VMware Carbon Black Endpoint Reviews

Some of my client's use cases are typical endpoint protection, telemetry, and threat hunting. We are using all three of the most popular services that point back to the cloud central console.

Some of the valuable features I have found are the online documentation of the solution is well organized and thorough. I like the simplicity of bypass and the visualization of the active components. If I want to know which file is being utilized and what sub-files it is calling, the visualization given is very helpful.

I would like to see them continue to run some of the AI-type comparisons. I know everyone is really secretive about what they do and what they have engineered, but I think Cylance was a good market disruptor years ago with their approach. Now we see SentinelOne and everyone is approaching that piece of the puzzle similarly now. I just would like to see more of a comparison. We have done our own technical comparison but it is fairly expensive. All solutions have pros and cons, if more third-party organizations or teams could evaluate how each product works in pros and cons many people would benefit.

This solution could have greater granular control on how certain applications work. You are able to do the operation of allowing or disallow, or you can block unusual usage of an application, but they do not define it well. 

The PowerShell is being called in any way that the threat actor might use it versus an administrator. You are in a way taking this solutions' best guess at it or their understanding of it. They do not clearly tell you in technical terms how they make that determination. They should be more forthright about it, or if they can not tell us, they should just give us the control to make those selections. We are choosing it because at least we have that control where we do not have that same amount of control with other solutions like Cylance. However, they are still not telling us precisely what constitutes suspicious behavior, what actions, or what calls. It is a check box to say, lock if we have inappropriate use, or block if we have suspicious behavior. It would be helpful to tell us what that actually meant.

In the future, I would like to see more granular control of PowerShell and more administrative tools.

I have been using the solution for approximately six months.

The stability of the solution has been good. I like the fact that their call home is a single port, 443, a well-known port with a backup port, 54443. Their architecture, that way is easy for network admin to understand and open up and passing firewalls. In contrast with ATP, ATP has a lot of port requirements, It is much more complex and easy to misunderstand ATP communications until you really dig hard to see how does it work. This solution is much simpler that way. Additionally, performance-wise, user agents seem to hover around 1%-2%, it is fairly efficient and lightweight.

The scalability of the solution has been good. We implemented a couple of large POCs. We have some clients and colleagues that are running it at scale, with more than 5,000 endpoints with great success. We are pleased overall. Most of our clients are mid-cap or small enterprises.

I have found the solution support has been strong. 

I would rate the support of Carbon Black CB Defense a seven out of ten.

Companies need to work on the timeliness of support. Getting directed to a strong enough, experienced enough technical person sooner is important. That just is not the way support is currently built. Usually, they start at tier one and move up. I am sure there are a lot of customers that call in support with simpler questions that you do not want to tie up a tier-three person's time. However, I do not think my request for support to improve is not unique to this solution. 

We have a very knowledgeable technical team. When we call for support we are wanting to interact with tier two or tier three right away. It is frustrating to have to work through the tiers to get where we want to go.

We previously used Cylance and we are coming off of a direct comparison of the two. In the current version of this solution, they have a stronger AI version or component. The overall general quality of the breadth of the solution is better. To receive the same functionality in Cylance, we needed to add the CylanceOPTICS product and we have not had great success with it.

What I do not like about Cylance is it is very binary. You either allow AST to be a 56-bit hash or you do not. I think there is room for more granular control, which we now receive by using this solution.

Overall this solution is better than Cylance.

The initial setup has been straightforward. I think their user interfaces in mature and understandable, they did a good job in it. I would not say any end-point solution is simple, but I think it is more intuitive than many of them.

My advice to others is to take advantage of the POC and work with your POC rigorously. I think we have good responses on the POC as they get closer and closer to wanting to close. We were able to get stronger and stronger and more timely support. It is a good program and they are very fair about it. In any EDR, I would test them heavily and do not rely on marketing.

When applying an overall rating to this solution I do not think there are any tens in the marketplace. We very pleased and we evaluate this every year or two. In our POC, we had 200 samples including ones that were available but not as popular and we received a 100% efficacy. We were very pleased with the results.

I rate Carbon Black CB Defense an eight out of ten.

I am associated with the incident response team, and we use Carbon Visibility for converged networks.

Right now, Carbon Black CB Defense doesn't support cloud computing and Kubernetes. However, if it does support them, then it would be better.

I have been using Carbon Black CB Defense since 2019.

It is mostly a stable solution, but sometimes there are stability issues.

It is a scalable solution.

The technical support is nice. We can reach them 24/7. I rate technical support a seven out of ten.

Neutral

The initial setup was straightforward. We use it for the environment server, clients like end users, and competitors. We use some automation tools like SCCM for Windows, Linksys, and some other automation tools, and we use a lot of them to deploy. So, it depends since it is a circle and because every day, there is a new server that joins the environment. And when your server line client enters the server environment, they automatically install blockings.

But the environment contains over twenty thousand clients. It may take three or three months, depending on whether the employee works in their home. They can only join the network once they log in to VPN. So as a result of that, sometimes deployment time takes too much time. We have very big environments, but a lot of the domain is managed by some administration. Less than ten people were required for the deployment.

We used local support to deploy it.

There are more expensive products than Carbon Black CB Defense, so we are using the solution for its availability.

I recommend the solution to others planning to use it. I rate the overall solution an eight out of ten.

CB Defense could be more compatible with Linux, and its cloud provision could be improved.

I've been using CB Defense for two years.

CB Defense is scalable so long as the deployment has been done correctly.

Carbon Black's support team are very slow to answer questions.

The initial setup was fairly easy. Deployment will take one to two weeks, depending on how many endpoints there are.

CB Defense is available on a yearly subscription and is priced by the number of endpoints.

I would recommend CB Defense for users who want an on-prem solution that lets them see the whole process of any event. I would give CB Defense a rating of six out of ten.

Our primary use case is for application control.

The whole purpose of the product, like application control, is very good, and also if you need to update some policies, it works well and instantly.

I would like to see the user credentials feature improved. I would also like to see more reporting features and better ways to roll the reports out.

I have been using Carbon Black CB Defense for more than a year.

I would say the stability is high a nine on a scale of one to ten.

On a scale of one to ten, I would give it a nine for being highly scalable.

Technical support is pretty responsive. I have not had to use them a lot and when we need them we route them through our team.

The initial setup was straightforward I had some minor issues with the web application I logged in and fixed them. The initial deployment only took about half a day. We have deployed to around one hundred systems.

The deployment was done in-house.

The pricing is annually based and operates through another department than mine.

I would rate Carbon Black CB Defense an eight out of ten.

We primarily use this product to provide threat intelligence to our SOC about our endpoints.

One of the most valuable features is that it will block vulnerable sites. If there was a connection between one of our devices to a known malware site, it will block it. Then also alerts our SOC.

This product should be cheaper.

I have been working with Carbon Black CB Defense for three years.

Stability-wise, it is good.

I am satisfied with the scalability. We use it across the company and all of the users have it on their laptops. It's a mixture of IT people, finance, doctors, lawyers, dentists, and other professional services. It's a wide range of people and there are about 180 in total.

The technical support is okay.

We also use Sophos Intercept X in our business.

CB Defense is pretty straightforward to set up.

The implementation was done by my own team.

This is a really expensive product and we pay licensing fees on a yearly basis. The subscription includes technical support.

I would rate this solution a nine out of ten.

It is used for protecting our file servers. Its version is kept up to date, so it should be fairly current.

We found that Trend Micro was producing a little bit more load on our servers than what we wanted. So, we went to Carbon Black because it was integrated with VMware. It is great on the servers. It puts very little load, and it does an excellent job.

I found it very valuable as a whole. It is good at detecting anything and has kept us very safe. It is also very easy to use. 

I haven't run into anything that needs improvement. The website interface can be a little bit better, but it's still good as compared to most others.

I have been using it for close to a year.

It is stable.

I believe it is very scalable. In terms of its users, for the most part, there are only two of us using it. I am the IT administrator and primary user, and we have an IT support person who handles PCs and backs me up on servers. We are taking care of its deployment and maintenance.

We are looking at the possibility of expanding its usage in the future to include desktops.

I've never had to call technical support.

We were using Trend Micro Apex One on our servers, and we found that Trend Micro tended to load the servers up a little bit. That's why we switched to Carbon Black.

It was very straightforward. It was very easy to set up. 

Its deployment didn't take that long at all. We purchased it and then just installed it on different servers, one at a time.

We did it ourselves.

I've never calculated an ROI on it.

Its pricing was very good, which is one of the reasons I went to it as an alternative. It is on a yearly basis. There are no additional fees.

We did not evaluate other options.

If you're running a VMware environment, you can definitely go ahead and use it. 

I would rate it a 10 out of 10.

We primarily leverage the product for its security functionality.

The product is pretty strong in terms of security and their features are very good in that respect. Their research engine, the antivirus engine, it's very strong compared to any other product on the market right now.

The solution is stable.

They do have options on the market that can scale. 

Technical support is great.

It's not too difficult to set up and the deployment is fast. 

Carbon Black does not have a big market in Pakistan right now. They are actually trying to penetrate the region right now. They don't have many customers. Even we are new to the Carbon Black as well, in that we knew about Carbon Black for a long time, however, as far as implementing it and giving it to our customers, we are still new to it.

The pricing could be more reasonable. 

I've been dealing with the solution for six to seven years or so. It's been a while. 

The stability has been excellent. There are no bugs or glitches. It doesn't crash or freeze. It's reliable. The performance is good. 

There are versions of the product that can scale. 

We have about three customers that use the product at this time. It's not that many as it's not a well-known product in our region. 

Normally they have pretty good technical support. Specifically, if you purchase the technical support directly from Carbon Black, then they are very responsive and very quick.

I also deal with McAfee and Kaspersky.

The initial setup is pretty straightforward, and the deployment is fairly quick. Of course, it depends on the environment. However, it shouldn't take more than a day or two to set up and to have everything up and running. 

We have one person, an engineer, that can handle deployment and maintenance tasks as necessary. 

We are able to implement the solution for our clients. 

The pricing could always be a bit better. They could work to make it less expensive. Right now, they are far and above more expensive than other similar options on the market. 

The license costs are paid yearly.

We are resellers. 

The solution can be deployed both on-premises and in the cloud.

I would definitely advise new users of just this one thing: that before thinking about Carbon Black or purchasing it, they should look for other solutions as well. As far as the cost is concerned, Carbon Black is much more expensive than any other product. That's something that needs to be taken into account.

I would rate the solution at a nine out of ten. 

We primarily use the solution for operations and also security. On the security front, we have a specific project that's ongoing right now. We are moving away from the on-prem Carbon Black to the cloud one. 

We primarily use the solution for endpoint protection.

The protection of the user machines has been great. For example, if a laptop gets stolen, or let's say, an employee gets let go, the product provides us with the ability to actually lock people out of the network and handle remote wipes and stuff like that.

The initial setup is very easy.

The on-prem one was very problematic, especially version 7.2, which did not play nice with Symantec at all. The last upgrade of the client actually triggered a block to the networking, to our active directory domain controllers.

There was a bug that we found was in Macs. It was triggering false positives as it wasn't able to figure out the right parent upon login. With the Carbon Black Cloud, we just got it two to three weeks ago. So far, I haven't seen any false positives. The cloud seems to be a much better product. 

With the on-prem one, the bug has been reported by the community in early January or February, something like that, at the beginning of the year, and it's still not addressed. They have released two versions since then, and yet neither of them addresses this specific issue.

I need more time to explore the cloud deployment, as we've only had it for three weeks at this point. 

It's been at least four years since we started using the solution. Four or five years.

We started with the on-prem one and now we're in yet another project with a cloud deployment.

While the on-prem has some bugs we have been dealing with, so far, after using the could for three weeks, it's like night and day. It's been very stable. There are no bugs or glitches.

I'm not aware of the scalability capabilities yet, as I don't have the entire company on it yet. We are still in testing mode. We just got the cloud deployment three weeks ago. So I can't really answer that truthfully.

Right now, we have seven people on the solution currently.

We haven't yet used the technical support. I can't speak to how helpful or responsive they would be.

That said, we did use technical support when we were on the on-premises version, and they were terrible. We would ask for bug fixes and new versions would come and yet they would not actually fix the problems that were highlighted.

We also use Red Cloak, which is a completely different prody=uct and something that we still use. 

The initial setup is very simple. The cloud version in particular is very simple. It's not overly complex or difficult.

I'm not dealing with the pricing. I can't speak to the costs involved.

There are two versions of Carbon Black that VMware has, one of them is the on-prem one and the endpoint clients are in the user machines and servers, so AWS and data center and VSS.

I'd advise those interested in the solution to go with the cloud deployment model. We've had a lot of issues with the on-premises version.

I'd rate the solution at a seven out of ten. There seems to be quite a disparity between the cloud and on-premises versions.