Facing Broadcom price increases? Most clients save 75–87% on VMware support. Get your repricing analysis free.
500+ enterprise clients · Est. 2016 · 15-min response · No commitment
Broadcom pricing update (2025–2026): Following the November 2023 VMware acquisition, Broadcom has restructured Carbon Black from a standalone product portfolio into a component of Broadcom Security Packages. Customers renewing Carbon Black post-acquisition are reporting 60–180% price increases. Independent support is now a commercially viable alternative for organisations running Carbon Black EDR, App Control, and Audit & Remediation on-premises.
VMware Carbon Black was acquired by VMware in 2019 and subsequently came under Broadcom ownership in November 2023. The product suite — Carbon Black EDR (formerly CB Response), Carbon Black App Control (formerly CB Protection), Carbon Black Audit & Remediation (formerly CB LiveOps), and Carbon Black Cloud (the SaaS endpoint detection platform) — represents one of the most widely deployed endpoint detection and response solutions in enterprise environments.
Broadcom's commercial strategy for Carbon Black follows the pattern established for other VMware products: force migrations toward cloud-delivered services, bundle security products into packages with pricing structures that disproportionately benefit Broadcom relative to actual customer consumption, and use support contract renewals as the mechanism to execute price increases that were not contractually agreed during the VMware era.
Broadcom's Carbon Black Pricing Restructure
Broadcom has moved Carbon Black from standalone SKU pricing into a Security Package model. Customers who previously paid per-endpoint fees for CB EDR, App Control, or Audit & Remediation now face a bundled pricing structure that includes capabilities they do not use — and are charged for them regardless. The Security Package approach mirrors Broadcom's VCF strategy for infrastructure: bundle everything, price the bundle high, and use renewal pressure to prevent customers from reverting to standalone pricing.
The specific pricing impact varies by deployment size and whether customers are on perpetual or subscription licences, but the pattern is consistent. Carbon Black EDR on-premises customers renewing in 2025–2026 are seeing increases of 60–120% year-over-year. App Control (application whitelisting) customers — often in regulated industries such as financial services, healthcare, and critical infrastructure — are facing similar increases, with the added pressure to migrate to Carbon Black Cloud, which requires an agent architecture change and does not support all of App Control's kernel-level blocking capabilities.
Carbon Black Product Version Matrix 2026
| Product | Current Version | On-Prem Support Status | TPS Coverage | Notes |
|---|---|---|---|---|
| Carbon Black EDR (CB Response) | 7.x / 8.x | Restricted (Broadcom) | ✔ Full | Server + agent support |
| Carbon Black App Control (CB Protection) | 8.x / 8.9.x | Active (pricing escalated) | ✔ Full | Policy engine + kernel agent |
| CB Audit & Remediation (CB LiveOps) | 2.x / 3.x | Restricted (Broadcom) | ✔ Full | Live query + remediation |
| Carbon Black Cloud (SaaS) | Cloud | Broadcom managed SaaS | N/A | Cloud-managed, no TPS |
| Carbon Black EDR (legacy 6.x) | 6.x | EOS (Broadcom) | ✔ Full | Highest TPS demand version |
Carbon Black renewal in the next 6 months? This is the moment Broadcom uses to enforce price increases. Independent support is a credible counter-offer. Request an assessment before your renewal meeting.
Request Carbon Black Assessment →What Third-Party Support Covers for Carbon Black
Third-party support for Carbon Black on-premises deployments covers the Carbon Black server infrastructure — EDR server configuration, alert pipeline management, threat intelligence feed integration, and retention management — as well as the agent estate, including sensor version management, policy configuration, and sensor troubleshooting. For App Control, coverage extends to the policy engine, baseline management, approval rules, and integration with SIEM and SOAR platforms.
Security patches are issued for known CVEs affecting Carbon Black server components and the Java and Python services underlying the management interface. This is particularly important for App Control deployments in regulated environments where Broadcom's current support model is providing diminishing security patch coverage for on-premises versions as the company focuses development effort on the cloud platform.
Audit & Remediation (CB LiveOps) coverage includes live query management, process tree analysis support, and integration with incident response workflows. For organisations using CB LiveOps as the investigation tool in their SOC, TPS ensures the live query capability remains functional and supported without requiring migration to the Carbon Black Cloud agent architecture.
📄 VMware / Broadcom Survival Guide
Carbon Black is one element of the broader Broadcom acquisition impact. This 62-page guide covers all VMware product lines, negotiation tactics, and TPS strategies for organisations managing the full VMware portfolio under Broadcom.
Download Free →Carbon Black TPS Cost Model 2026
| Deployment Profile | Broadcom Annual Cost (Post-Renewal) | GoVendorFree TPS | Annual Saving | 3-Year Saving |
|---|---|---|---|---|
| EDR only: 2,000 endpoints, on-prem server | £145,000 | £54,000 | £91,000 (63%) | £273,000 |
| App Control: 5,000 endpoints, regulated industry | £310,000 | £112,000 | £198,000 (64%) | £594,000 |
| EDR + App Control + A&R: 15,000 endpoints | £780,000 | £275,000 | £505,000 (65%) | £1,515,000 |
| Large enterprise: 40,000 endpoints, global SOC integration | £1,900,000 | £665,000 | £1,235,000 (65%) | £3,705,000 |
The figures above reflect Broadcom's post-renewal pricing for 2025–2026 renewals based on GoVendorFree's visibility into client renewal negotiations. Pre-renewal VMware-era pricing was typically 40–60% lower than the Broadcom-restructured pricing above.
Four Strategic Options for Carbon Black Customers
App Control in a regulated environment? CB Cloud is not a direct replacement for App Control's kernel-level whitelisting capabilities. Third-party support preserves the App Control architecture that your compliance team has certified.
Discuss Carbon Black TPS Options →Regulated Industry Considerations
Critical Infrastructure (Energy, Utilities, Transport)
Carbon Black App Control is widely deployed in operational technology (OT) environments for application whitelisting on SCADA and ICS workstations. NERC CIP and NIS2 requirements for OT security include application control as a mandated capability. CB Cloud does not support all of App Control's OT-specific policy enforcement (specifically, its ability to enforce whitelisting on systems without internet connectivity). Third-party support preserves the App Control capability that OT compliance requires.
Financial Services (PCI DSS, FCA, PRA)
Financial services organisations using Carbon Black for PCI DSS cardholder data environment (CDE) compliance have a specific concern about the CB Cloud agent migration: it requires re-scoping the QSA assessment for the CDE. Any change to the endpoint security agent in scope triggers a re-assessment cycle. Third-party support avoids triggering this obligation.
Healthcare (NHS, HIPAA)
NHS trusts and healthcare organisations using Carbon Black App Control for medical device protection — ensuring that workstations connected to clinical networks cannot run unauthorised software — rely on App Control's offline policy enforcement capability. CB Cloud requires persistent internet connectivity for policy updates. Third-party support maintains the offline App Control capability that clinical networks require.
Carbon Black TPS Transition Process
- Environment audit (Week 1): Document CB server version, agent distribution by product and version, policy configurations, and SIEM/SOAR integration points. Identify any open Broadcom support cases.
- TPS contract alignment (Weeks 1–2): Confirm P1 SLAs for SOC-impacting incidents (15-minute response), patch scope for CVEs affecting CB server components, and App Control kernel agent support coverage.
- Broadcom notification (Week 2): Give Broadcom the required contract notice. Broadcom's retention team will offer commercial concessions — your TPS contract is the counter-offer.
- Knowledge transfer (Weeks 2–3): GoVendorFree security engineers review the CB architecture, establish monitoring, and take over the support queue.
- Go-live (Week 4): TPS active. Broadcom contract terminates at renewal. All agents, policies, and SOC integrations remain unchanged.
Carbon Black renewal notice received? You have a narrow window to engage a TPS alternative before the Broadcom retention team creates urgency. Contact us today for a rapid assessment and counter-proposal.
Respond to My Broadcom Renewal →