Carbon Black CB Defense and Cisco AMP for Endpoints: Which endpoint detection and response solution is better?

IT Central Station users review two of the highest reviewed solutions in the endpoint detection and response market.


As cyberattacks continue to increase in frequency and complexity, security teams need to develop new ways to stay ahead and ensure that their organisations remain secure. Endpoint Detection and Response (EDR) is an element of endpoint protection which provides continuous monitoring for and response to advanced threats on endpoints. However, choosing the right solution isn’t easy – every business is different, and there is no ‘one size fits all’ solution.

Over 388,000 professionals have used IT Central Station research to inform their purchasing decisions. Its latest paper looks at Carbon Black CB Defense and Cisco AMP for Endpoints, two of the highest reviewed solutions in the endpoint detection and response (EDR) market.

Below is a brief summary of the report, highlighting what real IT Central Station users think of each solution – from their most valuable features, to how they’ve improved individual businesses, as well as what each solution could do better.

Carbon Black CB Defense

An industry-leading next-generation antivirus (NGAV) and EDR solution.

With an average rating of 8.1 from eight reviews, Carbon Black CB Defense is one of the most popular EDR solutions currently available. Popular at computer software, healthcare, and construction companies, the solution has found favour with organisations of all sizes. 50% of reviewers come from smaller organisations, whilst 44% are from companies with 1000+ employees. Midsize organisations make up the remaining 6% of reviewers.

Users disagree on the most valuable features of the solution. Some claim that the triage feature, which shows the whole chain on the malware attack, is of key importance, whilst others believe that the offline networking capabilities it provides, or its dynamic grouping elements are more valuable today. However, there are a few areas where users agree that the solution could be improved, with some wanting to see improvements made to the firewall set, and others eager to see the solution made compatible with mobile devices.  

Cisco AMP for Endpoints

Protects endpoints, network, email, and web traffic.

Achieving an average rating of 8.8 from 17 reviews, Cisco AMP for Endpoints is viewed favourably by the majority of its users. This is reflected in the wide range of industries it finds itself deployed in, from the healthcare industry, through to government organisations, and even construction companies. It also proves popular at organisations of all sizes, with large organisations making up 50% of reviewers, and midsize and small companies accounting for 17% and 33% of reviewers respectively.  

Many of the solution’s users praise its integration capabilities, which allows it to seamlessly blend in with other security features and help organisations create a complete security posture. More specifically, users appreciate the visibility and insight the solution provides and its ability to block a threat everywhere across all endpoints after seeing it for the first time. Unfortunately, the solution does still have areas where it could improve, with critics wanting to see improvements made to its event notification features alongside the removal of duplicate entries in a single console.   

IDGConnect_itcentralstation_endpointdetectionresponse_downloadbutton_2100x912 IDG Connect