FireEye vs Carbon Black: Top EDR Solutions Compared

eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More.

Endpoint security offerings from FireEye and Carbon Black both appear on eSecurity Planet‘s list of top endpoint detection and response (EDR) solutions, and each product has a lot to offer enterprise customers. What follows is a look at each solution’s key features and recent improvements, along with an assessment of their strengths and weaknesses.

The Bottom Line

Both solutions get positive reviews from industry analysts and from users, the vast majority of whom say they’d recommend both products to others. FireEye’s offering benefits significantly from Mandiant threat intelligence and from its new MalwareGuard detection and prevention engine. Carbon Black’s recent shift of its EDR solution to the CB Predictive Security Cloud is a key differentiator for organizations seeking the flexibility and ease of use of a cloud-based deployment. Carbon Black comes out on top in detection and response capabilities, but users pay a premium for that added security.

FireEye Product Highlights

Overview: FireEye Endpoint Security brings frontline intelligence and experience to the endpoint, using several combined protection engines to block malware and exploits – the solution leverages a multi-level defense that includes signature-based and behavioral-based engines as well as intelligence-based indicators of compromise.

Recent developments: The most significant addition to FireEye Endpoint Security over the last year is the machine learning-based MalwareGuard detection and prevention engine, the result of a two-year research project from FireEye data scientists and testing and real-world incident responses. The machine learning model leverages both public and private data sources, including data gathered from over 15 million endpoint agents, attack analyses based on more than one million hours spent responding to attacks to date, over 200,000 consulting hours every year, and adversarial intelligence collected from a global network of analysts. That data is then used to train MalwareGuard to make intelligent malware classifications on its own and without human involvement.

Other recent enhancements include Policy Manager, which enables varying levels of access, allowing administrators to balance the needs of security and performance; Alert Workflow Update, which provides the necessary context for organizations to respond rapidly to alerts that matter; and Cloud Identity and Access Management, which enables a higher level of authentication for cloud-based deployments.

Analysts’ take: Gartner notes that FireEye’s global managed detection and response service, FireEye as a Service, is available to help clients that are short on resources. The company benefits from threat intelligence from Mandiant’s breach investigation team and iSIGHT Threat Intelligence service, as well as from FireEye products’ shared threat indicators. Still, the research firm says most EDR data is stored on the endpoint, making it difficult to perform a full root cause analysis involving compromised endpoints that are offline.

Carbon Black Product Highlights

Overview: CB ThreatHunter, a recent upgrade to Carbon Black’s CB Response EDR solution, brings the company’s EDR capabilities to the CB Predictive Security Cloud platform. Security teams can leverage CB ThreatHunter to record all endpoint activity, overlay custom and out-of-the-box sources of threat intelligence, and visualize the activity to easily identify the root cause of an attack. Analysts can quickly jump through each stage of an attack to gain insight into the attacker’s behavior and close security gaps.

Recent developments: The release of CB ThreatHunter brought the core functionality of CB Response to the PSC cloud platform, including the ability to capture and search unfiltered data from endpoints throughout the enterprise, and to maintain customizable watchlists, third-party threat intelligence feeds, automatic upload of each unique binary, expandable process tree visualization, and integrations with Splunk and IBM QRadar.

Because it was built on the company’s multi-tenant cloud platform, CB ThreatHunter now benefits from a lightweight sensor, cloud-powered deployment and elastic scalability, rapid release cycles, more granular control over watchlist and threat feed alerts, and enhanced search capabilities.

Analysts’ take: Writing about CB Response, Gartner said Carbon Black has earned a strong reputation as one of the leading EDR solutions, with a streamlined console that gives administrators simplified views of threats via visual alerts and triage, resulting in faster detection and response. Still, the research firm said Carbon Black continues to be at the premium end in terms of cost per endpoint to acquire and operate.

EDR Product Ratings

Here are eSecurity Planet‘s ratings of each solution’s key features.


FireEye: Very Good

Carbon Black: Very Good

Customers of both vendors report solid performance, with minimal impact on endpoints. The most recent Forrester Wave report on EDR solutions gave FireEye a rating of 3.08 out of five and gave Carbon Black 3.48 out of five (though the research firm evaluated CB Response, not CB ThreatHunter). The rating is based on a range of criteria including configurability, agent effectiveness, forensic capabilities, deployment options and response actions.

Detection and Response

FireEye: Good

Carbon Black: Very Good

In recent testing, Forrester rated Carbon Black’s detection capabilities at 4.0 out of five, and FireEye’s at 3.0 out of five. Similarly, Carbon Black’s response capabilities were rated at 3.8 out of five, while FireEye’s were rated at 3.4 out of five.


FireEye: Good

Carbon Black: Good

Customers of both companies report satisfaction with pricing and value for the money, though Gartner says Carbon Black is more expensive than most.

Implementation and Management

FireEye: Good

Carbon Black: Very Good

Users of both solutions report relatively easy deployment experiences, far easier in Carbon Black’s case by being fully cloud-based. Both solutions require skilled technical staff to manage and use.


FireEye: Very Good

Carbon Black: Good

FireEye users report positive experiences with customer support. While some reviewers say the same of Carbon Black, others report frustration with relatively slow response times.

Cloud Features

FireEye: Good

Carbon Black: Best

While FireEye offers a cloud-based option, Carbon Black’s recent release of CB ThreatHunter moves the entire solution to the company’s cloud platform.

FireEye vs Carbon Black EDR


FireEye Endpoint Security supports cloud, on-premises and hybrid deployments. Agents are available for Windows, Mac and Linux.

As part of the CB Predictive Security Cloud, CB ThreatHunter is cloud-based, with no need for any on-premises infrastructure.


FireEye Endpoint Security is purchased through a subscription model based on the level of protection and investigation tools available – the Essential Edition starts at $39 per endpoint, and the more advanced Power Edition starts at $58.50 per endpoint, with volume discounts available for both. Free trials are available.

CB ThreatHunter leverages a tiered yearly subscription pricing model.

Other EDR product comparisons

Get the Free Cybersecurity Newsletter

Strengthen your organization’s IT security defenses by keeping up to date on the latest cybersecurity news, solutions, and best practices. Delivered every Monday, Tuesday and Thursday

Jeff Goldman Avatar

Subscribe to Cybersecurity Insider

Strengthen your organization’s IT security defenses by keeping abreast of the latest cybersecurity news, solutions, and best practices.

Top Cybersecurity Companies

Top 10 Cybersecurity Companies

See full list

Get the Free Newsletter!

Subscribe to Cybersecurity Insider for top news, trends & analysis