VMware Carbon Black Cloud Reviews

We used Cb Response for hands-on computer incident response for our infrastructure, installing it on all of our servers and high-value workstations.

The enhanced logging and data analysis of the incident response and investigation components allowed us to quickly identify and resolve security issues before they could spread.

Cb Response’s root-cause analysis and anomaly detection gave us quick warnings and allowed us to start actively threat hunting, instead of taking a passive approach to security.

The ability to quickly isolate a system from the network, while still being able to perform some forensics and mitigation work remotely, was of great value to us since we had many mobile and distributed systems.

We also took full advantage of its incident response reporting capabilities to act as a “black box” for our infrastructure around strings of suspicious activity. The reporting and incident response capabilities were incredibly helpful during active security concerns.

Cb Response is really designed to complement Carbon Black’s Defense product. While Response can be used on its own, coupling with Defense seems like the best strategy if you can afford the price tag. In the end, other antivirus tools and log aggregation solutions seem to have started to incorporate many of Cb Response’s signature features, lessening its value proposition for some organizations.

We did have a couple bugs/issues. The biggest issue I encountered was one where old logs were not being overwritten as expected so the system drive kept filling up from time to time. However, support was usually quite responsive and happy to jump on a remote session to take a look at it for us. That log bug should have been resolved with an update that was available right around the time I stopped working with the system and left the company.

No issues with scalability. Server deployment was quite easy and the client rollout was handled by remote install tools (we used SCCM to take care of it).

Excellent. The techs were always knowledgeable about the product. On a scale of one to 10, I’d go eight.

We did not have a similar, previous solution that we were replacing. This was part of an initial push we were trying to make at the time into better systems security.

Very straightforward. There is excellent documentation and training provided by Carbon Black around setting up this solution; it takes out all the guess work. The server can be given to you as a VM image and with minimal configuration needed. Makes setup a snap for any experienced sysadmin.

We had no issues purchasing through our preferred reseller and were able to get a fair price even when not purchasing direct. Carbon Black Enterprise Response didn’t break the bank, though adding on the matching antivirus and anti-malware components of the Protect product was more than we could afford, even with some discounting.

There wasn’t much similar to Response that I was familiar with at the time. Though some other vendors are starting to include similar features now, Response was a leader when we selected it. Now there is a growing number of open-source projects, such as TheHive, and other vendors are incorporating similar features into their general security products, so I believe the landscape has changed a bit and things are getting more competitive for the needs Response fills.

Explore all options in the space and see if you’re ready to really use an incident response platform such as this for threat hunting in your environment, or if you should focus on closing some other large security gaps first. I think everyone should be working towards the kind of threat hunting and incident response that Carbon Black Enterprise Response enables, but many organizations still need to make sure they’re taking care of other security controls before they move on to these more advanced tools.

If you’re ready for it, Enterprise Response is a cinch to set up and takes a lot of the guesswork out of trying to track security concerns through your environment, so it may be very worth your while.

We use Cb response primarily as our incidence response. Our environment has more than 300 users handling sensitive client information, like financial data and personal identifiable information, so security is a huge concern. When we receive an incident report from our SOC, our first move is to isolate the endpoint, and Cb response does that seamlessly. We are also able to use the product to perform an in-depth binary process analysis to see if there were any suppressed malicious services.

Cb Response is our primary incident response tool. With this product in our hands, we are able to remotely isolate exploited endpoints in seconds and perform a live deep dive of any endpoint into its running processes (as necessary) without the need for extra scripts.

The ability to isolate an endpoint with only the host name and a click of a button is a major time saver. No need to go hunting for an IP or typing in terminal.

The threat intelligence feed could use some fine tweaking. We are subscribed to FS-ISAC threat indicator, but have been unsuccessful in adding it to our alliance feeds. So, rather than Cb Response being able to pull the data from the feed, we have to manually blacklist MD5 hashes.

VMware Carbon Black Cloud is a good home office tool for people working outside the office.

VMware Carbon Black Cloud helped us to get a better view of the security of endpoints and workstations.

The most valuable feature of VMware Carbon Black Cloud is the possibility of securing any PC worldwide.

The solution's support could be improved.

I have been using VMware Carbon Black Cloud for a couple of months.

I rate VMware Carbon Black Cloud a nine out of ten for stability.

I rate VMware Carbon Black Cloud ten out of ten for scalability.

VMware Carbon Black Cloud's initial setup is neither hard nor easy.

We have seen a good return on investment with VMware Carbon Black Cloud.

VMware Carbon Black Cloud is deployed on-cloud in our organization.

I recommend users test the solution and check the use cases before buying it.

Overall, I rate VMware Carbon Black Cloud a nine out of ten.