VMware Carbon Black Endpoint Reviews

Customers want solutions that provide endpoint detection and response. The traditional antivirus solutions and the market trend are changing. Customers are asking for the latest technologies. Carbon Black has very good market strategies. We do the marketing activities and promote the product to the customers.

Getting the right technical support is a challenge.

I have been using the solution for four years.

The support is poor.

I have worked with traditional antivirus solutions like Symantec, McAfee, Trend Micro, Kaspersky, Sophos, and F-Secure. Broadcom acquired Symantec, and Trellix acquired McAfee. The market is disturbed as other solutions are acquiring the traditional leaders. Getting support is becoming a challenge.

Carbon Black provides endpoint detection and response. CrowdStrike provides vulnerability assessment and application testing features. It gives additional threat prevention to the customer. So, I prefer CrowdStrike over Carbon Black. Carbon Black and CrowdStrike provide very good market strategies.

Customers have to understand the product and implement it. It takes time to understand the product. The implementation takes around 12 months.

The pricing is very high. There are no discounts, and there is minimal margin.

We conduct market and customer events for the solution. We help customers understand the product. Customers need monitoring software with a bundle of features, including DLP, signature lists, and sandboxing technologies. When these features can be merged within a single product, it will become a complete product. Overall, I rate the solution a two out of ten.

I implement the solution as an EDR tool for customers. 

The solution is cloud based which makes it easy to use for remote devices or work-at-home situations. 

The solution supports full trust or signature-based approvals. 

You can get very granular and band out policies or applications without having to do hash values. You can band through the entire environment by execution of the name or desk IDXE. This can be achieved on the policy side because of the signature, IOC, or naming convention itself. This is very effective for pushing more blockage or removing threats across the board. 

The solution has a very nice API on the back end for remoting into a system and executing scripts or utilizing self automation. This is useful for monitoring several different companies in a workspace or workbook-type format. For example, I report and send out mass emails from a clickable button in an Excel workbook. The APIs all exist for each client. I push out automatic endpoint monitoring and reports every single day at a particular time, with a simple clickable button that serves as a scheduled task for fifty clients. 

It would be nice to have additional forensic tools that you can build into the back end. Nothing extensive, but some additional capabilities for forensics or triage would be useful. 

There can be some hiccups with threat intel feeds based on a client's third-party agreements. 

I have been using the solution for a few years. 

I implement the solution for customers. 

I use and recommend various EDR solutions to clients. 

The solution is a top five choice when I recommend EDR solutions to clients. I rate the solution a nine out of ten. 

We're providing this product to our customers. The main intention of using this product is to detect small malware and for vulnerabilities and scanning detection in real-time.

The Intel fit was very extensive and comprehensive enough. The visualization tree product feature in this CB defense is quite good. These are the two more notable product features.

The pricing is excellent.

The solution is stable.

There's some disparity between the on-premise and the cloud type of application. We basically manage applications versus SaaS-based ones. We were hoping that some of the more advanced features that they offer in the SaaS actually could be similarly offered for the on-premise managed applications. We find that cloud-based solutions are particularly more advanced in product roadmaps compared to on-prem.

There should be more roles in support. There needs to be support for multi-tenancy, the likes of multiple names space. When you use that in a very large organization, you have many departments. It doesn't really provide grouping by department, et cetera. 

There's actually a lagging feature that we saw in the SaaS, yet not on the on-premise setup. It seems like the on-premise one was really, really meant for a single department setup rather than for multiple departments.

The solution doesn't allow for high availability configuration. That's also a negative impact relating to the product.

We have been using this solution for about two years.

Stability-wise, the product has been quite stable. There's no issue. The maintenance was quite straightforward, and if you don't really touch it, you won't have stability problems. 

Medium to large companies will be selecting Carbon Black solutions mainly due to the fact that they needed this to better the security posture checks in the environment, typically in the more regulated environment. Regulatory, regulated environments or companies that are more security-centric will go for this type of product.

While it can scale, it only supports non-HA. Scalability is quite limited. You can only scale vertically - not horizontally.

Technical support can be much improved. They're quite lagged in terms of their support and post-sales. In terms of the roadmap to sell, they tend to sell more towards endpoints and very large enterprises. For a server base, it would lose itself. That's not really their main focus at this point in time. Therefore, it's not as good there.

Neutral

I'm also familiar with Trend Micro. Trend Micro is advancing the product, keeping it fairly up to date, and covering some aspects of the EDR over time and they're doing a lot of catching up. They actually have caught up. The technology now is quite fairly similar - it's just that the initial focus was in different areas, however, they are filling this gap. It's actually a very strong competitor. In terms of user, features-wise, et cetera, this solution is quite on par. Trend Micro is a security-focused company, so from an enterprise point, probably they are more focused than Carbon Black nowadays being bought over by VMware. Security is probably not their main area of focus at this point in time. 

The initial setup is a bit of a mix. It is simple in the sense the setup was quite straightforward, however, when it comes to configuring for other supports, like emails, notifications, Syslog, et cetera, this identity provider's power integration, which we did for our SML 2.0, is powered based, rather than supported directly through the GUI. That was not so user-friendly, or more complex in terms of configuration.

On a scale from one to five in terms of ease of setup, it'll be about three. It probably takes about half a day just to complete the configuration setup.

The maintenance so far has been quite fairly straightforward. We don't really have any issues with the maintenance. Obviously, I didn't want the downside of the product side, maybe one of the cons is that it doesn't really support HA high availability setup configuration. 

We have a contract, we have actually a BOT tender contract where our different customers from different departments actually purchase their licensing. Generally, the pricing is from a unique cost perspective. I wouldn't know exactly how much they buy typically, as they procure their licenses on their own. Typically, if you compared the pricing to Trend Micro, it's probably about half the cost.

We're not quite a partner. We are a systems integrator and reseller. 

We do not have the latest update. We integrate that into our Azure AD itself.

We have the solution deployed both on the cloud and on-premises. 

I'd recommend the solution based on the cost. It's really subjective to the organization's needs. If it's for a single, small department, it's fine. If it's for a large organization itself, some of it lacks. Enterprise capabilities are probably a hindrance for a large organization to take up such a product. The limitations of supporting multiple departments with different roles and users, for them to configure what they need, would be a problem. When you talk about alerts et cetera, and also certain tracks, different departments actually probably they have their own different needs, so they wanted something to be a little bit independent, where the configuration settings are unique to the department, rather than something that can only be common for all departments in the current setup.

I'd rate the solution six out of ten.

The solution has significantly improved our organization by providing fast detection and protection management. It enables us to conduct various queries and manage vulnerabilities effectively, ensuring our systems are protected against known threats.

The platform's capability to protect endpoints, conduct live analysis, and detect system communication with malicious domains was valuable. 

The product cannot perform an on-demand scan. They could add this particular feature. 

I have had experience using VMware Carbon Black Endpoint for about three years.

The support services required having a billable account, which presented some challenges.

Neutral

The ease of setup depends on the mobile device management (MDM) solution. Generally, it is straightforward to deploy, similar to Webex.

Security engineers, IT analysts, and system administrators conducted the deployment process. It was maintained by our managed security service provider (MSSP), Azure.

The platform is expensive. 

Carbon Black Endpoint is effective but very expensive. The behavioral EDR feature is effective for data analysis and aids in incident response by providing quick alerts to analysts. It significantly speeds up incident response times by alerting analysts immediately upon detecting potential issues. It integrates easily with our existing security infrastructure. 

I recommend it despite its high cost and some decline in quality post-acquisition. I rate it a seven out of ten.

I use VMware Carbon Black Endpoint for its capabilities related to EDR and antivirus support. The tool offers protection to me with its advanced antivirus technology. The tool also protects me from threats.

My company does benefit from the use of the solution since it detects live threats, malware threats, possible ransomware attacks, and other such areas.

The most valuable feature of the solution stems from the fact that it is one of the best EDR tools in the market.

The product's reporting capabilities are an area of concern where improvements are required.

From an improvement perspective, the price of the product needs to be lowered.

I have been using VMware Carbon Black Endpoint for two years. I use the solution's latest version.

The performance and stability of the product is very good and simple. The tool is very fast to analyze issues. It is a very stable tool. Stability-wise, I rate the solution a ten out of ten.

It is a scalable solution. Scalability-wise, I rate the solution a ten out of ten.

Around 22 people in my organization use the solution.

My company does have plans to increase the use of the solution.

The solution's technical support was simple and good. The technical support team responds quickly to my queries.

The product's initial setup phase was easy.

The version of the tool that I use is a cloud-based one, so in our company, we needed to create the policies and then use the tool for the endpoints on the desktops.

The solution is deployed on the cloud.

The solution can be deployed in half a day.

I did seek the help of an integrator to help with the implementation process.

My company needs to make yearly payments towards the licensing costs attached to the product. The product is expensive. There are some additional costs apart from the standard licensing charges attached to the solution.

I recommend the product to those who plan to use it since it is a stable solution.

I rate the overall tool a ten out of ten.

We use VMware Carbon Black Endpoint to protect endpoints in our company.

The product enables device controls, helping us protect the devices and prevent data leakages.

The product’s most valuable feature is incident detection and response.

It is challenging to reach the product’s technical support team. This particular area needs improvement. The device control feature could also be compatible with the user’s profile as well.

We have been using VMware Carbon Black Endpoint for a year.

The product has good stability.

I rate the platform’s scalability an eight out of ten.

The initial setup process is simple.

VMware Carbon Black Endpoint generates a good return on investment regarding environment protection.

The product’s price is less expensive than other vendors.

I rate VMware Carbon Black Endpoint a seven out of ten. I recommend it to the companies with less budget. If there are no budget constraints, they can use other products like CrowdStrike Falcon or Cylance.

My company uses VMware Carbon Black Endpoint for generic endpoint activity detection. We also use it for some investigation using an osquery in our company. VMware Carbon Black Endpoint is useful for blocking some applications and vulnerability assessment of endpoints.

The most valuable feature of the solution is its EDR functionality. The osquery functionality of the product is also very good since it allows us to investigate special cases. Vulnerability management is another good feature of the product.

VMware Carbon Black Endpoint takes a step back when compared to other solutions in the market. Cortex XDR is a better solution compared to VMware Carbon Black Endpoint. In our company, we also wanted to have network detection, like a host-based IDS on VMware Carbon Black Endpoint, but we did not get it. The aforementioned reasons have forced our company to look for an upgrade or another solution altogether.

In the future, I would like to see VMware Carbon Black Endpoint offering a host-based intrusion detection system with a better incident response within the platform where you can raise an incident, assign it, and have some response functionality in it, like triaging the incident and other stuff.

I have been using VMware Carbon Black Endpoint for three years. I use the solution's cloud version, which is the latest version. I am a customer of the solution.

It is a stable solution.

Around ten to eleven people use the solution in our company.

In our company, we did not face many technical issues with the product. Over the span of the years we have been using the solution, there were only two not-so-difficult instances we encountered using the solution, but we were able to find the answers to resolve the issues. We did not face issues that needed the intervention of technical support.

I rate the technical support a seven out of ten.

Neutral

Previously, we were using a signature-based antivirus, Symantec Antivirus, in our company.

The initial setup of VMware Carbon Black Endpoint was easy.

The solution is deployed on a public cloud.

The deployment phase took about a month to get deployed to all the endpoints using the agent, but the most difficult part was tuning the policy, which took the most time based on the alarm policy and alert policy. I feel the aforementioned phases of deployment are a regular process.

I do not want to discuss the actual number of people involved in the deployment process, but I can say that the deployment was not done for a small company.

I was involved in the implementation phase of the solution.

Price-wise, VMware Carbon Black Endpoint is a highly-priced solution. Regarding the licensing cost of the solution, one needs to opt for an annual subscription.

One of the main advantages of Cortex XDR over VMware Carbon Black Endpoint is that Cortex XDR has an intrusion detection system. Cortex XDR has a host-based IDS, and such a feature doesn't exist in VMware Carbon Black Endpoint. Cortex XDR has VMware Carbon Black Endpoint's functions and much more than they need.

Palo Alto is a product that our company has considered during its current evaluation process.

I would say that VMware Carbon Black Endpoint is a very good solution for those planning to use it. If a person has certain cost constraints, then VMware Carbon Black Endpoint may not be the best solution since many cheaper or even open-source solutions can provide the same functionalities as VMware Carbon Black Endpoint. I feel that with a good budget, a better solution can be available in the market.

I rate the overall a seven and a half out of ten.

We use Cyber Defense to protect our machines from all kinds of attacks. We use this solution to protect ourselves from advanced threat attacks as well as viruses and malware. We also do threat hunting with the help of CyberArk for defense solutions.

Carbon Black CB Defense has helped improve my organization by allowing us to have better data so that we can do correlation and get visibility into the alerts. Previously, we used a different solution for protecting the devices and we were not able to get enough data.

The Carbon Black CB Defense feature I found most valuable is that it gives us the ability to do log analysis as well as the current state of the environment and activity on the user machines.

I would say that the technical support team should be improved since it takes them a lot of time to provide us with support.

In the next release, I would like to see a host-based firewall.

I have been using this solution for more than a year.

I would rate the stability of this solution a seven, on a scale from one to 10, with one being the worst and 10 being the best.

I would rate the scalability of this solution an eight, on a scale from one to 10, with one being the worst and 10 being the best.

The initial setup process was easy. It takes about four or five months to set up the solution. The deployment was done with the help of ten teams and five to six people who had full involvement during the implementation.

To the people looking to use this solution, I'd say if you want to get better visibility into an environment and see user activity or suspicious activity, then

Carbon Black CB Defense  is the right solution for you.

Overall, I would rate this solution an eight, on a scale from one to 10, with one being the worst and 10 being the best.