related to incident response which required more steps. We needed to upload to VirusTotal, Sandbox, et cetera. Now, this process is shortened because all of the information we need is already in SentinelOne. We can briefly analyze and even respond from one management console. If someone has SOC, using the API, they can control everything. It's very cool. I think this is the future.""The best thing SentinelOne has done for us is that it gives us insight into the endpoints. We never had insight into lateral movement threats before. Once a threat known as Qbot gets on the network, it actually spreads throughout sub-networks quickly. SentinelOne has detected that and saved our bacon. We were able to get in there and stop the threat, lock it down, and prevent it from actually spreading through. It would have been 50 or 60 computers. It had spread through in a few minutes. We have a lot of HIPAA data and FERPA data that we need to keep protected."

More SentinelOne Pros →

Cons
"I would recommend that the solution offer more availability in terms of the product portfolio and integration with third-party products.""The connector updates are very easily done now, and that's improving. Previously, the connector had an issue, where almost every time it needed to be updated, it required a machine reboot. This was always a bit of an inconvenience and a bug. Because with a lot of software now, you don't need to do that and shouldn't need to be rebooting all the time.""The thing I hate the most, which they have not fixed, is when it creates duplicate entries within a console. If you have a computer and you upgrade from Windows 7 to Windows 10, or you upgrade your agent from version 6 to 7, it creates a new instance in there instead of updating the information. Instead of paying a license for one computer, I have to license two computers until I manually go in, search for all the duplicate entries, and clean them out myself.""The GUI needs improvement, it's not good.""In Orbital, there are tons of prebuilt queries, but there is not a lot of information in lay terms. There isn't enough information to help us with what we're looking for and why we are looking for it with this query. There are probably a dozen queries in there that really focus on what I need to focus on, but they are not always easy to find the first time through.""...the greatest value of all, would be to make the security into a single pane of glass. Whilst these products are largely integrated from a Talos perspective, they're not integrated from a portal perspective. For example, we have to look at an Umbrella portal and a separate AMP portal. We also have to look at a separate portal for the firewalls. If I could wave a magic wand and have one thing, I would put all the Cisco products into one, simple management portal.""We don't have issues. We think that Cisco covers all of the security aspects on the market. They continue to innovate in the right way.""We had a lot of noise at the beginning, and we had to turn it down based on exclusions, application whitelisting, and excluding unknown benign applications. Cisco should understand the need for continuous updates on the custom Cisco exclusions and the custom applications that come out-of-the-box with the AMP for Endpoints."

More Cisco Secure Endpoint Cons →

"At this point, we're test-bedding several other providers right now to see if there's anything that does equally or better and that comes at a better price point.""Its compatibility can be improved. It did crash a server during deployment, which is not something that I want to happen. Its deployment should also be easier. The whole deployment cycle needs to be simplified. It is an enterprise solution, and to set it up right now, you have to be an expert.""There are many different controls that are needed to be put into place for upgrading that makes it difficult. Having to re-engineer your IT infrastructure to match their software, as opposed to having it integrate and work independently causes difficulties. When there is an update to any software everyone has to be involved.""This solution could have greater granular control on how certain applications work.""Occasionally, we'll have issues with the latest version and they'll basically tell us that they will improve it in the next iteration. They need to work on their version release quality.""The EDR portion could be better. I'm not a big fan, but it works.""I would like to see improvements made so that we can better see all of the processes.""They will most likely need to create or include a feature that checks the network."

More Carbon Black CB Defense Cons →

"All is good for now, but we cannot rest, and continuous development - in particular with regard to the areas of automation, machine learning, and artificial intelligence - is required to keep ahead of the cybercriminals.""They have tiers of support like most companies do. For the first three years, we had the top tier of their support and we would get a response from a technician quickly. We didn't have many things we had to ask of them. They would be very quick. We are now one tier down from that. The SLA for us is no longer within an hour or two. It's within half a day or something like that. As far as if I do ask a question of them, it is a little slower than what it used to be. I understand that we're at a lesser tier, but sometimes it feels like that could be a little better. I have to preface that by specifying that we're no longer paying for their top tier support.""With respect to product patches, it should have the ability to patch directly from SentinelOne, rather than be presented with a list and have to do it separately.""All they need to do to improve it is for it to grow further. The hackers don't sleep. If the hackers don't sleep, the solution continually needs to be updated. They need to keep ahead of the hackers.""One area of SentinelOne that definitely has room for improvement is the reporting. The canned reports are clunky and we haven't been able to pull a lot of good information directly from them.""The solution’s distributed intelligence at the endpoint is pretty effective, but from time to time I see that the agent is not getting the full execution history or command-line parameters. I would estimate the visibility into an endpoint is around 80 percent. There is 20 percent you don't see because, for some reason, the agents don't get all of the information.""We have had one or two occasions when we had to roll back off our Windows machine. Then, we had an issue with SentinelOne where we couldn't let the client make contact with the cloud service anymore. Therefore, the integration with the Windows Service Recovery could be improved in the future.""In terms of improvement, they should work on agents' updates because that is not a strong part. It's not their strong point. It's not straightforward to upgrade agents. I send them questions about it. They already worked on this and they promised that in the next release that they will show me their solution for it. But this year I have had complaints about agents' updates, that they aren't clear."

More SentinelOne Cons →

Pricing and Cost Advice
  • "The visibility that we have into the endpoint and the forensics that we're able to collect give us value for the price. This is not an overly expensive solution, considering all the things that are provided. You get great performance and value for the cost."
  • "Whenever you are doing the licensing process, I would highly advise to look at what other Cisco solutions you have in your organization, then evaluate if an Enterprise Agreement is the best way to go. In our case, it was the best way to go. Since we had so many other Cisco products, we were able to tie those in. We were actually able to get several Cisco security solutions for less than if we had bought three or four Cisco security solutions independently or ad hoc."
  • "In our case, it is a straightforward annual payment through our Enterprise Agreement."
  • "Our company was very happy with the price of Cisco AMP. It was about a third of what we were paying for System Center Endpoint Protection."
  • "There are a couple of different consumption models: Pay up front, or if you have an enterprise agreement, you can do a monthly thing. Check your licensing possibilities and see what's best for your organization."
  • "The Enterprise Agreement is like an all-you-can-eat buffet of Cisco products. In that vein, it was very affordable."
  • "We can know if something bad is potentially happening instantaneously and prevent it from happening. We can go to a device and isolate it before it infects other devices. In our environment, that's millions of dollars saved in a matter of seconds."
  • "The pricing and licensing are reasonable. The cost of AMP for Endpoints is inline with all the other software that has a monthly endpoint cost. It might be a little bit higher than other antivirus type products, but we're only talking about a dollar a month per user. I don't see that cost as being an issue if it's going to give us the confidence and security that we're looking for. We have had a lot of success and happiness with what we're using, so there's no point in changing."
  • More Cisco Secure Endpoint Pricing and Cost Advice →

  • "We have branches, we have different companies, but we cannot buy less than 100 licenses. This does not make sense to me... It should be more flexible. I can understand their saying, "Okay, to be a customer you need 100," but to add on to that number it should be something very straightforward. If I need to add five, for example, I shouldn't need to add 100."
  • "The pricing [is] more or less the same as other similar solutions."
  • "It's reasonable in price"
  • "The price for the solution is completely at government level, meaning one which is very high."
  • More Carbon Black CB Defense Pricing and Cost Advice →

  • "Our licensing fees are about $5 USD per endpoint, per month."
  • "USD$6 per end point which decreases as end points increase."
  • "Pricing is a bit of a pain point. That's where we have not been able to convince all of our customers to use SentinelOne. The pricing is still on the higher side. It's almost double the price, if not more, of a normal antivirus, such as NOD32, Kaspersky, or Symantec."
  • "The solution's price/performance ratio is reasonable."
  • "You have to look at the kinds of problems you can end up with and the fact that you want security against them, and then SentinelOne is not expensive."
  • "It was cheaper than McAfee, which was a way to convince management to go with the solution."
  • "The pricing level for this service and application was very interesting for us. I don't know exactly what the price was, but apparently it was a big surprise that the SOC was also included in our pricing model."
  • "We are on a subscription model by choice. Therefore, we are paying a premium for the flexibility. We would have huge cost savings if we committed to a three-year buy-in. So, it's more expensive than the other solutions that we were looking at, but we have the flexibility of a subscription model. I think the pricing is fair. For example, if we had a three-year tie-in SentinelOne versus Cylance or one of the others, there is not that much difference in pricing. There might be a few euro or dollars here and there, but it's negligible."
  • More SentinelOne Pricing and Cost Advice →

    report
    Use our free recommendation engine to learn which Endpoint Protection for Business (EPP) solutions are best for your needs.
    563,327 professionals have used our research since 2012.
    Answers from the Community
    Alfonso Minaya
    author avatarABHILASH TH
    Reseller

    Crowdstrike USPs compared to CB and SentinelOne:


    1. Very powerful Machine Learning AV


    2. Device Control


    3. Vulanrablity Assessment ( Sentinel One have the partial capability )


    4. AWS Partner Competency


    5. Leaders and having a high rating in all major Analyst reviews 


    6. Automated Threat Intelligence 


    7. Customer satisfaction and retention 

    author avatarShreekumarNair
    Real User

    Do evaluate www.cynet.com and you will find that Cynet is way ahead in the way it does Continuous Breach protection and monitoring.

    author avatarRodney Lee
    User

    IMO, it depends on whether you have abilities to validate and/or correlate telemetries - these guys brings out quite a lot of telemetry alerts for you to work on...

    author avatarRodney Lee
    User

    Are you researching to buy or to resell?

    author avatarSteve Pender
    Real User

    SentinelOne has not been breached

    author avatarSteve Pender
    Real User

    SentinelOne is hands down my recommended solution.


    SentinelOne has not been breached and offers upto $1,000,000 warranty if it cannot roll back a ransomware attack.


    Please contact me at CyberSec@global.co.za for more information, a demonstration, or a quote.


    Your reputation and your company's cyber security is in your hands - make an informed decision

    author avatarreviewer1322229 (CEO at a tech services company with 11-50 employees)
    Real User

    They address slighty differing customer profiles, Crowdstrike has deep integrations to Okta, Sailpoint and others, where as SentinelOne has AI automation that outstrips the general use case associated to most threat detection elements.

    Questions from the Community
    Top Answer: 
    The most valuable feature is signature-based malware detection.
    Top Answer: 
    Licensing fees are on a yearly basis and I am happy with the pricing.
    Top Answer: 
    The GUI needs improvement, it's not good. There are false positives in emails. At times, the emails are blocked and… more »
    Top Answer: 
    Carbon Black offers two different levels of Endpoint Detection and Response. One is the VM Carbon Black Cloud Endpoint… more »
    Top Answer: 
    I think the one thing you want to do is to review how much each solution will help you reduce your investigative… more »
    Top Answer: 
    IMO, it depends on whether you have abilities to validate and/or correlate telemetries - these guys brings out quite a… more »
    Top Answer: 
    Cortex XDR by Palo Alto vs. SentinelOne SentinelOne offers very detailed specifics with regard to risks or attacks.… more »
    Top Answer: 
    Which solution is better depends on which is more suitable specifically for your company. Darktrace, for example, is… more »
    Top Answer: 
    The most valuable feature varies from client to client but having absolute clarity of what happened and the autonomous… more »
    Comparisons
    Also Known As
    Cisco AMP for Endpoints
    Bit9, Confer
    Sentinel Labs
    Learn More
    Overview

    Advanced Malware Protection (AMP) is subscription-based, managed through a web-based management console, and deployed on a variety of platforms that protects endpoints, network, email and web Traffic. AMP key features include the following: Global threat intelligence to proactively defend against known and emerging threats, Advanced sandboxing that performs automated static and dynamic analysis of files against more than 700 behavioral indicators, Point-in-time malware detection and blocking in real time and Continuous analysis and retrospective security regardless of the file's disposition and Continuous analysis and retrospective security.

    CB Defense is an industry-leading next-generation antivirus (NGAV) and endpoint detection and response (EDR) solution. CB Defense is delivered through the CB Predictive Security Cloud, an endpoint protection platform that consolidates security in the cloud using a single agent, console and data set. CB Defense is certified to replace AV and designed to deliver the best endpoint security with the least amount of administrative effort. It protects against the full spectrum of modern cyber attacks, including the ability to detect and prevent both known and unknown attacks. CB Defense leverages the powerful capabilities of the CB Predictive Security Cloud, applying our unique streaming analytics to unfiltered endpoint data in order to predict, detect, prevent, respond to and remediate cyber threats. In addition, CB Defense provides a suite of response and remediation tools, including Live Response, which allows security personnel to perform remote live investigations, intervene with ongoing attacks and instantly remediate endpoint threats. For peace of mind, CB Defense customers can also leverage CB ThreatSight, Carbon Black’s managed threat alert service, to validate alerts and uncover new threats.

    SentinelOne delivers autonomous endpoint protection through a single agent that successfully prevents, detects, responds, and hunts attacks across all major vectors. Designed for extreme ease of use, the S1 platform saves customers time by applying AI to automatically eliminate threats in real-time for both on-premise and cloud environments and is the only solution to provide full visibility across networks directly from the endpoint. To learn more visit www.sentinelone.com or follow us at @SentinelOne, on LinkedIn or Facebook.

    Offer
    Learn more about Cisco Secure Endpoint
    Learn more about Carbon Black CB Defense
    Learn more about SentinelOne
    Sample Customers
    Heritage Bank, Mobile County Schools, NHL University, Thunder Bay Regional, Yokogawa Electric, Sam Houston State University, First Financial Bank
    Netflix, Progress Residential, Indeed, Hologic, Gentle Giant, Samsung Research America
    Havas, Flex, Estee Lauder, McKesson, Norfolk Southern, JetBlue, Norwegian airlines, TGI Friday, AVX, Fim Bank
    Top Industries
    REVIEWERS
    Government13%
    Healthcare Company13%
    Manufacturing Company13%
    Financial Services Firm7%
    VISITORS READING REVIEWS
    Comms Service Provider24%
    Computer Software Company23%
    Government7%
    Financial Services Firm5%
    REVIEWERS
    Computer Software Company17%
    Wholesaler/Distributor13%
    Healthcare Company13%
    Construction Company13%
    VISITORS READING REVIEWS
    Computer Software Company27%
    Comms Service Provider16%
    Government6%
    Financial Services Firm5%
    REVIEWERS
    Retailer19%
    Manufacturing Company13%
    Healthcare Company13%
    Energy/Utilities Company13%
    VISITORS READING REVIEWS
    Comms Service Provider24%
    Computer Software Company23%
    Government5%
    Retailer4%
    Company Size
    REVIEWERS
    Small Business39%
    Midsize Enterprise18%
    Large Enterprise43%
    VISITORS READING REVIEWS
    Small Business28%
    Midsize Enterprise21%
    Large Enterprise50%
    REVIEWERS
    Small Business49%
    Midsize Enterprise8%
    Large Enterprise43%
    VISITORS READING REVIEWS
    Small Business38%
    Midsize Enterprise24%
    Large Enterprise38%
    REVIEWERS
    Small Business31%
    Midsize Enterprise17%
    Large Enterprise52%
    VISITORS READING REVIEWS
    Small Business24%
    Midsize Enterprise52%
    Large Enterprise24%
    Find out what your peers are saying about Carbon Black CB Defense vs. SentinelOne and other solutions. Updated: January 2022.
    563,327 professionals have used our research since 2012.

    Carbon Black CB Defense is ranked 9th in Endpoint Protection for Business (EPP) with 24 reviews while SentinelOne is ranked 2nd in Endpoint Protection for Business (EPP) with 20 reviews. Carbon Black CB Defense is rated 7.8, while SentinelOne is rated 9.6. The top reviewer of Carbon Black CB Defense writes "Centralization via the cloud allows us to protect and control people working from home". On the other hand, the top reviewer of SentinelOne writes "Made a tremendous difference in our ability to protect our endpoints and servers". Carbon Black CB Defense is most compared with CrowdStrike Falcon, Microsoft Defender for Endpoint, Carbon Black CB Response, Trend Micro Deep Security and Sophos Intercept X, whereas SentinelOne is most compared with CrowdStrike Falcon, Microsoft Defender for Endpoint, Darktrace, Cortex XDR by Palo Alto Networks and Kaspersky Endpoint Security for Business. See our Carbon Black CB Defense vs. SentinelOne report.

    See our list of best Endpoint Protection for Business (EPP) vendors and best Endpoint Detection and Response (EDR) vendors.

    We monitor all Endpoint Protection for Business (EPP) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.