We performed a comparison between IBM Resilient, VMware Carbon Black Cloud, and VMware Carbon Black Endpoint based on real PeerSpot user reviews.
Find out what your peers are saying about VMware, ServiceNow, IBM and others in Security Incident Response."The product is very good at incident response."
"It's really simple and has a flexible interface."
"The most valuable features of IBM Resilient are its flexibility and customization options for incident response."
"The solution is simple to use and to integrate with IBM QRadar."
"As a whole, the product is stable...Technical support is very good."
"The solution is very easy to use."
"The initial setup of IBM Resilient is not that complex since my company already has a support license that we use internally. In general, the product's deployment phase is not that complex."
"The UBA, User Behavior Analytics, is very good."
"The market information they gather from the community is really good. Their configuration capabilities are good."
"They're highly stable in comparison with other solutions I have."
"The most valuable feature of VMware Carbon Black Cloud is the possibility of securing any PC worldwide."
"The ability to quickly isolate a system from the network, while still being able to perform some forensics and mitigation work remotely, was of great value to us since we had many mobile and distributed systems."
"For setup, the server can be given to you as a VM image and with minimal configuration needed."
"The detection response and quarantining are very good features."
"The solution does very well as a baseline EDR and provides good process-level management."
"Integration and scalability are the most valuable."
"Behavioral Monitoring stops known malicious events before they even begin."
"The visibility provided has been great."
"Carbon Black Cb Defense improved our endpoint level security. It helped to identify endpoint and infrastructure loopholes."
"The software uses very few resources; it is almost invisible to the end user."
"This product has the capability of uploading scripts to the tool and this is a very comprehensive feature."
"You can deploy it through the cloud so that even if your stuff is outside of your controlled environment, you are still under control, based on the policies you create. The policies are controlled through the cloud. For example, if I don't allow anyone to do a certain activity or to install a particular app, and a consultant or a partner who is not part of our environment is doing so, it will stop them as well."
"It is a scalable solution...The initial setup was straightforward."
"Provides visibility into the chain of attack and threats that use valid operating system processes to execute attacks."
"Integrating IBM Resilient with other applications can be very difficult and technically challenging. Often, they use the excuse that you are using the latest version of an application, such as an endpoint security system, and they don't have an API or support for it at the moment. There is no automation in the SOAR solution."
"One thing to improve is how it handles data formats, which currently might require scripting for conversion to CSV before uploading."
"The implementation could be a bit simpler."
"The initial setup is complex."
"The integration could be improved so that it is easy to integrate with other solutions."
"This product could be improved with better customization. This product isn't the best on the market like QRadar, but it's actually a good solution. However, some competitors' solutions contain more integration, support, automation, or flexibility."
"IBM Resilient could integrate better with my tools."
"IBM Resilient is quite complex, including its configuration."
"It's not simple."
"Additionally, it is complex to use, and the pricing should be improved."
"The threat intelligence feed could use some fine tweaking."
"The product detects too many false positives initially and it could integrate better with other security solutions."
"The support team of Carbon Black CB Response needs improvement. At present, they need a lot of information. Then they give you an answer that they already gave you. You tell them it didn't work, and then they take a long time."
"The solution's support could be improved."
"The biggest issue I encountered was one where old logs were not being overwritten as expected so the system drive kept filling up from time to time. However, support was usually quite responsive and happy to jump on a remote session to take a look at it for us. That log bug has probably been resolved with an update by now."
"One area for improvement is the maturity of its vulnerability features."
"Performing a malware scan usually takes a lot of time, more than 24 hours."
"When you view the triage, it will show you everything within a given time frame, and not only the attack that caused the alert, which is what I want to see. It shows you all the events during that time, and that can be quite confusing."
"It would be nice to have additional forensic tools that you can build into the back end."
"The tech support communicates, but it's just not with movement."
"The product's stability could be improved."
"Carbon Black has limited capability to integrate with Rapid7."
"It could be a bit complicated. You have to be very familiar with Carbon Black to understand what it is doing and why it is doing. I would like to have more explanations and simplification in the user interface. It would be good to get help and see more explanations. It should tell us that a software is blocked and the reason for it. It would be good to be able to build chains in terms of what caused what, what worked, and what caused an issue. We are now moving from Carbon Black to Cortex XDR. While choosing antivirus software, we were also looking at Carbon Black because it also has an antivirus package, and it is next-generation, but we were told that Carbon Black doesn't support firewalls. We have Palo Alto firewalls. We would have chosen this solution if it supported firewalls, in particular next-generation firewalls, but unfortunately, it doesn't. Therefore, we decided on Cortex XDR because it integrates with Palo Alto firewalls."
"The EDR portion could be better. I'm not a big fan, but it works."
