Network and perimeter-based security remains a crucial pillar of enterprise resilience, but with the rise of new computing models like the cloud and mobile, more emphasis is being placed on protecting endpoints than ever before. And with business processes and communications increasingly take place outside of traditional firewall boundaries, vendors like Carbon Black and CrowdStrike are focused on protecting these potential cyber attack entry points wherever they may be, inside or outside the perimeter network.

In a recent report comparing various endpoint cybersecurity solutions, Gartner cited endpoint detection and response (EDR) as being integral to a firm's ideal overall endpoint security strategy, a model it refers to as an Adaptive Protection Architecture. This security framework covers preventive, detective, retrospective and predictive measures for maintaining competent security.

EDR solutions provide the first two—preventative and detective measures—by analyzing endpoints for suspicious changes and activity. For example, both Carbon Black and CrowdStrike provide antivirus and malware protection as a first line of defense again security compromises.

Troubled Histories

Despite being security providers trusted with protecting some of the largest companies and institutions in the world, both Carbon Black and Crowdstrike have encountered very public setbacks delivering on unrealistic cybersecurity promises. Crowdstrike fought to suppress a product testing report that gave their endpoint protection product the lowest awarded rating. NSS Labs compared Crowdstrike and twelve other advanced endpoint protection products and gave Crowdstrike (and one other product) an advisory "caution" rating. Crowdstrike then sued NSS Labs to prevent them from releasing the findings and lost

On the other hand, Carbon Black was revealed to have leaked sensitive customer data through the cloud-based multi-scanner. Carbon Black scans for files that are not trusted, and when it encounters a file it doesn't recognize it can upload that file to a central cloud-based database for analysis. For several customers this resulted in terabytes of data being uploaded, including files containing keys to AWS, Azure, Slack, and Google services. That centralized database is browsable by other Carbon Black customers who have paid to subscribe to the multi-scanner service. The writer of the report summarized the multi-scanner flaw as "the world’s largest pay-for-play data exfiltration botnet."

Carbon Black

Previously known as Bit9 + Carbon Black, Carbon Black more or less came into its own after merging with Bit9 in 2014. This merger enabled it to combine competencies in endpoint threat prevention with endpoint threat detection and response for delivering so-called "next-generation endpoint security." This investment has clearly paid off—according to a recent IDC report, Carbon Black has 37 percent market share in the endpoint protection space.

carbon black UI
The Carbon Black UI. Source:


CrowdStrike is another leader in the next-generation endpoint protection space. Founded by McAfee's former CTO, the firm focuses on endpoint security, threat intelligence, and incident response. The company was recently called in to handle the DNC breach, and has been hired to investigate many recent high-profile data breaches.

crowdstrike UI
The CrowdStrike Falcon UI. Source:

Side-by-Side Scoring: Carbon Black vs. CrowdStrike

1. Capability Set

CrowdStrike's Falcon platform utilizes antivirus/antimalware, threat response, anomaly detection and more to provide comprehensive endpoint monitoring and protection. Similarly, Carbon Black's endpoint security platform combines antivirus/antimalware, incident response, and threat management features into a single pane of glass web console.

Carbon Black CrowdStrike
5/5 5/5

2. Ease of Use

CrowdStrike's web-based management console has all the trappings of your typical SaaS offering, making it at once familiar and easy to use. Carbon Black's updated web interface also make its platform easy to get up to speed with; that said, both can feel unwieldy due to the volume of information presented in each front-end.

Carbon Black CrowdStrike
4/5 4/5

3. Community Support

Carbon Black has made a variety of community support resources available, including its User eXchange community portal and community wiki on GitHub. CrowdStrike also provides a GitHub page as well as a set of free community tools for scanning for specific vulnerabilities and other security functions. 

Carbon Black CrowdStrike
5/5 5/5

4. Release Rate

Currently on version 5, Carbon Black has not made its release history immediately available on the company's website—suffice to say, its offering has undergone significant transformations over the years, especially with the Bit9 merger: Cb Protection's comprehensive endpoint protection is in fact Bit9, while Cb Response is Carbon Black's real-time endpoint detection and response solution. Similarly, CrowdStrike's release history is not available on the website—the platform is currently on version 2.

Carbon Black CrowdStrike
4/5 4/5

5. Pricing and Support

A monitoring system won't troubleshoot a configuration error. A configuration test script will.

Though pricing is not publicly available, Carbon Black implementations for medium-sized infrastructures can run in the tens of thousands. Similarly, CrowdStrike's solution for complete endpoint protection—including its cloud and intelligence platforms—is certainly out of reach for organizations with modest security budgets. 

Both vendors offer standard options for paid-for phone and email support, as well as professional services and custom offerings like incident response and remediation services.

Carbon Black CrowdStrike
3/5 3/5

6. API and Extensibility

CrowdStrike provides both a streaming and query REST API for accessing many of the features available through the Falcon Platform's UI. Carbon Black also provides a well-documented REST API for building custom integrations with the platform.

Carbon Black CrowdStrike
5/5 5/5

7. 3rd Party Integrations

Carbon Black's integration network and open API strategy have resulted in numerous integrations with leading security offerings, from SIEM (Splunk, IBM, LogRhythm) to analytics and threat intelligence (Blue Coat, Exabeam, AlienVault, ThreatStream). CrowdStrike also features a myriad of integrations with leading security vendors: IBM QRadar, Splunk, Check Point, zScaler, to name a few.

Carbon Black CrowdStrike
5/5 5/5

8. Companies that Use It

CrowdStrike's customers include three of the 10 largest global companies by revenue and five of the 10 largest financial institutions. Some notables include Rackspace, Telstra, and Tribune Media. Carbon Black's customer list also reads like the who's who of leading global enterprises: Nasdaq, NIST, WebMD, Samsung, and Adobe, to name a few. 

Carbon Black CrowdStrike
5/5 5/5

9. Learning Curve

Both offerings' streamlined UIs make getting acquainted with the platforms easier—however, as mentioned previously, the amount of information presented can be a challenge to grasp. For example, Carbon Black generates a copious number of standard events that may overwhelm novice users. CrowdStrike's platform is a bit easier in this regard: each panel summarizes important information/metrics for situational awareness at-a-glance.

Carbon Black CrowdStrike
3/5 4/5

10. Security rating

Carbon Black's security rating of 656, while respectable, falls short due to various security flaws. CrowdStrike—with its 903 security rating—is much more robust than Carbon Black's.

Scoreboard and Summary

  Carbon Black CrowdStrike
Capability set 5/5 5/5
Ease of use 4/5 4/5
Community support 5/5 5/5
Release rate 4/5 4/5
Pricing and support 3/5 3/5
API and extensibility 5/5 5/5
3rd party integration 5/5 5/5
Companies that use it 5/5 5/5
Learning curve 3/5 4/5
Security rating 656 903
Total 4.3/5 4.5/5

In short, both Carbon Black and CrowdStrike are comprehensive—albeit costly—platforms designed to protect endpoints against today's cyber threats. However, endpoint protection is just one security layer out of many that comprise a competent enterprise framework for cyber resilience, and both offerings come with fully-realized REST APIs and integrations for rounding out the security toolchain. UpGuard's resilience platform is a critical component of this toolchain, ensuring that all configurations are accounted for and security controls are working as expected.

Ready to see
UpGuard in action?