VMware Carbon Black Endpoint Reviews

We primarily use the solution as endpoint security.

The security, specifically the endpoint security that the solution provides, is its most valuable aspect.

The initial setup is pretty straightforward.

The solution needs better overall compatibility with other products.

I've been using the solution for less than a year. I've only really been using it for the last one or two quarters of this fiscal year. It hasn't been a very long time yet.

The solution is quite stable. We find it to be a reliable product. There aren't bugs or glitches. It doesn't crash or freeze.

The solution can scale if you need it to. That's not a problem at all.

We have more than 10,000 people using the solution currently.

When it comes to technical support, so far it's been good. We've been pretty satisfied with their level of support. They are responsive and knowledgeable and we know we can get help when we need it.

We were not using any other product before we started using this solution. That said, we registered for other products too and finally decided to go with Carbon Black after trying out other options.

The initial setup isn't really complex. It's pretty straightforward. Those implementing the solution shouldn't have a problem getting it up and running.

The deployment only really took a few months. It was an okay process.

You need very little maintenance on the product. We have about two people here who manage it without any issues.

We're just a customer. We don't have any business affiliation with Carbon Black.

We're currently using the latest version of the solution.

Overall, I would rate the solution seven out of ten.

We are using the Carbon Black CB Defense for endpoint security.

I like the historical features, interface, and integration.

The feature set for the firewall needs improvement.

I am looking forward to learning more about the integration with VMware at the hypervisor layer.

I dealt with Carbon Black CB Defense approximately seven years ago, but have recently dealt with them again in the last six months.

At this stage, we have not experienced any issues.

We have not raised the case at this point with technical support.

The initial setup was straightforward.

We are still deploying this solution but it will probably take four to six weeks.

It's reasonable in price. We got a good price.

We were looking at either keeping our Symantec Endpoint, and evaluating Trend Micro, and CrowdStrike.

We chose Carbon Black because of Its integration, features, and usability.

I would recommend Carbon Black CB Defense for anyone who is interested in implementing this solution.

I would rate Carbon Black CB Defense and eight out of ten.

The primary use case is for stopping spyware, malware, and viruses in their tracks. 

It's very good at doing that. It has intelligent learning behind it and we have been very successful in preventing attacks.

We had a six-figure revenue stream knowing that we would be cleaning up viruses, malware, and spyware on PCs, every year. That was a revenue stream that we could just budget we were going to get. When we implemented Carbon Black, that revenue stream went to zero. That means that it's doing its job. 

From a business perspective, we've been able to virtually eliminate cyber attacks from spyware, malware, and virus perspectives.

It has intelligent learning behind it and we have been very successful in preventing attacks.

I have been using Carbon Black CB Defense for approximately three years.

We are using the most recent version.

The stability is fantastic!

The scalability is pretty easy.

Their offer to add to a tenant or spin up a new tenant, given the client sizes is large enough, has been pretty easy management so far.

I'm a managed service provider, and within my organization we only have between 40 and 50 employees managing endpoints for several thousand. My perspective will be slightly different. So, even though we use it as a company, we use this for our clients as well.

100% of our staff is trained on the use of Carbon Black because from the technical perspective, we need to be able to handle that as technicians and engineers. 

As far as our clients, they don't know the difference. They don't see issues, they don't have attacks.

My interaction over the phone has been mostly on the business side of Carbon Black and they're fantastic over the phone. They're fantastic to deal with.

As far as the support side, I've never had to make a call to them. 

I'm sure our lead engineer has had to make some calls for various reasons.

The initial setup is straightforward. It's super easy.

Our staff deployed this solution. We did not use an integrator or reseller, it was in-house.

I am currently reviewing Cylance and products from other vendors as part of our processes. We want to see what price points and feature sets and things like that, to see what would be better.

We want to know how Carbon Black compares to others; we've seen a little bit of that. I've got some documentation to review that. At this point, we're test-bedding several other providers right now to see if there's anything that does equally or better and that comes at a better price point.

We have the cloud center, however, the application's installed on each endpoint individually.

Each client machine has it installed, locally, so it's off-premises for us. I'm assuming that they would be running on individual client PC. 

The software is run here, we manage it within the cloud atmosphere.

We were an authorized reseller or we were an authorized business associate of Carbon Black. Since that's moved under Dell, I don't think that's a thing anymore. I would state that as we are mainly a Dell shop, we're an all in Dell shop. And so that's just a business decision we've made. 

We were a Dell VMware Carbon Black client and we had a relationship with them that preexisted our Dell partnership. Before Dell acquired Carbon Black, we were a partner of Carbon Black's. We had acquired this technology and we were utilizing this technology for several years in advance of that acquisition.

I'd recommended Carbon Black CB Defense 100%.

I would rate this solution an eight out of ten.

What I like the most about it is the dynamic grouping, where you get to group endpoints based on setup criteria. That's pretty cool. I like the simplified policy management and simplified white-listing process. Coming from McAfee, management has been much simpler and much easier to look at. 

I like the simplified management, it has a nice UI, and it's very simple.

The EDR portion could be better. I'm not a big fan, but it works.

The End Point Detection Response and the way it lays our processes with our endpoint and its detection engine, in the way that it detects the admin or alerts we based on a threat. I feel that they're a little behind on the market from my perspective.  

Overall, areas of improvement would be the EDR part, the detection, also the cloud console. If you're trying to write queries or something, it's very slow, just not robust.

It's a cloud console so it should be fast. If I run a query and I press enter, if it took two seconds, it wouldn't give me a nice loading interface, because it's stuck. I would see an operating system most of the time. 

I feel like it should be faster. But as far as the price and everything, I think it's a good product.

We're actually doing a migration from McAfee to Carbon Black. The migration project has been about 12 months right now. We're slowly migrating.

Stability is one thing that's not robust. Other products are faster, but as far as the CB Defense, it's slow. We had some issues with the sensors and we also saw slowness on the Windows side, Windows file share, which actually was fixed in the next new version of the sensor.

I'm the only network security person here. But the other users who have different roles have access as well. In my team, there are five or six people. But I'm the only one actually directing changes.

We use it on a daily basis. 

There are always alerts so I'll always have to check into alerts and see what's going on and then do some more analysis. If it's a new application we are implementing that will also need to be configured on Carbon. 

The deployment process is straightforward. 

We're still deploying it slowly, little by little because we use a lot of critical applications and if Carbon Black interferes with the application, it will stop working. It needs to be tested thoroughly. It's a long process. 

All of its applications need to be tested thoroughly and then tested in a testing environment. Then we deploy and monitor, make changes, and stuff like that. As far as general users, laptops, and stuff, that's pretty straightforward. It's just part of the image. I have to write that script to uninstall McAfee, the whole migration. It's pretty straightforward. It wasn't complex as far as the installation or deployment.

There was also a technical lead for this project. It automatically comes with professional services for 10 hours and the documentation is pretty clear. The professors helped through the process. 

I think it's 28 per employee a year. 

We also looked at CrowdStrike but it was a little too expensive. 

The implementation is very easy but the security aspects could be better. 

If you don't have a SIEM solution in your organization, you're probably engaging via email.But there's no way to point me to customize the email templates if I want to see more information on that email before going to the console. It's still a business and company, but I'm the only one who is managing everything. So when I see the email on my phone, I want to see more information before logging into the console. I want to see more filtering options to narrow down more field training. 

I also wish it was easier and more intuitive in terms of searching for queries. I feel like it should be simpler. It doesn't make sense to have it this hard.

I would rate it a seven out of ten. 

We started using it to protect our environment from ransomware specifically.

Carbon Black works completely differently from other products. We tested different products and Carbon Black was selected because it does not remove a virus but it kills any suspect operations and it's up to the admin to check the scenario. It kills the "effect," if you will. If you receive ransomware or anything suspicious, it will kill the process unless you allow it, after receiving warnings.

I cannot say it's pure AI, but the way it works is that it stops any suspicious activity, not based on signature-based attacks. It works in a way that it detects that a given effect is unusual.

Also, you can deploy it through the cloud so that even if your stuff is outside of your controlled environment, you are still under control, based on the policies you create. The policies are controlled through the cloud. For example, if I don't allow anyone to do a certain activity or to install a particular app, and a consultant or a partner who is not part of our environment is doing so, it will stop them as well. Because of COVID-19, we are all working from home. Imagine if the centralization and control provided by the product were not on the cloud. We would lose control of the people working from home. So the centralized cloud control is one of its more effective aspects.

As far as I know, Carbon Defense has nothing that can be installed on mobile devices. It lacks a defense solution for mobile devices, especially mobile tablets. I would like to see support for mobile devices and the pricing should be less than the pricing for a normal workstation.

Also, there is not much education for customers about Defense versus its other products. They promote Defense as enough, but then they say if you need more protection you can go for CB Response. I don't know whether it's a technology issue or a marketing issue, but they should teach the customer more. They tell you you are secure with Carbon Defense but then they recommend Carbon Protect. There is not a lot of education on this.

I don't want to have an incident in the future and their answer will be, "Sorry, you did not buy Protect." Security is a continuous process. I can accept that it has more features, but don't tell me, "You are not protected because you did not buy the more expensive product."

In addition, these other products should be add-ons, not separate products. And the cost for them should be much less for adding on because you are already a customer.

Finally, we receive a lot of high alerts. There is no priority system, from one to 10, where 10 is very dangerous and one is something easy. There is no way for us to tell why this alert is similar to that one.

I have been using Carbon Black CB Defense for two years.

It is stable. It does not use a lot of CPU or RAM. This is one of its good points.

We have about 1,000 users. Scaling is always possible because it's a cloud solution.

They have good local support, here in Dubai.

Deployment takes too much time because it has a lot of options. The implementation was not an easy process. I wish the implementation was easier. But it has a positive effect in the end. The complexity pays for itself ultimately. You do not spend time on the complexity and then get nothing as a result. So the complexity is something that is necessary.

We were new to this product. If the deployment took, say, two weeks, it took us a very long time, maybe a couple of months, until we knew this product was solid. The education services given by the partner are not enough. It was a completely new product for us, so we needed a lot of education. While the implementation took two weeks, it really took two months to go through all the options.

We had a consultant at the beginning.

We have branches, we have different companies, but we cannot buy less than 100 licenses. This does not make sense to me. We do have some big companies within our group. But if I have a small office with 20 users and all my licenses are in use, the next buy cannot be less than 100 licenses. We have to do a lot of implementation and communication to add that many. But we only need 20. They are not flexible in the licensing part. It should be more flexible. 

I can understand their saying, "Okay, to be a customer you need 100," but to add on to that number it should be something very straightforward. If I need to add five, for example, I shouldn't need to add 100.

I'm not happy with the way they are treating existing customers for adding licenses. I sent an angry communication to them, to the management, and said to them: "With 1,000 users, I need only another 50 licenses. Why do you want me to go for 100? It's a stupid policy." Then I got approval from them for fewer. I don't need to buy subscriptions for users I don't have.

Also, licenses should not be per endpoint but rather per user. If I am the same user on a mobile device or on a workstation it should be one license for me.

To compare apples to apples, before going for Carbon Black I was thinking about CrowdStrike. CrowdStrike has a lot of very beautiful features that Carbon Black does not have, like IT asset management. But I am not buying this type of software for IT asset management. I'm buying it to protect my infrastructure from big threats. While CrowdStrike has many good features that Carbon Black does not have, that's not the case when it comes to security. CrowdStrike is a very good product but it's more expensive. If you buy all the components of CrowdStrike I can assure you it will be much better than Carbon Black, but cost is a factor.

Our previous product, Kaspersky, was fine but it's not on the level of Carbon Black. Carbon Black is called a next-generation antivirus because it does not only work based on signatures. With Kaspersky we had an incident, and one of the servers affected was the Kapsersky control server.

My advice is to get enough information about the differences in Carbon Black products from day one. In other words, if Carbon Black is claiming that Carbon Black CB Defense is enough, why are they always promoting the more expensive product, which is Carbon Black Protect? So, you need to be educated well about the differences between the products.

Also, look at the roadmap of the product regarding whether there will be good mobile protection for mobile users or not. And be aware of the minimum license purchasing policy.

The number of people for maintenance of the solution depends on how your environment is structured, but in our company I need five people.

It was basically for an EDR solution. We were apparently in the migration phase, to be frank. We were using McAfee VSE, and we wanted a media solution which would give us more insight in terms of the events that are happening with respect to Malware threats. So that's the reason why we went for the Carbon Black Defense.

It has improved the number of alerts or the number of threat events that we are able to recognize in our environment. And it also highlights the usage of potentially unwanted programs. So these are the ways in which that highlighted the possible vectors through which we can have an incident happening in our environment. That is one thing that we have seen. 

In addition, the detection ratio compared to that of a typical anti-virus and the EDR solution or the next gen AV as they call it, is on the ratio of one to ten when you compare it with a Symantec Endpoint Protection, McAfee AVR, or VirusScan Enterprise versus Carbon Black Defense.

Carbon Black Defense has a higher detection ratio because it's cloud-based and it also does a lookup to virus total, so it is out of like 65 vendors that are normally listed in virus total, if there are any kind of hits out of those, in that case, it is getting recognized as a known Malware or a suspected Malware. Under these categorizations, we are able to see a spike in the detection ratio. It is enlightening us with respect to what are the programs that are generally used in our environment and how they are compliant with our environment.

It is still evolving, as we see. We started using the version 3.0. We've been migrating and upgrading as well, laterally, until version 3.2. So, we have been seeing a lot of improvements in general in terms of bug fixes and in terms of what are the things that we had encountered.

I think they can probably bring in because there is a little bit of a gap between the native Antivirus solutions like Symantec or McAfee. So, you really can't say whether an end user will not be able to judge whether it's a Malware-free software that they are downloading or not. In those cases, if you have an application and a device control feature, I think it would be of great help.

We had some issues with the stability. In regards to the driver file, and the CTI files, there were some issues.  In addition, there were a couple of issues with servers and the workstations. It was an intermittent issue, and not widespread. But it was basically because the current organization I'm working with, we created a lot of in-house applications. They don't go very much hand-in-hand with Carbon Black enabled. They have certain behaviors, like they inject code into themselves, which is a design that they have. Even the Microsoft authorized or licensed tools exhibit such kind of a behavior. And these behaviors are being identified as a malicious behavior. 

I think it would be better if they can have an application database, where if these kind of applications are performing this, you can bypass, or you can overlook them. Something like that would be helpful. Otherwise, we will have to manually bypass them or allow them logs, as per the policy configuration for these applications. It takes a little bit of an extra time in terms of developing a new tool in the in-house application, as concerned.

I would say, not really. But we have a, how to say, our hands are tied down in terms of generating reports to understand or analyze the trend or anything of that sort. Because when you look at the EPO, you will be able to do certain trend analysis on the basis of the data that is already available in the database. But ,we can hardly take any kind of a report out of Carbon Black, so I think that should be something that should be more user-friendly. They are asking us to use API's, and not everybody is well-versed with API's or scripting.

They also do have a limitation on that, in terms of pulling out the raw data of events. The event generation is like a 1:10 ratio like I said. That detection is also on the same base. So if you have to pull out a report for an end-point count of, say, 35,000 to 40,000 endpoints, the events will be on the higher side. So, the limitation is set to 5,000, which is not realistic.

Tech support with Carbon Black is a current point of contact in the tech support. So whatever it is we interact with a single point of contact. And more of a liaison where he can bring in people from the developer side, or the account manager, or the technical manager, or whatever it is. We can get them into loop. That's the kind of the support level that we have subscribed. We don't reach out to the normal tech support by call-dialing into a number. They are responsive. We have really not tried off-business hours out of US time zones. I think that causes a little bit of a challenge because we are not able to catch hold of the right person at the right time in case of any kind of outages or something like that.

The service response is pretty much satisfactory. But if you look into a 24-7 support, then you might have to wait in the morning. I'm located in India, so if we have to look into reaching out to a person in the US during the Indian business hours, in that case, it's night. So, we will not be able to reach our support person. So we might have to rely on calling someone during that time. But we normally don't do that. Until now, we have not got any kind of an issue where we really have to contact tech support during the off-business hours. Because we do have our US counterpart, so we work on that particular region timings so that we can involve Carbon Black support to get the maximum out of them.

We did a comparison of products and analyzed how many of them are getting detected on a weekly basis. We also did a trend chart for a monthly threat review. Which basically was with McAfee VSE and Carbon Black. And we thought, that is the reason why  it was like one is to ten over a week or a monthly trend.

I was part of the initial set up. We were doing a comparison with FireEye HX and other tools, as far as CrowdStrike ,Avira and Carbon Black. We chose Carbon Black, and I was part of the initial setup. And since we don't have an in-house setup, we have a cloud-based console, we don't have a dedicated server set up. It's much easier to implement with a cloud-base. So the resource requirement is much lesser in terms of the hardware is concerned.

I think it took somewhere around four to six weeks of time. We had the implementation done and then we were into the testing phase by doing UT testing and stuff like that, internally with a closed group. And then we moved on to selected groups and users who might be important in terms of revenue generation, and stuff internally, so we did that. And then we moved on to the global deployment. I think, over a period of time, I would say the initial implementation was done with a maximum of four to six weeks. And then, I think within six months of time, we actually had the complete deployment done.

It was pretty straightforward. The console was easy to understand because we have had complex consoles with EPO. This was a pretty straightforward console. And the user guide basically gave us the information about what we can do and what is available. Though it can still be more extravagant in terms of describing itself. But, it just gives you the right information in a short and sweet fashion.

They're still evolving. I think they should reach there in a couple of years, I would say. I'm not really sure what is their roadmap, so that is one thing that I can say. But that should be something that would come up as an add-on or something like that which can be purchased or which can be given as a free component as well. I'm really not sure, but I think they might think in these lines, to bring about a better security control with the Carbon Black AV, to be specific.

I think the only advice that I would like to give is you need to really test it on different platforms. That's the only advice I can give you, because if you have a versatile environment, such as ours, while we do create a lot of in-house applications, we need to have an extensive testing done so that we don't end up creating a roadblock for other teams who are into software development and software testing. And those kind of lines. That might create a lot of issues with Carbon Black. If you test it prior, then probably you would have a better idea as to what you're getting into. And implementing it would be even more easier in that case. I think we did the right thing in terms of that because we know our environment better. If you know your environment better, you would do the right thing.

I just told you the price point that's one of the factors, basically because that is what the higher management gave us as an input. But, we didn't play a major role in terms of deciding. That was done by another person from the organization. So, that was just a communication that we received. So, that's how much I know about it.

We also had a review of FireEye HX as well, but we chose this in terms of the utility and also in terms of the cost involved. So that is the reason why we chose CB Defense. And, so, that's the reason why we are currently using CB Defense. We wanted to have an insight about Malware, the vectors for which they come into and what kind of a behavior they exhibit. So these are the things that we are basically looking to the Carbon Black Defense.

I think they can probably bring in because there is a little bit of a gap between the native Antivirus solutions like Symantec or McAfee. McAfee does have a separate product, the application control. And Symantec Endpoint has the application and device control as a built-in component in 11, 12, and I think in 14 it has the same. But the EDR solutions currently don't have that kind of a feature. So, if they can incorporate that, it would be a better security control and an antivirus, basically, because you do have instances where Malwares are getting into the network through an RFD or through a particular free software that users might download from the internet.

In terms of the fixes from what the behavior was with the environment, it has been evolving. And the only thing that could be improved is enabling Carbon Black to be a part of the image so that when we are doing a image refresh, Carbon Black would be present by default. But in the current conditions, by definition, it needs to have an internet connection for you to install Carbon Black. Because it connects to the cloud as a first step after you start the installation. So, since we cannot have that kind of a set up for an image, we are not able to put it into an image, basically. So if there comes any kind of a version where it can be done, probably it might be more helpful in terms of a mass deployment.

They might have to create a little bit of better knowledge base articles which will give us an insight as to how this is working and what logs we can look into for analysis. The gap can be made much shorter in that aspect. The report generation and trend analysis or data analysis can be improved.

I use VMware Carbon Black Endpoint for its capabilities related to EDR and antivirus support. The tool offers protection to me with its advanced antivirus technology. The tool also protects me from threats.

My company does benefit from the use of the solution since it detects live threats, malware threats, possible ransomware attacks, and other such areas.

The most valuable feature of the solution stems from the fact that it is one of the best EDR tools in the market.

The product's reporting capabilities are an area of concern where improvements are required.

From an improvement perspective, the price of the product needs to be lowered.

I have been using VMware Carbon Black Endpoint for two years. I use the solution's latest version.

The performance and stability of the product is very good and simple. The tool is very fast to analyze issues. It is a very stable tool. Stability-wise, I rate the solution a ten out of ten.

It is a scalable solution. Scalability-wise, I rate the solution a ten out of ten.

Around 22 people in my organization use the solution.

My company does have plans to increase the use of the solution.

The solution's technical support was simple and good. The technical support team responds quickly to my queries.

The product's initial setup phase was easy.

The version of the tool that I use is a cloud-based one, so in our company, we needed to create the policies and then use the tool for the endpoints on the desktops.

The solution is deployed on the cloud.

The solution can be deployed in half a day.

I did seek the help of an integrator to help with the implementation process.

My company needs to make yearly payments towards the licensing costs attached to the product. The product is expensive. There are some additional costs apart from the standard licensing charges attached to the solution.

I recommend the product to those who plan to use it since it is a stable solution.

I rate the overall tool a ten out of ten.

The product's most valuable feature is its ability to be fully integrated with the VMware environment.

The product's stability could be improved.

I have been using VMware Carbon Black Endpoint for one or two years as a system integrator.

Stability-wise, the product could be better. 

The platform is very easy to scale. It is suitable for small and medium businesses.

The technical support services are good.

Positive

VMware Carbon Black Endpoint's installation is easy. The deployment takes one or two days, but the training administrator takes more time.

I rate VMware Carbon Black Endpoint a ten out of ten.