"The solution's integration capabilities are excellent. It's one of the best features."
"If somebody has been compromised, the question always is: How has it affected other devices in the network? Cisco AMP gives you a very neat view of that."
"The ability to detonate a particular problem in a sandbox environment and understand what the effects are, is helpful. We're trying, for example, to determine, when people send information in, if an attachment is legitimate or not. You just have to open it. If you can do that in a secure sandbox environment, that's an invaluable feature. What you would do otherwise would be very risky and tedious."
"The visibility and insight this solution gives you into threats is pretty granular. It has constant monitoring. You can get onto the device trajectory to look at a threat, but you can also see what happened prior to the threat. You can see what happened after the threat. You can see what other applications were incorporated into the execution of the threat. For example, you have the event, but you see that the event was launched by Google Chrome, which was launched by something else. Then, after the event, something else was launched by whatever the threat was. Therefore, it gives you great detail, a timeline, and continuity of events leading up to whatever the incident is, and then, after. This helps you understand and nail down what the threat is and how to fix it."
"One of the best features of AMP is its cloud feature. It doesn't matter where the device is in regards to whether it's inside or outside of your network environment, especially right now when everybody's remote and taken their laptops home. You don't have to be VPNed into the environment for AMP to work. AMP will work anywhere in the world, as long as it has an Internet connection. You get protection and reporting with it. No matter where the device is, AMP has still got coverage on it and is protecting it. You still have the ability to manage and remediate things. The cloud feature is the magic bullet. This is what makes the solution a valuable tool as far as I'm concerned."
"The threat Grid with the ability to observe the sandboxing, analyze, and perform investigations of different malicious files has been great."
"The solution makes it possible to see a threat once and block it everywhere across all endpoints and the entire security platform. It has the ability to block right down to the file and application level across all devices based on policies, such as, blacklisting and whitelisting of software and applications. This is good. Its strength is the ability to identify threats very quickly, then lock them and the network down and block the threats across the organization and all devices, which is what you want. You don't want to be spending time working out how to block something. You want to block something very quickly, letting that flow through to all the devices and avoiding the same scenario on different operating systems."
"It is extensive in terms of providing visibility and insights into threats. It allows for research into a threat, and you can chart your progress on how you're resolving it."
"The advanced direct control on offer is excellent."
"I have found Bitdefender GravityZone Ultra to be highly scalable."
"The Ultra is a valuable feature."
"Great protection against malware, ransomware, and any other forms of malicious software."
"The most valuable feature for me is the ability to whitelist, blacklist, and be very granular as to what I blocked, what apps I blocked, and what websites I block. I think that's probably the most valuable feature."
"The most valuable features are the solution's thorough detection and ease of use."
"We have had no issues with the support and consider it to be good, even when it comes to accredited resellers."
"What I have found to be valuable is after every new release of the solution there are more features. At the time that we bought Bitdefender GravityZone, it was their top solution. We went from their Enterprise version to Elite, Elite HD, Ultra, and now there is an Ultra Plus available."
"There's lots of very useful documentation online to help troubleshoot and learn about the product."
"The EDR and reports were helpful in improving our organization."
"Once the solution is installed and configured correctly it does not require a lot of hands-on attention until you need upgrading."
"It is a very complete platform."
"CB Defense is more powerful, and you can take more actions than others. Its security features and signatures are constantly updated, so it is more effective than other security solutions."
"I like its reporting."
"The initial setup is very easy."
"The solution is extremely scalable."
"The connector updates are very easily done now, and that's improving. Previously, the connector had an issue, where almost every time it needed to be updated, it required a machine reboot. This was always a bit of an inconvenience and a bug. Because with a lot of software now, you don't need to do that and shouldn't need to be rebooting all the time."
"We had a lot of noise at the beginning, and we had to turn it down based on exclusions, application whitelisting, and excluding unknown benign applications. Cisco should understand the need for continuous updates on the custom Cisco exclusions and the custom applications that come out-of-the-box with the AMP for Endpoints."
"I would recommend that the solution offer more availability in terms of the product portfolio and integration with third-party products."
"We don't have issues. We think that Cisco covers all of the security aspects on the market. They continue to innovate in the right way."
"I would like to see integration with Cisco Analytics."
"We have had some problems with updates not playing nice with our environment. This is important, because if there is a new version, we need to test it thoroughly before it goes into production. We cannot just say, "There's a new version. It's not going to give us any problems." With the complexity of the solution using multiple engines for multiple tasks, it can sometimes cause performance issues on our endpoints. Therefore, we need to test it before we deploy. That takes one to three days before we can be certain that the new version plays nice with our environment."
"The one challenge that I see is the use of multiple endpoint protection platforms. For instance, we have AMP, but we also have Microsoft Windows Defender, System Center Endpoint Protection, and Microsoft Malware Protection Engine deployed. So, we have a bunch of different things that do the same thing. What winds up happening is, e.g., if I get an alert for a potential incident or malware and want to pull the file, I'll go to fetch the file to analyze it. But, one of these other programs has already gotten it, so the file has already been quarantined by another endpoint protection system. AMP doesn't realize that and the file fetch fails, then you're left wondering what's going on."
"The room for improvement would be on event notifications. I have mine tuned fairly well. I do feel that if you subscribe to all the event notification types out-of-the-box, or don't really go through and take the time to filter out events, the notifications can become overwhelming with information. Sometimes, when you're overwhelmed with information, you just say, "I'm not going to look at anything because I'm receiving so much." I recommend the vendor come up with a white paper on the best practices for event notifications."
"Using this product requires quite a bit of training, which is hard to get."
"For many, the problems come mostly when they start tweaking or short-cutting - particularly for patch management."
"The software itself is solid. It would be better if it was more of a real-time solution, like SentinelOne. The one thing that holds me back on the SentinelOne side is that I can blacklist websites and stuff like that, but it's not as granular as Bitdefender. With Bitdefender, I feel like I have more control over what I can whitelist and blacklist."
"There is a need to work on the deployment, when it comes to deploying to Windows machines with regards to downloading the size of the package."
"While the solution is secure, it could have better integration."
"The installation is not straightforward and should be easier to do."
"The reporting is much too simple."
"The graphical user interface for EDR could be improved."
"The solution needs better overall compatibility with other products."
"Based on all the security roles and the release privilege, it could take time for an application to be whitelisted and approved for use."
"The solution needs expanded endpoint query tools."
"Its compatibility can be improved. It did crash a server during deployment, which is not something that I want to happen. Its deployment should also be easier. The whole deployment cycle needs to be simplified. It is an enterprise solution, and to set it up right now, you have to be an expert."
"In the next release, it would help if we can get better control over containers."
"The application control can be improved. It should also have an automatic update of the agents."
"This solution could have greater granular control on how certain applications work."
"At this point, we're test-bedding several other providers right now to see if there's anything that does equally or better and that comes at a better price point."
Advanced Malware Protection (AMP) is subscription-based, managed through a web-based management console, and deployed on a variety of platforms that protects endpoints, network, email and web Traffic. AMP key features include the following: Global threat intelligence to proactively defend against known and emerging threats, Advanced sandboxing that performs automated static and dynamic analysis of files against more than 700 behavioral indicators, Point-in-time malware detection and blocking in real time and Continuous analysis and retrospective security regardless of the file's disposition and Continuous analysis and retrospective security.
Bitdefender GravityZone's ENDPOINT SECURITY TOOLS intelligent security agent assesses the host machine at installation to self-configure to optimal form, and adapts its behavior according to endpoint accessibility. Security administrators allocate resources to security tasks through policies per groups of machines. They can set security tools to work on a local machine, or they can decide to rely more on Bitdefender Global Protective Network, or totally offload security to security servers.
CB Defense is an industry-leading next-generation antivirus (NGAV) and endpoint detection and response (EDR) solution. CB Defense is delivered through the CB Predictive Security Cloud, an endpoint protection platform that consolidates security in the cloud using a single agent, console and data set. CB Defense is certified to replace AV and designed to deliver the best endpoint security with the least amount of administrative effort. It protects against the full spectrum of modern cyber attacks, including the ability to detect and prevent both known and unknown attacks. CB Defense leverages the powerful capabilities of the CB Predictive Security Cloud, applying our unique streaming analytics to unfiltered endpoint data in order to predict, detect, prevent, respond to and remediate cyber threats. In addition, CB Defense provides a suite of response and remediation tools, including Live Response, which allows security personnel to perform remote live investigations, intervene with ongoing attacks and instantly remediate endpoint threats. For peace of mind, CB Defense customers can also leverage CB ThreatSight, Carbon Black’s managed threat alert service, to validate alerts and uncover new threats.
Bitdefender GravityZone Ultra is ranked 8th in Endpoint Detection and Response (EDR) with 16 reviews while Carbon Black CB Defense is ranked 7th in Endpoint Detection and Response (EDR) with 24 reviews. Bitdefender GravityZone Ultra is rated 8.6, while Carbon Black CB Defense is rated 7.8. The top reviewer of Bitdefender GravityZone Ultra writes "Great security with excellent standard policies and extremely stable". On the other hand, the top reviewer of Carbon Black CB Defense writes "Centralization via the cloud allows us to protect and control people working from home". Bitdefender GravityZone Ultra is most compared with SentinelOne, Sophos Intercept X, CrowdStrike Falcon, Microsoft Defender for Endpoint and Fortinet FortiEDR, whereas Carbon Black CB Defense is most compared with CrowdStrike Falcon, Microsoft Defender for Endpoint, SentinelOne, Carbon Black CB Response and Symantec End-User Endpoint Security. See our Bitdefender GravityZone Ultra vs. Carbon Black CB Defense report.
See our list of best Endpoint Detection and Response (EDR) vendors.
We monitor all Endpoint Detection and Response (EDR) reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. We validate each review for authenticity via cross-reference with LinkedIn, and personal follow-up with the reviewer when necessary.