VMware Carbon Black Endpoint Reviews

I think you already asked me about my experience of working with VMware Carbon Black Endpoint.

VMware Carbon Black Endpoint does facilitate endpoint protection and incident response, and it is an EDR. The shared detection capabilities are what I find most effective in VMware Carbon Black Endpoint. VMware Carbon Black Endpoint's real-time response capability has benefited my organization.

I think VMware Carbon Black Endpoint should improve in every area, because currently the NetGen AV, even from Microsoft and even from CrowdStrike, is better than VMware Carbon Black Endpoint. Every area, including protection and other factors, is where competitors are better.

I think VMware Carbon Black Endpoint is slow for the stability rating.

I would say medium for the scalability of VMware Carbon Black Endpoint. The solution's scalability has had a medium impact on the IT environment.

I rate the technical support for VMware Carbon Black Endpoint as zero on a scale of one to ten.

If you add an operation, the initial setup of VMware Carbon Black Endpoint is not so difficult, but when compared to our other solutions, I think the other solution is easier. VMware Carbon Black Endpoint takes a few minutes for deployment.

My rating for the pricing of VMware Carbon Black Endpoint is that it is not cheap, but it is also not as inexpensive as I would prefer.

VMware Carbon Black Endpoint does not have easy integration, as there are many complexities with the Ribitava API, which is very deep. I rate this solution overall as a five or six on a scale from one to ten. I have integrated VMware Carbon Black Endpoint with other tools that are helpful. I think this solution should be targeted at small clients, because adoption will grow more with small businesses tomorrow.

VMware Carbon Black Endpoint contributes to threat prevention through prediction. 

The intelligent threat hunting capabilities have impacted my customers' cybersecurity efforts by giving them the edge to be prepared well in advance. Whenever this feature provides prediction, you know what action to take. You are aware of a possible attack and what kind of attack it may be, so you are much better prepared.

Regarding the real-time monitoring feature with VMware Carbon Black Endpoint, it is helpful in addressing unseen threats.

I find the behavior analysis feature beneficial.

I assess VMware Carbon Black Endpoint's machine learning capabilities in detecting unknown threats as fantastic. The behavior and analytics feature employs machine learning, and these are features which make the product and give that distinguishing, differentiating factor.

The intelligent threat hunting capabilities have impacted my customers' cybersecurity efforts by giving them the edge to be prepared well in advance. Whenever this feature provides prediction, you know what action to take. You are aware of a possible attack and what kind of attack it may be, so you are much better prepared.

From my perspective, I cannot find any drawbacks or downsides.

VMware Carbon Black Endpoint is a product we have a very strong relationship with, as we have worked with VMware for almost 22 years.

Regarding the technical support of Broadcom, they are responsive and helpful.

Negative

Approximately, we may spend a few hours on the deployment of VMware Carbon Black Endpoint. Since we are developers and partners who have helped build that product, we are intimately familiar with these products. If you build it, you know how to install it and deploy it very well.

For the overall rating of VMware Carbon Black Endpoint in general, I would put it around 7 to 7.5. I also know a lot about the SentinelOne product, which is one of their competitors, and I am a vendor for that as well. Because I am a vendor even to SentinelOne, my opinion may be thought to be biased, but according to Gartner and most other companies, if you look at their survey, SentinelOne is a top vendor in the market right now. CrowdStrike is the top one, though best is relative. Top one would be CrowdStrike, then comes SentinelOne, and I think VMware Carbon Black would be a distant third. Since I am a vendor and know this space well, the information I am giving is unfiltered.

In terms of deployment, it is straightforward for me and my team.

In terms of future updates, because we are co-partners, that would mean we are actually divulging information before the feature comes out in the market. It would not be right on my part to share that information.

My overall review rating for VMware Carbon Black Endpoint is 7.5.

In my company, we install VMware Carbon Black Endpoint at the workstations of end users to monitor events and verify logs to see if there is any malicious content running at an end user's workstation. The solution allows my company to track, find the logs, and do the verification based on a user's activities.

The most valuable feature of the solution stems from the support it provides. In my company, whenever we face any issues or downtime with the solution, there is no need to adhere to any timeline wherein we can only get support from the vendor within business hours since it provides support twenty-four hours and seven days a week.

In my company, we face issues sometimes when there is a need to write custom rules or we want to write for some rules that are different from the standard rules provided by the solution. A person needs to set up some rules for end-user machines, during which the person needs to be completely aware of the tool and the user interface. Without proper knowledge, a person can't write custom rules. In general, a person without proper knowledge cannot set up the rules in the UI. The challenge is that if I write one custom rule and put it on all users, then sometimes it may not work for some of the users, while it may work for others. Some developers may work with some files that are mandatory for them to run regularly, and if my team wants to block such files, then we can mention it in our custom file name, but that also blocks the file for the developers. If the files used by developers get blocked, then the developers can raise an issue and state that they need an exemption for those particular programs since they need to run them regularly.

Writing custom rules, stability, and pricing are areas of concern in the solution that need improvement.

I have been using VMware Carbon Black Endpoint for four years. VMware is the vendor from whom my company buys the software and gets the required licenses. My company uses the product to work with end users, consisting of my company's clients. In short, my company is a customer of VMware. My company operates like a managed service provider.

Sometimes, my company's customers have issues with the solution, and at other times, it is a good solution. Whenever a person tries to install any software, VMware Carbon Black Endpoint will interrupt and stop that installation process. If a person faces the aforementioned issue with the solution, then they can raise a ticket so that our company can investigate and provide a resolution.

I would say that it is a scalable solution considering a few cases, but for some cases, it may not look like a scalable solution. In general, It is a scalable solution.

My company's customers are mostly enterprise-sized businesses, and there are more than 50,000 users of the solution worldwide.

The solution's technical support is managed by another team in my company. I rate the technical support an eight out of ten.

Positive

I have experience with VMware Carbon Black App Control 8.6.2.

The installation part of the solution has no issues. In VMware, there is a custom package, so the solution is pushed to the ACM portal and software center, after which a person can go through the URL by Edge or Chrome or directly from the software center to install the product without any issues. The solution can be deployed in around 15 minutes.

The solution is deployed on an on-premises model.

My team, consisting of eight members, is involved in the deployment of the solution. My team also manages scenarios where there are some compatibility issues in the solution. The maintenance part of the solution is not hard. The maintenance part of the solution can be taken care of based on the knowledge of the person involved in the maintenance process, which becomes an easy task if a person learns about the UI and other details of the solution. When working with my company's customers and users, my team provides support in the form of troubleshooting for the issues they face.

VMware Carbon Black Endpoint is an expensive product.

There are other solutions like Symantec in the market.

The interface of the solution is good. VMware provides regular updates if there are any issues that crop up in the product.

For those who work in the software industry, since security is a huge responsibility, a person should not think about whether the tool is expensive or cheap. VMware Carbon Black Endpoint is a good tool that you can directly buy and use without any issues.

I rate the overall solution an eight out of ten.

VMware Carbon Black Endpoint is a log system for one of the clients, and that's the main source where we get logs for their endpoints.

VMware Carbon Black Endpoint is a highly stable solution.

Performing a malware scan usually takes a lot of time, more than 24 hours.

I have been using VMware Carbon Black Endpoint for two months.

I haven’t faced any issues with the solution’s stability.

I rate the solution ten out of ten for stability.

Around 500 users are using VMware Carbon Black Endpoint in our organization.

I rate the solution ten out of ten for scalability.

The solution's integration with our existing security infrastructure is good. Whenever we have any alert in VMware Carbon Black Endpoint, we can easily that alert in our SIEM tool and check logs from the SIEM tool itself. VMware Carbon Black Endpoint is just a secondary security tool for us, and we are just monitoring the alerts from it.

The solution's behavioral analytics feature helps in identifying suspicious activities pretty well. Whenever we have even a small thing, we get an alert. The solution is deployed on the cloud in our organization.

Performance-wise, the solution is doing great in terms of connecting to the host directly. Performing a malware scan usually takes a lot of time, more than 24 hours. A malware scan is something that we do only on Carbon Black for the old endpoint devices and servers. It used to take sometimes three days to perform. I would recommend the solution to other users.

Overall, I rate the solution an eight out of ten.

Our customers use the product for extended visibility and integrations with various solutions they have. They use it for consolidation and advancing their current measures. They also look to reduce costs. If a customer is a VMware client, they may go for Carbon Black to keep it all under one hat.

The tool is pretty stable.

The product must improve its integration. One of my clients wants to move away from Carbon Black because it doesn't integrate well with their SIEM service. They use Rapid7. Carbon Black has limited capability to integrate with Rapid7. It is something the solution must work on.

I have been selling the solution for 20 years.

I rate the stability a nine out of ten.

I rate the tool’s scalability a three out of ten. My clients have more than 500 users.

The initial setup was pretty easy. Overall, I rate the product a ten out of ten. Our customers have the solution deployed on-premise and on the cloud.

Carbon Black provides competitive pricing. I rate the pricing a five out of ten.

Our clients know what they want. Most customers are educated about the products they need. When they request a demo, I organize it with the vendor. I would never recommend the solution. It does the job, but I do not make any money. Overall, I rate the product a five out of ten.

I rate Carbon Black CB Defense an eight out of ten for the ease of its initial setup.

The maturity of the Kubernetes security is absent in Carbon Black CB Defense. The solution has to mature on container security and a lot of cloud environment security. Security is available only for Windows, while security for Linux and Mac is not very strong.

The deadlock issue causes me to put more effort into installing an upgrade.

The numerous issues with the environment of the product solution should be addressed. Work orders are taking more than two months to get resolved. There's been one issue open for two months, and the solution they gave is being implemented step by step. Still, it is not meeting the requirements and breaking the system. Hence, our business is completely disturbed.

I have been using this solution for more than one year. I'm using Carbon Black CB Defense Version 3.9.

There are a lot of issues with the solution's stability. I rate Carbon Black CB Defense a four out of ten for stability.

I rate Carbon Black CB Defense a six out of ten for scalability. Recently, an event was not loading because of some issue with the AWS site.

Our organization is completely deployed with Carbon Black CB Defense. Some machines are sometimes not supported by Carbon Black CB Defense. In such cases, we use some other tool.

The solution’s deployment took seven to eight months.

Carbon Black CB Defense's deployment on Windows is pretty okay, but its Linux deployment is not so great because there is a minimum requirement for the kernel header. Without the mandatory header, it will go to the bypass mode and not communicate.

We did evaluate CrowdStrike Falcon and Microsoft Sentinel. These two products are fantastic. A lot of acceptable and unacceptable risks are covered in CrowdStrike Falcon. With these two solutions, the business line continues without disruption, and there's less downtime.

Carbon Black CB Defense is not compatible with many machines. Many of the machines require a minimum prerequisite. However, CrowdStrike Falcon supports even legacy machines. Around 95% of the machines in our organization are covered by Carbon Black CB Defense. However, CrowdStrike Falcon could have covered around 98.9% of machines.

The reporting system is much better in CrowdStrike Falcon, and if you want to pull data, you can customize it as per your requirements. With Carbon Black CB Defense, whatever they offer, we have to get the data. Otherwise, we have to use the API. Even if you use the API, you can only find specific information.

The engineering team needs to understand in detail the behavior of the environment, and they have to give us the solution according to that. A lot of issues are currently going on with the solution. Multiple issues and uncontrollable things are causing us to work till midnight. A lot of issues are coming in, and teams are putting a lot of effort into addressing them. However, we are still not able to meet the customer's expectations.

Like most companies, we don't use SCCM for security reasons. Most companies use different patch tools, but we cannot use these things for pushing the sensor. The solution should make something so that we can centrally push the sensor and install it on all machines. Such a feature will reduce a lot of human efforts.

The solution is deployed both on Public Cloud and On-premises. I would recommend Carbon Black CB Defense to other users.

Overall, I rate Carbon Black CB Defense a seven out of ten.

Our primary use case for Carbon Black is endpoint security, similar to antivirus software.

The platform's alert system needs improvement in terms of its ability to manage alerts. At present, we have to manage them manually. It could be easier to use. Certain settings have limitations. For example, I cannot manually block some malware activities.

The platform is stable. We haven't encountered any issues.

Another company recently acquired VMware's technical support service. Since then, I haven't needed support. However, we need to log a ticket and wait for a response for any issues. This process could be concerning if something urgent arises. Fortunately, we haven't encountered any urgent issues so far.

The initial setup process is straightforward. Each deployment from my system to the end system takes less than ten minutes.

We implemented the software in-house. With the help of one engineer and additional deployment software, the maintenance and deployment process becomes manageable.

The product generates a return on investment by saving 10% of the cost compared to other vendors.

The product is quite reasonable.

The portal is easy to use and manage. It proves effective for endpoint security purposes. It has good threat-hunting capabilities, as I have not received any critical alerts. However, it is not integrated enough compared with other AI endpoint systems.

Before choosing Carbon Black, purchasing support for the first year is advisable. During this initial period, support may be necessary to manage alerts and understand how to use the system effectively.

I rate it a five out of ten.

Customers want solutions that provide endpoint detection and response. The traditional antivirus solutions and the market trend are changing. Customers are asking for the latest technologies. Carbon Black has very good market strategies. We do the marketing activities and promote the product to the customers.

Getting the right technical support is a challenge.

I have been using the solution for four years.

The support is poor.

Negative

I have worked with traditional antivirus solutions like Symantec, McAfee, Trend Micro, Kaspersky, Sophos, and F-Secure. Broadcom acquired Symantec, and Trellix acquired McAfee. The market is disturbed as other solutions are acquiring the traditional leaders. Getting support is becoming a challenge.

Carbon Black provides endpoint detection and response. CrowdStrike provides vulnerability assessment and application testing features. It gives additional threat prevention to the customer. So, I prefer CrowdStrike over Carbon Black. Carbon Black and CrowdStrike provide very good market strategies.

Customers have to understand the product and implement it. It takes time to understand the product. The implementation takes around 12 months.

The pricing is very high. There are no discounts, and there is minimal margin.

We conduct market and customer events for the solution. We help customers understand the product. Customers need monitoring software with a bundle of features, including DLP, signature lists, and sandboxing technologies. When these features can be merged within a single product, it will become a complete product. Overall, I rate the solution a two out of ten.

I implement the solution as an EDR tool for customers. 

The solution is cloud based which makes it easy to use for remote devices or work-at-home situations. 

The solution supports full trust or signature-based approvals. 

You can get very granular and band out policies or applications without having to do hash values. You can band through the entire environment by execution of the name or desk IDXE. This can be achieved on the policy side because of the signature, IOC, or naming convention itself. This is very effective for pushing more blockage or removing threats across the board. 

The solution has a very nice API on the back end for remoting into a system and executing scripts or utilizing self automation. This is useful for monitoring several different companies in a workspace or workbook-type format. For example, I report and send out mass emails from a clickable button in an Excel workbook. The APIs all exist for each client. I push out automatic endpoint monitoring and reports every single day at a particular time, with a simple clickable button that serves as a scheduled task for fifty clients. 

It would be nice to have additional forensic tools that you can build into the back end. Nothing extensive, but some additional capabilities for forensics or triage would be useful. 

There can be some hiccups with threat intel feeds based on a client's third-party agreements. 

I have been using the solution for a few years. 

I implement the solution for customers. 

I use and recommend various EDR solutions to clients. 

The solution is a top five choice when I recommend EDR solutions to clients. I rate the solution a nine out of ten. 

I use VMware Carbon Black Endpoint for its capabilities related to EDR and antivirus support. The tool offers protection to me with its advanced antivirus technology. The tool also protects me from threats.

My company does benefit from the use of the solution since it detects live threats, malware threats, possible ransomware attacks, and other such areas.

The most valuable feature of the solution stems from the fact that it is one of the best EDR tools in the market.

The product's reporting capabilities are an area of concern where improvements are required.

From an improvement perspective, the price of the product needs to be lowered.

I have been using VMware Carbon Black Endpoint for two years. I use the solution's latest version.

The performance and stability of the product is very good and simple. The tool is very fast to analyze issues. It is a very stable tool. Stability-wise, I rate the solution a ten out of ten.

It is a scalable solution. Scalability-wise, I rate the solution a ten out of ten.

Around 22 people in my organization use the solution.

My company does have plans to increase the use of the solution.

The solution's technical support was simple and good. The technical support team responds quickly to my queries.

The product's initial setup phase was easy.

The version of the tool that I use is a cloud-based one, so in our company, we needed to create the policies and then use the tool for the endpoints on the desktops.

The solution is deployed on the cloud.

The solution can be deployed in half a day.

I did seek the help of an integrator to help with the implementation process.

My company needs to make yearly payments towards the licensing costs attached to the product. The product is expensive. There are some additional costs apart from the standard licensing charges attached to the solution.

I recommend the product to those who plan to use it since it is a stable solution.

I rate the overall tool a ten out of ten.