We changed our name from IT Central Station: Here's why

Carbon Black CB Response OverviewUNIXBusinessApplication

Carbon Black CB Response is #4 ranked solution in top Security Incident Response tools. PeerSpot users give Carbon Black CB Response an average rating of 8 out of 10. Carbon Black CB Response is most commonly compared to Carbon Black CB Defense: Carbon Black CB Response vs Carbon Black CB Defense. The top industry researching this solution are professionals from a computer software company, accounting for 38% of all views.
What is Carbon Black CB Response?

CB Response is an industry-leading incident response and threat hunting solution designed
for security operations center (SOC) teams. CB Response continuously records and stores
unfiltered endpoint data, so that security professionals can hunt threats in real time and
visualize the complete attack kill chain. It leverages the CB Predictive Security Cloud’s
aggregated threat intelligence, which is applied to the endpoint activity system of record for
evidence and detection of these identified threats and patterns of behavior.

Buyer's Guide

Download the Security Incident Response Buyer's Guide including reviews and more. Updated: January 2022

Carbon Black CB Response Customers



Carbon Black CB Response Video

Carbon Black CB Response Reviews

Filter by:
Filter Reviews
Filter Unavailable
Company Size
Filter Unavailable
Job Level
Filter Unavailable
Filter Unavailable
Filter Unavailable
Order by:
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Showingreviews based on the current filters. Reset all filters
Senior Manager at a financial services firm with 1,001-5,000 employees
Real User
Top 20
Malicious activity detection response and automatic quarantining for endpoint security of your environment
Pros and Cons
  • "The detection response and quarantining are very good features."
  • "The product detects too many false positives initially and it could integrate better with other security solutions."

What is our primary use case?

We use Carbon Black for detection and response. So we receive alerts from Carbon Black if it detects any malicious activity. We also use it to quarantine any devices that we may need to isolate due to the security risk that it presents.  

What is most valuable?

What we mainly find valuable in the product is exactly what our use case is. We use Carbon Black for the intrusion alerts and quarantine. Those would be our favorite features.  

What needs improvement?

If Carbon Black could improve in the area or reducing the number of false positives or if there was a better way to filter out false positives that would enhance efficiency and utility. But in general, I think we are happy with the performance of Carbon Black.  

It would be nice to be able to consolidate all of our tools. We have Imperva for database monitoring, we have Red Cloak, we have Carbon Black, and we have Trend Micro. So when you end up installing multiple different tools that do various different things and they each come with their own agents that need to be on all the endpoints, it takes a toll on the utilization. One of the issues that we tend to encounter — especially when we have all these tools on all the endpoints — the number of agents can affect the performance of desktops and servers. So we get those issues from time to time because there are many agents on the endpoints. So it might be nice to either have a lighter-weight agent or an agent that encompasses multiple functions and different purposes for better integration so we do not have to install various tools.  

For how long have I used the solution?

I have been using the product since March 2019, so for almost a year now.  

What do I think about the stability of the solution?

It was a little bit unstable at the beginning, but that was probably because we were getting a lot of false positives. The false positives were probably because of baselining. Baselining takes a little bit of time. Once it was baselined, things got better and we have not really encountered many issues over the last couple of months. So it stabilized maybe two to three months in.  

What do I think about the scalability of the solution?

Once we had the SCCM set up properly, we were able to scale up easily. With the policies set up and images corrected, it became relatively easy for us to scale.  

How are customer service and technical support?

I personally have not been in contact with the Carbon Black technical support team. Our information security team has worked more closely with them. I would not be able to provide feedback on their support first hand, but I have also not heard anything negative.  

Which solution did I use previously and why did I switch?

Security-wise, we are using a few different security tools for different purposes. We use Red Cloak which we deployed at the same time as Carbon Black. We tested and are using Trend Micro Tripwire and we are using Imperva as well. Red Cloak is very similar to Carbon Black.  

How was the initial setup?

Deployment was a little bit difficult, but that was mainly because of the way our infrastructure was set up at the time we went to set up Carbon Black about a year ago. We did not have a tool that was mapped to all of our IP assets that we could deploy Carbon Black to automatically. That would have greatly simplified the setup. That is mainly the reason it took some additional time. It was not necessarily an issue with Carbon Black, it was a problem with the setup of our own environment. Sometimes we did have other issues with the agent communicating with Carbon Black when the agent was deployed. We had to uninstall the agents and then reinstall them or we would have to essentially troubleshoot what the reason for the lapse in communication was.  

What about the implementation team?

We were able to deploy it by ourselves without the help of an integrator or some specialist. We eventually did the deployment using SCCM (System Center Configuration Manager). Originally, we began by trying to deploy it manually and that is probably why it took so long. Once we had the SCCM agents deployed on all of our endpoints, then it was a lot easier for us to deploy Carbon Black in bulk.  

What other advice do I have?

I do not think I have a lot of advice for people who are considering implementing the product at this point because most of our experience with the product has been relatively straightforward. I would just suggest that you have your white list set up before deploying if you are using automatic quarantine. Otherwise, it can cause issues in your operating environment. This is especially important if you are a sensitive location like a bank. In that case, automatic quarantine could be a big issue.  

On a scale from one to ten where one is the worst and ten is the best, I would rate Carbon Black CB Response as between an eight or nine. For our use case, I would say it is an eight.  

Which deployment model are you using for this solution?

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Sales Engineer at a computer software company with 201-500 employees
Can isolate a host and take it off the network so it's not spreading anything
Pros and Cons
  • "Probably the most valuable feature of CB Response is its ability to isolate a host and take it off the network, so it's not spreading anything. We have two security operations centers around the globe. When an SOC analyst sees something on an endpoint, they can use Carbon Black Response to isolate that host from the customer's environment and prevent any kind of lateral spread."
  • "There have been some performance issues when deploying on Windows Server, but I believe Carbon Black is working on that."

What is our primary use case?

My clients are in a range of verticals, so we have clients in healthcare, education, manufacturing, etc. We provide solutions to anybody who's insightful enough and forethinking enough to understand that cybersecurity is not like insurance. So my use cases are all across the board. But, essentially, my customer base boils down to anyone who doesn't want to get owned by a ransomware attack. My company chooses the best-in-breed technology for tools, then adds cybersecurity management services on top of that.

What is most valuable?

Probably the most valuable feature of CB Response is its ability to isolate a host and take it off the network, so it's not spreading anything. We have two security operations centers around the globe. When an SOC analyst sees something on an endpoint, they can use Carbon Black Response to isolate that host from the customer's environment and prevent any kind of lateral spread. 

For how long have I used the solution?

I've been using CB Respons for about two and a half years. 

What do I think about the stability of the solution?

Overall, it has been absolutely stable. However, there have been some performance issues when deploying on Windows Server, but I believe Carbon Black is working on that.

How was the initial setup?

I'm in sales, but I've watched people deploy the software. It looks pretty straightforward, just a quick installer. Most of my customers have one or two folks who ensure that it's deployed correctly in their environment.

What other advice do I have?

I rate Carbon Black CB Respons nine out of 10. I don't have much to say about it because endpoint detection and response tools are pretty much a commodity nowadays. There are so many good tools out there. What matters is the ability to manage those tools and utilize them in a threat-hunting mode.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner
Flag as inappropriate
Product Categories
Security Incident Response
Buyer's Guide
Download our free Security Incident Response Report and find out what your peers are saying about VMware, Dell EMC, IBM, and more!