CrowdStrike Falcon and VMware Carbon Black are popular endpoint detection and response (EDR) products, and both scored high enough in our analysis to make our list of top EDR vendors.
Buyers often compare the two EDR products, and with good reason: both offer strong security and management features that can make a security operations center’s work easier. The difference in the two lies mainly in CrowdStrike’s advanced features, which are popular with security operations teams but come at a cost. That said, the cost of an EDR product is small compared to the nearly $4 million cost of the average data breach, so price should ideally be no object when purchasing an EDR solution. The best way to get pricing, of course, is to get quotes from multiple vendors on a configuration that meets your organization’s needs.
Detection and response
Both vendors have performed well in independent security tests. CrowdStrike scored higher on the difficult MITRE evaluation, while Carbon Black has scored well in both security effectiveness and total cost of ownership (TCO) in NSS Labs tests – tests avoided by CrowdStrike after a legal dispute between the two. Users of both products give high marks for their detection and response capabilities, so those test scores appear to carry over to production environments. Data breaches happen, so response is one of the driving factors in an EDR purchasing decision, and users of both tools report that their jobs are made easier by the ability of the EDR tools to respond to threats. CrowdStrike also offers an additional managed threat hunting service, Overwatch.
Carbon Black offers nice out-of-the-box automation, with automated remediation a standard feature. Both products scored well in our analysis in Ease of Use and Deployment, but CrowdStrike received the higher overall Management score because of additional features like vulnerability management, device control, advanced threat hunting, rollback, guided investigation and mobile support. That said, Carbon Black scored very high in return on investment (ROI) in the NSS Labs evaluation, so the VMware product offers what’s needed to get the job done. Both EDR products are cloud-based and scored near the top in Deployment, offering a relatively easy implementation experience.
The bottom line
Carbon Black and CrowdStrike are both solid EDR products offering comparable security. Users of both are happy, but CrowdStrike users are a little more effusive in their praise. The difference between the two is largely in CrowdStrike’s wealth of advanced features – and potentially higher cost. Users report that both EDR solutions can get pricey, however. As with all IT products, the best product is the one that meets a buyer’s needs and budget. See our full list of top EDR products for other solutions that may meet your needs.
CrowdStrike and Carbon Black ratings
Here’s how the two EDR products compared in our analysis.
|Detection||Response||Management||Deployment||Ease of use||Value||Support|
|VMware Carbon Black||4.3||4.4||4.2||4.4||4.5||4.6||4.3|