We performed a comparison between Cybereason Deep Respond [EOL], VMware Carbon Black Cloud, and VMware Carbon Black Endpoint based on real PeerSpot user reviews.
Find out what your peers are saying about VMware, ServiceNow, IBM and others in Security Incident Response."We have 20,000 endpoints in our organization. It's very critical to monitor each and every device with any of our solutions. By deploying Cybereason, it collects all the information from every computer and it will feed it to the AI engine and do a malware check. It's very clear cut and we save a lot of time. It detects the problem very quickly and we can prevent an issue before it occurs."
"Carbon Black insures the probability that any ransomware will be stopped before spreading."
"VMware Carbon Black Cloud is a user-friendly solution that can isolate machines from the rest of the network."
"The most valuable feature is its ability to seek out abnormal activity and to create alerts."
"Probably the most valuable feature of CB Response is its ability to isolate a host and take it off the network, so it's not spreading anything. We have two security operations centers around the globe. When an SOC analyst sees something on an endpoint, they can use Carbon Black Response to isolate that host from the customer's environment and prevent any kind of lateral spread."
"It is nice when you're in a situation where you think someone's device is compromised and that there's some malware getting into your fleet."
"The market information they gather from the community is really good. Their configuration capabilities are good."
"The ability to isolate an endpoint with only the host name and a click of a button is a major time saver."
"The ability to quickly isolate a system from the network, while still being able to perform some forensics and mitigation work remotely, was of great value to us since we had many mobile and distributed systems."
"The triage feature that shows you the whole chain of the malware is useful."
"It actually does some heuristics, and some behavioral analysis."
"The tool is pretty stable."
"The new feature that we're deploying, the new offering from Carbon Black, is MDR, which stands for manage, detect, and response. It's the most valuable feature because Carbon Black will be continuously checking the logs, and they will be advising us on how to improve some of the policies as well as review the logs. If there are any nefarious agents or things happening on the end points, they will know."
"The best feature of this solution is that we have a live response, which is really tailored to our needs."
"The initial setup is very easy."
"VMware Carbon Black Endpoint is a highly stable solution."
"We have another piece of that infrastructure that does what they call threat emulation. It's like sandboxing where it takes files that it doesn't know about, puts them in a VM-type environment, and it kicks them off to see if there's any malware or tendencies that might look like malware, that kind of thing."
"It's all on the analysis part. They currently support from email only. If we have a problem with Cybereason like high memory utilization, for example, we send an email to their team and they respond when they see it, but there is no on-call support. They don't offer the ability to call them."
"The support team of Carbon Black CB Response needs improvement. At present, they need a lot of information. Then they give you an answer that they already gave you. You tell them it didn't work, and then they take a long time."
"One area for improvement is the maturity of its vulnerability features."
"The solution needs to simplify the process of adding custom watchlists, as well as embrace YARA for rule creation."
"The dashboard should be more user-friendly."
"We are subscribed to FS-ISAC threat indicator, but have been unsuccessful in adding it to our alliance feeds."
"It's not highly available, so you have to have a core server. If the primary server goes down, you need a new one. It's not available at the same time, however. It's not automatically swapped from one server to another."
"Setup is incredibly complex and poorly documented. Every time an upgrade was needed we would need to engage Professional Services for troubleshooting help. Certificates and web services proved to be the most significant sticking points. Since the product runs on a Linux platform, perhaps having staff with more Linux experience could have alleviated some difficulty."
"The threat intelligence feed could use some fine tweaking."
"Based on all the security roles and the release privilege, it could take time for an application to be whitelisted and approved for use."
"It could be a bit complicated. You have to be very familiar with Carbon Black to understand what it is doing and why it is doing. I would like to have more explanations and simplification in the user interface. It would be good to get help and see more explanations. It should tell us that a software is blocked and the reason for it. It would be good to be able to build chains in terms of what caused what, what worked, and what caused an issue. We are now moving from Carbon Black to Cortex XDR. While choosing antivirus software, we were also looking at Carbon Black because it also has an antivirus package, and it is next-generation, but we were told that Carbon Black doesn't support firewalls. We have Palo Alto firewalls. We would have chosen this solution if it supported firewalls, in particular next-generation firewalls, but unfortunately, it doesn't. Therefore, we decided on Cortex XDR because it integrates with Palo Alto firewalls."
"I would like to see improvements made so that we can better see all of the processes."
"It is difficult to extract reports for ongoing scans"
"Performing a malware scan usually takes a lot of time, more than 24 hours."
"What was rolled out to my company are mixed versions of Carbon Black CB Defense, so what I'd like to see in the next release is more synchronization, where it can detect the endpoint that's running an old version and suggest updates."
"Occasionally, we'll have issues with the latest version and they'll basically tell us that they will improve it in the next iteration. They need to work on their version release quality."
"When you view the triage, it will show you everything within a given time frame, and not only the attack that caused the alert, which is what I want to see. It shows you all the events during that time, and that can be quite confusing."
Earn 20 points
