VMware Carbon Black Endpoint Reviews

Our primary use case is for protection and as an EDR solution. Moreover, it has all the same features as the other vendors, but what sets it apart is its very good coverage on the VMware side since it's a VMware product. 

When it comes to the pros of Carbon Black CB Defense, it produces a lot of events as per the MitraVax framework, which is good. It provides continuous monitoring and threat detection on endpoints and responds to security incidents. It uses machine learning and behavioral analytics to detect and respond to advanced threats.

The compatibility of Carbon Black CB Defense with operating systems is the only issue. Certain OS are not supported, resulting in an inability to install PDC. The deployment of sensors requires extensive fine-tuning, which should be a simple process. To streamline this process, they should create deployment packages with customized options based on policies and other factors. Creating these packages ourselves is time-consuming, which can impede our productivity. There is also a bypass issue that needs to be considered.

Improvements are needed to address the compatibility issues between operating systems and Carbon Black CB Defense. Sometimes, the sensor enters a block state for unknown reasons. To prevent this, it would be helpful if they added a feature to ensure that it does not cause any problems. Additionally, there are issues with collecting events from machines due to sensor problems. We are working with Gateway to connect to all PCI or DMZ environments, and it would be beneficial to have a simpler configuration at the architecture levels.

In reality, the deployment process is more complicated. We must add a script to customize the deployment process and deploy it on Mission C. Afterward, we install the sensor, which requires a company code, policy name, and other essential details. Furthermore, we are experiencing other issues, such as VMs pausing applications due to CBC. Troubleshooting these problems is time-consuming, and we usually must report the problem to the vendor, whose analysis can take an hour or longer. By that time, critical business functions may have already been impacted.

Container protection is still in the initial stage, where they have integration in the market, but there's a lot of room for improvement, and there are a lot of changes required.

I have been using this solution for more than a year.

In terms of stability, since it is hosted on the AWS side, which is Carbon Black Cloud, if something goes down, we may have to do a lot of patching and monitoring. However, we usually receive updates and educate the users on changes in the background. Proper training should be provided to the users so that they are prepared for any changes happening in the background from the AWS website.

Overall, I would rate the stability a seven out of ten because sometimes the communication breaks down, but they are working to resolve the issue, and many teams are involved. However, we don't have much visibility into their efforts, which need improvement. It should be crystal clear what is happening in the backend, and the administrators should communicate this clearly so that we can work accordingly and meet the requirements.

In terms of reliability, it is a good product. I would rate it an eight out of ten. 

Technical support is very good. They are very interactive. But the problem is the engineering team's workaround is very slow. We have raised a lot of feature requests, and they are still open for a year. But in terms of support, we are getting responses and everything. It's just that finding the correct solution to the issues is lacking time. There's room for improvement in terms of the engineering team's workaround. 

Neutral

The initial setup is a straightforward process. I would rate it a seven out of ten because there should be some customized policy. Moreover, we need a tool for pre-checks, for example, to check Windows operating system compatibility and internet connectivity to connect to the backend. Carbon Black CB Defenses should provide a pre-checklist for successful sensor installation. We are spending a lot of time finding out the exact cause of issues, whether it's a personal issue, an external issue, or something related. It would be helpful if they could provide tools to analyze those issues. They should give us the details, like, these are the things that are recommended to be checked before installing the console.

The deployment process for multiple machines is a bit challenging. We have seen a lot of CBC services or versions being released. For example, if we deploy it today, within two or three months by the time of completion of the application, the newer version might come out. It's very hard to adjust with time. We have to push the upgrade again within a short time. There are many challenges with the application; sometimes, it fails, and we don't know why it's failing due to a lock or backend issue.

Moreover, the number of people required during deployment also depends on the environment. Because each environment has a different configuration setup and process policy that we have to go through before we do the deployment activities. It's hard to tell the exact timeline, but it takes a lot of effort with different policies for each environment.

Hana has experience with NCL, but I have worked with other organizations using NCL and have experience with Carbon Black. Previously, I worked with CrowdStrike, Sentinel, and Windows Defender. These are leaders in the market, including a native product for Microsoft. When we talk about those solutions, they offer good support and features and compatibility with different machines, providing us with a comprehensive solution. For example, we have Linux, some Oracle Linux servers, and some EL product versions that are currently not supported by Carbon Black. However, CrowdStrike or other solutions still support all legacy OS. We chose a solution that covers 100% of the machines we have, whether it's Windows or Linux. In some places, CBC doesn't support all of our OS, but they should provide a solution for that as well.

If the solution can address all the problems we have raised, then I think it would be a good recommendation. In NCR, we have had a very good experience with Carbon Black. Moreover, in our company, Carbon Black offers excellent support. Workaround time and issues with version control have to be put in place. Even the version release sensor can cause frustration because by the time we reach one version, two or three versions might have been released. Sometimes they even remove some of the features. So, it is better to test the version first before using it for the rest of the measures.

Overall, I would rate it a seven out of ten. 

Our primary use case for Carbon Black is endpoint security, similar to antivirus software.

The platform's alert system needs improvement in terms of its ability to manage alerts. At present, we have to manage them manually. It could be easier to use. Certain settings have limitations. For example, I cannot manually block some malware activities.

The platform is stable. We haven't encountered any issues.

Another company recently acquired VMware's technical support service. Since then, I haven't needed support. However, we need to log a ticket and wait for a response for any issues. This process could be concerning if something urgent arises. Fortunately, we haven't encountered any urgent issues so far.

The initial setup process is straightforward. Each deployment from my system to the end system takes less than ten minutes.

We implemented the software in-house. With the help of one engineer and additional deployment software, the maintenance and deployment process becomes manageable.

The product generates a return on investment by saving 10% of the cost compared to other vendors.

The product is quite reasonable.

The portal is easy to use and manage. It proves effective for endpoint security purposes. It has good threat-hunting capabilities, as I have not received any critical alerts. However, it is not integrated enough compared with other AI endpoint systems.

Before choosing Carbon Black, purchasing support for the first year is advisable. During this initial period, support may be necessary to manage alerts and understand how to use the system effectively.

I rate it a five out of ten.

We use it for endpoint visibility and endpoint detection and response. It is our central mechanism for the cyber defense or endpoint detection, response and visibility.

We've integrated it with Splunk, with ThreatConnect, and a couple of others. It has a lot of modules for integration that has streamlined our ability to respond and decrease the amount of time for response, but also allowing us not to have to pivot to so many tools where we can actually work from more of a single pane of glass perspective.

I think something that is the most valuable is the time-lining capability for any breach activity. It gives us the ability for us to actively threat hunt. This is not something where it's a passive response tool where we watch things happen. In contrast, it actually does some heuristics, and some behavioral analysis, and we're able to do some prevention with it as well. I think that's really the strongest attribute, and it makes this a more aggressive tool than others.

In some areas one of the big issues for me is responsiveness to issues that arise with the solution. There are some components that leave a bit to be desired and/or that are bugs, or that even if it's a feature update request. These kinds of things are not the fastest company to respond to those. We did have a bug that was persistent for it's now going on two months and it hasn't been fixed. That is one of the drawbacks. This is really impacting what we need to do with it. But, the bigger issue is the organizational responsiveness to clients.

In addition, I think there should be a cloud gateway. It needs to move into a transitory space between our On-Premise and external where it does not have to be in two separate instances. It should marry the two. Also, it would be good to have them working in the containerization space, as well. To have a mechanism for securing cloud modules a bit better. This would be ideal. It would help encompass more of the broad range security so we do not have to couple this with other outside solutions.

 It implements and integrates very well with other security tools, cybersecurity tools.

The tech support communicates, but it's just not with movement. They are responsive, yet there is no quick motion often in regards to resolving the issue. I would personally give the tech support a rating of seven out of ten. 

The setup really depends on a few crucial elements. It depends on where we are, what region, what country we're in, and what PIA rules they have in place. For the most part, it is a fairly straightforward setup. I will say in the initial setup, Carbon Black was very responsive. They were really good at providing the assistance and the support we needed to get it set up, but it was not an extremely hard task.

It has the ability for you to upload the scripts or anything you want to run anywhere. The capabilities of this tool are almost limitless. That is why Carbon Black is a leader. You can run whatever script you want by uploading it to the tool. This is a very, very comprehensive feature.

We also looked at Rsam and ESET. We've used a multitude. So yes, we have.

• Make ssure that your firewall ports open and really test communication back to their server. 
• Make sure you don't have anything else that may be impeding it. 
• If you are dealing with any PIA countries or GSA (also known as TAA) countries, make sure you're working through their work councils.
• Make sure you look at a holistic perspective and have a plan in place on how to use this tool.

Our customers use the product for extended visibility and integrations with various solutions they have. They use it for consolidation and advancing their current measures. They also look to reduce costs. If a customer is a VMware client, they may go for Carbon Black to keep it all under one hat.

The tool is pretty stable.

The product must improve its integration. One of my clients wants to move away from Carbon Black because it doesn't integrate well with their SIEM service. They use Rapid7. Carbon Black has limited capability to integrate with Rapid7. It is something the solution must work on.

I have been selling the solution for 20 years.

I rate the stability a nine out of ten.

I rate the tool’s scalability a three out of ten. My clients have more than 500 users.

The initial setup was pretty easy. Overall, I rate the product a ten out of ten. Our customers have the solution deployed on-premise and on the cloud.

Carbon Black provides competitive pricing. I rate the pricing a five out of ten.

Our clients know what they want. Most customers are educated about the products they need. When they request a demo, I organize it with the vendor. I would never recommend the solution. It does the job, but I do not make any money. Overall, I rate the product a five out of ten.

I rate Carbon Black CB Defense an eight out of ten for the ease of its initial setup.

The maturity of the Kubernetes security is absent in Carbon Black CB Defense. The solution has to mature on container security and a lot of cloud environment security. Security is available only for Windows, while security for Linux and Mac is not very strong.

The deadlock issue causes me to put more effort into installing an upgrade.

The numerous issues with the environment of the product solution should be addressed. Work orders are taking more than two months to get resolved. There's been one issue open for two months, and the solution they gave is being implemented step by step. Still, it is not meeting the requirements and breaking the system. Hence, our business is completely disturbed.

I have been using this solution for more than one year. I'm using Carbon Black CB Defense Version 3.9.

There are a lot of issues with the solution's stability. I rate Carbon Black CB Defense a four out of ten for stability.

I rate Carbon Black CB Defense a six out of ten for scalability. Recently, an event was not loading because of some issue with the AWS site.

Our organization is completely deployed with Carbon Black CB Defense. Some machines are sometimes not supported by Carbon Black CB Defense. In such cases, we use some other tool.

The solution’s deployment took seven to eight months.

Carbon Black CB Defense's deployment on Windows is pretty okay, but its Linux deployment is not so great because there is a minimum requirement for the kernel header. Without the mandatory header, it will go to the bypass mode and not communicate.

We did evaluate CrowdStrike Falcon and Microsoft Sentinel. These two products are fantastic. A lot of acceptable and unacceptable risks are covered in CrowdStrike Falcon. With these two solutions, the business line continues without disruption, and there's less downtime.

Carbon Black CB Defense is not compatible with many machines. Many of the machines require a minimum prerequisite. However, CrowdStrike Falcon supports even legacy machines. Around 95% of the machines in our organization are covered by Carbon Black CB Defense. However, CrowdStrike Falcon could have covered around 98.9% of machines.

The reporting system is much better in CrowdStrike Falcon, and if you want to pull data, you can customize it as per your requirements. With Carbon Black CB Defense, whatever they offer, we have to get the data. Otherwise, we have to use the API. Even if you use the API, you can only find specific information.

The engineering team needs to understand in detail the behavior of the environment, and they have to give us the solution according to that. A lot of issues are currently going on with the solution. Multiple issues and uncontrollable things are causing us to work till midnight. A lot of issues are coming in, and teams are putting a lot of effort into addressing them. However, we are still not able to meet the customer's expectations.

Like most companies, we don't use SCCM for security reasons. Most companies use different patch tools, but we cannot use these things for pushing the sensor. The solution should make something so that we can centrally push the sensor and install it on all machines. Such a feature will reduce a lot of human efforts.

The solution is deployed both on Public Cloud and On-premises. I would recommend Carbon Black CB Defense to other users.

Overall, I rate Carbon Black CB Defense a seven out of ten.

It has various use cases like firewalls and antivirus. It's been working great for us so far.

I found the offline scanning to be particularly useful. Compared to CrowdStrike, it had better IT capabilities and beautiful analytics. Overall, it was cost-effective too.

There is room for improvement in the support and service team. The response time could be faster. That's why I switched because the support was not as expected from a company like Carbon Black.

I have been working with this solution for three years. I am using the latest version. 

I would rate it a nine out of ten. It was very stable.

The scalability of the solution is good and affordable. I would rate the scalability a nine out of ten. There are over 300 users in our company using the solution. 

The customer service and support team took too long to respond to our queries, and the local reseller did his best, but it still wasn't fast enough or knowledgeable enough. It was just too slow in addressing our concerns. Unfortunately, the support service was not up to par.

The setup was nice, but the technical aspects of the product can be challenging. It's not easy and requires someone who really knows what they're doing. Two to three people are required for the maintenance of the solution. 

Generally, the deployment process takes one to two weeks but also depends on the user's training. It's a cloud-based solution, so once you identify the IP address and add it to the user name, it will be available in the software market. This is how most cloud-based solutions work, and it's not complicated.

Once the product is stable, it works well. That's why I renewed it for three years. However, we had a big incident where we did not receive the expected support.

We have seen ROI. 

We use a yearly subscription model. It is not cheap, but it is cheaper than CrowdStrike.

I would recommend having a strict SLA with the vendor for support. It's better to buy extra support for the unit.  Overall, I would rate the solution an eight out of ten.

I know they have different forms in their Carbon Black Endpoint now, but we were using Carbon Black Prevent, which was basically just a pure whitelisting product. We didn't look at the other kinds of things that it was doing.

We were basically just using it for, "If Carbon Black picks up a new file in the machine and it's executable or something and it hasn't seen it before, it has to be whitelisted first. It has to be approved before it's allowed to run." That's what we're using it for.

We were technically one and a half versions behind the current version which is out there right now.

The solution is deployed on-prem.

We have cut back the amount of users. At one point, we had about 1,500 or 2,000 users. We're down to about 750 right now.

The solution just gave us another layer of protection from zero-day threats, because you can't always trust what your users are doing. You just have to do what you can technically to try to mitigate that.

I'm on the security department, so it's just in the layer of our prevention to give us protections against, for example, ransomware that might kick off and try to execute different files. If someone downloads something or whatever, it has to be whitelisted first. It has to be approved before it can run it all.

That's better to me than some signature-based thing, because it protects against zero-day. There are things that it doesn't know about, so it has to check them. We have Check Point now as well, but we have a Check Point on our firewalls, not our endpoints.

We have another piece of that infrastructure that does what they call threat emulation. You may have heard of it. It's like sandboxing where it takes files that it doesn't know about, puts them in a VM-type environment, and it kicks them off to see if there's any malware or tendencies that might look like malware, that kind of thing.

It's also a zero-day type of prevention thing, but it kicks them off in a safe environment so that you can see what it's doing. You need integration with Check Point to do that, but that integration went away with the latest release, the one we just put out there.

That was a big part of why we liked Carbon Black, because it is integration to not only do the whitelisting, but also we could have automatic rules set up so that if a new file got downloaded by a user, we could automatically send that over to Check Point and it could do its emulation on it in the sandbox. And if it came back clean, then we could automatically approve it.

We wouldn't have to go through a manual process of having our people approve every single file that comes across as having been seen before. So, it was a really good way to work those two products together. But that went away. And so now I'm like, "Okay, what are we going to do now?" I hadn't looked at the Harmony Endpoint at all.

I haven't looked at Check Point's piece, but I was wondering to myself, "If it does something like Carbon Black was doing and then we already have Check Point on the other one, that would work." So, that was what I was trying to do.

There could be more knowledge. I think they made a mistake when they took away the Check Point integration, because it provides more automation and also more threat intelligence. Maybe you didn't see something within Carbon Black's sphere of what it knows, within their product line or their threat cloud or whatever they use for their intelligence. Maybe it didn't see anything of the files that it knows about, but what about somebody else's? And what about kicking into another product that does those kinds of things like sandboxing?

I don't know why they would take that away. That doesn't make sense to me because they need to expand on that. The more they expand on that, the more confidence you have as a security guy. You have more confidence that that file is clean, and there's nothing bad about it. Bringing back the integration with Check Point would be a good start.

This product is being used extensively in our organization. I'm actually looking for a replacement because of the fact that we lost that integration. That's really crucial, honestly. Otherwise, it becomes much more manpower-intensive. I need to spend more man-hours going through it instead of using automations.

I prefer to set up things so my team doesn't have to spend a huge amount of time running down rabbit trails all the time. The more we can automate and still be secure about it, that is what we try to do.

There are no additional features I would like to see added. I know they already have a cloud offering as well. You can manage things through their cloud for people that are always on-site. We mostly just use it for our own managed devices. We didn't really put it on. We never planned and don't plan to put it on or make it available to a BYOD kind of thing. This is all company-managed devices.

It just made more sense for us to do it internally than putting it in the cloud. But we could have done either one, I suppose. But since we started out inside, we just kept it that way. It was just easier.

I have been using this solution for five years.

It's stable.

The solution is scalable. We have never had an issue.

I would rate technical support 5 out of 5.

We did a proof of a couple different products, but we chose CB. And we've been with them since, because they do a good job. They've been pretty easy to manage, and they've had good support. So, we've actually been really happy with them.

It was pretty straightforward. It took some time to roll out. We wanted to eventually get to a point where we are now, which was to totally block everything we don't know about. But that didn't come out of the box. You had to let things run for a while.

It did a good job of reporting things, but not blocking so we could go through there and say, "Okay, these are legitimate files. Or these files were signed with these certificates from these vendors that we can trust," for example. We spent six or eight months going through everything before we actually turned it into full blocking mode. As far as initial rollout, it was fairly simple, and it's been fairly easy to upgrade the agents.

We ran into some issues with some of the MSIs and things or some systems when we tried to update some things and it broke. I'd probably rate the setup a four out of five.

We do deployment slowly and in phases. We could have deployed it pretty fast, actually. But it took us about three months to deploy everything because we wanted to make sure we had test groups of machines that we put into each department or each part of the organization, because they do different things. We didn't want to inadvertently start breaking certain things. So, we took our time pulling it out. But I think, essentially, it could have been deployed in probably a few weeks at the most.

We have a team of about five people who take care of maintenance.

We implemented it through an in-house team.

The licensing cost is on the more expensive side, but I thought it was worth it because they did a good job. It was one of the vendors I truly didn't have to worry about too much until this latest upgrade.

I would rate this solution 8 out of 10. 

I'd say, "go for it" if you don't have or need Check Point for an integration. But if you're relying on that kind of integration, if you really need that like we did, then of course I wouldn't go that route.

If I were to make a recommendation to somebody else just starting out, my advice is to check out the cloud first.

We use this solution as our endpoint security system. The solution is cloud-based.

The solution is very useful and easy to handle. You don't need much intervention with this product.

The client performance could be improved. When you install it in the client, the performance gets a bit disturbed.

In the user interface, the user needs to have more visibility regarding what's happening because it gives you a very simple client for the user. It doesn't give a full output for the user. It would be great if that could be improved.

I have been using this solution for more than four years. We are working with the latest version.

The solution is really stable. 

It is scalable.

The local technical support is very poor, but the support from headquarters is very nice.

For the local technical support, I would rather rate it at one, even zero, out of five. I would rate the global support at three or four out of five.

We previously used Kaspersky, and we switched to Carbon Black because it's a cloud-based application. It also requires minimum handling and basically runs on its own when you set the policy, so it's very easy.

The solution is a bit complex. Deployment took around six months.

The partners helped us. 

The license is annual. It's a standard license.

I would rate this solution 7 out of 10 because of the support.

The product is very smooth and pretty simple. I like it, and anyone can use it. My advice is to be careful about the partners when you're selecting.