IT Central Station is now PeerSpot: Here's why

Carbon Black CB Defense Room for Improvement

MK
IT Infrastructure and Security Manager at a paper AND forest products with 1,001-5,000 employees

The node management could be much better. The one thing that they cannot do very easily is change the tenant from a backend. As an example, assets were sold from a company called Rayonier Advanced Materials and went to GreenFirst, which became GreenFirst as a startup. We had a tenant where all the machines were registered to the cloud. That is the tenant that was there for Rayonier. It is very hard for them to make changes to the tenants, such as rename or anything like that. What they really would push you to do is, "Your tenant is going to be under your company name. You have to uninstall all the agents and reinstall them again." Making changes at a tenant-level would be a welcome feature to allow divestitures and things like that.

They can do some of these things, but they're not very user friendly or easily done. They basically tell you to do the hard lifting yourself. For example, they basically kept pushing me and saying, "Uninstall your antivirus on about 500 machines and reinstall it with the new tenant information." I would say "No, everything is a tenant. Rename me the tenant."

I would like to see the GUI improved and easier troubleshooting. One thing they did that makes it easier in troubleshooting versus the older versions of the software is that now you can actually drill down to see the parent process and go all the way down. 

In CrowdStrike, they have a timeline where they actually build the whole scenario as to what happened. It's like a playback. It's almost like a movie. You play back and it says, "Okay, this process ran," and then it shows what it caused and everything. You can see all that and if there are any screen outputs it puts it on because CrowdStrike actually maintains some of those things. A playback feature would be very valuable.

View full review »
GM
Lead IT Security Analyst at a government with 501-1,000 employees

There could be more knowledge. I think they made a mistake when they took away the Check Point integration, because it provides more automation and also more threat intelligence. Maybe you didn't see something within Carbon Black's sphere of what it knows, within their product line or their threat cloud or whatever they use for their intelligence. Maybe it didn't see anything of the files that it knows about, but what about somebody else's? And what about kicking into another product that does those kinds of things like sandboxing?

I don't know why they would take that away. That doesn't make sense to me because they need to expand on that. The more they expand on that, the more confidence you have as a security guy. You have more confidence that that file is clean, and there's nothing bad about it. Bringing back the integration with Check Point would be a good start.

This product is being used extensively in our organization. I'm actually looking for a replacement because of the fact that we lost that integration. That's really crucial, honestly. Otherwise, it becomes much more manpower-intensive. I need to spend more man-hours going through it instead of using automations.

I prefer to set up things so my team doesn't have to spend a huge amount of time running down rabbit trails all the time. The more we can automate and still be secure about it, that is what we try to do.

There are no additional features I would like to see added. I know they already have a cloud offering as well. You can manage things through their cloud for people that are always on-site. We mostly just use it for our own managed devices. We didn't really put it on. We never planned and don't plan to put it on or make it available to a BYOD kind of thing. This is all company-managed devices.

It just made more sense for us to do it internally than putting it in the cloud. But we could have done either one, I suppose. But since we started out inside, we just kept it that way. It was just easier.

View full review »
Randy Lahti - PeerSpot reviewer
Founding Partner, Security Architect at ISS

This solution could have greater granular control on how certain applications work. You are able to do the operation of allowing or disallow, or you can block unusual usage of an application, but they do not define it well. 

The PowerShell is being called in any way that the threat actor might use it versus an administrator. You are in a way taking this solutions' best guess at it or their understanding of it. They do not clearly tell you in technical terms how they make that determination. They should be more forthright about it, or if they can not tell us, they should just give us the control to make those selections. We are choosing it because at least we have that control where we do not have that same amount of control with other solutions like Cylance. However, they are still not telling us precisely what constitutes suspicious behavior, what actions, or what calls. It is a check box to say, lock if we have inappropriate use, or block if we have suspicious behavior. It would be helpful to tell us what that actually meant.

In the future, I would like to see more granular control of PowerShell and more administrative tools.

View full review »
Buyer's Guide
Carbon Black CB Defense
July 2022
Learn what your peers think about Carbon Black CB Defense. Get advice and tips from experienced pros sharing their opinions. Updated: July 2022.
610,229 professionals have used our research since 2012.
Andrew Nai - PeerSpot reviewer
Lead Infrastructure Engineer at Government of Singapore

There's some disparity between the on-premise and the cloud type of application. We basically manage applications versus SaaS-based ones. We were hoping that some of the more advanced features that they offer in the SaaS actually could be similarly offered for the on-premise managed applications. We find that cloud-based solutions are particularly more advanced in product roadmaps compared to on-prem.

There should be more roles in support. There needs to be support for multi-tenancy, the likes of multiple names space. When you use that in a very large organization, you have many departments. It doesn't really provide grouping by department, et cetera. 

There's actually a lagging feature that we saw in the SaaS, yet not on the on-premise setup. It seems like the on-premise one was really, really meant for a single department setup rather than for multiple departments.

The solution doesn't allow for high availability configuration. That's also a negative impact relating to the product.

View full review »
JS
System Eng at a wholesaler/distributor with 1,001-5,000 employees

The alerting mail needs to be customizable. Right now, it isn't. That has to change. Right now, I get a lot of what I call noise email alerts. All I hear from them is, "Well, we're working on it. We're working on it." Well, they've been working on it for four years now, and nothing has changed.

In the past, we've seen some stability issues in the latest version releases. We tend to hang back one version just to make sure issues are fully resolved to avoid user disruption.

View full review »
JB
Cyber Security Consultant with 1,001-5,000 employees

I can't think of any feature that needs to be enhanced or reviewed at this time.

Some of the features that I see as an end-user, unfortunately, I haven't been able to see from a project management standpoint. I'm not sure if we're actually taking advantage of all the available features. I don't know if it's because we haven't configured it yet, or we are not using it. 

I'm not sure as to the logic of how we've decided to customize it. We've only really used it since February and therefore there may be more to do on that front. That's why it's hard to say if something is missing or if we just aren't utilizing it.

View full review »
MP
IT Cybersecurity at a manufacturing company with 10,001+ employees

Sometimes the solution blocks items that were previously approved and we don't know why.

It is sometimes hard when I attempt to investigate, to know the commands. It's not easy to do that. You need to upload the right information.

Occasionally, when we get alerts, we don't get all the information we need, such as the computer's serial number.

If I reveal an alert in a new window, I need to go back to the main link as it doesn't work.

Sometimes we need to close the solution and then open it up again.

Occasionally, we'll have issues with the latest version and they'll basically tell us that they will improve it in the next iteration. They need to work on their version release quality.

It would be good to have more information about the devices. If you get an alert that a malicious file is on your computer, Carbon Black really doesn't give you the full picture. We also need to wait for the user who owns the computer to be online before we can investigate everything. It's hard when you are working across time zones.

View full review »
Dhrubo Roy - PeerSpot reviewer
Threat and Vulnerability Engineer at Horizon Blue Cross Blue Shield of New Jersey

The EDR portion could be better. I'm not a big fan, but it works.

The End Point Detection Response and the way it lays our processes with our endpoint and its detection engine, in the way that it detects the admin or alerts we based on a threat. I feel that they're a little behind on the market from my perspective.  

Overall, areas of improvement would be the EDR part, the detection, also the cloud console. If you're trying to write queries or something, it's very slow, just not robust.

It's a cloud console so it should be fast. If I run a query and I press enter, if it took two seconds, it wouldn't give me a nice loading interface, because it's stuck. I would see an operating system most of the time. 

I feel like it should be faster. But as far as the price and everything, I think it's a good product.

View full review »
IG
Senior Infrastructure and Security Engineer at a manufacturing company with 51-200 employees

It could be a bit complicated. You have to be very familiar with Carbon Black to understand what it is doing and why it is doing. I would like to have more explanations and simplification in the user interface. It would be good to get help and see more explanations. It should tell us that a software is blocked and the reason for it. It would be good to be able to build chains in terms of what caused what, what worked, and what caused an issue.

We are now moving from Carbon Black to Cortex XDR. While choosing antivirus software, we were also looking at Carbon Black because it also has an antivirus package, and it is next-generation, but we were told that Carbon Black doesn't support firewalls. We have Palo Alto firewalls. We would have chosen this solution if it supported firewalls, in particular next-generation firewalls, but unfortunately, it doesn't. Therefore, we decided on Cortex XDR because it integrates with Palo Alto firewalls.

View full review »
LA
Information Security Specialist at a comms service provider with 5,001-10,000 employees

The reporting could be improved. Some of the built-in reporting isn't ideal. They have an API and everything you need that you can kind of hook into the product pretty easily, however, it'd be nice to have some built-in reports instead of having to seek them elsewhere.

The solution needs expanded endpoint query tools.

View full review »
SS
IT Manager - System Administration at a pharma/biotech company with 501-1,000 employees

The on-prem one was very problematic, especially version 7.2, which did not play nice with Symantec at all. The last upgrade of the client actually triggered a block to the networking, to our active directory domain controllers.

There was a bug that we found was in Macs. It was triggering false positives as it wasn't able to figure out the right parent upon login. With the Carbon Black Cloud, we just got it two to three weeks ago. So far, I haven't seen any false positives. The cloud seems to be a much better product. 

With the on-prem one, the bug has been reported by the community in early January or February, something like that, at the beginning of the year, and it's still not addressed. They have released two versions since then, and yet neither of them addresses this specific issue.

I need more time to explore the cloud deployment, as we've only had it for three weeks at this point. 

View full review »
JG
Infrastructure and support manager at a healthcare company with 51-200 employees

The whitelisting system, and the concept of it, overall, is pretty decent. The problem with the whitelisting capability is that it's pretty archaic. Based on all the security roles and the release privilege, it could take time for an application to be whitelisted and approved for use.

The Mac support needs improvement, as it had next to none.

The biggest problem we had was the Mac support. It had very little, and my C-suite is almost exclusively Mac, as is my marketing and development department.

View full review »
KL
Senior Director, Information Technology at C.E. Niehoff & Co.

Currently, it's hard to comment on areas for improvement, because I haven't used Carbon Black CB Defense long enough.

What was rolled out to my company are mixed versions of Carbon Black CB Defense, so what I'd like to see in the next release is more synchronization, where it can detect the endpoint that's running an old version and suggest updates. That's the only thing I can think of right now.

View full review »
Nadeem Syed - PeerSpot reviewer
CEO at Haniya Technologies

Carbon Black does not have a big market in Pakistan right now. They are actually trying to penetrate the region right now. They don't have many customers. Even we are new to the Carbon Black as well, in that we knew about Carbon Black for a long time, however, as far as implementing it and giving it to our customers, we are still new to it.

The pricing could be more reasonable. 

View full review »
JM
IT Administrator at a manufacturing company with 501-1,000 employees

I haven't run into anything that needs improvement. The website interface can be a little bit better, but it's still good as compared to most others.

View full review »
Syed Faisal - PeerSpot reviewer
ICT Manager at SecurEyes

In the month-long evaluation of the solution that we conducted, we found the POC to not be helpful, owing to the issue the client encountered with the platform, the operating system, which did not lend adequate support. 

While we paid for both on-cloud and on-premises deployment, the issue is not with the entrepreneur's upload, but with the end point. 

And do you have already some customers regarding Carbon Black?

Syed Faisal:
No, even Carbon Black, everyone has this solution for Windows IoT and Linux environment. But this is something called the product called Dell. This is a Dell based, [inaudible 00:02:31]. More or less the Dell [inaudible 00:02:33] which is running Dell customer OS, [inaudible 00:02:39]. But unfortunately we cannot install the agent on it.

The licensing price is a bit expensive when compared with other solutions. 

View full review »
RizwanAlam - PeerSpot reviewer
AVP - Information Security Governence & Risk Management at Allied Bank Limited

There is no option for the solution to block automatically based on behavior. First, the solution needs a lot of time to record all the behaviors. Then, we manually have to create a behavior analysis rule to detect any malicious activity. The solution would be improved and be more effective if there was a way for this process to be done automatically.

View full review »
Abbasi Poonawala - PeerSpot reviewer
User at a financial services firm with 10,001+ employees

In the next release, it would help if we can get better control over containers. This will help secure the containers in multiple environments. For example, we need to secure the Kubernetes containers. Apart from admin user login to see containers processes running, developers & operate team users also should be seeing the container's processes running.

View full review »
MS
IT Infrastructure - Global Head at a comms service provider with 10,001+ employees

The solution needs better overall compatibility with other products.

View full review »
Isanka Attanayake - PeerSpot reviewer
Manager - Information Technology Infrastructure and Development Support at Royal Ceramics

The client performance could be improved. When you install it in the client, the performance gets a bit disturbed.

In the user interface, the user needs to have more visibility regarding what's happening because it gives you a very simple client for the user. It doesn't give a full output for the user. It would be great if that could be improved.

View full review »
KarthikR1 - PeerSpot reviewer
Senior Software Engineer at NCR Corporation

While I consider the product to be top notch and am happy with it, its reporting aspects need to be addressed.

I would definitely recommend Carbon Black CB Defense to others who are contemplating using it, but its administration features need fine tuning. I believe this is already being addressed so that gaps can be filled as these relate to other leading technologies on the market.

The GUI and reporting should also be addressed.

View full review »
KO
Senior NOC Security Engineer at a wholesaler/distributor with 51-200 employees

There are many different controls that are needed to be put into place for upgrading that makes it difficult. Having to re-engineer your IT infrastructure to match their software, as opposed to having it integrate and work independently causes difficulties. When there is an update to any software everyone has to be involved.

View full review »
AE
Cyber Security Engineer at a tech services company with 201-500 employees

Integration is difficult, but CB Defense is more powerful than others. It is difficult to implement but easy to pick up many detections.

View full review »
SS
Owner at a tech services company with 1-10 employees

Its compatibility can be improved. It did crash a server during deployment, which is not something that I want to happen.

Its deployment should also be easier. The whole deployment cycle needs to be simplified. It is an enterprise solution, and to set it up right now, you have to be an expert.

View full review »
TT
IT Manager at a financial services firm with 51-200 employees

This product should be cheaper.

View full review »
Kostia Tkachov - PeerSpot reviewer
IT Security Solutions Engineer at Softprom

To improve the ability to connect also feeds of third resources (communities).

View full review »
MP
Information Security Consultant at a healthcare company with 10,001+ employees

The feature set for the firewall needs improvement.

I am looking forward to learning more about the integration with VMware at the hypervisor layer.

View full review »
AU
Security Engineer at a tech services company with 11-50 employees

The application control can be improved. It should also have an automatic update of the agents.

View full review »
Gian Michele Roletto - PeerSpot reviewer
SOC Manager at Nais Srl

I believe they could improve the new intelligence solution to monitor activity, in the network. They will most likely need to create or include a feature that checks the network.

View full review »
Buyer's Guide
Carbon Black CB Defense
July 2022
Learn what your peers think about Carbon Black CB Defense. Get advice and tips from experienced pros sharing their opinions. Updated: July 2022.
610,229 professionals have used our research since 2012.