VMware Carbon Black Endpoint Reviews

We're providing this product to our customers. The main intention of using this product is to detect small malware and for vulnerabilities and scanning detection in real-time.

The Intel fit was very extensive and comprehensive enough. The visualization tree product feature in this CB defense is quite good. These are the two more notable product features.

The pricing is excellent.

The solution is stable.

There's some disparity between the on-premise and the cloud type of application. We basically manage applications versus SaaS-based ones. We were hoping that some of the more advanced features that they offer in the SaaS actually could be similarly offered for the on-premise managed applications. We find that cloud-based solutions are particularly more advanced in product roadmaps compared to on-prem.

There should be more roles in support. There needs to be support for multi-tenancy, the likes of multiple names space. When you use that in a very large organization, you have many departments. It doesn't really provide grouping by department, et cetera. 

There's actually a lagging feature that we saw in the SaaS, yet not on the on-premise setup. It seems like the on-premise one was really, really meant for a single department setup rather than for multiple departments.

The solution doesn't allow for high availability configuration. That's also a negative impact relating to the product.

We have been using this solution for about two years.

Stability-wise, the product has been quite stable. There's no issue. The maintenance was quite straightforward, and if you don't really touch it, you won't have stability problems. 

Medium to large companies will be selecting Carbon Black solutions mainly due to the fact that they needed this to better the security posture checks in the environment, typically in the more regulated environment. Regulatory, regulated environments or companies that are more security-centric will go for this type of product.

While it can scale, it only supports non-HA. Scalability is quite limited. You can only scale vertically - not horizontally.

Technical support can be much improved. They're quite lagged in terms of their support and post-sales. In terms of the roadmap to sell, they tend to sell more towards endpoints and very large enterprises. For a server base, it would lose itself. That's not really their main focus at this point in time. Therefore, it's not as good there.

I'm also familiar with Trend Micro. Trend Micro is advancing the product, keeping it fairly up to date, and covering some aspects of the EDR over time and they're doing a lot of catching up. They actually have caught up. The technology now is quite fairly similar - it's just that the initial focus was in different areas, however, they are filling this gap. It's actually a very strong competitor. In terms of user, features-wise, et cetera, this solution is quite on par. Trend Micro is a security-focused company, so from an enterprise point, probably they are more focused than Carbon Black nowadays being bought over by VMware. Security is probably not their main area of focus at this point in time. 

The initial setup is a bit of a mix. It is simple in the sense the setup was quite straightforward, however, when it comes to configuring for other supports, like emails, notifications, Syslog, et cetera, this identity provider's power integration, which we did for our SML 2.0, is powered based, rather than supported directly through the GUI. That was not so user-friendly, or more complex in terms of configuration.

On a scale from one to five in terms of ease of setup, it'll be about three. It probably takes about half a day just to complete the configuration setup.

The maintenance so far has been quite fairly straightforward. We don't really have any issues with the maintenance. Obviously, I didn't want the downside of the product side, maybe one of the cons is that it doesn't really support HA high availability setup configuration. 

We have a contract, we have actually a BOT tender contract where our different customers from different departments actually purchase their licensing. Generally, the pricing is from a unique cost perspective. I wouldn't know exactly how much they buy typically, as they procure their licenses on their own. Typically, if you compared the pricing to Trend Micro, it's probably about half the cost.

We're not quite a partner. We are a systems integrator and reseller. 

We do not have the latest update. We integrate that into our Azure AD itself.

We have the solution deployed both on the cloud and on-premises. 

I'd recommend the solution based on the cost. It's really subjective to the organization's needs. If it's for a single, small department, it's fine. If it's for a large organization itself, some of it lacks. Enterprise capabilities are probably a hindrance for a large organization to take up such a product. The limitations of supporting multiple departments with different roles and users, for them to configure what they need, would be a problem. When you talk about alerts et cetera, and also certain tracks, different departments actually probably they have their own different needs, so they wanted something to be a little bit independent, where the configuration settings are unique to the department, rather than something that can only be common for all departments in the current setup.

I'd rate the solution six out of ten.

Carbon Black CB Defense is a sensor for ongoing monitoring. It was deployed and is being used in conjunction with a cloud product called Red Canary.

The feature I found most valuable in Carbon Black CB Defense is the ongoing monitoring, though I'm not sure if it's because of the solution, or if it's because of Red Canary. The ongoing monitoring feature works by emailing updates about any detections found.

Currently, it's hard to comment on areas for improvement, because I haven't used Carbon Black CB Defense long enough.

What was rolled out to my company are mixed versions of Carbon Black CB Defense, so what I'd like to see in the next release is more synchronization, where it can detect the endpoint that's running an old version and suggest updates. That's the only thing I can think of right now.

I've been using Carbon Black CB Defense since October of last year.

I haven't had any major degradation in the performance of Carbon Black CB Defense, so I find it stable. It's holding up very well.

I have no comment on the scalability of Carbon Black CB Defense at this point.

I haven't even had to reach out to the technical support team of Carbon Black CB Defense at this point, so no comment.

I did not use a different solution. This was the first time I used this type of solution.

In terms of initial setup, rolling out Carbon Black CB Defense was pretty straightforward. It wasn't that big of a deal.

The deployment of Carbon Black CB Defense was done in-house, and took two weeks total, because it was a hybrid deployment, which means that it was done on a one-on-one basis.

In terms of ROI from Carbon Black CB Defense, it's a little early to see it.

In terms of licensing costs, Carbon Black CB Defense was all associated with CROW and the services my company is using with them, so it came all-inclusive.

My company didn't evaluate other options, because Carbon Black CB Defense was suggested by CROW. My company just went with what they suggested.

I have experience with Carbon Black CB Defense. My company has already adopted a solution that uses Carbon Black CB Defense, particularly with a company called CROW.

Carbon Black CB Defense was deployed hybrid in terms of what my company does. The cloud provider used was CROW.

My company has 200 users of Carbon Black CB Defense. It's being used in the whole environment. Three people from IT are in charge of the maintenance and full deployment of the solution.

In terms of increasing usage, the solution is being used in the entire environment, and usage will be increased if there's growth in personnel.

At this junction, I'm rating Carbon Black CB Defense an eight.

Some of my client's use cases are typical endpoint protection, telemetry, and threat hunting. We are using all three of the most popular services that point back to the cloud central console.

Some of the valuable features I have found are the online documentation of the solution is well organized and thorough. I like the simplicity of bypass and the visualization of the active components. If I want to know which file is being utilized and what sub-files it is calling, the visualization given is very helpful.

I would like to see them continue to run some of the AI-type comparisons. I know everyone is really secretive about what they do and what they have engineered, but I think Cylance was a good market disruptor years ago with their approach. Now we see SentinelOne and everyone is approaching that piece of the puzzle similarly now. I just would like to see more of a comparison. We have done our own technical comparison but it is fairly expensive. All solutions have pros and cons, if more third-party organizations or teams could evaluate how each product works in pros and cons many people would benefit.

This solution could have greater granular control on how certain applications work. You are able to do the operation of allowing or disallow, or you can block unusual usage of an application, but they do not define it well. 

The PowerShell is being called in any way that the threat actor might use it versus an administrator. You are in a way taking this solutions' best guess at it or their understanding of it. They do not clearly tell you in technical terms how they make that determination. They should be more forthright about it, or if they can not tell us, they should just give us the control to make those selections. We are choosing it because at least we have that control where we do not have that same amount of control with other solutions like Cylance. However, they are still not telling us precisely what constitutes suspicious behavior, what actions, or what calls. It is a check box to say, lock if we have inappropriate use, or block if we have suspicious behavior. It would be helpful to tell us what that actually meant.

In the future, I would like to see more granular control of PowerShell and more administrative tools.

I have been using the solution for approximately six months.

The stability of the solution has been good. I like the fact that their call home is a single port, 443, a well-known port with a backup port, 54443. Their architecture, that way is easy for network admin to understand and open up and passing firewalls. In contrast with ATP, ATP has a lot of port requirements, It is much more complex and easy to misunderstand ATP communications until you really dig hard to see how does it work. This solution is much simpler that way. Additionally, performance-wise, user agents seem to hover around 1%-2%, it is fairly efficient and lightweight.

The scalability of the solution has been good. We implemented a couple of large POCs. We have some clients and colleagues that are running it at scale, with more than 5,000 endpoints with great success. We are pleased overall. Most of our clients are mid-cap or small enterprises.

I have found the solution support has been strong. 

I would rate the support of Carbon Black CB Defense a seven out of ten.

Companies need to work on the timeliness of support. Getting directed to a strong enough, experienced enough technical person sooner is important. That just is not the way support is currently built. Usually, they start at tier one and move up. I am sure there are a lot of customers that call in support with simpler questions that you do not want to tie up a tier-three person's time. However, I do not think my request for support to improve is not unique to this solution. 

We have a very knowledgeable technical team. When we call for support we are wanting to interact with tier two or tier three right away. It is frustrating to have to work through the tiers to get where we want to go.

We previously used Cylance and we are coming off of a direct comparison of the two. In the current version of this solution, they have a stronger AI version or component. The overall general quality of the breadth of the solution is better. To receive the same functionality in Cylance, we needed to add the CylanceOPTICS product and we have not had great success with it.

What I do not like about Cylance is it is very binary. You either allow AST to be a 56-bit hash or you do not. I think there is room for more granular control, which we now receive by using this solution.

Overall this solution is better than Cylance.

The initial setup has been straightforward. I think their user interfaces in mature and understandable, they did a good job in it. I would not say any end-point solution is simple, but I think it is more intuitive than many of them.

My advice to others is to take advantage of the POC and work with your POC rigorously. I think we have good responses on the POC as they get closer and closer to wanting to close. We were able to get stronger and stronger and more timely support. It is a good program and they are very fair about it. In any EDR, I would test them heavily and do not rely on marketing.

When applying an overall rating to this solution I do not think there are any tens in the marketplace. We very pleased and we evaluate this every year or two. In our POC, we had 200 samples including ones that were available but not as popular and we received a 100% efficacy. We were very pleased with the results.

I rate Carbon Black CB Defense an eight out of ten.

I use VMware Carbon Black Endpoint for its capabilities related to EDR and antivirus support. The tool offers protection to me with its advanced antivirus technology. The tool also protects me from threats.

My company does benefit from the use of the solution since it detects live threats, malware threats, possible ransomware attacks, and other such areas.

The most valuable feature of the solution stems from the fact that it is one of the best EDR tools in the market.

The product's reporting capabilities are an area of concern where improvements are required.

From an improvement perspective, the price of the product needs to be lowered.

I have been using VMware Carbon Black Endpoint for two years. I use the solution's latest version.

The performance and stability of the product is very good and simple. The tool is very fast to analyze issues. It is a very stable tool. Stability-wise, I rate the solution a ten out of ten.

It is a scalable solution. Scalability-wise, I rate the solution a ten out of ten.

Around 22 people in my organization use the solution.

My company does have plans to increase the use of the solution.

The solution's technical support was simple and good. The technical support team responds quickly to my queries.

The product's initial setup phase was easy.

The version of the tool that I use is a cloud-based one, so in our company, we needed to create the policies and then use the tool for the endpoints on the desktops.

The solution is deployed on the cloud.

The solution can be deployed in half a day.

I did seek the help of an integrator to help with the implementation process.

My company needs to make yearly payments towards the licensing costs attached to the product. The product is expensive. There are some additional costs apart from the standard licensing charges attached to the solution.

I recommend the product to those who plan to use it since it is a stable solution.

I rate the overall tool a ten out of ten.

We use VMware Carbon Black Endpoint to protect endpoints in our company.

The product enables device controls, helping us protect the devices and prevent data leakages.

The product’s most valuable feature is incident detection and response.

It is challenging to reach the product’s technical support team. This particular area needs improvement. The device control feature could also be compatible with the user’s profile as well.

We have been using VMware Carbon Black Endpoint for a year.

The product has good stability.

I rate the platform’s scalability an eight out of ten.

The initial setup process is simple.

VMware Carbon Black Endpoint generates a good return on investment regarding environment protection.

The product’s price is less expensive than other vendors.

I rate VMware Carbon Black Endpoint a seven out of ten. I recommend it to the companies with less budget. If there are no budget constraints, they can use other products like CrowdStrike Falcon or Cylance.

My company uses VMware Carbon Black Endpoint for generic endpoint activity detection. We also use it for some investigation using an osquery in our company. VMware Carbon Black Endpoint is useful for blocking some applications and vulnerability assessment of endpoints.

The most valuable feature of the solution is its EDR functionality. The osquery functionality of the product is also very good since it allows us to investigate special cases. Vulnerability management is another good feature of the product.

VMware Carbon Black Endpoint takes a step back when compared to other solutions in the market. Cortex XDR is a better solution compared to VMware Carbon Black Endpoint. In our company, we also wanted to have network detection, like a host-based IDS on VMware Carbon Black Endpoint, but we did not get it. The aforementioned reasons have forced our company to look for an upgrade or another solution altogether.

In the future, I would like to see VMware Carbon Black Endpoint offering a host-based intrusion detection system with a better incident response within the platform where you can raise an incident, assign it, and have some response functionality in it, like triaging the incident and other stuff.

I have been using VMware Carbon Black Endpoint for three years. I use the solution's cloud version, which is the latest version. I am a customer of the solution.

It is a stable solution.

Around ten to eleven people use the solution in our company.

In our company, we did not face many technical issues with the product. Over the span of the years we have been using the solution, there were only two not-so-difficult instances we encountered using the solution, but we were able to find the answers to resolve the issues. We did not face issues that needed the intervention of technical support.

I rate the technical support a seven out of ten.

Neutral

Previously, we were using a signature-based antivirus, Symantec Antivirus, in our company.

The initial setup of VMware Carbon Black Endpoint was easy.

The solution is deployed on a public cloud.

The deployment phase took about a month to get deployed to all the endpoints using the agent, but the most difficult part was tuning the policy, which took the most time based on the alarm policy and alert policy. I feel the aforementioned phases of deployment are a regular process.

I do not want to discuss the actual number of people involved in the deployment process, but I can say that the deployment was not done for a small company.

I was involved in the implementation phase of the solution.

Price-wise, VMware Carbon Black Endpoint is a highly-priced solution. Regarding the licensing cost of the solution, one needs to opt for an annual subscription.

One of the main advantages of Cortex XDR over VMware Carbon Black Endpoint is that Cortex XDR has an intrusion detection system. Cortex XDR has a host-based IDS, and such a feature doesn't exist in VMware Carbon Black Endpoint. Cortex XDR has VMware Carbon Black Endpoint's functions and much more than they need.

Palo Alto is a product that our company has considered during its current evaluation process.

I would say that VMware Carbon Black Endpoint is a very good solution for those planning to use it. If a person has certain cost constraints, then VMware Carbon Black Endpoint may not be the best solution since many cheaper or even open-source solutions can provide the same functionalities as VMware Carbon Black Endpoint. I feel that with a good budget, a better solution can be available in the market.

I rate the overall a seven and a half out of ten.

It has various use cases like firewalls and antivirus. It's been working great for us so far.

I found the offline scanning to be particularly useful. Compared to CrowdStrike, it had better IT capabilities and beautiful analytics. Overall, it was cost-effective too.

There is room for improvement in the support and service team. The response time could be faster. That's why I switched because the support was not as expected from a company like Carbon Black.

I have been working with this solution for three years. I am using the latest version. 

I would rate it a nine out of ten. It was very stable.

The scalability of the solution is good and affordable. I would rate the scalability a nine out of ten. There are over 300 users in our company using the solution. 

The customer service and support team took too long to respond to our queries, and the local reseller did his best, but it still wasn't fast enough or knowledgeable enough. It was just too slow in addressing our concerns. Unfortunately, the support service was not up to par.

The setup was nice, but the technical aspects of the product can be challenging. It's not easy and requires someone who really knows what they're doing. Two to three people are required for the maintenance of the solution. 

Generally, the deployment process takes one to two weeks but also depends on the user's training. It's a cloud-based solution, so once you identify the IP address and add it to the user name, it will be available in the software market. This is how most cloud-based solutions work, and it's not complicated.

Once the product is stable, it works well. That's why I renewed it for three years. However, we had a big incident where we did not receive the expected support.

We have seen ROI. 

We use a yearly subscription model. It is not cheap, but it is cheaper than CrowdStrike.

I would recommend having a strict SLA with the vendor for support. It's better to buy extra support for the unit.  Overall, I would rate the solution an eight out of ten.

Our primary use case is for protection and as an EDR solution. Moreover, it has all the same features as the other vendors, but what sets it apart is its very good coverage on the VMware side since it's a VMware product. 

When it comes to the pros of Carbon Black CB Defense, it produces a lot of events as per the MitraVax framework, which is good. It provides continuous monitoring and threat detection on endpoints and responds to security incidents. It uses machine learning and behavioral analytics to detect and respond to advanced threats.

The compatibility of Carbon Black CB Defense with operating systems is the only issue. Certain OS are not supported, resulting in an inability to install PDC. The deployment of sensors requires extensive fine-tuning, which should be a simple process. To streamline this process, they should create deployment packages with customized options based on policies and other factors. Creating these packages ourselves is time-consuming, which can impede our productivity. There is also a bypass issue that needs to be considered.

Improvements are needed to address the compatibility issues between operating systems and Carbon Black CB Defense. Sometimes, the sensor enters a block state for unknown reasons. To prevent this, it would be helpful if they added a feature to ensure that it does not cause any problems. Additionally, there are issues with collecting events from machines due to sensor problems. We are working with Gateway to connect to all PCI or DMZ environments, and it would be beneficial to have a simpler configuration at the architecture levels.

In reality, the deployment process is more complicated. We must add a script to customize the deployment process and deploy it on Mission C. Afterward, we install the sensor, which requires a company code, policy name, and other essential details. Furthermore, we are experiencing other issues, such as VMs pausing applications due to CBC. Troubleshooting these problems is time-consuming, and we usually must report the problem to the vendor, whose analysis can take an hour or longer. By that time, critical business functions may have already been impacted.

Container protection is still in the initial stage, where they have integration in the market, but there's a lot of room for improvement, and there are a lot of changes required.

I have been using this solution for more than a year.

In terms of stability, since it is hosted on the AWS side, which is Carbon Black Cloud, if something goes down, we may have to do a lot of patching and monitoring. However, we usually receive updates and educate the users on changes in the background. Proper training should be provided to the users so that they are prepared for any changes happening in the background from the AWS website.

Overall, I would rate the stability a seven out of ten because sometimes the communication breaks down, but they are working to resolve the issue, and many teams are involved. However, we don't have much visibility into their efforts, which need improvement. It should be crystal clear what is happening in the backend, and the administrators should communicate this clearly so that we can work accordingly and meet the requirements.

In terms of reliability, it is a good product. I would rate it an eight out of ten. 

Technical support is very good. They are very interactive. But the problem is the engineering team's workaround is very slow. We have raised a lot of feature requests, and they are still open for a year. But in terms of support, we are getting responses and everything. It's just that finding the correct solution to the issues is lacking time. There's room for improvement in terms of the engineering team's workaround. 

Neutral

The initial setup is a straightforward process. I would rate it a seven out of ten because there should be some customized policy. Moreover, we need a tool for pre-checks, for example, to check Windows operating system compatibility and internet connectivity to connect to the backend. Carbon Black CB Defenses should provide a pre-checklist for successful sensor installation. We are spending a lot of time finding out the exact cause of issues, whether it's a personal issue, an external issue, or something related. It would be helpful if they could provide tools to analyze those issues. They should give us the details, like, these are the things that are recommended to be checked before installing the console.

The deployment process for multiple machines is a bit challenging. We have seen a lot of CBC services or versions being released. For example, if we deploy it today, within two or three months by the time of completion of the application, the newer version might come out. It's very hard to adjust with time. We have to push the upgrade again within a short time. There are many challenges with the application; sometimes, it fails, and we don't know why it's failing due to a lock or backend issue.

Moreover, the number of people required during deployment also depends on the environment. Because each environment has a different configuration setup and process policy that we have to go through before we do the deployment activities. It's hard to tell the exact timeline, but it takes a lot of effort with different policies for each environment.

Hana has experience with NCL, but I have worked with other organizations using NCL and have experience with Carbon Black. Previously, I worked with CrowdStrike, Sentinel, and Windows Defender. These are leaders in the market, including a native product for Microsoft. When we talk about those solutions, they offer good support and features and compatibility with different machines, providing us with a comprehensive solution. For example, we have Linux, some Oracle Linux servers, and some EL product versions that are currently not supported by Carbon Black. However, CrowdStrike or other solutions still support all legacy OS. We chose a solution that covers 100% of the machines we have, whether it's Windows or Linux. In some places, CBC doesn't support all of our OS, but they should provide a solution for that as well.

If the solution can address all the problems we have raised, then I think it would be a good recommendation. In NCR, we have had a very good experience with Carbon Black. Moreover, in our company, Carbon Black offers excellent support. Workaround time and issues with version control have to be put in place. Even the version release sensor can cause frustration because by the time we reach one version, two or three versions might have been released. Sometimes they even remove some of the features. So, it is better to test the version first before using it for the rest of the measures.

Overall, I would rate it a seven out of ten.