VMware Carbon Black Endpoint Reviews

We have a dedicated team using this solution. They create incidents, escalate the incidents, and then respond to the events detected by the EDR.

The best feature of this solution is that we have a live response, which is really tailored to our needs. 

There is no option for the solution to block automatically based on behavior. First, the solution needs a lot of time to record all the behaviors. Then, we manually have to create a behavior analysis rule to detect any malicious activity. The solution would be improved and be more effective if there was a way for this process to be done automatically.

We have been using this solution for six to seven months. 

The solution is not always ideal, but it is pretty stable. We did face a few issues, in the response feature for example, but they were resolved.

At this point we have not encountered any issues with scalability, but time will tell how much scaling is feasible for us.

The customer support is average. At times I feel like they should have responded to us immediately because we had some issues that needed an immediate reply, but their response was a bit slow. However, overall, they're good and the support is acceptable.

Neutral

It was not easy and we faced challenges, but it was okay. We're also dealing with an issue involving multiple unsupported OS's because we have so many Linux products in our infrastructure. I would rate the initial setup as a three out of five, with one being difficult and five being easy.

This is a good solution, but there are a lot of improvements needed. I am overseeing the project part of the solution, not the deep technical side. As far as my knowledge is concerned, it's an easy-to-use solution and it has many good features, but it also has many features that require improvement. I would rate the solution as a six out of ten. 

We use this solution as our endpoint security system. The solution is cloud-based.

The solution is very useful and easy to handle. You don't need much intervention with this product.

The client performance could be improved. When you install it in the client, the performance gets a bit disturbed.

In the user interface, the user needs to have more visibility regarding what's happening because it gives you a very simple client for the user. It doesn't give a full output for the user. It would be great if that could be improved.

I have been using this solution for more than four years. We are working with the latest version.

The solution is really stable. 

It is scalable.

The local technical support is very poor, but the support from headquarters is very nice.

For the local technical support, I would rather rate it at one, even zero, out of five. I would rate the global support at three or four out of five.

We previously used Kaspersky, and we switched to Carbon Black because it's a cloud-based application. It also requires minimum handling and basically runs on its own when you set the policy, so it's very easy.

The solution is a bit complex. Deployment took around six months.

The partners helped us. 

The license is annual. It's a standard license.

I would rate this solution 7 out of 10 because of the support.

The product is very smooth and pretty simple. I like it, and anyone can use it. My advice is to be careful about the partners when you're selecting. 

What I like the most about it is the dynamic grouping, where you get to group endpoints based on setup criteria. That's pretty cool. I like the simplified policy management and simplified white-listing process. Coming from McAfee, management has been much simpler and much easier to look at. 

I like the simplified management, it has a nice UI, and it's very simple.

The EDR portion could be better. I'm not a big fan, but it works.

The End Point Detection Response and the way it lays our processes with our endpoint and its detection engine, in the way that it detects the admin or alerts we based on a threat. I feel that they're a little behind on the market from my perspective.  

Overall, areas of improvement would be the EDR part, the detection, also the cloud console. If you're trying to write queries or something, it's very slow, just not robust.

It's a cloud console so it should be fast. If I run a query and I press enter, if it took two seconds, it wouldn't give me a nice loading interface, because it's stuck. I would see an operating system most of the time. 

I feel like it should be faster. But as far as the price and everything, I think it's a good product.

We're actually doing a migration from McAfee to Carbon Black. The migration project has been about 12 months right now. We're slowly migrating.

Stability is one thing that's not robust. Other products are faster, but as far as the CB Defense, it's slow. We had some issues with the sensors and we also saw slowness on the Windows side, Windows file share, which actually was fixed in the next new version of the sensor.

I'm the only network security person here. But the other users who have different roles have access as well. In my team, there are five or six people. But I'm the only one actually directing changes.

We use it on a daily basis. 

There are always alerts so I'll always have to check into alerts and see what's going on and then do some more analysis. If it's a new application we are implementing that will also need to be configured on Carbon. 

The deployment process is straightforward. 

We're still deploying it slowly, little by little because we use a lot of critical applications and if Carbon Black interferes with the application, it will stop working. It needs to be tested thoroughly. It's a long process. 

All of its applications need to be tested thoroughly and then tested in a testing environment. Then we deploy and monitor, make changes, and stuff like that. As far as general users, laptops, and stuff, that's pretty straightforward. It's just part of the image. I have to write that script to uninstall McAfee, the whole migration. It's pretty straightforward. It wasn't complex as far as the installation or deployment.

There was also a technical lead for this project. It automatically comes with professional services for 10 hours and the documentation is pretty clear. The professors helped through the process. 

I think it's 28 per employee a year. 

We also looked at CrowdStrike but it was a little too expensive. 

The implementation is very easy but the security aspects could be better. 

If you don't have a SIEM solution in your organization, you're probably engaging via email.But there's no way to point me to customize the email templates if I want to see more information on that email before going to the console. It's still a business and company, but I'm the only one who is managing everything. So when I see the email on my phone, I want to see more information before logging into the console. I want to see more filtering options to narrow down more field training. 

I also wish it was easier and more intuitive in terms of searching for queries. I feel like it should be simpler. It doesn't make sense to have it this hard.

I would rate it a seven out of ten. 

We are a partner in the managed security service provider (MSSP) space. We service hundreds of customers globally. We implement these solutions on behalf of our customers. 

With Carbon Black, we've been using them for about six years. We're an MSSP and channel partner with them, as well as an incident response partner. We were like the second incident response company registered with them (through that program) to start using the cb Defense platform. We also integrate it with SIEM. However, we're using it in a managed service capacity. We usually implement it, then manage the platform for our clients long-term. It's used for traditional antivirus, real-time threat protection and prevention, and it also provides us with the ability to do more in-depth investigations into endpoints. With the product, we can do a bit of threat hunting along with managed detection and response. The platform works quite well using it in this capacity.

With Symantec, we have been using it for about six years. We integrate it with our SIEM products. We have a lot of customers who actually run it, so we see it quite often. We collect a lot of data from Symantec and help with responding to anything that Symantec finds. We've had a chance to use the product quite a lot.

The biggest feature out of Carbon Black is its ability to dive in with more depth. You can look at the entire kill chain and understand, not only if an alarm or identified incident is truly a true security issue versus a false positive, and it allows us to backtrack and figure out why it actually happened and how it got into the environment. It also helps us determine what other things may have been impacted along with it, from an asset standpoint. It allows us to go into more depth than a more traditional antivirus, like Symantec.

Symantec is more of a traditional antivirus. A lot of it is signature-based. It works quite well for normal protection. It is pretty stable and consistent. It seems to work across the board. There are no real issues to speak of it, which is a definitely a positive thing. One of the more beneficial things is that it does include the active endpoint firewall with it, which allows your endpoints to have a bit more above the standard Windows firewall, then collect all the logs from that. This is a good feature from their firewall piece. Also, the logging out of Symantec is quite good, as you put a lot of great logs into a SIEM or any other log collector from the platform.

The difference between the two products is the level of visibility and depth that you get when investigating alarms or issues. You can go a bit deeper with Carbon Black. Symantec does have an additional add-on, which we have not seen since it is a relatively new component. They call it Advanced Threat Protection. It uses the same endpoint, but has a separate license with additional costs, which is meant to allow you to go a little deeper in terms of endpoint and incident investigations. However, it doesn't provide the interactive drill down, prevention, and response capabilities that you need to be able to isolate a system, delete files, or actively kill processes which have been helpful with Carbon Black.

Symantec needs more investigative features out-of-the-box. Though, they are using the Advanced Threat Protection add-on to correct some of this. It is also not quite as feature-rich as some of the more advanced MDR platforms out there.

Carbon Black needs to do a better job of proving their platform in the industry, and providing a bit more access to do industry testing with real world examples to help prove their platform. In additional, they have been actively porting over a lot of features from some of their other products, and they should continue to expand on that. Going forward, this will be extremely helpful.

We've been quite happy with the stability of Carbon Black. 

Symantec has a much longer history of having a good, proven, stable platform. That is the big difference. 

I can't really speak to any particular issues that we've had with one versus the other. They both seem pretty good.

The scalability is about the same between Carbon Black and Symantec. I don't know that we've actually tried to use them in an environment that was large enough to cause us any sort of issues, or even thought twice about scalability. Both of these products work quite well in extremely large environments.

One thing to consider with Carbon Black is you do have much more data. You can define many more policies that are more specific to groups. The management of that becomes more difficult as the environment gets larger. I don't think that necessarily is the case with Symantec. It might end up being a bit more time consuming to manage Carbon Black as it gets larger. In terms of these products' capabilities and the ability to support large environments all the way down to small ones, I don't think it matters.

Carbon Black has a great community portal which has all sorts of documentation where you have the ability to ask questions and people answer it quite well. There is a lot of material there with access to content, which assists with the learning and troubleshooting.

Because of the limitations that Symantec provided, and the fact that we were seeing data that was extremely helpful from the Symantec logs, yet it didn't provide us a way to investigate it further or respond to it. This led us down a path of looking for a platform like Carbon Black, which has allowed us to handle the data without having to add additional products. This opened our eyes to be able to see what's out there, but then we needed something to be able to actively fix it, as well.

Symantec is a more traditional platform where you set it up and install it. If you're using a cloud platform, then you obtain access to the system. You need to define all the exceptions that you know need to be implemented based on the applications that you are running. Then, you deploy your endpoints, which should pull down the policies with the approved exceptions. Then, you work through any issues. 

With Carbon Black, you have to go through a longer period of monitoring what exists in the environments. We deploy the agents in a monitoring type only mode, which can exist alongside another antivirus product, like Symantec.

You could technically have Symantec installed in normal mode, then Carbon Black in monitoring mode right next to it. We let that run for a period of time to gather information about what is running in the environment actively to help identify the types of things that we'll have to build policies around. The policies can be pretty in-depth, so it can take quite a long time to actually build them, if you want to be extremely careful about not creating any false negatives in the environment. 

It can take quite a bit longer to implement Carbon Black properly. It takes one to two days to implement Symantec. Though, I don't know for certain, because we don't implement it. For Carbon Black, we typically look at three to eight days of active work over a period of a couple of months to get it implemented, working properly, and tuned up correctly.

The licensing costs are comparable between the two products. If you're purchasing the product, they're both typically a traditional license model with an annual type fee or multiyear. The fees are the cost of the professional services to get the system up and running. It depends on the size of the environment. The size and complexity are what it really comes down to. It will be relatively consistent with whether it was MSSP versus a direct purchase.

Carbon Black might be a touch more expensive. They tend to get a premium for their capabilities. They're sort of an industry leader in a lot of areas with the functionality that they provide. 

Symantec gets a bit more aggressive with their pricing, and with their discounts as well. They do have a much larger customer base because they've been around so long.

As an MSSP, we do provide the entire platform on a monthly fee, which a lot of people do like, because that rolls the licensing and all of the management into the cost of the system on a per endpoint basis, paying for the initial costs to get up and running. Even if it's a three to five year implementation, it will be a fixed monthly cost, assuming the number of endpoints doesn't change. That's one good thing about the Carbon Black MSSP program that we have access to is that flexibility with the monthly billing. With very large implementations, this could be a significant difference in spend over three years versus having to do one extremely large capital purchase.

Symantec aligns with a more traditional antivirus that a lot of people are just more familiar with. It has traditional signature sets, exceptions, and policies. When you're talking medium sized implementations, where it's several hundred or a couple thousand endpoints, it's pretty straightforward. 

The learning curve with Carbon Black is considerably more extensive. You have considerably more ability in the platform to do investigations and custom policies, as it can do more in-depth searches and queries about what's actually going on at an endpoint level, which you don't have with Symantec. You really have to understand exactly what you're trying to accomplish. The product itself works quite well. It's pretty intuitive, but there is so much more data and capabilities at your fingertips. It definitely takes more time to learn it.

If you are evaluating these products: Evaluate what your enterprise looks like and what your current security controls are. Understand what exists, what needs to be protected, and what other tools there are in the organization. This makes a big difference in the decision-making process. For example, Carbon Black is 100 percent cloud-based. There is no on-premise option. If you have requirements for systems that can't access the internet, whether it be classified environments or otherwise, it's more difficult to get as much value out of a system which is only cloud-based if you have air gaps. A more traditional on-premise solution might work better, like Symantec, in this scenario. However, if you have a largely mobile workforce with a lot of high risk employees who travel, having cloud-based works perfectly for that sort of environment, as you're getting data with the ability to access and respond to issues regardless of where systems are, as long as they're online.

However, if EDR tools already exist in an environment, you might not need a full in-depth product, like CarbonBlack, where a more traditional antivirus coupled with another EDR product might get you the capabilities that you need. Albeit, it would require multiple products to cover the environment. 

I would rate Carbon Black as a nine out of ten, because it provides industry leading features, which give us the ability to do the investigations that we need to. It just makes an enormous difference.

I would rate Symantec as a seven out of ten. It works quite well. It is feature-rich, stable, more traditional product.

Carbon Black CB Defense is a sensor for ongoing monitoring. It was deployed and is being used in conjunction with a cloud product called Red Canary.

The feature I found most valuable in Carbon Black CB Defense is the ongoing monitoring, though I'm not sure if it's because of the solution, or if it's because of Red Canary. The ongoing monitoring feature works by emailing updates about any detections found.

Currently, it's hard to comment on areas for improvement, because I haven't used Carbon Black CB Defense long enough.

What was rolled out to my company are mixed versions of Carbon Black CB Defense, so what I'd like to see in the next release is more synchronization, where it can detect the endpoint that's running an old version and suggest updates. That's the only thing I can think of right now.

I've been using Carbon Black CB Defense since October of last year.

I haven't had any major degradation in the performance of Carbon Black CB Defense, so I find it stable. It's holding up very well.

I have no comment on the scalability of Carbon Black CB Defense at this point.

I haven't even had to reach out to the technical support team of Carbon Black CB Defense at this point, so no comment.

I did not use a different solution. This was the first time I used this type of solution.

In terms of initial setup, rolling out Carbon Black CB Defense was pretty straightforward. It wasn't that big of a deal.

The deployment of Carbon Black CB Defense was done in-house, and took two weeks total, because it was a hybrid deployment, which means that it was done on a one-on-one basis.

In terms of ROI from Carbon Black CB Defense, it's a little early to see it.

In terms of licensing costs, Carbon Black CB Defense was all associated with CROW and the services my company is using with them, so it came all-inclusive.

My company didn't evaluate other options, because Carbon Black CB Defense was suggested by CROW. My company just went with what they suggested.

I have experience with Carbon Black CB Defense. My company has already adopted a solution that uses Carbon Black CB Defense, particularly with a company called CROW.

Carbon Black CB Defense was deployed hybrid in terms of what my company does. The cloud provider used was CROW.

My company has 200 users of Carbon Black CB Defense. It's being used in the whole environment. Three people from IT are in charge of the maintenance and full deployment of the solution.

In terms of increasing usage, the solution is being used in the entire environment, and usage will be increased if there's growth in personnel.

At this junction, I'm rating Carbon Black CB Defense an eight.

We use Cyber Defense to protect our machines from all kinds of attacks. We use this solution to protect ourselves from advanced threat attacks as well as viruses and malware. We also do threat hunting with the help of CyberArk for defense solutions.

Carbon Black CB Defense has helped improve my organization by allowing us to have better data so that we can do correlation and get visibility into the alerts. Previously, we used a different solution for protecting the devices and we were not able to get enough data.

The Carbon Black CB Defense feature I found most valuable is that it gives us the ability to do log analysis as well as the current state of the environment and activity on the user machines.

I would say that the technical support team should be improved since it takes them a lot of time to provide us with support.

In the next release, I would like to see a host-based firewall.

I have been using this solution for more than a year.

I would rate the stability of this solution a seven, on a scale from one to 10, with one being the worst and 10 being the best.

I would rate the scalability of this solution an eight, on a scale from one to 10, with one being the worst and 10 being the best.

The initial setup process was easy. It takes about four or five months to set up the solution. The deployment was done with the help of ten teams and five to six people who had full involvement during the implementation.

To the people looking to use this solution, I'd say if you want to get better visibility into an environment and see user activity or suspicious activity, then

Carbon Black CB Defense  is the right solution for you.

Overall, I would rate this solution an eight, on a scale from one to 10, with one being the worst and 10 being the best.

The solution has significantly improved our organization by providing fast detection and protection management. It enables us to conduct various queries and manage vulnerabilities effectively, ensuring our systems are protected against known threats.

The platform's capability to protect endpoints, conduct live analysis, and detect system communication with malicious domains was valuable. 

The product cannot perform an on-demand scan. They could add this particular feature. 

I have had experience using VMware Carbon Black Endpoint for about three years.

The support services required having a billable account, which presented some challenges.

Neutral

The ease of setup depends on the mobile device management (MDM) solution. Generally, it is straightforward to deploy, similar to Webex.

Security engineers, IT analysts, and system administrators conducted the deployment process. It was maintained by our managed security service provider (MSSP), Azure.

The platform is expensive. 

Carbon Black Endpoint is effective but very expensive. The behavioral EDR feature is effective for data analysis and aids in incident response by providing quick alerts to analysts. It significantly speeds up incident response times by alerting analysts immediately upon detecting potential issues. It integrates easily with our existing security infrastructure. 

I recommend it despite its high cost and some decline in quality post-acquisition. I rate it a seven out of ten.

I use VMware Carbon Black Endpoint for its capabilities related to EDR and antivirus support. The tool offers protection to me with its advanced antivirus technology. The tool also protects me from threats.

My company does benefit from the use of the solution since it detects live threats, malware threats, possible ransomware attacks, and other such areas.

The most valuable feature of the solution stems from the fact that it is one of the best EDR tools in the market.

The product's reporting capabilities are an area of concern where improvements are required.

From an improvement perspective, the price of the product needs to be lowered.

I have been using VMware Carbon Black Endpoint for two years. I use the solution's latest version.

The performance and stability of the product is very good and simple. The tool is very fast to analyze issues. It is a very stable tool. Stability-wise, I rate the solution a ten out of ten.

It is a scalable solution. Scalability-wise, I rate the solution a ten out of ten.

Around 22 people in my organization use the solution.

My company does have plans to increase the use of the solution.

The solution's technical support was simple and good. The technical support team responds quickly to my queries.

The product's initial setup phase was easy.

The version of the tool that I use is a cloud-based one, so in our company, we needed to create the policies and then use the tool for the endpoints on the desktops.

The solution is deployed on the cloud.

The solution can be deployed in half a day.

I did seek the help of an integrator to help with the implementation process.

My company needs to make yearly payments towards the licensing costs attached to the product. The product is expensive. There are some additional costs apart from the standard licensing charges attached to the solution.

I recommend the product to those who plan to use it since it is a stable solution.

I rate the overall tool a ten out of ten.