IT Central Station is now PeerSpot: Here's why

Carbon Black CB Defense Valuable Features

IT Infrastructure and Security Manager at a paper AND forest products with 1,001-5,000 employees

The new feature that we're deploying, the new offering from Carbon Black, is MDR, which stands for manage, detect, and response. It's the most valuable feature because Carbon Black will be continuously checking the logs, and they will be advising us on how to improve some of the policies as well as review the logs. If there are any nefarious agents or things happening on the end points, they will know. 

They also have the ability to take action based on what we've already agreed upon, what rights we give them, or what we tell them they can or can't do as part of their response. Hypothetically, if there's a rogue machine that is trying to infect other machines, we can tell them that they should try to contact us, but if they don't get a hold of anybody in GreenFirst IT in 15 minutes, they should go ahead and quarantine that machine. They can take actions, they can do remediation or response. Instead of advising, they will be taking action.

View full review »
Lead IT Security Analyst at a government with 501-1,000 employees

I'm on the security department, so it's just in the layer of our prevention to give us protections against, for example, ransomware that might kick off and try to execute different files. If someone downloads something or whatever, it has to be whitelisted first. It has to be approved before it can run it all.

That's better to me than some signature-based thing, because it protects against zero-day. There are things that it doesn't know about, so it has to check them. We have Check Point now as well, but we have a Check Point on our firewalls, not our endpoints.

We have another piece of that infrastructure that does what they call threat emulation. You may have heard of it. It's like sandboxing where it takes files that it doesn't know about, puts them in a VM-type environment, and it kicks them off to see if there's any malware or tendencies that might look like malware, that kind of thing.

It's also a zero-day type of prevention thing, but it kicks them off in a safe environment so that you can see what it's doing. You need integration with Check Point to do that, but that integration went away with the latest release, the one we just put out there.

That was a big part of why we liked Carbon Black, because it is integration to not only do the whitelisting, but also we could have automatic rules set up so that if a new file got downloaded by a user, we could automatically send that over to Check Point and it could do its emulation on it in the sandbox. And if it came back clean, then we could automatically approve it.

We wouldn't have to go through a manual process of having our people approve every single file that comes across as having been seen before. So, it was a really good way to work those two products together. But that went away. And so now I'm like, "Okay, what are we going to do now?" I hadn't looked at the Harmony Endpoint at all.

I haven't looked at Check Point's piece, but I was wondering to myself, "If it does something like Carbon Black was doing and then we already have Check Point on the other one, that would work." So, that was what I was trying to do.

View full review »
Randy Lahti - PeerSpot reviewer
Founding Partner, Security Architect at ISS

Some of the valuable features I have found are the online documentation of the solution is well organized and thorough. I like the simplicity of bypass and the visualization of the active components. If I want to know which file is being utilized and what sub-files it is calling, the visualization given is very helpful.

I would like to see them continue to run some of the AI-type comparisons. I know everyone is really secretive about what they do and what they have engineered, but I think Cylance was a good market disruptor years ago with their approach. Now we see SentinelOne and everyone is approaching that piece of the puzzle similarly now. I just would like to see more of a comparison. We have done our own technical comparison but it is fairly expensive. All solutions have pros and cons, if more third-party organizations or teams could evaluate how each product works in pros and cons many people would benefit.

View full review »
Buyer's Guide
Carbon Black CB Defense
June 2022
Learn what your peers think about Carbon Black CB Defense. Get advice and tips from experienced pros sharing their opinions. Updated: June 2022.
609,272 professionals have used our research since 2012.
Andrew Nai - PeerSpot reviewer
Lead Infrastructure Engineer at Government of Singapore

The Intel fit was very extensive and comprehensive enough. The visualization tree product feature in this CB defense is quite good. These are the two more notable product features.

The pricing is excellent.

The solution is stable.

View full review »
System Eng at a wholesaler/distributor with 1,001-5,000 employees

The solution's most valuable aspect is its process monitoring due to the fact that it doesn't necessarily use signature-based definitions. It uses processor-based definitions. If a process tries to spawn some type of malicious process, it'll stop it.

The initial setup is easy.

The organization has to protect against users and Carbon Black does just that for the company. What I mean by that is not all users are savvy enough to understand, "Hey, I shouldn't be running this or I get a pop-up on a browser and I don't click on it." Carbon Black stops that if they do.

The solution is extremely scalable.

View full review »
Cyber Security Consultant with 1,001-5,000 employees

What I find most interesting is the performance of the end-point client, as well as the capability of detecting any activity on the end-user while using their browsers to navigate the internet. 

To monitor that activity from a security standpoint, detecting cross-site scripting or SQL injection activities that might be coming out from the browser. That's a very needed feature that allows it to distribute the security across the company and not centralizing it only on the firewalls or in the intrusion detection systems. 

The solution is quite customizable.

It's easy to set up the solution.

There's lots of very useful documentation online to help troubleshoot and learn about the product.

View full review »
IT Cybersecurity at a manufacturing company with 10,001+ employees

The solution allows you to override it and manually install an application if you need it ti.

It's very good at alerting you to malicious content or unauthorized software. 

We can access computers remotely if we need to.

View full review »
Dhrubo Roy - PeerSpot reviewer
Threat and Vulnerability Engineer at Horizon Blue Cross Blue Shield of New Jersey

What I like the most about it is the dynamic grouping, where you get to group endpoints based on setup criteria. That's pretty cool. I like the simplified policy management and simplified white-listing process. Coming from McAfee, management has been much simpler and much easier to look at. 

I like the simplified management, it has a nice UI, and it's very simple.

View full review »
Senior Infrastructure and Security Engineer at a manufacturing company with 51-200 employees

I like its protection very much. It protects and allows us to lock the environment pretty tightly. Nothing that is not approved through Carbon Black can run in the environment. There is no default. Everything goes through Carbon Black Protect, and everything has to be first approved. Every software is considered to be guilty before prove innocent.

View full review »
HeathLord - PeerSpot reviewer
Vice President of Sales (previously Sales Engineer) at a computer software company with 11-50 employees

It has intelligent learning behind it and we have been very successful in preventing attacks.

View full review »
Information Security Specialist at a comms service provider with 5,001-10,000 employees

The visibility provided has been great.

The ease of deployment is definitely a great selling feature.

The stability is good and the product is pretty lightweight.

The solution scales well.

View full review »
IT Manager - System Administration at a pharma/biotech company with 501-1,000 employees

The protection of the user machines has been great. For example, if a laptop gets stolen, or let's say, an employee gets let go, the product provides us with the ability to actually lock people out of the network and handle remote wipes and stuff like that.

The initial setup is very easy.

View full review »
Infrastructure and support manager at a healthcare company with 51-200 employees

The EDR was amazing. It was very responsive. It did an excellent job of providing us the information we needed in a timely fashion, as long as the latest agent was up-to-date on the client.

View full review »
Senior Director, Information Technology at C.E. Niehoff & Co.

The feature I found most valuable in Carbon Black CB Defense is the ongoing monitoring, though I'm not sure if it's because of the solution, or if it's because of Red Canary. The ongoing monitoring feature works by emailing updates about any detections found.

View full review »
Nadeem Syed - PeerSpot reviewer
CEO at Haniya Technologies

The product is pretty strong in terms of security and their features are very good in that respect. Their research engine, the antivirus engine, it's very strong compared to any other product on the market right now.

The solution is stable.

They do have options on the market that can scale. 

Technical support is great.

It's not too difficult to set up and the deployment is fast. 

View full review »
IT Administrator at a manufacturing company with 501-1,000 employees

I found it very valuable as a whole. It is good at detecting anything and has kept us very safe. It is also very easy to use. 

View full review »
Syed Faisal - PeerSpot reviewer
ICT Manager at SecurEyes

The solution will prevent communication of one compromised device with another. 

View full review »
RizwanAlam - PeerSpot reviewer
AVP - Information Security Governence & Risk Management at Allied Bank Limited

The best feature of this solution is that we have a live response, which is really tailored to our needs. 

View full review »
Abbasi Poonawala - PeerSpot reviewer
User at a financial services firm with 10,001+ employees

Technical support is excellent. It's also stable, scalable, and easy to implement.

View full review »
IT Infrastructure - Global Head at a comms service provider with 10,001+ employees

The security, specifically the endpoint security that the solution provides, is its most valuable aspect.

The initial setup is pretty straightforward.

View full review »
Isanka Attanayake - PeerSpot reviewer
Manager - Information Technology Infrastructure and Development Support at Royal Ceramics

The solution is very useful and easy to handle. You don't need much intervention with this product.

View full review »
Senior NOC Security Engineer at a wholesaler/distributor with 51-200 employees

Once the solution is installed and configured correctly it does not require a lot of hands-on attention until you need upgrading.

View full review »
Cyber Security Engineer at a tech services company with 201-500 employees

CB Defense is more powerful, and you can take more actions than others. Its security features and signatures are constantly updated, so it is more effective than other security solutions. We can integrate with XCDR. Carbon Black EDR integrates with Carbon Black EDE. But you don't need to integrate CB Defense with other external security solutions.

View full review »
Owner at a tech services company with 1-10 employees

I like its reporting.

View full review »
IT Manager at a financial services firm with 51-200 employees

One of the most valuable features is that it will block vulnerable sites. If there was a connection between one of our devices to a known malware site, it will block it. Then also alerts our SOC.

View full review »
Kostia Tkachov - PeerSpot reviewer
IT Security Solutions Engineer at Softprom

Using Open API, we were able to freely perform the necessary integration with our other security solutions.
CB Defense allows us to see our whole process as it starts on our endpoint.

The threat analysis functionality is good.

View full review »
Information Security Consultant at a healthcare company with 10,001+ employees

I like the historical features, interface, and integration.

View full review »
Security Engineer at a tech services company with 11-50 employees

It is stable and easy to set up.

View full review »
Gian Michele Roletto - PeerSpot reviewer
SOC Manager at Nais Srl

It is a very complete platform. It is very useful for my customers.

Carbon Black CB Defense is ideal for a medium-sized business. It is not, in my opinion, suited for large enterprise companies.

Carbon Black works very well for the endpoint. It explains the situation very clearly.

View full review »
Buyer's Guide
Carbon Black CB Defense
June 2022
Learn what your peers think about Carbon Black CB Defense. Get advice and tips from experienced pros sharing their opinions. Updated: June 2022.
609,272 professionals have used our research since 2012.