Carbon Black CB Defense OverviewUNIXBusinessApplication

Carbon Black CB Defense is the #1 ranked solution in top Security Incident Response tools, #7 ranked solution in EDR tools, and #11 ranked solution in endpoint security software. PeerSpot users give Carbon Black CB Defense an average rating of 7.6 out of 10. Carbon Black CB Defense is most commonly compared to Microsoft Defender for Endpoint: Carbon Black CB Defense vs Microsoft Defender for Endpoint. Carbon Black CB Defense is popular among the large enterprise segment, accounting for 55% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 18% of all views.
Carbon Black CB Defense Buyer's Guide

Download the Carbon Black CB Defense Buyer's Guide including reviews and more. Updated: November 2022

What is Carbon Black CB Defense?

CB Defense is an industry-leading next-generation antivirus (NGAV) and endpoint detection and response (EDR) solution. CB Defense is delivered through the CB Predictive Security Cloud, an endpoint protection platform that consolidates security in the cloud using a single agent, console and data set. CB Defense is certified to replace AV and designed to deliver the best endpoint security with the least amount of administrative effort. It protects against the full spectrum of modern cyber attacks, including the ability to detect and prevent both known and unknown attacks. CB Defense leverages the powerful capabilities of the CB Predictive Security Cloud, applying our unique streaming analytics to unfiltered endpoint data in order to predict, detect, prevent, respond to and remediate cyber threats. In addition, CB Defense provides a suite of response and remediation tools, including Live Response, which allows security personnel to perform remote live investigations, intervene with ongoing attacks and instantly remediate endpoint threats. For peace of mind, CB Defense customers can also leverage CB ThreatSight, Carbon Black’s managed threat alert service, to validate alerts and uncover new threats.

Carbon Black CB Defense was previously known as Bit9, Confer.

Carbon Black CB Defense Customers

Netflix, Progress Residential, Indeed, Hologic, Gentle Giant, Samsung Research America

Carbon Black CB Defense Video

Archived Carbon Black CB Defense Reviews (more than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Security Engineer at a tech services company with 11-50 employees
Real User
Stable and easy to set up, but needs better application control and automatic updates of the agents

What is our primary use case?

We manage service providers. We provide this solution to other clients and companies that need it, and we are using the latest version.

What is most valuable?

It is stable and easy to set up.

What needs improvement?

The application control can be improved. It should also have an automatic update of the agents.

For how long have I used the solution?

I have been using this solution for six months.

Buyer's Guide
Carbon Black CB Defense
November 2022
Learn what your peers think about Carbon Black CB Defense. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
654,658 professionals have used our research since 2012.

What do I think about the stability of the solution?

It is stable.

What do I think about the scalability of the solution?

It is scalable.

How are customer service and support?

Technical support is very effective. I am satisfied with them.

How was the initial setup?

The initial setup is easy. It is not something difficult.

What other advice do I have?

I would recommend this solution. We are going to keep providing this product. 

I would rate Carbon Black CB Defense a six out of ten.

Which deployment model are you using for this solution?

On-premises
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Kostia Tkachov - PeerSpot reviewer
IT Security Solutions Engineer at Softprom
Real User
Good threat analysis, stable, and the technical support is good
Pros and Cons
  • "The threat analysis functionality is good."
  • "I would like to see improvements made so that we can better see all of the processes."

What is our primary use case?

We are a distributor for Carbon Black and CB Defense is one of the products that we work with and demo for our customers.

How has it helped my organization?

With the Carbon Black endpoint Agent, we have automated the process of isolating the host when a threat appears on it.

What is most valuable?

Using Open API, we were able to freely perform the necessary integration with our other security solutions.
CB Defense allows us to see our whole process as it starts on our endpoint.

The threat analysis functionality is good.

What needs improvement?

To improve the ability to connect also feeds of third resources (communities).

For how long have I used the solution?

We have been using this product for more one year.

What do I think about the stability of the solution?

CB Defense is a stable solution. I do not remember any situations where there are any problems with sensors or endpoints. Just all information about the processes at the endpoint is collected and sent to the Cloud.

What do I think about the scalability of the solution?

This is a scalable product.

How are customer service and technical support?

The technical support is good and we always get answers to all our questions and necessary recommendations for using the Carbon Black Defense.

What other advice do I have?

Overall, this is a very good product.

I would rate this solution a ten out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: partner
PeerSpot user
Buyer's Guide
Carbon Black CB Defense
November 2022
Learn what your peers think about Carbon Black CB Defense. Get advice and tips from experienced pros sharing their opinions. Updated: November 2022.
654,658 professionals have used our research since 2012.
Owner at a tech services company with 1-10 employees
Real User
Good reporting and very scalable
Pros and Cons
  • "I like its reporting."
  • "Its compatibility can be improved. It did crash a server during deployment, which is not something that I want to happen. Its deployment should also be easier. The whole deployment cycle needs to be simplified. It is an enterprise solution, and to set it up right now, you have to be an expert."

What is our primary use case?

We are an MSP, and we deployed this solution for a banking client. We use it to help us defend against advanced persistent threats.

What is most valuable?

I like its reporting.

What needs improvement?

Its compatibility can be improved. It did crash a server during deployment, which is not something that I want to happen.

Its deployment should also be easier. The whole deployment cycle needs to be simplified. It is an enterprise solution, and to set it up right now, you have to be an expert.

For how long have I used the solution?

I have been working with Carbon Black CB Defense for six months.

What do I think about the stability of the solution?

After the initial system crash, I haven't had any issues.

What do I think about the scalability of the solution?

It will be very scalable.

How are customer service and technical support?

I haven't contacted them.

How was the initial setup?

The initial setup was complex because we needed to set up a server, deploy it to the server, and push it up from there. We had the on-premises server setup. Its cloud version may be easier.

It took one week to fully deploy it. The strategy was just to rip and replace the solution that we had before.

What other advice do I have?

I would advise making sure that it won't cause problems with your servers. Whenever possible, it is good to fully test a product before deploying it.

I would rate this solution an eight out of ten. It needs better ease of use and deployment.

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
IT Infrastructure - Global Head at a comms service provider with 10,001+ employees
Real User
Good security with a straightforward setup but requires better compatibility with other solutions
Pros and Cons
  • "The initial setup is pretty straightforward."
  • "The solution needs better overall compatibility with other products."

What is our primary use case?

We primarily use the solution as endpoint security.

What is most valuable?

The security, specifically the endpoint security that the solution provides, is its most valuable aspect.

The initial setup is pretty straightforward.

What needs improvement?

The solution needs better overall compatibility with other products.

For how long have I used the solution?

I've been using the solution for less than a year. I've only really been using it for the last one or two quarters of this fiscal year. It hasn't been a very long time yet.

What do I think about the stability of the solution?

The solution is quite stable. We find it to be a reliable product. There aren't bugs or glitches. It doesn't crash or freeze.

What do I think about the scalability of the solution?

The solution can scale if you need it to. That's not a problem at all.

We have more than 10,000 people using the solution currently.

How are customer service and technical support?

When it comes to technical support, so far it's been good. We've been pretty satisfied with their level of support. They are responsive and knowledgeable and we know we can get help when we need it.

Which solution did I use previously and why did I switch?

We were not using any other product before we started using this solution. That said, we registered for other products too and finally decided to go with Carbon Black after trying out other options.

How was the initial setup?

The initial setup isn't really complex. It's pretty straightforward. Those implementing the solution shouldn't have a problem getting it up and running.

The deployment only really took a few months. It was an okay process.

You need very little maintenance on the product. We have about two people here who manage it without any issues.

What other advice do I have?

We're just a customer. We don't have any business affiliation with Carbon Black.

We're currently using the latest version of the solution.

Overall, I would rate the solution seven out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Information Security Consultant at a healthcare company with 10,001+ employees
Consultant
Easy to install, stable, with good historical features and integration
Pros and Cons
  • "I like the historical features, interface, and integration."
  • "The feature set for the firewall needs improvement."

What is our primary use case?

We are using the Carbon Black CB Defense for endpoint security.

What is most valuable?

I like the historical features, interface, and integration.

What needs improvement?

The feature set for the firewall needs improvement.

I am looking forward to learning more about the integration with VMware at the hypervisor layer.

For how long have I used the solution?

I dealt with Carbon Black CB Defense approximately seven years ago, but have recently dealt with them again in the last six months.

What do I think about the stability of the solution?

At this stage, we have not experienced any issues.

How are customer service and technical support?

We have not raised the case at this point with technical support.

How was the initial setup?

The initial setup was straightforward.

We are still deploying this solution but it will probably take four to six weeks.

What's my experience with pricing, setup cost, and licensing?

It's reasonable in price. We got a good price.

Which other solutions did I evaluate?

We were looking at either keeping our Symantec Endpoint, and evaluating Trend Micro, and CrowdStrike.

We chose Carbon Black because of Its integration, features, and usability.

What other advice do I have?

I would recommend Carbon Black CB Defense for anyone who is interested in implementing this solution.

I would rate Carbon Black CB Defense and eight out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
HeathLord - PeerSpot reviewer
Vice President of Sales (previously Sales Engineer) at a computer software company with 11-50 employees
Real User
Easy to scale, technical support is good, and the product stops spyware, malware, and viruses in their tracks
Pros and Cons
  • "It has intelligent learning behind it and we have been very successful in preventing attacks."
  • "At this point, we're test-bedding several other providers right now to see if there's anything that does equally or better and that comes at a better price point."

What is our primary use case?

The primary use case is for stopping spyware, malware, and viruses in their tracks. 

It's very good at doing that. It has intelligent learning behind it and we have been very successful in preventing attacks.

How has it helped my organization?

We had a six-figure revenue stream knowing that we would be cleaning up viruses, malware, and spyware on PCs, every year. That was a revenue stream that we could just budget we were going to get. When we implemented Carbon Black, that revenue stream went to zero. That means that it's doing its job. 

From a business perspective, we've been able to virtually eliminate cyber attacks from spyware, malware, and virus perspectives.

What is most valuable?

It has intelligent learning behind it and we have been very successful in preventing attacks.

For how long have I used the solution?

I have been using Carbon Black CB Defense for approximately three years.

We are using the most recent version.

What do I think about the stability of the solution?

The stability is fantastic!

What do I think about the scalability of the solution?

The scalability is pretty easy.

Their offer to add to a tenant or spin up a new tenant, given the client sizes is large enough, has been pretty easy management so far.

I'm a managed service provider, and within my organization we only have between 40 and 50 employees managing endpoints for several thousand. My perspective will be slightly different. So, even though we use it as a company, we use this for our clients as well.

100% of our staff is trained on the use of Carbon Black because from the technical perspective, we need to be able to handle that as technicians and engineers. 

As far as our clients, they don't know the difference. They don't see issues, they don't have attacks.

How are customer service and technical support?

My interaction over the phone has been mostly on the business side of Carbon Black and they're fantastic over the phone. They're fantastic to deal with.

As far as the support side, I've never had to make a call to them. 

I'm sure our lead engineer has had to make some calls for various reasons.

How was the initial setup?

The initial setup is straightforward. It's super easy.

What about the implementation team?

Our staff deployed this solution. We did not use an integrator or reseller, it was in-house.

Which other solutions did I evaluate?

I am currently reviewing Cylance and products from other vendors as part of our processes. We want to see what price points and feature sets and things like that, to see what would be better.

We want to know how Carbon Black compares to others; we've seen a little bit of that. I've got some documentation to review that. At this point, we're test-bedding several other providers right now to see if there's anything that does equally or better and that comes at a better price point.

What other advice do I have?

We have the cloud center, however, the application's installed on each endpoint individually.

Each client machine has it installed, locally, so it's off-premises for us. I'm assuming that they would be running on individual client PC. 

The software is run here, we manage it within the cloud atmosphere.

We were an authorized reseller or we were an authorized business associate of Carbon Black. Since that's moved under Dell, I don't think that's a thing anymore. I would state that as we are mainly a Dell shop, we're an all in Dell shop. And so that's just a business decision we've made. 

We were a Dell VMware Carbon Black client and we had a relationship with them that preexisted our Dell partnership. Before Dell acquired Carbon Black, we were a partner of Carbon Black's. We had acquired this technology and we were utilizing this technology for several years in advance of that acquisition.

I'd recommended Carbon Black CB Defense 100%.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?

Hybrid Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
PeerSpot user
Dhrubo Roy - PeerSpot reviewer
Threat and Vulnerability Engineer at Horizon Blue Cross Blue Shield of New Jersey
Real User
Has simplified management, has a nice UI, and it's very simple but EDR needs improvement
Pros and Cons
  • "What I like the most about it is the dynamic grouping, where you get to group endpoints based on setup criteria. That's pretty cool. I like the simplified policy management and simplified white-listing process."
  • "The EDR portion could be better. I'm not a big fan, but it works."

What is most valuable?

What I like the most about it is the dynamic grouping, where you get to group endpoints based on setup criteria. That's pretty cool. I like the simplified policy management and simplified white-listing process. Coming from McAfee, management has been much simpler and much easier to look at. 

I like the simplified management, it has a nice UI, and it's very simple.

What needs improvement?

The EDR portion could be better. I'm not a big fan, but it works.

The End Point Detection Response and the way it lays our processes with our endpoint and its detection engine, in the way that it detects the admin or alerts we based on a threat. I feel that they're a little behind on the market from my perspective.  

Overall, areas of improvement would be the EDR part, the detection, also the cloud console. If you're trying to write queries or something, it's very slow, just not robust.

It's a cloud console so it should be fast. If I run a query and I press enter, if it took two seconds, it wouldn't give me a nice loading interface, because it's stuck. I would see an operating system most of the time. 

I feel like it should be faster. But as far as the price and everything, I think it's a good product.

For how long have I used the solution?

We're actually doing a migration from McAfee to Carbon Black. The migration project has been about 12 months right now. We're slowly migrating.

What do I think about the stability of the solution?

Stability is one thing that's not robust. Other products are faster, but as far as the CB Defense, it's slow. We had some issues with the sensors and we also saw slowness on the Windows side, Windows file share, which actually was fixed in the next new version of the sensor.

I'm the only network security person here. But the other users who have different roles have access as well. In my team, there are five or six people. But I'm the only one actually directing changes.

We use it on a daily basis. 

There are always alerts so I'll always have to check into alerts and see what's going on and then do some more analysis. If it's a new application we are implementing that will also need to be configured on Carbon. 

How was the initial setup?

The deployment process is straightforward. 

We're still deploying it slowly, little by little because we use a lot of critical applications and if Carbon Black interferes with the application, it will stop working. It needs to be tested thoroughly. It's a long process. 

All of its applications need to be tested thoroughly and then tested in a testing environment. Then we deploy and monitor, make changes, and stuff like that. As far as general users, laptops, and stuff, that's pretty straightforward. It's just part of the image. I have to write that script to uninstall McAfee, the whole migration. It's pretty straightforward. It wasn't complex as far as the installation or deployment.

What about the implementation team?

There was also a technical lead for this project. It automatically comes with professional services for 10 hours and the documentation is pretty clear. The professors helped through the process. 

What's my experience with pricing, setup cost, and licensing?

I think it's 28 per employee a year. 

Which other solutions did I evaluate?

We also looked at CrowdStrike but it was a little too expensive. 

What other advice do I have?

The implementation is very easy but the security aspects could be better. 

If you don't have a SIEM solution in your organization, you're probably engaging via email.But there's no way to point me to customize the email templates if I want to see more information on that email before going to the console. It's still a business and company, but I'm the only one who is managing everything. So when I see the email on my phone, I want to see more information before logging into the console. I want to see more filtering options to narrow down more field training. 

I also wish it was easier and more intuitive in terms of searching for queries. I feel like it should be simpler. It doesn't make sense to have it this hard.

I would rate it a seven out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Assistant Technical Manager at a tech services company with 11-50 employees
Reseller
Triage feature shows the whole chain of malware
Pros and Cons
  • "The triage feature that shows you the whole chain of the malware is useful."
  • "When you view the triage, it will show you everything within a given time frame, and not only the attack that caused the alert, which is what I want to see. It shows you all the events during that time, and that can be quite confusing."

What is our primary use case?

We are a distributor of Carbon Black in Asia. Generally our customers are looking for endpoint features such as EDR (endpoint detection and response). Their existing solutions are usually from another vendor that has provided a normal antivirus solution. They are looking for endpoint protection and detection and response.

What is most valuable?

  • The triage feature that shows you the whole kill chain of the attack/malware is useful. It shows how the malware get into the endpoints and show what it has been done
  • The solution is easy to use and easy to deploy as it is cloud solution, no appliance is needed to deploy on premise

What needs improvement?

When you view the triage, it will show you everything within a given time frame, and not only the attack that caused the alert, which is what I want to see. It shows you all the events during that time, and that can be quite confusing. If they could focus on the alert and the event that the user wants to see, that would be better.

There is also room for improvement on the reporting side, because it doesn't have reports. Many of our customers would prefer some kind of exportable report, like a summary. Carbon Black should have this feature.

What do I think about the stability of the solution?

We haven't encountered any bugs.

How are customer service and technical support?

I have not needed to contact their technical support yet.

How was the initial setup?

The setup and configuration are very straightforward. The time it takes depends on the number of endpoints. For one endpoint, it takes a few minutes, tops.

What's my experience with pricing, setup cost, and licensing?

Although I'm more on the technical side and not involved in the pricing, it's more or less the same as other similar solutions.

What other advice do I have?

I would recommend this product to other people.

Which deployment model are you using for this solution?

Private Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Distributor.
PeerSpot user
Imad Taha - PeerSpot reviewer
Group CIO at a construction company with 10,001+ employees
Real User
Centralization via the cloud allows us to protect and control people working from home
Pros and Cons
  • "You can deploy it through the cloud so that even if your stuff is outside of your controlled environment, you are still under control, based on the policies you create. The policies are controlled through the cloud. For example, if I don't allow anyone to do a certain activity or to install a particular app, and a consultant or a partner who is not part of our environment is doing so, it will stop them as well."
  • "As far as I know, Carbon Defense has nothing that can be installed on mobile devices. It lacks a defense solution for mobile devices, especially mobile tablets. I would like to see support for mobile devices and the pricing should be less than the pricing for a normal workstation."

What is our primary use case?

We started using it to protect our environment from ransomware specifically.

What is most valuable?

Carbon Black works completely differently from other products. We tested different products and Carbon Black was selected because it does not remove a virus but it kills any suspect operations and it's up to the admin to check the scenario. It kills the "effect," if you will. If you receive ransomware or anything suspicious, it will kill the process unless you allow it, after receiving warnings.

I cannot say it's pure AI, but the way it works is that it stops any suspicious activity, not based on signature-based attacks. It works in a way that it detects that a given effect is unusual.

Also, you can deploy it through the cloud so that even if your stuff is outside of your controlled environment, you are still under control, based on the policies you create. The policies are controlled through the cloud. For example, if I don't allow anyone to do a certain activity or to install a particular app, and a consultant or a partner who is not part of our environment is doing so, it will stop them as well. Because of COVID-19, we are all working from home. Imagine if the centralization and control provided by the product were not on the cloud. We would lose control of the people working from home. So the centralized cloud control is one of its more effective aspects.

What needs improvement?

As far as I know, Carbon Defense has nothing that can be installed on mobile devices. It lacks a defense solution for mobile devices, especially mobile tablets. I would like to see support for mobile devices and the pricing should be less than the pricing for a normal workstation.

Also, there is not much education for customers about Defense versus its other products. They promote Defense as enough, but then they say if you need more protection you can go for CB Response. I don't know whether it's a technology issue or a marketing issue, but they should teach the customer more. They tell you you are secure with Carbon Defense but then they recommend Carbon Protect. There is not a lot of education on this.

I don't want to have an incident in the future and their answer will be, "Sorry, you did not buy Protect." Security is a continuous process. I can accept that it has more features, but don't tell me, "You are not protected because you did not buy the more expensive product."

In addition, these other products should be add-ons, not separate products. And the cost for them should be much less for adding on because you are already a customer.

Finally, we receive a lot of high alerts. There is no priority system, from one to 10, where 10 is very dangerous and one is something easy. There is no way for us to tell why this alert is similar to that one.

For how long have I used the solution?

I have been using Carbon Black CB Defense for two years.

What do I think about the stability of the solution?

It is stable. It does not use a lot of CPU or RAM. This is one of its good points.

What do I think about the scalability of the solution?

We have about 1,000 users. Scaling is always possible because it's a cloud solution.

How are customer service and technical support?

They have good local support, here in Dubai.

How was the initial setup?

Deployment takes too much time because it has a lot of options. The implementation was not an easy process. I wish the implementation was easier. But it has a positive effect in the end. The complexity pays for itself ultimately. You do not spend time on the complexity and then get nothing as a result. So the complexity is something that is necessary.

We were new to this product. If the deployment took, say, two weeks, it took us a very long time, maybe a couple of months, until we knew this product was solid. The education services given by the partner are not enough. It was a completely new product for us, so we needed a lot of education. While the implementation took two weeks, it really took two months to go through all the options.

What about the implementation team?

We had a consultant at the beginning.

What's my experience with pricing, setup cost, and licensing?

We have branches, we have different companies, but we cannot buy less than 100 licenses. This does not make sense to me. We do have some big companies within our group. But if I have a small office with 20 users and all my licenses are in use, the next buy cannot be less than 100 licenses. We have to do a lot of implementation and communication to add that many. But we only need 20. They are not flexible in the licensing part. It should be more flexible. 

I can understand their saying, "Okay, to be a customer you need 100," but to add on to that number it should be something very straightforward. If I need to add five, for example, I shouldn't need to add 100.

I'm not happy with the way they are treating existing customers for adding licenses. I sent an angry communication to them, to the management, and said to them: "With 1,000 users, I need only another 50 licenses. Why do you want me to go for 100? It's a stupid policy." Then I got approval from them for fewer. I don't need to buy subscriptions for users I don't have.

Also, licenses should not be per endpoint but rather per user. If I am the same user on a mobile device or on a workstation it should be one license for me.

Which other solutions did I evaluate?

To compare apples to apples, before going for Carbon Black I was thinking about CrowdStrike. CrowdStrike has a lot of very beautiful features that Carbon Black does not have, like IT asset management. But I am not buying this type of software for IT asset management. I'm buying it to protect my infrastructure from big threats. While CrowdStrike has many good features that Carbon Black does not have, that's not the case when it comes to security. CrowdStrike is a very good product but it's more expensive. If you buy all the components of CrowdStrike I can assure you it will be much better than Carbon Black, but cost is a factor.

Our previous product, Kaspersky, was fine but it's not on the level of Carbon Black. Carbon Black is called a next-generation antivirus because it does not only work based on signatures. With Kaspersky we had an incident, and one of the servers affected was the Kapsersky control server.

What other advice do I have?

My advice is to get enough information about the differences in Carbon Black products from day one. In other words, if Carbon Black is claiming that Carbon Black CB Defense is enough, why are they always promoting the more expensive product, which is Carbon Black Protect? So, you need to be educated well about the differences between the products.

Also, look at the roadmap of the product regarding whether there will be good mobile protection for mobile users or not. And be aware of the minimum license purchasing policy.

The number of people for maintenance of the solution depends on how your environment is structured, but in our company I need five people.

Which deployment model are you using for this solution?

Private Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Mark Adams - PeerSpot reviewer
Senior Manager, IT Security and Compliance / CISO at Superior Energy Services, Inc.
Real User
Detects and protects against malicious executable files, allows investigation using CLI

What is our primary use case?

We use this solution for endpoint security and protection.

What is most valuable?

The most valuable feature is that it detects and stops malicious executables.

Admins can use the portal to obtain a command shell on an endpoint to perform further investigation.

What needs improvement?

This solution works well but needs lots of tuning and optimization.

For how long have I used the solution?

We have been using this solution for two months.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
RajaeAl Najjar - PeerSpot reviewer
Solutions Manager at Samir Group
Real User
A solution with a straightforward setup that offers offline networking
Pros and Cons
  • "The offline networking is the most important feature. Some of our users are engineers that work offsite, and they can still be on the solution, which is also great."
  • "The endpoint machines need improvement."

What is most valuable?

The offline networking is the most important feature. Some of our users are engineers that work offsite, and they can still be on the solution, which is also great.

What needs improvement?

The endpoint machines need improvement.

The solution needs to be more effective for the end-user.

It would be helpful to understand how to do some queries, but we’re still testing the solution right now, so everything is very new and we’re still learning the system.

For how long have I used the solution?

We’re in the process of finalizing a POC right now, so we haven’t used it very long.

How are customer service and technical support?

I’ve never had to reach out to technical support.

How was the initial setup?

The initial setup was very straightforward.

What other advice do I have?

We did a POC with the solution. We’re still in the process of testing it, so we’re still learning the system.

I would rate the solution eight out of ten.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Darrick Kristich - PeerSpot reviewer
Founder/CEO at Sedara
Consultant
Symantec opened our eyes to be able to see what's out there, but then we needed Carbon Black to be able to actively fix it
Pros and Cons
  • "The biggest feature out of CarbonBlack is its ability to dive in with more depth. You can look at the entire kill chain and understand, not only if an alarm or identified incident is truly a true security issue versus a false positive, and it allows us to backtrack and figure out why it actually happened and how it got into the environment."
  • "Carbon Black needs to do a better job of proving their platform in the industry, and providing a bit more access to do industry testing with real world examples to help prove their platform."

What is our primary use case?

We are a partner in the managed security service provider (MSSP) space. We service hundreds of customers globally. We implement these solutions on behalf of our customers. 

With Carbon Black, we've been using them for about six years. We're an MSSP and channel partner with them, as well as an incident response partner. We were like the second incident response company registered with them (through that program) to start using the cb Defense platform. We also integrate it with SIEM. However, we're using it in a managed service capacity. We usually implement it, then manage the platform for our clients long-term. It's used for traditional antivirus, real-time threat protection and prevention, and it also provides us with the ability to do more in-depth investigations into endpoints. With the product, we can do a bit of threat hunting along with managed detection and response. The platform works quite well using it in this capacity.

With Symantec, we have been using it for about six years. We integrate it with our SIEM products. We have a lot of customers who actually run it, so we see it quite often. We collect a lot of data from Symantec and help with responding to anything that Symantec finds. We've had a chance to use the product quite a lot.

What is most valuable?

The biggest feature out of Carbon Black is its ability to dive in with more depth. You can look at the entire kill chain and understand, not only if an alarm or identified incident is truly a true security issue versus a false positive, and it allows us to backtrack and figure out why it actually happened and how it got into the environment. It also helps us determine what other things may have been impacted along with it, from an asset standpoint. It allows us to go into more depth than a more traditional antivirus, like Symantec.

Symantec is more of a traditional antivirus. A lot of it is signature-based. It works quite well for normal protection. It is pretty stable and consistent. It seems to work across the board. There are no real issues to speak of it, which is a definitely a positive thing. One of the more beneficial things is that it does include the active endpoint firewall with it, which allows your endpoints to have a bit more above the standard Windows firewall, then collect all the logs from that. This is a good feature from their firewall piece. Also, the logging out of Symantec is quite good, as you put a lot of great logs into a SIEM or any other log collector from the platform.

The difference between the two products is the level of visibility and depth that you get when investigating alarms or issues. You can go a bit deeper with Carbon Black. Symantec does have an additional add-on, which we have not seen since it is a relatively new component. They call it Advanced Threat Protection. It uses the same endpoint, but has a separate license with additional costs, which is meant to allow you to go a little deeper in terms of endpoint and incident investigations. However, it doesn't provide the interactive drill down, prevention, and response capabilities that you need to be able to isolate a system, delete files, or actively kill processes which have been helpful with Carbon Black.

What needs improvement?

Symantec needs more investigative features out-of-the-box. Though, they are using the Advanced Threat Protection add-on to correct some of this. It is also not quite as feature-rich as some of the more advanced MDR platforms out there.

Carbon Black needs to do a better job of proving their platform in the industry, and providing a bit more access to do industry testing with real world examples to help prove their platform. In additional, they have been actively porting over a lot of features from some of their other products, and they should continue to expand on that. Going forward, this will be extremely helpful.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

We've been quite happy with the stability of Carbon Black. 

Symantec has a much longer history of having a good, proven, stable platform. That is the big difference. 

I can't really speak to any particular issues that we've had with one versus the other. They both seem pretty good.

What do I think about the scalability of the solution?

The scalability is about the same between Carbon Black and Symantec. I don't know that we've actually tried to use them in an environment that was large enough to cause us any sort of issues, or even thought twice about scalability. Both of these products work quite well in extremely large environments.

One thing to consider with Carbon Black is you do have much more data. You can define many more policies that are more specific to groups. The management of that becomes more difficult as the environment gets larger. I don't think that necessarily is the case with Symantec. It might end up being a bit more time consuming to manage Carbon Black as it gets larger. In terms of these products' capabilities and the ability to support large environments all the way down to small ones, I don't think it matters.

How are customer service and technical support?

Carbon Black has a great community portal which has all sorts of documentation where you have the ability to ask questions and people answer it quite well. There is a lot of material there with access to content, which assists with the learning and troubleshooting.

Which solution did I use previously and why did I switch?

Because of the limitations that Symantec provided, and the fact that we were seeing data that was extremely helpful from the Symantec logs, yet it didn't provide us a way to investigate it further or respond to it. This led us down a path of looking for a platform like Carbon Black, which has allowed us to handle the data without having to add additional products. This opened our eyes to be able to see what's out there, but then we needed something to be able to actively fix it, as well.

How was the initial setup?

Symantec is a more traditional platform where you set it up and install it. If you're using a cloud platform, then you obtain access to the system. You need to define all the exceptions that you know need to be implemented based on the applications that you are running. Then, you deploy your endpoints, which should pull down the policies with the approved exceptions. Then, you work through any issues. 

With Carbon Black, you have to go through a longer period of monitoring what exists in the environments. We deploy the agents in a monitoring type only mode, which can exist alongside another antivirus product, like Symantec.

You could technically have Symantec installed in normal mode, then Carbon Black in monitoring mode right next to it. We let that run for a period of time to gather information about what is running in the environment actively to help identify the types of things that we'll have to build policies around. The policies can be pretty in-depth, so it can take quite a long time to actually build them, if you want to be extremely careful about not creating any false negatives in the environment. 

It can take quite a bit longer to implement Carbon Black properly. It takes one to two days to implement Symantec. Though, I don't know for certain, because we don't implement it. For Carbon Black, we typically look at three to eight days of active work over a period of a couple of months to get it implemented, working properly, and tuned up correctly.

What's my experience with pricing, setup cost, and licensing?

The licensing costs are comparable between the two products. If you're purchasing the product, they're both typically a traditional license model with an annual type fee or multiyear. The fees are the cost of the professional services to get the system up and running. It depends on the size of the environment. The size and complexity are what it really comes down to. It will be relatively consistent with whether it was MSSP versus a direct purchase.

Carbon Black might be a touch more expensive. They tend to get a premium for their capabilities. They're sort of an industry leader in a lot of areas with the functionality that they provide. 

Symantec gets a bit more aggressive with their pricing, and with their discounts as well. They do have a much larger customer base because they've been around so long.

As an MSSP, we do provide the entire platform on a monthly fee, which a lot of people do like, because that rolls the licensing and all of the management into the cost of the system on a per endpoint basis, paying for the initial costs to get up and running. Even if it's a three to five year implementation, it will be a fixed monthly cost, assuming the number of endpoints doesn't change. That's one good thing about the Carbon Black MSSP program that we have access to is that flexibility with the monthly billing. With very large implementations, this could be a significant difference in spend over three years versus having to do one extremely large capital purchase.

What other advice do I have?

Symantec aligns with a more traditional antivirus that a lot of people are just more familiar with. It has traditional signature sets, exceptions, and policies. When you're talking medium sized implementations, where it's several hundred or a couple thousand endpoints, it's pretty straightforward. 

The learning curve with Carbon Black is considerably more extensive. You have considerably more ability in the platform to do investigations and custom policies, as it can do more in-depth searches and queries about what's actually going on at an endpoint level, which you don't have with Symantec. You really have to understand exactly what you're trying to accomplish. The product itself works quite well. It's pretty intuitive, but there is so much more data and capabilities at your fingertips. It definitely takes more time to learn it.

If you are evaluating these products: Evaluate what your enterprise looks like and what your current security controls are. Understand what exists, what needs to be protected, and what other tools there are in the organization. This makes a big difference in the decision-making process. For example, Carbon Black is 100 percent cloud-based. There is no on-premise option. If you have requirements for systems that can't access the internet, whether it be classified environments or otherwise, it's more difficult to get as much value out of a system which is only cloud-based if you have air gaps. A more traditional on-premise solution might work better, like Symantec, in this scenario. However, if you have a largely mobile workforce with a lot of high risk employees who travel, having cloud-based works perfectly for that sort of environment, as you're getting data with the ability to access and respond to issues regardless of where systems are, as long as they're online.

However, if EDR tools already exist in an environment, you might not need a full in-depth product, like CarbonBlack, where a more traditional antivirus coupled with another EDR product might get you the capabilities that you need. Albeit, it would require multiple products to cover the environment. 

I would rate Carbon Black as a nine out of ten, because it provides industry leading features, which give us the ability to do the investigations that we need to. It just makes an enormous difference.

I would rate Symantec as a seven out of ten. It works quite well. It is feature-rich, stable, more traditional product.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
Sr. Security Analyst, Enterprise Architecture and Security at a tech services company with 5,001-10,000 employees
Real User
Fewer false positives but the UI interface needs improvement
Pros and Cons
  • "The data analysis is the most valuable because of the whitelist database. It is different than standard IDS solutions."
  • "The UI interface needs improvement. The management needs further work in future versions."

What is our primary use case?

We use this solution as an endpoint solution for protection.

How has it helped my organization?

It has improved our protection to have less false-positives. We have a greater ability to find malware notifications. It has improved between 30-35% more than prior to our use of the solution.

What is most valuable?

Data analysis is the most valuable feature because of the whitelist database. It is different than standard IDS solutions.

What needs improvement?

The UI interface needs improvement. The management needs further work in future versions.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

It is a stable product.

What do I think about the scalability of the solution?

We are not a very big company, so scalability is not very relevant to us.

How is customer service and technical support?

Our experience with tech support is very positive.

How was the initial setup?

We had experience with this product in our team prior to our setup, so it was simple for us. We had it up in a week. It may be less easy for non-technical people. 

What's my experience with pricing, setup cost, and licensing?

I am not really involved in the pricing of this product. From my understanding, the price is okay for us.

Which other solutions did I evaluate?

We did consider other products but we chose this solution.

What other advice do I have?

I would advise Carbon Black to work on the automation and make it a bit easier for the solution.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Andre B. - PeerSpot reviewer
Executive Business Analyst & Advisor at a financial services firm with 10,001+ employees
Real User
The most valuable Feature is the time-lining capability for any breach activity. It actually does some heuristics, and some behavioral analysis.
Pros and Cons
  • "It actually does some heuristics, and some behavioral analysis."
  • "The most valuable asset is the time-lining capability for any breach activity."
  • "This product has the capability of uploading scripts to the tool and this is a very comprehensive feature."
  • "The tech support communicates, but it's just not with movement."
  • "I would personally give the tech support a rating of seven out of ten."

What is our primary use case?

We use it for endpoint visibility and endpoint detection and response. It is our central mechanism for the cyber defense or endpoint detection, response and visibility.

How has it helped my organization?

We've integrated it with Splunk, with ThreatConnect, and a couple of others. It has a lot of modules for integration that has streamlined our ability to respond and decrease the amount of time for response, but also allowing us not to have to pivot to so many tools where we can actually work from more of a single pane of glass perspective.

What is most valuable?

I think something that is the most valuable is the time-lining capability for any breach activity. It gives us the ability for us to actively threat hunt. This is not something where it's a passive response tool where we watch things happen. In contrast, it actually does some heuristics, and some behavioral analysis, and we're able to do some prevention with it as well. I think that's really the strongest attribute, and it makes this a more aggressive tool than others.

What needs improvement?

In some areas one of the big issues for me is responsiveness to issues that arise with the solution. There are some components that leave a bit to be desired and/or that are bugs, or that even if it's a feature update request. These kinds of things are not the fastest company to respond to those. We did have a bug that was persistent for it's now going on two months and it hasn't been fixed. That is one of the drawbacks. This is really impacting what we need to do with it. But, the bigger issue is the organizational responsiveness to clients.

In addition, I think there should be a cloud gateway. It needs to move into a transitory space between our On-Premise and external where it does not have to be in two separate instances. It should marry the two. Also, it would be good to have them working in the containerization space, as well. To have a mechanism for securing cloud modules a bit better. This would be ideal. It would help encompass more of the broad range security so we do not have to couple this with other outside solutions.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

 It implements and integrates very well with other security tools, cybersecurity tools.

How is customer service and technical support?

The tech support communicates, but it's just not with movement. They are responsive, yet there is no quick motion often in regards to resolving the issue. I would personally give the tech support a rating of seven out of ten. 

How was the initial setup?

The setup really depends on a few crucial elements. It depends on where we are, what region, what country we're in, and what PIA rules they have in place. For the most part, it is a fairly straightforward setup. I will say in the initial setup, Carbon Black was very responsive. They were really good at providing the assistance and the support we needed to get it set up, but it was not an extremely hard task.

What was our ROI?

It has the ability for you to upload the scripts or anything you want to run anywhere. The capabilities of this tool are almost limitless. That is why Carbon Black is a leader. You can run whatever script you want by uploading it to the tool. This is a very, very comprehensive feature.

Which other solutions did I evaluate?

We also looked at Rsam and ESET. We've used a multitude. So yes, we have.

What other advice do I have?

  • Make ssure that your firewall ports open and really test communication back to their server. 
  • Make sure you don't have anything else that may be impeding it. 
  • If you are dealing with any PIA countries or GSA (also known as TAA) countries, make sure you're working through their work councils.
  • Make sure you look at a holistic perspective and have a plan in place on how to use this tool.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Senior Security Consultant at a manufacturing company with 10,001+ employees
Real User
It has a higher detection ratio because it's cloud-based and it also does a lookup to virus total.
Pros and Cons
  • "Carbon Black Defense has a higher detection ratio because it's cloud-based and it also does a lookup to virus total."
  • "It gives you all of the information in a short and sweet fashion."
  • "Adding an application and a device control feature would be a great help for this solution."
  • "Report generation can be improved."
  • "But here, we hardly can take any kind of a report out of Carbon Black, so I think that should be something that should be more user-friendly."

What is our primary use case?

It was basically for an EDR solution. We were apparently in the migration phase, to be frank. We were using McAfee VSE, and we wanted a media solution which would give us more insight in terms of the events that are happening with respect to Malware threats. So that's the reason why we went for the Carbon Black Defense.

How has it helped my organization?

It has improved the number of alerts or the number of threat events that we are able to recognize in our environment. And it also highlights the usage of potentially unwanted programs. So these are the ways in which that highlighted the possible vectors through which we can have an incident happening in our environment. That is one thing that we have seen. 

In addition, the detection ratio compared to that of a typical anti-virus and the EDR solution or the next gen AV as they call it, is on the ratio of one to ten when you compare it with a Symantec Endpoint Protection, McAfee AVR, or VirusScan Enterprise versus Carbon Black Defense.

What is most valuable?

Carbon Black Defense has a higher detection ratio because it's cloud-based and it also does a lookup to virus total, so it is out of like 65 vendors that are normally listed in virus total, if there are any kind of hits out of those, in that case, it is getting recognized as a known Malware or a suspected Malware. Under these categorizations, we are able to see a spike in the detection ratio. It is enlightening us with respect to what are the programs that are generally used in our environment and how they are compliant with our environment.

What needs improvement?

It is still evolving, as we see. We started using the version 3.0. We've been migrating and upgrading as well, laterally, until version 3.2. So, we have been seeing a lot of improvements in general in terms of bug fixes and in terms of what are the things that we had encountered.

I think they can probably bring in because there is a little bit of a gap between the native Antivirus solutions like Symantec or McAfee. So, you really can't say whether an end user will not be able to judge whether it's a Malware-free software that they are downloading or not. In those cases, if you have an application and a device control feature, I think it would be of great help.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

We had some issues with the stability. In regards to the driver file, and the CTI files, there were some issues.  In addition, there were a couple of issues with servers and the workstations. It was an intermittent issue, and not widespread. But it was basically because the current organization I'm working with, we created a lot of in-house applications. They don't go very much hand-in-hand with Carbon Black enabled. They have certain behaviors, like they inject code into themselves, which is a design that they have. Even the Microsoft authorized or licensed tools exhibit such kind of a behavior. And these behaviors are being identified as a malicious behavior. 

I think it would be better if they can have an application database, where if these kind of applications are performing this, you can bypass, or you can overlook them. Something like that would be helpful. Otherwise, we will have to manually bypass them or allow them logs, as per the policy configuration for these applications. It takes a little bit of an extra time in terms of developing a new tool in the in-house application, as concerned.

What do I think about the scalability of the solution?

I would say, not really. But we have a, how to say, our hands are tied down in terms of generating reports to understand or analyze the trend or anything of that sort. Because when you look at the EPO, you will be able to do certain trend analysis on the basis of the data that is already available in the database. But ,we can hardly take any kind of a report out of Carbon Black, so I think that should be something that should be more user-friendly. They are asking us to use API's, and not everybody is well-versed with API's or scripting.

They also do have a limitation on that, in terms of pulling out the raw data of events. The event generation is like a 1:10 ratio like I said. That detection is also on the same base. So if you have to pull out a report for an end-point count of, say, 35,000 to 40,000 endpoints, the events will be on the higher side. So, the limitation is set to 5,000, which is not realistic.

How are customer service and technical support?

Tech support with Carbon Black is a current point of contact in the tech support. So whatever it is we interact with a single point of contact. And more of a liaison where he can bring in people from the developer side, or the account manager, or the technical manager, or whatever it is. We can get them into loop. That's the kind of the support level that we have subscribed. We don't reach out to the normal tech support by call-dialing into a number. They are responsive. We have really not tried off-business hours out of US time zones. I think that causes a little bit of a challenge because we are not able to catch hold of the right person at the right time in case of any kind of outages or something like that.

The service response is pretty much satisfactory. But if you look into a 24-7 support, then you might have to wait in the morning. I'm located in India, so if we have to look into reaching out to a person in the US during the Indian business hours, in that case, it's night. So, we will not be able to reach our support person. So we might have to rely on calling someone during that time. But we normally don't do that. Until now, we have not got any kind of an issue where we really have to contact tech support during the off-business hours. Because we do have our US counterpart, so we work on that particular region timings so that we can involve Carbon Black support to get the maximum out of them.

Which solution did I use previously and why did I switch?

We did a comparison of products and analyzed how many of them are getting detected on a weekly basis. We also did a trend chart for a monthly threat review. Which basically was with McAfee VSE and Carbon Black. And we thought, that is the reason why  it was like one is to ten over a week or a monthly trend.

How was the initial setup?

I was part of the initial set up. We were doing a comparison with FireEye HX and other tools, as far as CrowdStrike ,Avira and Carbon Black. We chose Carbon Black, and I was part of the initial setup. And since we don't have an in-house setup, we have a cloud-based console, we don't have a dedicated server set up. It's much easier to implement with a cloud-base. So the resource requirement is much lesser in terms of the hardware is concerned.

I think it took somewhere around four to six weeks of time. We had the implementation done and then we were into the testing phase by doing UT testing and stuff like that, internally with a closed group. And then we moved on to selected groups and users who might be important in terms of revenue generation, and stuff internally, so we did that. And then we moved on to the global deployment. I think, over a period of time, I would say the initial implementation was done with a maximum of four to six weeks. And then, I think within six months of time, we actually had the complete deployment done.

It was pretty straightforward. The console was easy to understand because we have had complex consoles with EPO. This was a pretty straightforward console. And the user guide basically gave us the information about what we can do and what is available. Though it can still be more extravagant in terms of describing itself. But, it just gives you the right information in a short and sweet fashion.

What was our ROI?

They're still evolving. I think they should reach there in a couple of years, I would say. I'm not really sure what is their roadmap, so that is one thing that I can say. But that should be something that would come up as an add-on or something like that which can be purchased or which can be given as a free component as well. I'm really not sure, but I think they might think in these lines, to bring about a better security control with the Carbon Black AV, to be specific.

I think the only advice that I would like to give is you need to really test it on different platforms. That's the only advice I can give you, because if you have a versatile environment, such as ours, while we do create a lot of in-house applications, we need to have an extensive testing done so that we don't end up creating a roadblock for other teams who are into software development and software testing. And those kind of lines. That might create a lot of issues with Carbon Black. If you test it prior, then probably you would have a better idea as to what you're getting into. And implementing it would be even more easier in that case. I think we did the right thing in terms of that because we know our environment better. If you know your environment better, you would do the right thing.

What's my experience with pricing, setup cost, and licensing?

I just told you the price point that's one of the factors, basically because that is what the higher management gave us as an input. But, we didn't play a major role in terms of deciding. That was done by another person from the organization. So, that was just a communication that we received. So, that's how much I know about it.

Which other solutions did I evaluate?

We also had a review of FireEye HX as well, but we chose this in terms of the utility and also in terms of the cost involved. So that is the reason why we chose CB Defense. And, so, that's the reason why we are currently using CB Defense. We wanted to have an insight about Malware, the vectors for which they come into and what kind of a behavior they exhibit. So these are the things that we are basically looking to the Carbon Black Defense.

I think they can probably bring in because there is a little bit of a gap between the native Antivirus solutions like Symantec or McAfee. McAfee does have a separate product, the application control. And Symantec Endpoint has the application and device control as a built-in component in 11, 12, and I think in 14 it has the same. But the EDR solutions currently don't have that kind of a feature. So, if they can incorporate that, it would be a better security control and an antivirus, basically, because you do have instances where Malwares are getting into the network through an RFD or through a particular free software that users might download from the internet.

What other advice do I have?

In terms of the fixes from what the behavior was with the environment, it has been evolving. And the only thing that could be improved is enabling Carbon Black to be a part of the image so that when we are doing a image refresh, Carbon Black would be present by default. But in the current conditions, by definition, it needs to have an internet connection for you to install Carbon Black. Because it connects to the cloud as a first step after you start the installation. So, since we cannot have that kind of a set up for an image, we are not able to put it into an image, basically. So if there comes any kind of a version where it can be done, probably it might be more helpful in terms of a mass deployment.

They might have to create a little bit of better knowledge base articles which will give us an insight as to how this is working and what logs we can look into for analysis. The gap can be made much shorter in that aspect. The report generation and trend analysis or data analysis can be improved.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
System Analyst at a hospitality company with 1,001-5,000 employees
Real User
The software uses very few resources; it is almost invisible to the end user
Pros and Cons
  • "The software uses very few resources; it is almost invisible to the end user."
  • "Behavioral Monitoring stops known malicious events before they even begin."
  • "The directions for Splunk are spot on, but it is difficult to find anything on integration with AlienVault,"

What is our primary use case?

We include it as another layer of security for our endpoints/servers. The software is based off TTP (tactics, techniques, and procedures), and it complements our antivirus products. The software basically takes a snapshot of the system, then if anything happens which is out of the norm, the software alerts us. In some cases, it denies execution and will quarantine the endpoint from other systems.

How has it helped my organization?

During the company’s transition, we had a memory scraper infiltrate our network, and  with the help of Carbon Black, we isolated the outbreak to a few point of sale machines.. We saw a step-by-step account of how the software was introduced into the environment, the host it originated from, and the destination address it was connecting too. Carbon Black stopped the spread in its tracks.

What is most valuable?

  • The software uses very few resources; it is almost invisible to the end user. 
  • Behavioral Monitoring stops known malicious events before they even begin. 
  • The whitelist: Being a Casino, we have some odd software packages. Being able to whitelist them is a must.
  • The option to quarantine a device and use the cloud-based portal to gain a “shell” on the infected machine. With this, we can dump the entire system memory to a machine in our lab, then run analysis.

What needs improvement?

It works the way we want and how we want. 

For one improvement, an easier integration with an AlienVault USM appliance would be good. The directions for Splunk are spot on, but it is difficult to find anything on integration with AlienVault,

For how long have I used the solution?

Three to five years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Jayandra Wickramasinghe - PeerSpot reviewer
Jayandra WickramasingheSenior Systems engineer at SAT
Real User

it describe a good experience

See all 2 comments
Jayandra Wickramasinghe - PeerSpot reviewer
Senior Systems engineer at SAT
Real User
Identifies endpoint and infrastructure loopholes
Pros and Cons
  • "Carbon Black Cb Defense improved our endpoint level security. It helped to identify endpoint and infrastructure loopholes."
  • "Carbon Black Cb Defense has a nice component called Alert Triage. It contains full details of the process execution "kill chain" and "go live" for immediate remediation."
  • "It would be a better solution if Carbon Black Cb Defense had an on-promise solution and a virus auto delete or quarantine."

What is our primary use case?

This product would help any organization to increase its detection and prevention with event investigations and immediate response to data infiltration. 

How has it helped my organization?

Carbon Black Cb Defense improved our endpoint level security. It helped to identify endpoint and infrastructure loopholes.

What is most valuable?

Carbon Black Cb Defense has a nice component called Alert Triage. It has helped to detect threats across the data. It contains full details of the process execution "kill chain" and "go live" for immediate remediation.

What needs improvement?

It would be a better solution if Carbon Black Cb Defense had an on-promise solution and a virus auto delete or quarantine.

For how long have I used the solution?

One to three years.

What do I think about the scalability of the solution?

No scalability issues.

How was the initial setup?

The initial setup is straightforward. The configurations are a bit complex.  

What about the implementation team?

The vendor has a high level of expertise.

What's my experience with pricing, setup cost, and licensing?

The cost is a considerable factor, but the benefit factor is the most important. When you compare it with other products, the price is high. Carbon Black will negotiate the price.

Which other solutions did I evaluate?

We evaluated McAfee and Symantec.

What other advice do I have?

I have done a few PoCs and implementations with Carbon Black Cb Defense.

Disclosure: My company has a business relationship with this vendor other than being a customer: Our company has engaged with Carbon Black as an exclusive partner in Sri Lanka.
PeerSpot user
it_user835107 - PeerSpot reviewer
Incident Response Analyst at a security firm with 51-200 employees
Real User
​Provides visibility into the chain of attack and threats that use valid operating system processes to execute attacks
Pros and Cons
  • "​Provides visibility into the chain of attack and threats that use valid operating system processes to execute attacks.​"
  • "Needs improvement in the area of infrastructure for on-premise installation.​"

What is our primary use case?

The first case was in a financial institution with offices in several states which needed to increase the ability to detect and respond to threats.

How has it helped my organization?

Provides visibility into the chain of attack and threats that use valid operating system processes to execute attacks.

What is most valuable?

The go live, because it is possible to answer incidents while they are still occurring and minimize the effects.

What needs improvement?

Needs improvement in the area of infrastructure for on-premise installation.

For how long have I used the solution?

One to three years.

What do I think about the stability of the solution?

No issues.

What do I think about the scalability of the solution?

No issues.

How are customer service and technical support?

Technical support is high level.

Which solution did I use previously and why did I switch?

No previous solution was used.

How was the initial setup?

No problem with the initial setup because it is a cloud platform.

What's my experience with pricing, setup cost, and licensing?

The cost/benefit factor has great relevance in Cb Defense implementations.

Which other solutions did I evaluate?

We did not evaluate any other solution. We are partners of Carbon Black.

What other advice do I have?

It is a product which will bring enough information and effectiveness in the detection and response to advanced threats.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partners in Brazil.
PeerSpot user
Jayandra Wickramasinghe - PeerSpot reviewer
Jayandra WickramasingheSenior Systems engineer at SAT
Real User

Carbon Black Defenses is good product for replace the existing AV

Buyer's Guide
Download our free Carbon Black CB Defense Report and get advice and tips from experienced pros sharing their opinions.
Updated: November 2022
Buyer's Guide
Download our free Carbon Black CB Defense Report and get advice and tips from experienced pros sharing their opinions.