VMware Carbon Black Endpoint Reviews

I am associated with the incident response team, and we use Carbon Visibility for converged networks.

Right now, Carbon Black CB Defense doesn't support cloud computing and Kubernetes. However, if it does support them, then it would be better.

I have been using Carbon Black CB Defense since 2019.

It is mostly a stable solution, but sometimes there are stability issues.

It is a scalable solution.

The technical support is nice. We can reach them 24/7. I rate technical support a seven out of ten.

Neutral

The initial setup was straightforward. We use it for the environment server, clients like end users, and competitors. We use some automation tools like SCCM for Windows, Linksys, and some other automation tools, and we use a lot of them to deploy. So, it depends since it is a circle and because every day, there is a new server that joins the environment. And when your server line client enters the server environment, they automatically install blockings.

But the environment contains over twenty thousand clients. It may take three or three months, depending on whether the employee works in their home. They can only join the network once they log in to VPN. So as a result of that, sometimes deployment time takes too much time. We have very big environments, but a lot of the domain is managed by some administration. Less than ten people were required for the deployment.

We used local support to deploy it.

There are more expensive products than Carbon Black CB Defense, so we are using the solution for its availability.

I recommend the solution to others planning to use it. I rate the overall solution an eight out of ten.

We primarily leverage the product for its security functionality.

The product is pretty strong in terms of security and their features are very good in that respect. Their research engine, the antivirus engine, it's very strong compared to any other product on the market right now.

The solution is stable.

They do have options on the market that can scale. 

Technical support is great.

It's not too difficult to set up and the deployment is fast. 

Carbon Black does not have a big market in Pakistan right now. They are actually trying to penetrate the region right now. They don't have many customers. Even we are new to the Carbon Black as well, in that we knew about Carbon Black for a long time, however, as far as implementing it and giving it to our customers, we are still new to it.

The pricing could be more reasonable. 

I've been dealing with the solution for six to seven years or so. It's been a while. 

The stability has been excellent. There are no bugs or glitches. It doesn't crash or freeze. It's reliable. The performance is good. 

There are versions of the product that can scale. 

We have about three customers that use the product at this time. It's not that many as it's not a well-known product in our region. 

Normally they have pretty good technical support. Specifically, if you purchase the technical support directly from Carbon Black, then they are very responsive and very quick.

I also deal with McAfee and Kaspersky.

The initial setup is pretty straightforward, and the deployment is fairly quick. Of course, it depends on the environment. However, it shouldn't take more than a day or two to set up and to have everything up and running. 

We have one person, an engineer, that can handle deployment and maintenance tasks as necessary. 

We are able to implement the solution for our clients. 

The pricing could always be a bit better. They could work to make it less expensive. Right now, they are far and above more expensive than other similar options on the market. 

The license costs are paid yearly.

We are resellers. 

The solution can be deployed both on-premises and in the cloud.

I would definitely advise new users of just this one thing: that before thinking about Carbon Black or purchasing it, they should look for other solutions as well. As far as the cost is concerned, Carbon Black is much more expensive than any other product. That's something that needs to be taken into account.

I would rate the solution at a nine out of ten. 

Carbon Black CB Defense is a multi-purpose solution. We can use it for XDR ADF. This way, if someone is trying to attack one's end point, in which there is a script such as PowerShell, but without a signature, the solution will be aware of such an attack and respond accordingly. It will detect the behavior and respond to the SOC.

The solution will prevent communication of one compromised device with another. 

In the month-long evaluation of the solution that we conducted, we found the POC to not be helpful, owing to the issue the client encountered with the platform, the operating system, which did not lend adequate support. 

While we paid for both on-cloud and on-premises deployment, the issue is not with the entrepreneur's upload, but with the end point. 

And do you have already some customers regarding Carbon Black?

Syed Faisal:
No, even Carbon Black, everyone has this solution for Windows IoT and Linux environment. But this is something called the product called Dell. This is a Dell based, [inaudible 00:02:31]. More or less the Dell [inaudible 00:02:33] which is running Dell customer OS, [inaudible 00:02:39]. But unfortunately we cannot install the agent on it.

The licensing price is a bit expensive when compared with other solutions. 

We've been using Carbon Black CB Defense for just a month. 

The solution is scalable. 

The solution is stable and the policy can be configured with flexibility. The solution comes with its own pre-built standard policy. Yet, we can write our own, which means the solution serves us going forward. 

The tech support is mostly okay. 

The solution is very easy to install.

Full deployment takes no more than an hour. 

Installation can be done on one's own. 

The licensing is a bit pricier than other solutions. 

We pay for the license annually. 

While I do not know the exact number of customers making use of the solution, my understanding is that most of the MNC, multinational companies, and the majority of the banking sector are doing so. 

I would recommend the solution to others.

I rate Carbon Black CB Defense as a nine out of ten.

The solution is  deployed in our computers in the company. However, I can't speak to the use cases, as I'm still quite new to the company.

After we apply some policies we will receive, for example, alerts. We'll look at the devices that have given us alerts and we'll look to see if there is an issue. Then we can prioritize the issues into high and low categories.

We try to know what is a malicious file or malicious application and we can investigate what's happening according to the alerts in Carbon Black. Many times we've found that our policies avoid false positives. That said, sometimes, we have false positives and we get many alerts. We're working with this in Carbon Black.

Carbon black is basically blocking my application. I cannot open files and I cannot install software without it passing the policies. Not just any application can be installed on our computers. They need to be pre-approved. If we need to, however, we can manually bypass to finish an installation.

The solution allows you to override it and manually install an application if you need it ti.

It's very good at alerting you to malicious content or unauthorized software. 

We can access computers remotely if we need to.

Sometimes the solution blocks items that were previously approved and we don't know why.

It is sometimes hard when I attempt to investigate, to know the commands. It's not easy to do that. You need to upload the right information.

Occasionally, when we get alerts, we don't get all the information we need, such as the computer's serial number.

If I reveal an alert in a new window, I need to go back to the main link as it doesn't work.

Sometimes we need to close the solution and then open it up again.

Occasionally, we'll have issues with the latest version and they'll basically tell us that they will improve it in the next iteration. They need to work on their version release quality.

It would be good to have more information about the devices. If you get an alert that a malicious file is on your computer, Carbon Black really doesn't give you the full picture. We also need to wait for the user who owns the computer to be online before we can investigate everything. It's hard when you are working across time zones.

I started using the solution two weeks ago. I don't have a lot of experience with it just yet.

The stability could be better. It changes from version to version and from day to day. Sometimes it works perfectly, and sometimes there are issues and we need to close it and re-open the application.

We do have a person at Carbon Black that, if we have issues, we can reach out to. We let them know when we are having problems and they try to assist. I can't recall if it's email or some other type of internal support system that we go through.

Sometimes they have answers for us, and sometimes we have to wait for a new version. There's no guarantee our problems will be fixed immediately.

By the time I joined the company, the solution was already deployed. I was not part of the implementation process. I can't speak to how easy or difficult the solution is to implement.

We have deployed different versions of the solution. At this moment we have 3.5 or we have, for example, for Windows we have 3.1. We deploy it to many computers and in different countries. You need to upgrade or maybe you need to downgrade, depending on the device it's attached to. For example, we have many servers including 2016 and 2019 versions, and then we have different versions of Windows.

When we decide to deploy a new version we deploy it throughout the region. We have been in America, Asia, and Europe. 

I'd advise other potential users that, like any solution, you need to know how to use it, you need to know how to implement, and you need to know how to do the best configuration and update that configuration. If you don't have a good configuration on any application, it will work not for you.

In general, the solution is good. I would rate it at an eight out of ten.

The solution is primarily used for protection. It's used on all of our servers and all of our workstations.

The product has considerably decreased any of our malware or malicious software injection within our organization. Since March of 2018, we have not had a malicious intrusion success. It's kept us quite safe.

The solution's most valuable aspect is its process monitoring due to the fact that it doesn't necessarily use signature-based definitions. It uses processor-based definitions. If a process tries to spawn some type of malicious process, it'll stop it.

The initial setup is easy.

The organization has to protect against users and Carbon Black does just that for the company. What I mean by that is not all users are savvy enough to understand, "Hey, I shouldn't be running this or I get a pop-up on a browser and I don't click on it." Carbon Black stops that if they do.

The solution is extremely scalable.

The alerting mail needs to be customizable. Right now, it isn't. That has to change. Right now, I get a lot of what I call noise email alerts. All I hear from them is, "Well, we're working on it. We're working on it." Well, they've been working on it for four years now, and nothing has changed.

In the past, we've seen some stability issues in the latest version releases. We tend to hang back one version just to make sure issues are fully resolved to avoid user disruption.

We've been using the solution since 2017. It's been a few years at this point.

The solution is generally mostly stable. We tend to try to stay one version back in order to get better stability. I've run into problems already where Carbon Black has flagged certain things in a later release that they weren't flagging previously and it disrupts my user base.

The scalability is very good. It's pretty much unlimited at this point. A company can scale however much they like with no trouble.

We have over 500 licenses. The use cases are mostly for our servers and our workstation user roles are drafters, engineers.

We use the solution enterprise-wide. I'm not going to increase usage except maybe to increase the license count if servers or workstations go up.

Their technical support is beyond compromise. They've been absolutely excellent. We're quite satisfied with their level of attention. 

We were previously using Symantec. We switched for numerous reasons. One of them was the fact that Symantec was just not catching a lot of our intrusion at that time. Again, this would have been back in 2017, and a lot of the malware that was coming out back then, the agents weren't catching as quickly. Nobody really had much sense of what zero-day attacks meant.

The initial setup is not overly complex. It's pretty straightforward.

The deployment was fast and the process took maybe two hours or so. The deployment strategy was just running the installation agent.

There really is no maintenance required. It's just as simple as re-installing or installing the agent.

We didn't need to use any integrators or consultants for the deployment. We handled everything ourselves in-house.

We noticed an ROI after about six months of working with the solution.

Previous to Carbon Black, we had a malware attack that cost us a significant amount of money. We haven't had one since, and therefore, our return on investment has been significant.

We simply auto-renew every year. I can't speak to the exact pricing. My standard license includes everything that I need without any extra costs.

I was looking at the possibility of replacing this solution with Defender, as that's part of our Office 365 licensing package that we have. I was asking myself "will this help? Is it really worth me spending x number of dollars for CBD versus using Defender?" However, after careful examination, we decided to stick with Carbon Black.

We're generally always using the latest version of the solution, minus one. What I mean by that is it's not always current, however, it's always at least within one of the most current versions. We've got too many things going on to really be on the bleeding edge if you will. At times to go up to the next one I want to be sure I have a good stable one. What I'll do is let's say 3.3 comes out next week, I won't necessarily go to it. I will wait until 3.4 comes out to go to 3.3.

While the agents are installed locally, everything basically goes through the cloud. We don't deal with on-premises deployments.

I would advise new users to be cautious or policy settings. I'd also warn them that they should be prepared for lots of emails.

Overall, I would rate the solution at a nine out of ten.

It has allowed us to protect our organization from viruses. We've seen many cases when people try to install innocent application, such as a web browser or something like that, and then there are attachments that are not so innocent. Carbon Black tells about such things.

I like its protection very much. It protects and allows us to lock the environment pretty tightly. Nothing that is not approved through Carbon Black can run in the environment. There is no default. Everything goes through Carbon Black Protect, and everything has to be first approved. Every software is considered to be guilty before prove innocent.

It could be a bit complicated. You have to be very familiar with Carbon Black to understand what it is doing and why it is doing. I would like to have more explanations and simplification in the user interface. It would be good to get help and see more explanations. It should tell us that a software is blocked and the reason for it. It would be good to be able to build chains in terms of what caused what, what worked, and what caused an issue.

We are now moving from Carbon Black to Cortex XDR. While choosing antivirus software, we were also looking at Carbon Black because it also has an antivirus package, and it is next-generation, but we were told that Carbon Black doesn't support firewalls. We have Palo Alto firewalls. We would have chosen this solution if it supported firewalls, in particular next-generation firewalls, but unfortunately, it doesn't. Therefore, we decided on Cortex XDR because it integrates with Palo Alto firewalls.

I have been using this solution for one and a half years. In our company, it has been used for around five years.

It works. I was actually very surprised about its stability. It is in a virtual environment. It works in a VMware environment for us. Sometimes, latency discrepancies are very high, but it is pretty stable.

It is scalable. We have about 400 machines here, and everyone is using it. It protects 400 nodes. We have one server that serves all nodes. The number of machines is growing slowly. We had 350 machines earlier, and in one year, the number is 400.

I never had a need to use the tech support. My boss, who actually implemented this product, used their technical support, and he was okay with it. 

We have Symantec Endpoint Protection, and it has some functions similar to Carbon Black, but not all. Carbon Black is definitely better because Symantec Endpoint provides some protection as a part of their antivirus solution, but it is not as powerful as Carbon Black.

When I joined this company, Carbon Black was already very well established. All rules and all groups were in place. The person who worked before me did a great job.

It does everything that we need. We can configure it very strongly and lock the environment, which sometimes can create an administrative headache for us and some hassle for users because the users cannot install some of the software and have to ask us to enable the software, but it is exactly what we wanted.

I'm pretty happy with this solution, but unfortunately, at this point, we will have to stop using this solution, but this is not what we want. We are going to use Cortex XDR, but we are not sure if it is possible to work back to back with Carbon Black. Cortex initially told us that Carbon Black and Cortex XDR are not compatible, but it was just word of mouth. At the same time, Carbon Black is not on their incompatible products list. It would be good if these two are compatible because I can imagine the amount of time it would take to translate all the rules from Carbon Black to Cortex and handle all errors and other things.

I would rate Carbon Black CB Defense a nine out of ten. 

CB Defense could be more compatible with Linux, and its cloud provision could be improved.

I've been using CB Defense for two years.

CB Defense is scalable so long as the deployment has been done correctly.

Carbon Black's support team are very slow to answer questions.

The initial setup was fairly easy. Deployment will take one to two weeks, depending on how many endpoints there are.

CB Defense is available on a yearly subscription and is priced by the number of endpoints.

I would recommend CB Defense for users who want an on-prem solution that lets them see the whole process of any event. I would give CB Defense a rating of six out of ten.

It is used for protecting our file servers. Its version is kept up to date, so it should be fairly current.

We found that Trend Micro was producing a little bit more load on our servers than what we wanted. So, we went to Carbon Black because it was integrated with VMware. It is great on the servers. It puts very little load, and it does an excellent job.

I found it very valuable as a whole. It is good at detecting anything and has kept us very safe. It is also very easy to use. 

I haven't run into anything that needs improvement. The website interface can be a little bit better, but it's still good as compared to most others.

I have been using it for close to a year.

It is stable.

I believe it is very scalable. In terms of its users, for the most part, there are only two of us using it. I am the IT administrator and primary user, and we have an IT support person who handles PCs and backs me up on servers. We are taking care of its deployment and maintenance.

We are looking at the possibility of expanding its usage in the future to include desktops.

I've never had to call technical support.

We were using Trend Micro Apex One on our servers, and we found that Trend Micro tended to load the servers up a little bit. That's why we switched to Carbon Black.

It was very straightforward. It was very easy to set up. 

Its deployment didn't take that long at all. We purchased it and then just installed it on different servers, one at a time.

We did it ourselves.

I've never calculated an ROI on it.

Its pricing was very good, which is one of the reasons I went to it as an alternative. It is on a yearly basis. There are no additional fees.

We did not evaluate other options.

If you're running a VMware environment, you can definitely go ahead and use it. 

I would rate it a 10 out of 10.