VMware Carbon Black Endpoint Reviews

The product is an endpoint security product. It's kind of like a replacement for a traditional antivirus.

One of the strong features of the product is its endpoint visibility. It gives you more visibility than a traditional antivirus would give you.

The visibility provided has been great.

The ease of deployment is definitely a great selling feature.

The stability is good and the product is pretty lightweight.

The solution scales well.

The reporting could be improved. Some of the built-in reporting isn't ideal. They have an API and everything you need that you can kind of hook into the product pretty easily, however, it'd be nice to have some built-in reports instead of having to seek them elsewhere.

The solution needs expanded endpoint query tools.

I've been using the solution for about a year.

The stability of the solution is good. There are no bugs or glitches. It doesn't crash or freeze. It seems to be a little bit lighter on resources than our previous antivirus.

The product can be scaled pretty high. We have about 3000 sensors deployed. However, it can go a lot higher than that. It depends on your internet connection for the reporting or the information, basically.

We have kind of a desktop security team that is about five individuals that administer the product part-time, and that can access the console. A couple of them are the ones that spend the most time in it.

We use the solution extensively and we may look at expanding the EDR  - stepping up to one of the other products and adding capabilities. Therefore, we're likely to increase usage in some form in the future.

Technical support needs some improvement. They don't seem to respond so well to technical help. The good thing is we don't need that much, however, they need to probably improve that a little bit for others who might require more assistance.

We had McAfee antivirus and it was difficult to tune the policy without compromising security, I would say. Its footprint was a little high. Its performance wasn't that great in terms of end-point performance.

The solution is easy to deploy. The implementation process is simple. It's not overly complex or difficult. 

While the rollout is pretty easy, you have to kind of tune it a little bit for applications as it discovers them.

To deploy a sensor, it takes just a couple of minutes or so. Then, to kind of tune the policy itself, you are probably looking at a couple of weeks.

Initially, we use the services provided by the vendor, like an on-ramp kind of service. They were great. The team was pretty helpful. 

We pay about $15 a node. It's just a standard licensing fee and that's it.

I'm just a customer and an end-user.

I've been using the latest version of the solution.

The sensors are on-premises, however, the console is in the cloud. It's a VMware product that runs on Amazon.

I'd advise those considering the solution to seek out some of the training to see if you can get it bundled in with the deployment. The more advanced training, to kind of how to tune the policy and stuff like that, would be helpful to have.

I'd rate the solution at an eight out of ten as there's still room for improvement in things like reporting. However, the impact on performance and the ability to have greater visibility were pluses in my book.

My clients are using this solution for security as their frontline defense. They are using a whitelist that has all known software allowed.

Once the solution is installed and configured correctly it does not require a lot of hands-on attention until you need upgrading.

There are many different controls that are needed to be put into place for upgrading that makes it difficult. Having to re-engineer your IT infrastructure to match their software, as opposed to having it integrate and work independently causes difficulties. When there is an update to any software everyone has to be involved.

I have been using this solution for approximately six years.

The solution has been working well, nothing stands out as an issue.

I have found this solution to be highly scalable. We have clients that are large-size companies using this solution.

The technical support was great when we used them.

I rate the technical support of Carbon Black CB Defense a nine out of ten.

The solutions provider has made great strides in the last four years making it easier to implement. However, the way their architecture is makes it difficult, the installation is quite a cumbersome process to integrate everything together.

My advice to those wanting to implement this solution is it not easy and it takes time and money.

I rate Carbon Black CB Defense a five out of ten.

While there is an IR team that is responsible for managing EDR or deep analytics, our focus is on endpoint and antivirus protection. This is where we encounter signature updates. We look for false positives in their relation to file interpretation. Should anything occur, we can instantly respond. Instead of sending a sample and getting coverage, we can put a policy and place an immediate stop on the false positives.

While I consider the product to be top notch and am happy with it, its reporting aspects need to be addressed.

I would definitely recommend Carbon Black CB Defense to others who are contemplating using it, but its administration features need fine tuning. I believe this is already being addressed so that gaps can be filled as these relate to other leading technologies on the market.

The GUI and reporting should also be addressed.

We have been using Carbon Black CB Defense for the past seven to eight months.

I have not had occasion to make use of technical support, although I may have in the future, as I am the product person who is working with another experienced team and there is a process under way to migrate from McAfee to Carbon Black CB Defense. 

The initial setup was a bit difficult since we had to do it manually or through the use of a script.

The price for the solution is completely at government level, meaning one which is very high, although it is up to management to consider this criteria.

Our company has over a thousand people who utilize the product. Going forward, everything will be managed by Carbon Black CB Defense.

I would rate it an eight out of ten. 

The solution is primarily used for protection. It's used on all of our servers and all of our workstations.

The product has considerably decreased any of our malware or malicious software injection within our organization. Since March of 2018, we have not had a malicious intrusion success. It's kept us quite safe.

The solution's most valuable aspect is its process monitoring due to the fact that it doesn't necessarily use signature-based definitions. It uses processor-based definitions. If a process tries to spawn some type of malicious process, it'll stop it.

The initial setup is easy.

The organization has to protect against users and Carbon Black does just that for the company. What I mean by that is not all users are savvy enough to understand, "Hey, I shouldn't be running this or I get a pop-up on a browser and I don't click on it." Carbon Black stops that if they do.

The solution is extremely scalable.

The alerting mail needs to be customizable. Right now, it isn't. That has to change. Right now, I get a lot of what I call noise email alerts. All I hear from them is, "Well, we're working on it. We're working on it." Well, they've been working on it for four years now, and nothing has changed.

In the past, we've seen some stability issues in the latest version releases. We tend to hang back one version just to make sure issues are fully resolved to avoid user disruption.

We've been using the solution since 2017. It's been a few years at this point.

The solution is generally mostly stable. We tend to try to stay one version back in order to get better stability. I've run into problems already where Carbon Black has flagged certain things in a later release that they weren't flagging previously and it disrupts my user base.

The scalability is very good. It's pretty much unlimited at this point. A company can scale however much they like with no trouble.

We have over 500 licenses. The use cases are mostly for our servers and our workstation user roles are drafters, engineers.

We use the solution enterprise-wide. I'm not going to increase usage except maybe to increase the license count if servers or workstations go up.

Their technical support is beyond compromise. They've been absolutely excellent. We're quite satisfied with their level of attention. 

We were previously using Symantec. We switched for numerous reasons. One of them was the fact that Symantec was just not catching a lot of our intrusion at that time. Again, this would have been back in 2017, and a lot of the malware that was coming out back then, the agents weren't catching as quickly. Nobody really had much sense of what zero-day attacks meant.

The initial setup is not overly complex. It's pretty straightforward.

The deployment was fast and the process took maybe two hours or so. The deployment strategy was just running the installation agent.

There really is no maintenance required. It's just as simple as re-installing or installing the agent.

We didn't need to use any integrators or consultants for the deployment. We handled everything ourselves in-house.

We noticed an ROI after about six months of working with the solution.

Previous to Carbon Black, we had a malware attack that cost us a significant amount of money. We haven't had one since, and therefore, our return on investment has been significant.

We simply auto-renew every year. I can't speak to the exact pricing. My standard license includes everything that I need without any extra costs.

I was looking at the possibility of replacing this solution with Defender, as that's part of our Office 365 licensing package that we have. I was asking myself "will this help? Is it really worth me spending x number of dollars for CBD versus using Defender?" However, after careful examination, we decided to stick with Carbon Black.

We're generally always using the latest version of the solution, minus one. What I mean by that is it's not always current, however, it's always at least within one of the most current versions. We've got too many things going on to really be on the bleeding edge if you will. At times to go up to the next one I want to be sure I have a good stable one. What I'll do is let's say 3.3 comes out next week, I won't necessarily go to it. I will wait until 3.4 comes out to go to 3.3.

While the agents are installed locally, everything basically goes through the cloud. We don't deal with on-premises deployments.

I would advise new users to be cautious or policy settings. I'd also warn them that they should be prepared for lots of emails.

Overall, I would rate the solution at a nine out of ten.

We use Carbon Black agents that are monitored by the Forescout Extended Module for CB. It will check that CB Agents are deployed and are in running state to secure containers across vmware environment.

The dashboard shows the security analyst who looks at the reports of the threats around policies monitoring Carbon Black agents. The discovery happens in Carbon Black, and as part of the discovery, it will monitor multiple Carbon Black agents. Deployment is on hybrid cloud VM cloud on AWS.

Technical support is excellent. It's also stable, scalable, and easy to implement.

In the next release, it would help if we can get better control over containers. This will help secure the containers in multiple environments. For example, we need to secure the Kubernetes containers. Apart from admin user login to see containers processes running, developers & operate team users also should be seeing the container's processes running.

I have been using Carbon Black CB Defense for the past year.

Carbon Black CB Defense is a stable product.

Carbon Black CB Defense is a scalable product.

We have extended support from the IT technical team and the engineering team from VMware. Their support is excellent. I don't see any issue with technical support.

The initial setup and installation are straightforward. Typically it takes just two days to set up Carbon Black agents for the post cloud. A team of about 15 technical people deployed this solution.

There is a very big team from VMware, including VMware support, who implemented this solution. 

The licensing costs depend on how many policies you have on the extended module for CB. We pay between $5,000 to $7,000 for a license for the Carbon Black monitoring agents.

On a scale from one to ten, I would give Carbon Black CB Defense a seven.

It has allowed us to protect our organization from viruses. We've seen many cases when people try to install innocent application, such as a web browser or something like that, and then there are attachments that are not so innocent. Carbon Black tells about such things.

I like its protection very much. It protects and allows us to lock the environment pretty tightly. Nothing that is not approved through Carbon Black can run in the environment. There is no default. Everything goes through Carbon Black Protect, and everything has to be first approved. Every software is considered to be guilty before prove innocent.

It could be a bit complicated. You have to be very familiar with Carbon Black to understand what it is doing and why it is doing. I would like to have more explanations and simplification in the user interface. It would be good to get help and see more explanations. It should tell us that a software is blocked and the reason for it. It would be good to be able to build chains in terms of what caused what, what worked, and what caused an issue.

We are now moving from Carbon Black to Cortex XDR. While choosing antivirus software, we were also looking at Carbon Black because it also has an antivirus package, and it is next-generation, but we were told that Carbon Black doesn't support firewalls. We have Palo Alto firewalls. We would have chosen this solution if it supported firewalls, in particular next-generation firewalls, but unfortunately, it doesn't. Therefore, we decided on Cortex XDR because it integrates with Palo Alto firewalls.

I have been using this solution for one and a half years. In our company, it has been used for around five years.

It works. I was actually very surprised about its stability. It is in a virtual environment. It works in a VMware environment for us. Sometimes, latency discrepancies are very high, but it is pretty stable.

It is scalable. We have about 400 machines here, and everyone is using it. It protects 400 nodes. We have one server that serves all nodes. The number of machines is growing slowly. We had 350 machines earlier, and in one year, the number is 400.

I never had a need to use the tech support. My boss, who actually implemented this product, used their technical support, and he was okay with it. 

We have Symantec Endpoint Protection, and it has some functions similar to Carbon Black, but not all. Carbon Black is definitely better because Symantec Endpoint provides some protection as a part of their antivirus solution, but it is not as powerful as Carbon Black.

When I joined this company, Carbon Black was already very well established. All rules and all groups were in place. The person who worked before me did a great job.

It does everything that we need. We can configure it very strongly and lock the environment, which sometimes can create an administrative headache for us and some hassle for users because the users cannot install some of the software and have to ask us to enable the software, but it is exactly what we wanted.

I'm pretty happy with this solution, but unfortunately, at this point, we will have to stop using this solution, but this is not what we want. We are going to use Cortex XDR, but we are not sure if it is possible to work back to back with Carbon Black. Cortex initially told us that Carbon Black and Cortex XDR are not compatible, but it was just word of mouth. At the same time, Carbon Black is not on their incompatible products list. It would be good if these two are compatible because I can imagine the amount of time it would take to translate all the rules from Carbon Black to Cortex and handle all errors and other things.

I would rate Carbon Black CB Defense a nine out of ten. 

Basically we use the solution for protecting and detecting misuse of end-users while using their end-points to access the internet, especially for browsing websites, or suspicious activity as far as misusing their web browser. It protects them from web-based attacks such as DDos (Denial of Service) or ransomware. 

What I find most interesting is the performance of the end-point client, as well as the capability of detecting any activity on the end-user while using their browsers to navigate the internet. 

To monitor that activity from a security standpoint, detecting cross-site scripting or SQL injection activities that might be coming out from the browser. That's a very needed feature that allows it to distribute the security across the company and not centralizing it only on the firewalls or in the intrusion detection systems. 

The solution is quite customizable.

It's easy to set up the solution.

There's lots of very useful documentation online to help troubleshoot and learn about the product.

I can't think of any feature that needs to be enhanced or reviewed at this time.

Some of the features that I see as an end-user, unfortunately, I haven't been able to see from a project management standpoint. I'm not sure if we're actually taking advantage of all the available features. I don't know if it's because we haven't configured it yet, or we are not using it. 

I'm not sure as to the logic of how we've decided to customize it. We've only really used it since February and therefore there may be more to do on that front. That's why it's hard to say if something is missing or if we just aren't utilizing it.

I've been using the solution for about a year and a half.

It's pretty stable. We haven't heard of any issues and we don't know yet about usage and security issues outside of the performance or any stabilities in the product itself. So far I would say that I consider it stable - very stable in fact.

Given the number of people that are using it, I would consider it as scalable without having specific details on the performance, on the central management, or the management points. I would say that, due to the behavior of the solution with the end-users, it's a good solution. It is scalable.

I haven't used technical support myself just yet. I've only really gone as far as looking at their documentation on their website, including the blog, user support page, and other related documentation. I would say that is good. It's enough. 

There is more than enough information for tech-savvy people, and knowledgeable people that are looking for specific things. There are details telling them how to fix certain issues related to the product, or how to manage some of the product software. I would say that the documentation and the support are okay. It's what I would use personally. I prefer either looking at the documentation myself and then calling the call center after that if it's still necessary.

We found the initial setup to be relatively straightforward. It's easy. It's not complex at all.

The time it takes to deploy depends upon the number of end-points that you are deploying. That said, as far as I know, it took us probably six to nine months. This is due to the fact that there were some other technical issues not related to the service. That was my understanding at the time.

We're just customers and end-users. We don't implement this solution for clients or anything like that.

I'm not sure which version of the solution I'm using. It might be the latest, however, I can't say for sure. We use it at a bank for our endpoints. Therefore, it's likely the latest.

There are between 20,000-30,000 people using the solution within our organization. It's definitely 20,000 at least.

I would advise others to basically set the expectations as far as the features they expect or need from a security solution. This solution can't solve problems related to security practices within the company. Internal policies must be in place. Then, figure out how to integrate this solution and its available features into your internal security protocols. 

Overall, I would rate the solution at a nine out of ten. We've been pretty happy with the product so far.

We used it for EDR, as well as endpoint protection, the whitelisting feature.

The EDR and reports were helpful in improving our organization.

The EDR was amazing. It was very responsive. It did an excellent job of providing us the information we needed in a timely fashion, as long as the latest agent was up-to-date on the client.

The whitelisting system, and the concept of it, overall, is pretty decent. The problem with the whitelisting capability is that it's pretty archaic. Based on all the security roles and the release privilege, it could take time for an application to be whitelisted and approved for use.

The Mac support needs improvement, as it had next to none.

The biggest problem we had was the Mac support. It had very little, and my C-suite is almost exclusively Mac, as is my marketing and development department.

We had used the Carbon Black CB Defense for two years. We changed to another solution approximately nine months ago.

We were using the latest version at the time.

The stability of the on-premises servers had no issues but the resource allocation on the clients was a bit high, especially with having to run two agents. The detection agent, the Whitelist, and the control agent.

We didn't have any problems scaling this solution.

It did the job. It was great for Windows, but it had no Mac support and had nothing for Linux, which makes it hard.

We had 150 users in our organization. Their roles varied from CSF departments through to my C-suite.

Technical support seemed pretty good and I didn't have any problems with it. 

If we had a problem or a question, and they would get back to us in a reasonable amount of time. 

The only place that we ran into trouble was with Macs. That's my general theme here with Carbon Black, unfortunately.

I would rate them an eight or a nine. They were good for the most part.

Previously, we were on the Kaspersky Enterprise Solution for a couple of years. It was a signature-based system. Signature-based systems are getting easier to get around by the attackers these days, so we swapped over to something that is a little closer to attack vectors, which says, don't run anything that we don't approve.

The initial setup was moderate.

For others who are interested in using Carbon Black, I would recommend checking your use case. If your use case is Linux and Mac, then it will be problematic, based on my experience.

These days, with VMware taking them over, I'm willing to bet that that's going to change.

I see some redemption in their future, with VMware owning them. VMware is a very strong player in the workspace, and especially with their workspace tool that VMware's building to work with Windows, Mac, and Linux clients, in order to do VDI.

For the Windows endpoints, it was incredibly useful, nothing got through it, which is a bad thing in some cases because we hadn't tagged the certificate platform appropriately. So, it's a bit of an improvement needed there, but the biggest complaint is around the operating systems not being available.

I would rate Carbon Black CB Defense a seven out of ten.