VMware Carbon Black Endpoint Reviews

We use this solution as an endpoint solution for protection.

It has improved our protection to have less false-positives. We have a greater ability to find malware notifications. It has improved between 30-35% more than prior to our use of the solution.

Data analysis is the most valuable feature because of the whitelist database. It is different than standard IDS solutions.

The UI interface needs improvement. The management needs further work in future versions.

It is a stable product.

We are not a very big company, so scalability is not very relevant to us.

Our experience with tech support is very positive.

We had experience with this product in our team prior to our setup, so it was simple for us. We had it up in a week. It may be less easy for non-technical people. 

I am not really involved in the pricing of this product. From my understanding, the price is okay for us.

We did consider other products but we chose this solution.

I would advise Carbon Black to work on the automation and make it a bit easier for the solution.

We use it for endpoint visibility and endpoint detection and response. It is our central mechanism for the cyber defense or endpoint detection, response and visibility.

We've integrated it with Splunk, with ThreatConnect, and a couple of others. It has a lot of modules for integration that has streamlined our ability to respond and decrease the amount of time for response, but also allowing us not to have to pivot to so many tools where we can actually work from more of a single pane of glass perspective.

I think something that is the most valuable is the time-lining capability for any breach activity. It gives us the ability for us to actively threat hunt. This is not something where it's a passive response tool where we watch things happen. In contrast, it actually does some heuristics, and some behavioral analysis, and we're able to do some prevention with it as well. I think that's really the strongest attribute, and it makes this a more aggressive tool than others.

In some areas one of the big issues for me is responsiveness to issues that arise with the solution. There are some components that leave a bit to be desired and/or that are bugs, or that even if it's a feature update request. These kinds of things are not the fastest company to respond to those. We did have a bug that was persistent for it's now going on two months and it hasn't been fixed. That is one of the drawbacks. This is really impacting what we need to do with it. But, the bigger issue is the organizational responsiveness to clients.

In addition, I think there should be a cloud gateway. It needs to move into a transitory space between our On-Premise and external where it does not have to be in two separate instances. It should marry the two. Also, it would be good to have them working in the containerization space, as well. To have a mechanism for securing cloud modules a bit better. This would be ideal. It would help encompass more of the broad range security so we do not have to couple this with other outside solutions.

 It implements and integrates very well with other security tools, cybersecurity tools.

The tech support communicates, but it's just not with movement. They are responsive, yet there is no quick motion often in regards to resolving the issue. I would personally give the tech support a rating of seven out of ten. 

The setup really depends on a few crucial elements. It depends on where we are, what region, what country we're in, and what PIA rules they have in place. For the most part, it is a fairly straightforward setup. I will say in the initial setup, Carbon Black was very responsive. They were really good at providing the assistance and the support we needed to get it set up, but it was not an extremely hard task.

It has the ability for you to upload the scripts or anything you want to run anywhere. The capabilities of this tool are almost limitless. That is why Carbon Black is a leader. You can run whatever script you want by uploading it to the tool. This is a very, very comprehensive feature.

We also looked at Rsam and ESET. We've used a multitude. So yes, we have.

• Make ssure that your firewall ports open and really test communication back to their server. 
• Make sure you don't have anything else that may be impeding it. 
• If you are dealing with any PIA countries or GSA (also known as TAA) countries, make sure you're working through their work councils.
• Make sure you look at a holistic perspective and have a plan in place on how to use this tool.

We include it as another layer of security for our endpoints/servers. The software is based off TTP (tactics, techniques, and procedures), and it complements our antivirus products. The software basically takes a snapshot of the system, then if anything happens which is out of the norm, the software alerts us. In some cases, it denies execution and will quarantine the endpoint from other systems.

During the company’s transition, we had a memory scraper infiltrate our network, and  with the help of Carbon Black, we isolated the outbreak to a few point of sale machines.. We saw a step-by-step account of how the software was introduced into the environment, the host it originated from, and the destination address it was connecting too. Carbon Black stopped the spread in its tracks.

• The software uses very few resources; it is almost invisible to the end user. 
• Behavioral Monitoring stops known malicious events before they even begin. 
• The whitelist: Being a Casino, we have some odd software packages. Being able to whitelist them is a must.
• The option to quarantine a device and use the cloud-based portal to gain a “shell” on the infected machine. With this, we can dump the entire system memory to a machine in our lab, then run analysis.

It works the way we want and how we want. 

For one improvement, an easier integration with an AlienVault USM appliance would be good. The directions for Splunk are spot on, but it is difficult to find anything on integration with AlienVault,

This product would help any organization to increase its detection and prevention with event investigations and immediate response to data infiltration. 

Carbon Black Cb Defense improved our endpoint level security. It helped to identify endpoint and infrastructure loopholes.

Carbon Black Cb Defense has a nice component called Alert Triage. It has helped to detect threats across the data. It contains full details of the process execution "kill chain" and "go live" for immediate remediation.

It would be a better solution if Carbon Black Cb Defense had an on-promise solution and a virus auto delete or quarantine.

No scalability issues.

The initial setup is straightforward. The configurations are a bit complex.  

The vendor has a high level of expertise.

The cost is a considerable factor, but the benefit factor is the most important. When you compare it with other products, the price is high. Carbon Black will negotiate the price.

We evaluated McAfee and Symantec.

I have done a few PoCs and implementations with Carbon Black Cb Defense.

The first case was in a financial institution with offices in several states which needed to increase the ability to detect and respond to threats.

Provides visibility into the chain of attack and threats that use valid operating system processes to execute attacks.

The go live, because it is possible to answer incidents while they are still occurring and minimize the effects.

Needs improvement in the area of infrastructure for on-premise installation.

No issues.

No issues.

Technical support is high level.

No previous solution was used.

No problem with the initial setup because it is a cloud platform.

The cost/benefit factor has great relevance in Cb Defense implementations.

We did not evaluate any other solution. We are partners of Carbon Black.

It is a product which will bring enough information and effectiveness in the detection and response to advanced threats.

CB Defense is a threat identification and protection solution. In general, it's more often deployed on the cloud than on-prem. The customer decides. 

CB Defense is more powerful, and you can take more actions than others. Its security features and signatures are constantly updated, so it is more effective than other security solutions. We can integrate with XCDR. Carbon Black EDR integrates with Carbon Black EDE. But you don't need to integrate CB Defense with other external security solutions.

Integration is difficult, but CB Defense is more powerful than others. It is difficult to implement but easy to pick up many detections.

I've used CB Defense for a couple of years.

CB Defense is stable.

Carbon Black support is easy to access and helpful.

The installation is straightforward, but it requires two to four members of our team to implement it, and deployment takes a couple of hours. You need admins to install it because it involves setting permissions and requires documentation.

All EVV requires licenses for the appliances as well as the security features. 

I rate CB Defense nine out of 10. It's different, so it stands out among all the others. Carbon Black is more costly but also more powerful and effective, so I recommend it.

We manage service providers. We provide this solution to other clients and companies that need it, and we are using the latest version.

It is stable and easy to set up.

The application control can be improved. It should also have an automatic update of the agents.

I have been using this solution for six months.

It is stable.

It is scalable.

Technical support is very effective. I am satisfied with them.

The initial setup is easy. It is not something difficult.

I would recommend this solution. We are going to keep providing this product. 

I would rate Carbon Black CB Defense a six out of ten.