Carbon Black vs CrowdStrike

Last updated by UpGuard on November 1, 2018

Carbon Black vs CrowdStrikeNetwork and perimeter-based security remains a crucial pillar of enterprise resilience, but with the rise of new computing models like the cloud and mobile, more emphasis is being placed on protecting endpoints than ever before. And with business processes and communications increasingly take place outside of traditional firewall boundaries, vendors like Carbon Black and CrowdStrike are focused on protecting these potential cyber attack entry points wherever they may be, inside or outside the perimeter network.

In a recent report comparing various endpoint cybersecurity solutions, Gartner cited endpoint detection and response (EDR) as being integral to a firm's ideal overall endpoint security strategy, a model it refers to as an Adaptive Protection Architecture. This security framework covers preventive, detective, retrospective and predictive measures for maintaining competent security.

Free DevOps and Security eBooks

EDR solutions provide the first two—preventative and detective measures—by analyzing endpoints for suspicious changes and activity. For example, both Carbon Black and CrowdStrike provide antivirus and malware protection as a first line of defense again security compromises.

Troubled Histories

Despite being security providers trusted with protecting some of the largest companies and institutions in the world, both Carbon Black and Crowdstrike have encountered very public setbacks delivering on unrealistic cybersecurity promises. Crowdstrike fought to suppress a product testing report that gave their endpoint protection product the lowest awarded rating. NSS Labs compared Crowdstrike and twelve other advanced endpoint protection products and gave Crowdstrike (and one other product) an advisory "caution" rating. Crowdstrike then sued NSS Labs to prevent them from releasing the findings and lost

On the other hand, Carbon Black was revealed to have leaked sensitive customer data through the cloud-based multi-scanner. Carbon Black scans for files that are not trusted, and when it encounters a file it doesn't recognize it can upload that file to a central cloud-based database for analysis. For several customers this resulted in terabytes of data being uploaded, including files containing keys to AWS, Azure, Slack, and Google services. That centralized database is browsable by other Carbon Black customers who have paid to subscribe to the multi-scanner service. The writer of the report summarized the multi-scanner flaw as "the world’s largest pay-for-play data exfiltration botnet."

Carbon Black

Previously known as Bit9 + Carbon Black, Carbon Black more or less came into its own after merging with Bit9 in 2014. This merger enabled it to combine competencies in endpoint threat prevention with endpoint threat detection and response for delivering so-called "next-generation endpoint security." This investment has clearly paid off—according to a recent IDC report, Carbon Black has 37 percent market share in the endpoint protection space.

cb.pngThe Carbon Black UI. Source:


CrowdStrike is another leader in the next-generation endpoint protection space. Founded by McAfee's former CTO, the firm focuses on endpoint security, threat intelligence, and incident response. The company was recently called in to handle the DNC breach, and has been hired to investigate many recent high-profile data breaches.


The CrowdStrike Falcon UI. Source:

Side-by-Side Scoring: Carbon Black vs. CrowdStrike

1. Capability Set

CrowdStrike's Falcon platform utilizes antivirus/antimalware, threat response, anomaly detection and more to provide comprehensive endpoint monitoring and protection. Similarly, Carbon Black's endpoint security platform combines antivirus/antimalware, incident response, and threat management features into a single pane of glass web console.

Carbon Black score_570.png
CrowdStrike score_570.png

2. Ease of Use

CrowdStrike's web-based management console has all the trappings of your typical SaaS offering, making it at once familiar and easy to use. Carbon Black's updated web interface also make its platform easy to get up to speed with; that said, both can feel unwieldy due to the volume of information presented in each front-end.

Carbon Black score_4.png
CrowdStrike score_4.png

3. Community Support

Carbon Black has made a variety of community support resources available, including its User eXchange community portal and community wiki on GitHub. CrowdStrike also provides a GitHub page as well as a set of free community tools for scanning for specific vulnerabilities and other security functions. 

Carbon Black score_5.png
CrowdStrike score_5.png

4. Release Rate

Currently on version 5, Carbon Black has not made its release history immediately available on the company's website—suffice to say, its offering has undergone significant transformations over the years, especially with the Bit9 merger: Cb Protection's comprehensive endpoint protection is in fact Bit9, while Cb Response is Carbon Black's real-time endpoint detection and response solution. Similarly, CrowdStrike's release history is not available on the website—the platform is currently on version 2.

Carbon Black score_4.png
CrowdStrike score_4.png

5. Pricing and Support

Though pricing is not publicly available, Carbon Black implementations for medium-sized infrastructures can run in the tens of thousands. Similarly, CrowdStrike's solution for complete endpoint protection—including its cloud and intelligence platforms—is certainly out of reach for organizations with modest security budgets. 

Both vendors offer standard options for paid-for phone and email support, as well as professional services and custom offerings like incident response and remediation services.

Carbon Black score_3.png


6. API and Extensibility

CrowdStrike provides both a streaming and query REST API for accessing many of the features available through the Falcon Platform's UI. Carbon Black also provides a well-documented REST API for building custom integrations with the platform.


Carbon Black score_5.png
CrowdStrike score_5.png

7. 3rd Party Integrations

Carbon Black's integration network and open API strategy have resulted in numerous integrations with leading security offerings, from SIEM (Splunk, IBM, LogRhythm) to analytics and threat intelligience (Blue Coat, Exabeam, AlienVault, ThreatStream). CrowdStrike also features a myriad of integrations with leading security vendors: IBM QRadar, Splunk, Check Point, zScaler, to name a few.  


Carbon Black score_5.png
CrowdStrike score_5.png

8. Companies that Use It

CrowdStrike's customers include three of the 10 largest global companies by revenue and five of the 10 largest financial institutions. Some notables include Rackspace, Telstra, and Tribune Media. Carbon Black's customer list also reads like the who's who of leading global enterprises: Nasdaq, NIST, WebMD, Samsung, and Adobe, to name a few. 

Carbon Black score_570.png
CrowdStrike score_570.png

9. Learning Curve

Both offerings' streamlined UIs make getting acquainted with the platforms easier—however, as mentioned previously, the amount of information presented can be a challenge to grasp. For example, Carbon Black generates a copious number of standard events that may ovewhelm novice users. CrowdStrike's platform is a bit easier in this regard: each panel summarizes important information/metrics for situational awareness at-a-glance.

Carbon Black score_3.png
CrowdStrike score_4.png


Carbon Black's CSTAR score of 836, while respectable, falls short due to various security flaws, namely server information leakage and lack of DMARC/DNSSEC.  CrowdStrike—with its 789 CSTAR score—suffers due to lack of HTTP Strict Transport Security, secure cookies, and DMARC/ DNSSEC.

Carbon Black

Screenshot 2016-11-28 at 9.30.00 PM-1.png


Screen Shot 2016-12-01 at 3.45.06 AM.png

Scoreboard and Summary

  Carbon Black CrowdStrike
Capability Set score_570.png score_570.png
Ease of Use score_570.png score_570.png
Community Support score_570.png score_570.png
Release Rate score_570.png score_570.png
Pricing and Support score_570.png score_570.png
API and Extensibility score_570.png score_570.png
3rd Party Integrations score_570.png score_570.png
Companies that Use It score_570.png score_570.png
Learning Curve score_570.png score_570.png

Screenshot 2016-11-28 at 9.30.00 PM-1.png

Screen Shot 2016-12-01 at 3.45.06 AM.png

Total  4.3 out of 5 4.4 out of 5

In short, both Carbon Black and CrowdStrike are comprehensive—albeit costly—platforms designed to protect endpoints against today's cyber threats. However, endpoint protection is just one security layer out of many that comprise a competent enterprise framework for cyber resilience, and both offerings come with fully-realized REST APIs and integrations for rounding out the security toolchain. UpGuard's resilience platform is a critical component of this toolchain, ensuring that all configurations are accounted for and security controls are working as expected.

See What UpGuard Can Do For You

More Articles

Datadog vs. New Relic

Monitoring tools have come a long way since the early days of Big Brother. Today's solutions have evolved into powerful software troubleshooting and performance analytics platforms capable of deconstructing and analyzing the entire application stack—infrastructure up—for bugs and issues.

Cisco vs. FireEye for Continuous Security

Who provides better continuous security: the world's largest maker of networking equipment or the first cybersecurity firm certified by the U.S. Department of Homeland Security?

Read Article >

AlienVault vs. Tenable for Continuous Security

As perimeter-based cyber protection falls to the wayside, a new breed of continuous security solutions are emerging that combine traditional endpoint protection with newer technologies like security information and event management (SIEM) and crowdsourced threat intelligence.

Read Article 

For their workstations, administrators can: