Carbon Black EDR is an on-premise incident response and threat hunting solution designed for security operations center (SOC) teams with offline environments or on-premises requirements.
N/A
Palo Alto Networks Cortex XDR
Score 8.5 out of 10
N/A
Cortex XDR (formerly Traps) replaces traditional antivirus with multi-method prevention, a proprietary combination of malware and exploit prevention methods that protect users and endpoints from known and unknown threats.
We are able to check if any phishing link was visited by the user or not. To check for the whether any file is executed on the machine or not. To check on which port connections are being made by the machine. To create custom watchlist for alert to be investigated by an analyst. To check every process executed in the machine for a specified range.
Malware that doesn’t leave files behind has become widely available. Anyone who can afford to reverse this trend should purchase technology. Application whitelisting isn’t for everyone, and Palo Alto Networks Traps can help. Enterprises looking for a low-affected, next-generation solution with high protection should consider it. PAN Traps is a great product at a reasonable price, and I highly recommend it.
Cortex XDR does a very good job of blocking suspicious and threatening items. However, as with all software of this nature, it will sometimes block known-good items. The difficulty is in manually whitelisting these known-good items. The interface to whitelist is confusing even for a seasoned IT professional and has been the single most frustrating experience of using Cortex XDR
The support we receive from Palo Alto is one of the best aspects of Traps. It is very easy to recommend their support. It seems much easier to connect directly with someone with a deep understanding of the product rather than other companies where you basically have to make an airtight case that it is some kind of non-standard issue that can't be solved with existing documentation. Palo Alto digs deep and helps with advanced troubleshooting to get things working.
CB Response allows for a better view of what happened on the endpoint and provides more functionality out of the box then the FireEye Endpoint Security Product. CB Response allows you to basically have a remote connection into the CLI of an endpoint. This allows you to view the file system, run programs/scripts on the host, etc. FireEye Endpoint Security does not have this functionality.
Traps is the slickest interface, easy to use and intuitive rule making, and the rest just didn't quite stack up to the performance level of Traps. McAfee and Kaspersky just hog processor and RAM power. I didn't like the interface and functionality of SentinelOne as much as Traps. Palo Alto really put a lot of time into the development of this software, and had some of the founding fathers of IT Security heading the development process. Can't beat that.
