Broadcom / VMware Practice
Broadcom Carbon Black XDR. Enterprise Licensing.
Carbon Black is sold per endpoint across tiered bundles, and Broadcom has reshaped the packaging since the VMware acquisition. Read the tiers before you renew.
Carbon Black is sold per endpoint across tiered bundles, and Broadcom has reshaped the packaging since the VMware acquisition. Read the tiers before you renew.
Broadcom Carbon Black XDR is licensed per endpoint across bundle tiers, and the post acquisition repackaging is where enterprises quietly lose negotiated discount.
Carbon Black is licensed per protected endpoint. Each agent on a server, workstation, or virtual machine counts as one endpoint, and the tier you assign decides the price per endpoint.
The model is simple to state and easy to overpay. The cost driver is not just the endpoint count but the tier you apply across those endpoints.
Broadcom documents the portfolio on the Carbon Black product page, and the broader licensing approach follows the Broadcom product and support terms.
An endpoint is any device running the agent. The count is broader than many buyers expect, and stale entries are common.
Decommissioned machines that keep an agent record stay in the licensed count. Reconciling the agent inventory against live assets removes ghost endpoints you are still paying for.
Carbon Black sells in tiers that climb from prevention to full extended detection and response. Each step up adds capability and cost, and most estates do not need the top tier everywhere.
Mapping endpoint groups to the tier their risk justifies is the core discipline. A finance server and a kiosk do not need the same protection level.
The lower tiers cover next generation antivirus and endpoint detection and response. For low risk, low value endpoints this is frequently sufficient.
XDR correlates telemetry across endpoint, network, and identity for advanced threat hunting. It carries the highest price and belongs on high value, high exposure assets, not the whole fleet.
Carbon Black tiers and fit
| Tier | Adds | Best fit | Cost level |
|---|---|---|---|
| Prevention | Next gen antivirus | Low risk endpoints | Low |
| EDR | Detection and response | Standard corporate fleet | Medium |
| Enterprise EDR | Threat hunting | Sensitive systems | High |
| XDR | Cross domain correlation | High value, high exposure assets | Highest |
After Broadcom acquired VMware, the Carbon Black portfolio was repackaged and renewals frequently default buyers into repriced bundles. The negotiated discount on the old SKUs does not always carry across.
Treat the first post acquisition renewal as a fresh negotiation, not a rollover. Confirm which bundle you are being moved to and whether your prior discount survives the migration.
The endpoint security market is competitive. A live evaluation of a rival platform is the most effective check on a repackaged Broadcom renewal, even when you intend to stay.
The standard Broadcom partner pitch is that standardizing the whole estate on the XDR tier simplifies operations and earns the deepest volume discount. We disagree. In roughly two thirds of the Carbon Black estates we benchmarked in 2024 and 2025, a large share of endpoints carried the top tier when a lower tier covered their real risk, so the volume discount never offset the tier overpay. The buyer side move is to segment endpoints by risk and value, license each group to the tier it genuinely needs, and reserve XDR for the high exposure assets where cross domain correlation earns its premium.
Source: Redress Compliance advisory engagement file, 2024 to 2025.
On a Carbon Black renewal the top tier across the whole fleet is the easy answer and the expensive one.
The renewal turns on a clean endpoint inventory and a risk based tier map. Bring both, plus a competitive alternative, and the repackaged quote loses its momentum.
Multi year terms earn discount but freeze the endpoint count. Negotiate a true down right so a shrinking estate is not stuck paying for endpoints it has retired.
Carbon Black is licensed per protected endpoint across tiered bundles. Each agent on a server, workstation, or virtual machine counts as one endpoint, and the tier you assign, from prevention up to full XDR, sets the price per endpoint.
The XDR tier correlates telemetry across endpoint, network, and identity for advanced threat hunting. It is the most expensive tier and belongs on high value, high exposure assets rather than the entire fleet, where lower tiers usually cover the real risk.
Any device running the Carbon Black agent counts, including physical and virtual servers, laptops, desktops, and cloud instances. Virtual machine sprawl and ghost agents on decommissioned machines are common reasons the licensed count is higher than it should be.
Broadcom repackaged the Carbon Black portfolio, and post acquisition renewals frequently default buyers into repriced bundles where the old negotiated discount does not automatically carry across. Treat the first such renewal as a fresh negotiation, not a rollover.
Usually not. In most estates we reviewed, many endpoints carried the top tier when a lower tier covered their actual risk, so the volume discount never offset the tier overpay. Segment endpoints by risk and license each group to the tier it genuinely needs.
Reconcile the agent inventory against live assets and remove ghost endpoints from decommissioned servers and virtual machines. This endpoint hygiene typically removes 10 to 20 percent of a count inflated by stale records.
They earn discount but freeze the endpoint count, so a shrinking estate overpays for the back half of the term. If you commit multi year, negotiate a true down right so you can reduce endpoints you have retired.
Bring a clean endpoint inventory, a risk based tier map, and a live competitive evaluation. Confirm the SKU mapping into the new bundles and require your prior discount to carry across before accepting any repackaged quote.
Carbon Black tier economics, the XDR bundling rules, how Broadcom repriced the portfolio after the acquisition, and the renewal levers that protect your endpoint discount.
Used across more than five hundred enterprise engagements. Independent. Buyer side. Built for procurement leaders running the next renewal cycle.
