On July 19, 2024, there was a serious disruption to some Home windows PCs resulting from an obvious situation with a CrowdStrike replace. Per stories, the problem originated from a kernel stage driver used to attach CrowdStrike to Home windows PCs and servers. In keeping with CrowdStrike, the defective replace “is not a security incident or cyberattack” and has since been recognized, with a repair already being deployed. The replace reportedly triggered the Blue Display of Loss of life, the notorious Home windows crash alert, in numerous laptop methods all over the world. The outage has up to now affected IT methods of main airways, emergency providers and companies, amongst others. For extra particulars, learn TechRepublic’s information article about the CrowdStrike outage. |
As organizations develop, they’ll want to accumulate endpoint detection and response instruments to watch exercise and safe endpoint gadgets. VMware’s Carbon Black EDR and CrowdStrike’s Falcon merchandise are two high EDR options with options that may assist to enhance a company’s safety posture.
SEE: Microsoft Defender vs Carbon Black: EDR Software program Comparability (TechRepublic)
On this article, we check out which EDR answer is finest for you and your group.
Carbon Black vs. CrowdStrike: Characteristic comparability
Carbon Black and CrowdStrike pricing
For pricing, VMWare doesn’t explicitly present pricing for its Carbon Black EDR merchandise. For the time being, it presents three software program bundles for EDR: Endpoint Commonplace, Endpoint Superior and Endpoint Enterprise.
SEE: CrowdStrike vs FireEye: Examine EDR Software program (TechRepublic)
Right here’s an outline of every:
- Endpoint Commonplace: Subsequent-generation antivirus and behavioral EDR; managed alert and monitoring triage (elective).
- Endpoint Superior: All Commonplace options; risk-prioritized vulnerability evaluation and remediation; real-time gadget evaluation and remediation; managed detection (elective).
- Endpoint Enterprise: All Superior options; enterprise EDR that features menace looking and incident response; choice for managed detection.
I did want that VMware provided some type of free trial or restricted product entry for potential patrons to check drive its software program totally free. That is hopefully one thing it could present sooner or later, particularly since CrowdStrike presents a free trial.
SEE: 10 Myths about Cybersecurity You Shouldn’t Imagine (TechRepublic Premium)
Talking of CrowdStrike, its EDR answer might be bought both via its Falcon Enterprise or Falcon Elite subscriptions. Beneath is an outline of pricing and have inclusions for every CrowdStrike Falcon plan.
- Falcon Enterprise: $184.99 per gadget; contains antivirus, EDR, XDR and managed menace looking.
- Falcon Elite: Contact gross sales for citation; contains EDR, XDR, built-in endpoint and identification safety and threat-hunting.
As talked about, Falcon Enterprise has a free trial for companies or people who need a handy approach to strive its answer with out an preliminary subscription.
Head-to-head comparability: Carbon Black vs. CrowdStrike
Menace looking and remediation
Each Carbon Black and CrowdStrike provide highly effective menace looking and remediation options. Nonetheless, CrowdStrike is a extra sturdy answer based mostly on MITRE Engenuity exams. Its alignment to the MITRE Framework noticed it named a Chief in Gartner’s 2023 Magic Quadrant for Endpoint Safety Platform. The product additionally held the highest place for Completeness of Imaginative and prescient.
In distinction, Broadcom or VMware (Carbon Black) missed some menace detections when examined towards the MITRE Framework from 2022 to 2018 and is positioned in a decrease place in the identical 2023 Magic Quadrant findings.
Single-agent design
Utilizing a single agent to centrally handle a number of endpoint gadgets ensures groups can deploy rapidly and start dealing with threats.
CrowdStrike makes use of a single common agent design. The Falcon platform makes use of a single light-weight agent deployed on endpoint gadgets that collects knowledge and sends it to the cloud for evaluation.
SEE: CrowdStrike vs Sophos: EDR Software program Comparability (TechRepublic)
Alternatively, Carbon Black is a posh safety instrument with a steep studying curve. It requires important tuning and configuration. Furthermore, its menace detection queries are overly sophisticated, and there are a number of guide processes to handle alerts and remediation.
Behavioral studying
EDR software program can both be signature-based or signatureless. Signature-based EDR packages depend on a database of identified threats, whereas signatureless EDR packages use machine studying and behavioral analytics to determine suspicious exercise.
Each CrowdStrike and Carbon Black provide behavioral analytics and machine studying capabilities to trace down anomalies and detect suspicious endpoint and system conduct.
One distinction, nevertheless, is that CrowdStrike gives superior, signatureless safety via built-in menace intelligence, machine studying and behavioral analytics, whereas Carbon Black features a signature-based AV engine. In consequence, CrowdStrike can higher shield gadgets from new and unknown threats.
Deployment
CrowdStrike comes as one platform for all workloads. It gives complete safety protection you can deploy throughout Home windows, Linux and macOS servers and endpoints. As well as, there is no such thing as a on-premises gear requiring upkeep, administration, scans, reboots and complicated integrations.
In distinction, Carbon Black comes as an on-premises or cloud answer. There could also be a necessity for gadget restarts, together with crucial servers, as a part of the sensor replace course of. As well as, there’s a characteristic disparity between on-premises and cloud variations.
System and firewall management
Carbon Black’s EDR software program permits gadget management (no firewall administration), however it’s restricted to Home windows OS and USB flash drives. It additionally permits you to create your endpoint safety insurance policies, which is helpful for companies with particular regulatory or efficiency requirements to fulfill.
By comparability, Falcon Firewall Administration from CrowdStrike permits prospects to maneuver from legacy endpoint platforms to the corporate’s next-generation EDR software program, which incorporates sturdy safety, higher efficiency, and environment friendly administration and enforcement of host firewall insurance policies. As well as, Falcon Firewall Administration presents easy, cross-platform administration of host/OS firewalls from the Falcon console, permitting safety groups to restrict any danger publicity successfully.
Moreover, the Falcon System Management permits customers to soundly make the most of USB gadgets by providing full end-to-end safety and detection and response (EDR) capabilities. Its seamless integration with the Falcon agent and platform comes with gadget management options complemented with full endpoint safety. This gives safety and IT operations groups perception into how gadgets are getting used and the means to manage and handle that utilization.
API integration
API integration ensures you get probably the most out of your EDR software program. Carbon Black’s EDR answer presents greater than 120 out-of-the-box integrations.
Alternatively, CrowdStrike’s Falcon platform is developed as an API-first platform. As new options are launched, corresponding API performance is added to assist automate and management any newly added operations.
Carbon Black professionals and cons
Execs
- Simple to make use of and intuitive consumer expertise.
- Light-weight and isn’t resource-intensive.
- Good quantity of integrations.
Cons
- Should contact gross sales for pricing.
- Could require greater stage of experience to maximise.
CrowdStrike professionals and cons
Execs
- Signatureless safety.
- Seamless endpoint deployment.
- Upstanding safety status.
Cons
- Interface might be extra user-friendly.
Ought to your group use Carbon Black or CrowdStrike?
CrowdStrike is the higher alternative if you happen to want complete protection and safety towards new and unknown threats you can deploy throughout Home windows, Linux, and macOS servers and endpoints. Nonetheless, if you happen to’re searching for an on-premises answer to offer you safety towards identified threats, then Carbon Black could also be higher.
In the end, the choice comes right down to your danger profile and particular wants and necessities.
Methodology
My head-to-head comparability of VMware’s Carbon Black EDR and CrowdStrike’s EDR answer concerned doing a one-to-one evaluation of their safety features, pricing and general worth.
Specifically, I thought-about crucial EDR performance comparable to menace looking and remediation, ease of deployment, behavioral studying, firewall management and API integration.
My analysis of each options concerned in-depth analysis of official product documentation, options included and doable use instances for various kinds of companies. We additionally thought-about actual consumer testimonials and third-party opinions from respected evaluation websites to complement our last evaluation.