2019-06-26T05:26:00Z
it_user434868 - PeerSpot reviewer
Senior Director of Delivery at a tech services company with 51-200 employees
  • 0
  • 2

What advice do you have for others considering Carbon Black CB Response?

If you were talking to someone whose organization is considering Carbon Black CB Response, what would you say?

How would you rate it and why? Any other tips or advice?

8
PeerSpot user
8 Answers
Nhut Vu - PeerSpot reviewer
Presales Project Manager at FPT
Real User
Top 5Leaderboard
2022-01-18T13:30:00Z
Jan 18, 2022

We are SI (system integrator), so we are not implementing for ourselves, but implementing for our customers. We are familiar with the Workspace ONE or Microsoft EMS which includes Intune and other products for EMS, e.g. Sophos Mobile or ManageEngine. Mostly what we are using is CB Response, because we have a product on Carbon Black CB Response. I'm rating Carbon Black CB Response a nine for the technical part, but for the pricing, it's a seven for me, so my overall rating is an eight out of ten.

Search for a product comparison
RS
Sales Engineer at eSentire, Inc.
MSP
2021-10-12T19:47:00Z
Oct 12, 2021

I rate Carbon Black CB Respons nine out of 10. I don't have much to say about it because endpoint detection and response tools are pretty much a commodity nowadays. There are so many good tools out there. What matters is the ability to manage those tools and utilize them in a threat-hunting mode.

MA
Senior Manager at a financial services firm with 1,001-5,000 employees
Real User
2020-02-13T07:50:54Z
Feb 13, 2020

I do not think I have a lot of advice for people who are considering implementing the product at this point because most of our experience with the product has been relatively straightforward. I would just suggest that you have your white list set up before deploying if you are using automatic quarantine. Otherwise, it can cause issues in your operating environment. This is especially important if you are a sensitive location like a bank. In that case, automatic quarantine could be a big issue. On a scale from one to ten where one is the worst and ten is the best, I would rate Carbon Black CB Response as between an eight or nine. For our use case, I would say it is an eight.

MA
Senior Software Developer Engineer at Diyar United Company
Reseller
2019-08-07T06:15:00Z
Aug 7, 2019

We are using both on-premises and cloud deployment models. I would rate the solution eight out of ten. Carbon Black is a very good product, but you still have to work on it from the perspective of MLA analyzing and installation. You have to fine-tune it to create a watch list and so on. These are the main things that they need to work on in order to improve the EDR services on their product.

Imad Taha - PeerSpot reviewer
Group CIO at a construction company with 10,001+ employees
Real User
2019-07-02T11:47:00Z
Jul 2, 2019

I recommend using Carbon Black, but get enough training before deploying. This is very important. On a scale from 1 to 10, I would rate this product an 8.5 overall.

MY
Senior Information Security Specialist at a tech services company with 1,001-5,000 employees
Real User
2019-07-01T07:59:00Z
Jul 1, 2019

I would rate this solution a nine out of ten.

Find out what your peers are saying about VMware, Dell Technologies, IBM and others in Security Incident Response. Updated: November 2022.
655,774 professionals have used our research since 2012.
it_user1009236 - PeerSpot reviewer
SOC Analyst at a tech services company with 201-500 employees
Real User
2019-07-01T07:59:00Z
Jul 1, 2019

On a scale from one to ten, I would rate Carbon Black CB Response at a nine. They should improve the dashboard and provide more helpful tools.

SD
Cyber Defense Consulunt at a security firm
Reseller
2019-06-26T05:26:00Z
Jun 26, 2019

I would recommend anyone to go ahead with Carbon Black if they are looking for an EDR solution. From my experience with selling, some people have a misunderstanding of what it is they are supposed to do. I would recommend going with it but be aware that you will be overwhelmed with the number of receipts which require somebody to begin to follow up and investigate each incident. This is not something bad, it's something good because of the way that security goes, you need to go through every incident to understand whether it is a false positive or true positive so they need to be reviewed. This is not an automated solution, it's something that somebody needs to take care of. I would rate this solution as a 9.5 out of 10. We know what we are doing. We know we bought Carbon Black for a reason so we are aware of everything and it's doing its job. We see that there is an area for enhancement, I think the product or business unit or product management, they need to look more into an area for enhancement which is just part of it. So that is why I didn't give it a ten. A 9.5 fair for them. Maybe other people would think to get it lowered but because they have a misunderstanding about what Carbon Black is about.

Related Questions
Miriam Tover - PeerSpot reviewer
Service Delivery Manager at PeerSpot (formerly IT Central Station)
Jan 18, 2022
Hi, We all know it's really hard to get good pricing and cost information. Please share what you can so you can help your peers.
See 1 answer
Nhut Vu - PeerSpot reviewer
Presales Project Manager at FPT
Jan 18, 2022
Pricing could be lower for this product.
Netanya Carmi - PeerSpot reviewer
Content Manager at PeerSpot (formerly IT Central Station)
Nov 1, 2021
Which would you choose?
See 2 answers
DM
Chief Information Security Officer at a construction company with 10,001+ employees
Oct 18, 2021
Neither, we have optimal results with Cynet.
Nov 1, 2021
Carbon Black offers two different levels of Endpoint Detection and Response. One is the VM Carbon Black Cloud Endpoint Standard (CB Defense), and the other is the Carbon Black Endpoint Detection and Response (EDR). We reviewed both and chose the CB Defense. CB Defense is a next-generation antivirus and endpoint security solution. It uses machine learning and behavioral analytics to monitor endpoint activity and discover malicious activity. Once CB Defense detects a threat, it efficiently blocks harmful apps. It not only prevents any known threats but also prevents suspicious applications from running. One of the advantages of CB Defense is that it protects multiple types of devices (desktops, laptops, and servers). It is a solution that works well for small and large organizations. We like the ease of use and visibility of the management portal. You can see the activity on all protected endpoints. Configuring policies is simple, too. The only downside of CB Defense is that you cannot scan individual files on the endpoint. Carbon Black Endpoint Detection and Response (EDR) is geared more to security operation center teams (SOC) with hybrid or on-premises environments. Unlike CB Defense, Carbon Black EDR stores endpoint activity data. This feature helps security analysts visualize the attack kill chain. Although focused on an on-premises environment, the platform uses the VMWare Carbon Black Cloud’s threat intelligence. CB Response enables security teams to investigate an endpoint for suspicious activity. An advantage is that you can perform different types of investigations. Other advantages include seeing the process tree view of the endpoint and isolating and pulling files from a host. We also liked that you can see a timeline of changes made to a system. The defensive abilities are not as advanced as CB Defense, though. Conclusion Both solutions protect endpoints with advanced features. CB Defense is more useful for organizations. CB EDR offers deeper investigation features so that it could be a better solution for SOCs.
Download Free Report
Download our free Security Incident Response Report and find out what your peers are saying about VMware, Dell Technologies, IBM, and more! Updated: November 2022.
DOWNLOAD NOW
655,774 professionals have used our research since 2012.