VMware Carbon Black Endpoint Reviews

We include it as another layer of security for our endpoints/servers. The software is based off TTP (tactics, techniques, and procedures), and it complements our antivirus products. The software basically takes a snapshot of the system, then if anything happens which is out of the norm, the software alerts us. In some cases, it denies execution and will quarantine the endpoint from other systems.

During the company’s transition, we had a memory scraper infiltrate our network, and  with the help of Carbon Black, we isolated the outbreak to a few point of sale machines.. We saw a step-by-step account of how the software was introduced into the environment, the host it originated from, and the destination address it was connecting too. Carbon Black stopped the spread in its tracks.

• The software uses very few resources; it is almost invisible to the end user. 
• Behavioral Monitoring stops known malicious events before they even begin. 
• The whitelist: Being a Casino, we have some odd software packages. Being able to whitelist them is a must.
• The option to quarantine a device and use the cloud-based portal to gain a “shell” on the infected machine. With this, we can dump the entire system memory to a machine in our lab, then run analysis.

It works the way we want and how we want. 

For one improvement, an easier integration with an AlienVault USM appliance would be good. The directions for Splunk are spot on, but it is difficult to find anything on integration with AlienVault,

We need it to secure some PCs and virtual machines inside the company.

We have a single point of view of all the security systems, and it has some interesting tools.

For Carbon Black Endpoint, the possibility of integration with different other software's log servers is the important thing. Having just one point of view is more interesting so you don't need to go to different places to see all the information.

There is room for improvement in the proxy servers. The implementation and management of those servers are difficult.

The proxy servers have proxy servers in place to not connect directly to the Internet, and the implementation and management of those servers are difficult.

Moreover, some customers request disabling Bluetooth in endpoints, but Carbon Black doesn't do that. So, there should be some flexibility for customization.

I have been using this solution for a couple of months. 

I would rate the stability a nine out of ten.

It is easy to scale. I would rate the scalability a ten out of ten.

The customer service and support are solid.

Positive

The initial setup is complex. 

It's a good return on investment. The single point of view is very important for the client.

The solution has almost the same price as other different kinds of infrastructures, but it offers a lot of different features.

I would recommend trying it first. Overall, I would rate the solution a nine out of ten. It's a great product. 

I am associated with the incident response team, and we use Carbon Visibility for converged networks.

Right now, Carbon Black CB Defense doesn't support cloud computing and Kubernetes. However, if it does support them, then it would be better.

I have been using Carbon Black CB Defense since 2019.

It is mostly a stable solution, but sometimes there are stability issues.

It is a scalable solution.

The technical support is nice. We can reach them 24/7. I rate technical support a seven out of ten.

Neutral

The initial setup was straightforward. We use it for the environment server, clients like end users, and competitors. We use some automation tools like SCCM for Windows, Linksys, and some other automation tools, and we use a lot of them to deploy. So, it depends since it is a circle and because every day, there is a new server that joins the environment. And when your server line client enters the server environment, they automatically install blockings.

But the environment contains over twenty thousand clients. It may take three or three months, depending on whether the employee works in their home. They can only join the network once they log in to VPN. So as a result of that, sometimes deployment time takes too much time. We have very big environments, but a lot of the domain is managed by some administration. Less than ten people were required for the deployment.

We used local support to deploy it.

There are more expensive products than Carbon Black CB Defense, so we are using the solution for its availability.

I recommend the solution to others planning to use it. I rate the overall solution an eight out of ten.

Carbon Black is an EDR solution and a Next Generation AV. It works on the basis of machine learning and artificial intelligence. It's used to manage multiple endpoints from a central location and detects alerts on the basis of AI. If we have any custom alerts, they can be triggered or flagged. In that case, we can have a centralized alerting system. It can also be used to isolate, repair, or remediate a machine when it is taken by an attack.

We aren't responsible for managing the infrastructure of this particular tool. We're using it for investigation purposes and to monitor products that are being used by our clients.

It's deployed on a public cloud.

The solution has a library where we can have multiple threat intels onboarded. We just have to subscribe to a particular site intel and they'll provide us with all of the truncated details so that we can create IOCs and alerts on the basis of those IOCs. 

It's one of the best features because there are multiple third-party vendors who can provide us with site intel in one location. You just have to subscribe to them, and they'll start providing you with IOCs. If a new attack starts, you will have all the basic IOCs on that list, which can be used to identify if the same attack is happening in your environment.

We can isolate devices in just two clicks. That's also a great feature. We can remediate and repair devices from a central location. It's not too difficult to use that particular tool. The user interface is very easy to understand. You are not required to roam around the console to find where the alert went. It's easy to resolve that.

When we onboarded Carbon Black, there weren't many EDR solutions available in the market. It was one of the best tools when it was launched. We don't have any complaints with the tool. The tool is very good. It highlights many of the alerts and events.

When you're investigating an alert, you will get a graph and will see the details related to the process that triggered the alert. Below the graph, there are network connections, file modifications, industry modifications, and multiple other activities. If you want to specifically find which additional modification has been performed, you will have to find the log you're searching for. There isn't a search bar to check for file modifications or network connections. In that case, you don't have a search bar, so you have to check each and every event, which could be more than 1,000.

You would have to check 1,000 events manually, or you would have to export sheets to view what you are searching for. If they added a search bar, it would reduce the time it takes to do investigations.

If you want to log into a device, there's a process named winlogon.exe, which is supposed to be initiated. If I'm using Carbon Black, I will have to check where winlogon.exe is being observed or at what time it was being observed. Because there's no search bar, I will have to check for the event in all the device events.

A search bar in the investigation page and some AI-related tasks like outgoing alerts, or recent tactics that are being used in the market, must be embedded in the tool so that it's easier to find alerts. The AI must be stronger so it can identify activity that is actually malicious.

I have used this solution for a year and a half.

It's a stable product.

It's scalable because it's based on the cloud.

It's sensor-based, so you have to install the machine associated with your application. You will have the configuration file and the agent installation file. You'll have to run the configuration file, and then you'll be onboarded to Carbon Black. It's easy.

Deployment was fast. It took 15 minutes.

We have a group of about eight people for maintenance and supervision.

I would rate this solution as eight out of ten.

It's a good tool, but it requires some updates. It doesn't have new features like multi-tactics, which other EDR products are providing.

My advice is to acknowledge or resolve a particular alert because once they resolve, it will be very difficult for you to find that alert. Handle it with care because with just a click, the device will be isolated. It could be a server, host, or network device. If you click the wrong button out of curiosity, it will destroy the machine. It has multiple accesses and won't ask if you're sure if you want to do an activity or not.

It is used for protecting our file servers. Its version is kept up to date, so it should be fairly current.

We found that Trend Micro was producing a little bit more load on our servers than what we wanted. So, we went to Carbon Black because it was integrated with VMware. It is great on the servers. It puts very little load, and it does an excellent job.

I found it very valuable as a whole. It is good at detecting anything and has kept us very safe. It is also very easy to use. 

I haven't run into anything that needs improvement. The website interface can be a little bit better, but it's still good as compared to most others.

I have been using it for close to a year.

It is stable.

I believe it is very scalable. In terms of its users, for the most part, there are only two of us using it. I am the IT administrator and primary user, and we have an IT support person who handles PCs and backs me up on servers. We are taking care of its deployment and maintenance.

We are looking at the possibility of expanding its usage in the future to include desktops.

I've never had to call technical support.

We were using Trend Micro Apex One on our servers, and we found that Trend Micro tended to load the servers up a little bit. That's why we switched to Carbon Black.

It was very straightforward. It was very easy to set up. 

Its deployment didn't take that long at all. We purchased it and then just installed it on different servers, one at a time.

We did it ourselves.

I've never calculated an ROI on it.

Its pricing was very good, which is one of the reasons I went to it as an alternative. It is on a yearly basis. There are no additional fees.

We did not evaluate other options.

If you're running a VMware environment, you can definitely go ahead and use it. 

I would rate it a 10 out of 10.

I use VMware Carbon Black Endpoint for its capabilities related to EDR and antivirus support. The tool offers protection to me with its advanced antivirus technology. The tool also protects me from threats.

My company does benefit from the use of the solution since it detects live threats, malware threats, possible ransomware attacks, and other such areas.

The most valuable feature of the solution stems from the fact that it is one of the best EDR tools in the market.

The product's reporting capabilities are an area of concern where improvements are required.

From an improvement perspective, the price of the product needs to be lowered.

I have been using VMware Carbon Black Endpoint for two years. I use the solution's latest version.

The performance and stability of the product is very good and simple. The tool is very fast to analyze issues. It is a very stable tool. Stability-wise, I rate the solution a ten out of ten.

It is a scalable solution. Scalability-wise, I rate the solution a ten out of ten.

Around 22 people in my organization use the solution.

My company does have plans to increase the use of the solution.

The solution's technical support was simple and good. The technical support team responds quickly to my queries.

The product's initial setup phase was easy.

The version of the tool that I use is a cloud-based one, so in our company, we needed to create the policies and then use the tool for the endpoints on the desktops.

The solution is deployed on the cloud.

The solution can be deployed in half a day.

I did seek the help of an integrator to help with the implementation process.

My company needs to make yearly payments towards the licensing costs attached to the product. The product is expensive. There are some additional costs apart from the standard licensing charges attached to the solution.

I recommend the product to those who plan to use it since it is a stable solution.

I rate the overall tool a ten out of ten.

The product's most valuable feature is its ability to be fully integrated with the VMware environment.

The product's stability could be improved.

I have been using VMware Carbon Black Endpoint for one or two years as a system integrator.

Stability-wise, the product could be better. 

The platform is very easy to scale. It is suitable for small and medium businesses.

The technical support services are good.

Positive

VMware Carbon Black Endpoint's installation is easy. The deployment takes one or two days, but the training administrator takes more time.

I rate VMware Carbon Black Endpoint a ten out of ten.

CB Defense could be more compatible with Linux, and its cloud provision could be improved.

I've been using CB Defense for two years.

CB Defense is scalable so long as the deployment has been done correctly.

Carbon Black's support team are very slow to answer questions.

The initial setup was fairly easy. Deployment will take one to two weeks, depending on how many endpoints there are.

CB Defense is available on a yearly subscription and is priced by the number of endpoints.

I would recommend CB Defense for users who want an on-prem solution that lets them see the whole process of any event. I would give CB Defense a rating of six out of ten.