Carbon Black Cloud
Extended detection and response (XDR) platforms
Antivirus software
Endpoint management software
Endpoint protection platforms
Cloud security software
Endpoint protection software
- Features
- Ease of use
- Ease of management
- Quality of support
- Affordability
- Market presence
Take the quiz to check if Carbon Black Cloud and its alternatives fit your requirements.
Contact the product provider
Free Trial
Free version unavailable
Small
Medium
Large
- Banking and insurance
- Manufacturing
- Professional services (engineering, legal, consulting, etc.)
What is Carbon Black Cloud
Carbon Black Cloud is a cloud-delivered endpoint security platform that provides prevention, detection, and response capabilities for endpoints. It is used by security operations teams to investigate endpoint activity, hunt for threats, and respond through policy changes and endpoint actions. The platform combines next-generation antivirus, endpoint detection and response (EDR), and optional workload protection features under a single console and agent.
Strong endpoint telemetry for investigations
The product collects detailed endpoint activity data that supports incident investigation and threat hunting workflows. Analysts can pivot across process, file, and network events to build timelines and scope impact. This depth of endpoint telemetry is a practical differentiator versus tools that focus primarily on prevention without investigative context.
Cloud-managed policy and response
Carbon Black Cloud centralizes endpoint security policy management in a cloud console, reducing reliance on on-premises infrastructure. It supports common response actions such as isolating endpoints and managing prevention policies from the same interface used for investigations. This is useful for distributed environments where endpoints are frequently off-network.
Consolidates prevention and EDR
The platform combines antivirus-style prevention with EDR detection and response in one agent and management plane. This can reduce the number of endpoint agents and simplify operational ownership between endpoint security and SOC teams. It also supports standard security operations use cases such as alert triage, containment, and remediation tracking.
XDR breadth depends on integrations
While it can contribute to XDR workflows, cross-domain visibility (for example, identity, network, email, and cloud control planes) typically requires integrations and additional data sources. Organizations expecting a single product to provide broad, native coverage across multiple security domains may need complementary tooling. The overall XDR experience can vary based on what telemetry is connected.
Tuning and operational overhead
Alert quality and prevention policies often require tuning to match an organization’s environment and risk tolerance. Without ongoing rule/policy management, teams may experience noisy detections or overly restrictive controls. This can increase SOC workload during rollout and when business applications change.
Not full endpoint management suite
The product focuses on security controls rather than comprehensive endpoint management (for example, broad patching, software distribution, and device lifecycle management). Organizations looking for a single tool to cover both security and full IT endpoint management typically need a separate endpoint management platform. This can add integration and process complexity between IT and security teams.
Seller details
Broadcom Inc.
Palo Alto, California, USA
1961
Public
https://www.broadcom.com/
https://x.com/Broadcom
https://www.linkedin.com/company/broadcom/
