The portal is easy to use and manage. It proves effective for endpoint security purposes. It has good threat-hunting capabilities, as I have not received any critical alerts. However, it is not integrated enough compared with other AI endpoint systems. Before choosing Carbon Black, purchasing support for the first year is advisable. During this initial period, support may be necessary to manage alerts and understand how to use the system effectively. I rate it a five out of ten.
The solution's integration with our existing security infrastructure is good. Whenever we have any alert in VMware Carbon Black Endpoint, we can easily that alert in our SIEM tool and check logs from the SIEM tool itself. VMware Carbon Black Endpoint is just a secondary security tool for us, and we are just monitoring the alerts from it. The solution's behavioral analytics feature helps in identifying suspicious activities pretty well. Whenever we have even a small thing, we get an alert. The solution is deployed on the cloud in our organization. Performance-wise, the solution is doing great in terms of connecting to the host directly. Performing a malware scan usually takes a lot of time, more than 24 hours. A malware scan is something that we do only on Carbon Black for the old endpoint devices and servers. It used to take sometimes three days to perform. I would recommend the solution to other users. Overall, I rate the solution an eight out of ten.
We conduct market and customer events for the solution. We help customers understand the product. Customers need monitoring software with a bundle of features, including DLP, signature lists, and sandboxing technologies. When these features can be merged within a single product, it will become a complete product. Overall, I rate the solution a two out of ten.
Information Security Consultant at a recruiting/HR firm with 10,001+ employees
Consultant
Top 10
2023-10-24T14:18:00Z
Oct 24, 2023
I rate VMware Carbon Black Endpoint a seven out of ten. I recommend it to the companies with less budget. If there are no budget constraints, they can use other products like CrowdStrike Falcon or Cylance.
Director-International Trade Operations - India Middle East at Dow
Real User
Top 20
2023-09-11T08:36:48Z
Sep 11, 2023
The interface of the solution is good. VMware provides regular updates if there are any issues that crop up in the product. For those who work in the software industry, since security is a huge responsibility, a person should not think about whether the tool is expensive or cheap. VMware Carbon Black Endpoint is a good tool that you can directly buy and use without any issues. I rate the overall solution an eight out of ten.
Learn what your peers think about VMware Carbon Black Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: October 2024.
Head Of Information Security Department at a insurance company with 201-500 employees
Real User
Top 20
2023-08-17T07:47:53Z
Aug 17, 2023
I would say that VMware Carbon Black Endpoint is a very good solution for those planning to use it. If a person has certain cost constraints, then VMware Carbon Black Endpoint may not be the best solution since many cheaper or even open-source solutions can provide the same functionalities as VMware Carbon Black Endpoint. I feel that with a good budget, a better solution can be available in the market. I rate the overall a seven and a half out of ten.
The engineering team needs to understand in detail the behavior of the environment, and they have to give us the solution according to that. A lot of issues are currently going on with the solution. Multiple issues and uncontrollable things are causing us to work till midnight. A lot of issues are coming in, and teams are putting a lot of effort into addressing them. However, we are still not able to meet the customer's expectations. Like most companies, we don't use SCCM for security reasons. Most companies use different patch tools, but we cannot use these things for pushing the sensor. The solution should make something so that we can centrally push the sensor and install it on all machines. Such a feature will reduce a lot of human efforts. The solution is deployed both on Public Cloud and On-premises. I would recommend Carbon Black CB Defense to other users. Overall, I rate Carbon Black CB Defense a seven out of ten.
If the solution can address all the problems we have raised, then I think it would be a good recommendation. In NCR, we have had a very good experience with Carbon Black. Moreover, in our company, Carbon Black offers excellent support. Workaround time and issues with version control have to be put in place. Even the version release sensor can cause frustration because by the time we reach one version, two or three versions might have been released. Sometimes they even remove some of the features. So, it is better to test the version first before using it for the rest of the measures. Overall, I would rate it a seven out of ten.
To the people looking to use this solution, I'd say if you want to get better visibility into an environment and see user activity or suspicious activity, then Carbon Black CB Defense is the right solution for you. Overall, I would rate this solution an eight, on a scale from one to 10, with one being the worst and 10 being the best.
Sales Operations Specialist at ADEO IT Consulting Services
Real User
Top 5
2023-02-13T20:14:00Z
Feb 13, 2023
I would recommend CB Defense for users who want an on-prem solution that lets them see the whole process of any event. I would give CB Defense a rating of six out of ten.
I would rate this solution as eight out of ten. It's a good tool, but it requires some updates. It doesn't have new features like multi-tactics, which other EDR products are providing. My advice is to acknowledge or resolve a particular alert because once they resolve, it will be very difficult for you to find that alert. Handle it with care because with just a click, the device will be isolated. It could be a server, host, or network device. If you click the wrong button out of curiosity, it will destroy the machine. It has multiple accesses and won't ask if you're sure if you want to do an activity or not.
Director InfoSec and Audit at a manufacturing company with 1,001-5,000 employees
Real User
2020-07-01T11:36:53Z
Jul 1, 2020
Be careful of the need to piece together multiple solutions to get the same features offered by some of the competition. The price won't look so appealing by the time you get apples to apples comparison.
Senior Director, Information Technology at C.E. Niehoff & Co.
Real User
2022-05-11T12:43:01Z
May 11, 2022
I have experience with Carbon Black CB Defense. My company has already adopted a solution that uses Carbon Black CB Defense, particularly with a company called CROW. Carbon Black CB Defense was deployed hybrid in terms of what my company does. The cloud provider used was CROW. My company has 200 users of Carbon Black CB Defense. It's being used in the whole environment. Three people from IT are in charge of the maintenance and full deployment of the solution. In terms of increasing usage, the solution is being used in the entire environment, and usage will be increased if there's growth in personnel. At this junction, I'm rating Carbon Black CB Defense an eight.
AVP - Information Security Governence & Risk Management at Allied Bank Limited
Real User
2022-04-27T12:02:00Z
Apr 27, 2022
This is a good solution, but there are a lot of improvements needed. I am overseeing the project part of the solution, not the deep technical side. As far as my knowledge is concerned, it's an easy-to-use solution and it has many good features, but it also has many features that require improvement. I would rate the solution as a six out of ten.
Lead IT Security Analyst at a government with 501-1,000 employees
Real User
2022-03-07T21:17:57Z
Mar 7, 2022
I would rate this solution 8 out of 10. I'd say, "go for it" if you don't have or need Check Point for an integration. But if you're relying on that kind of integration, if you really need that like we did, then of course I wouldn't go that route. If I were to make a recommendation to somebody else just starting out, my advice is to check out the cloud first.
It has caused widespread issues in my organization, as well as drastically increasing CPU and network loads to the point of leaving us near non-functional.
IT Infrastructure and Security Manager at a paper AND forest products with 1,001-5,000 employees
Real User
2022-02-16T02:23:50Z
Feb 16, 2022
I would rate this solution 8 out of 10. Carbon Black gives a different offering. Their ThreatHunter gives you more of the threat hunting features, so if they basically make that a standard feature, then I would rate it higher. My advice is to use a deployment tool if you have one because it will come in handy. I would also suggest that you enable the feature in Carbon Defense because uninstallation requires a key so that people can't get rid of it. If you are going to be buying it, my advice would be to take a look at their manage, detect, and response feature because you take the onus away from your internal team, and you also take away potential misconfiguration out of your internal IT group because they will be looking at all the logs, and they will be reviewing the policies and they can actually tell you how to do it. If you do not have the manage, detect and response, it all falls on you, and then you would have to integrate it with your own. If you have a SIM, you would have to learn how to integrate it to your SIM.
Cyber Security Engineer at a tech services company with 201-500 employees
Real User
2021-12-15T06:53:00Z
Dec 15, 2021
I rate CB Defense nine out of 10. It's different, so it stands out among all the others. Carbon Black is more costly but also more powerful and effective, so I recommend it.
We are resellers. The solution can be deployed both on-premises and in the cloud. I would definitely advise new users of just this one thing: that before thinking about Carbon Black or purchasing it, they should look for other solutions as well. As far as the cost is concerned, Carbon Black is much more expensive than any other product. That's something that needs to be taken into account. I would rate the solution at a nine out of ten.
IT Manager - System Administration at a pharma/biotech company with 501-1,000 employees
Real User
2021-08-20T00:27:01Z
Aug 20, 2021
There are two versions of Carbon Black that VMware has, one of them is the on-prem one and the endpoint clients are in the user machines and servers, so AWS and data center and VSS. I'd advise those interested in the solution to go with the cloud deployment model. We've had a lot of issues with the on-premises version. I'd rate the solution at a seven out of ten. There seems to be quite a disparity between the cloud and on-premises versions.
IT Cybersecurity at a manufacturing company with 10,001+ employees
Real User
2021-06-29T12:53:03Z
Jun 29, 2021
We have deployed different versions of the solution. At this moment we have 3.5 or we have, for example, for Windows we have 3.1. We deploy it to many computers and in different countries. You need to upgrade or maybe you need to downgrade, depending on the device it's attached to. For example, we have many servers including 2016 and 2019 versions, and then we have different versions of Windows. When we decide to deploy a new version we deploy it throughout the region. We have been in America, Asia, and Europe. I'd advise other potential users that, like any solution, you need to know how to use it, you need to know how to implement, and you need to know how to do the best configuration and update that configuration. If you don't have a good configuration on any application, it will work not for you. In general, the solution is good. I would rate it at an eight out of ten.
My advice to others is to take advantage of the POC and work with your POC rigorously. I think we have good responses on the POC as they get closer and closer to wanting to close. We were able to get stronger and stronger and more timely support. It is a good program and they are very fair about it. In any EDR, I would test them heavily and do not rely on marketing. When applying an overall rating to this solution I do not think there are any tens in the marketplace. We very pleased and we evaluate this every year or two. In our POC, we had 200 samples including ones that were available but not as popular and we received a 100% efficacy. We were very pleased with the results. I rate Carbon Black CB Defense an eight out of ten.
Senior Infrastructure and Security Engineer at a manufacturing company with 51-200 employees
Real User
2021-01-23T19:25:33Z
Jan 23, 2021
It does everything that we need. We can configure it very strongly and lock the environment, which sometimes can create an administrative headache for us and some hassle for users because the users cannot install some of the software and have to ask us to enable the software, but it is exactly what we wanted. I'm pretty happy with this solution, but unfortunately, at this point, we will have to stop using this solution, but this is not what we want. We are going to use Cortex XDR, but we are not sure if it is possible to work back to back with Carbon Black. Cortex initially told us that Carbon Black and Cortex XDR are not compatible, but it was just word of mouth. At the same time, Carbon Black is not on their incompatible products list. It would be good if these two are compatible because I can imagine the amount of time it would take to translate all the rules from Carbon Black to Cortex and handle all errors and other things. I would rate Carbon Black CB Defense a nine out of ten.
Cyber Security Consultant with 1,001-5,000 employees
Real User
2021-01-16T05:10:33Z
Jan 16, 2021
We're just customers and end-users. We don't implement this solution for clients or anything like that. I'm not sure which version of the solution I'm using. It might be the latest, however, I can't say for sure. We use it at a bank for our endpoints. Therefore, it's likely the latest. There are between 20,000-30,000 people using the solution within our organization. It's definitely 20,000 at least. I would advise others to basically set the expectations as far as the features they expect or need from a security solution. This solution can't solve problems related to security practices within the company. Internal policies must be in place. Then, figure out how to integrate this solution and its available features into your internal security protocols. Overall, I would rate the solution at a nine out of ten. We've been pretty happy with the product so far.
Infrastructure and support manager at a healthcare company with 51-200 employees
Real User
2021-01-11T19:44:34Z
Jan 11, 2021
For others who are interested in using Carbon Black, I would recommend checking your use case. If your use case is Linux and Mac, then it will be problematic, based on my experience. These days, with VMware taking them over, I'm willing to bet that that's going to change. I see some redemption in their future, with VMware owning them. VMware is a very strong player in the workspace, and especially with their workspace tool that VMware's building to work with Windows, Mac, and Linux clients, in order to do VDI. For the Windows endpoints, it was incredibly useful, nothing got through it, which is a bad thing in some cases because we hadn't tagged the certificate platform appropriately. So, it's a bit of an improvement needed there, but the biggest complaint is around the operating systems not being available. I would rate Carbon Black CB Defense a seven out of ten.
IT Infrastructure - Global Head at a comms service provider with 10,001+ employees
Real User
2020-11-11T15:30:03Z
Nov 11, 2020
We're just a customer. We don't have any business affiliation with Carbon Black. We're currently using the latest version of the solution. Overall, I would rate the solution seven out of ten.
Owner at a tech services company with 1-10 employees
Real User
2020-11-11T08:48:45Z
Nov 11, 2020
I would advise making sure that it won't cause problems with your servers. Whenever possible, it is good to fully test a product before deploying it. I would rate this solution an eight out of ten. It needs better ease of use and deployment.
Information Security Consultant at a healthcare company with 10,001+ employees
Consultant
2020-10-11T08:58:21Z
Oct 11, 2020
I would recommend Carbon Black CB Defense for anyone who is interested in implementing this solution. I would rate Carbon Black CB Defense and eight out of ten.
Vice President of Sales (previously Sales Engineer) at a computer software company with 11-50 employees
Real User
2020-10-01T09:57:00Z
Oct 1, 2020
We have the cloud center, however, the application's installed on each endpoint individually. Each client machine has it installed, locally, so it's off-premises for us. I'm assuming that they would be running on individual client PC. The software is run here, we manage it within the cloud atmosphere. We were an authorized reseller or we were an authorized business associate of Carbon Black. Since that's moved under Dell, I don't think that's a thing anymore. I would state that as we are mainly a Dell shop, we're an all in Dell shop. And so that's just a business decision we've made. We were a Dell VMware Carbon Black client and we had a relationship with them that preexisted our Dell partnership. Before Dell acquired Carbon Black, we were a partner of Carbon Black's. We had acquired this technology and we were utilizing this technology for several years in advance of that acquisition. I'd recommended Carbon Black CB Defense 100%. I would rate this solution an eight out of ten.
Threat and Vulnerability Engineer at Horizon Blue Cross Blue Shield of New Jersey
Real User
2020-07-19T08:15:00Z
Jul 19, 2020
The implementation is very easy but the security aspects could be better. If you don't have a SIEM solution in your organization, you're probably engaging via email.But there's no way to point me to customize the email templates if I want to see more information on that email before going to the console. It's still a business and company, but I'm the only one who is managing everything. So when I see the email on my phone, I want to see more information before logging into the console. I want to see more filtering options to narrow down more field training. I also wish it was easier and more intuitive in terms of searching for queries. I feel like it should be simpler. It doesn't make sense to have it this hard. I would rate it a seven out of ten.
Group CIO at a construction company with 10,001+ employees
Real User
2020-04-06T08:22:00Z
Apr 6, 2020
My advice is to get enough information about the differences in Carbon Black products from day one. In other words, if Carbon Black is claiming that Carbon Black CB Defense is enough, why are they always promoting the more expensive product, which is Carbon Black Protect? So, you need to be educated well about the differences between the products. Also, look at the roadmap of the product regarding whether there will be good mobile protection for mobile users or not. And be aware of the minimum license purchasing policy. The number of people for maintenance of the solution depends on how your environment is structured, but in our company I need five people.
We did a POC with the solution. We’re still in the process of testing it, so we’re still learning the system. I would rate the solution eight out of ten.
Symantec aligns with a more traditional antivirus that a lot of people are just more familiar with. It has traditional signature sets, exceptions, and policies. When you're talking medium sized implementations, where it's several hundred or a couple thousand endpoints, it's pretty straightforward. The learning curve with Carbon Black is considerably more extensive. You have considerably more ability in the platform to do investigations and custom policies, as it can do more in-depth searches and queries about what's actually going on at an endpoint level, which you don't have with Symantec. You really have to understand exactly what you're trying to accomplish. The product itself works quite well. It's pretty intuitive, but there is so much more data and capabilities at your fingertips. It definitely takes more time to learn it. If you are evaluating these products: Evaluate what your enterprise looks like and what your current security controls are. Understand what exists, what needs to be protected, and what other tools there are in the organization. This makes a big difference in the decision-making process. For example, Carbon Black is 100 percent cloud-based. There is no on-premise option. If you have requirements for systems that can't access the internet, whether it be classified environments or otherwise, it's more difficult to get as much value out of a system which is only cloud-based if you have air gaps. A more traditional on-premise solution might work better, like Symantec, in this scenario. However, if you have a largely mobile workforce with a lot of high risk employees who travel, having cloud-based works perfectly for that sort of environment, as you're getting data with the ability to access and respond to issues regardless of where systems are, as long as they're online. However, if EDR tools already exist in an environment, you might not need a full in-depth product, like CarbonBlack, where a more traditional antivirus coupled with another EDR product might get you the capabilities that you need. Albeit, it would require multiple products to cover the environment. I would rate Carbon Black as a nine out of ten, because it provides industry leading features, which give us the ability to do the investigations that we need to. It just makes an enormous difference. I would rate Symantec as a seven out of ten. It works quite well. It is feature-rich, stable, more traditional product.
Senior Security Consultant at a manufacturing company with 10,001+ employees
Real User
2018-10-08T17:34:00Z
Oct 8, 2018
In terms of the fixes from what the behavior was with the environment, it has been evolving. And the only thing that could be improved is enabling Carbon Black to be a part of the image so that when we are doing a image refresh, Carbon Black would be present by default. But in the current conditions, by definition, it needs to have an internet connection for you to install Carbon Black. Because it connects to the cloud as a first step after you start the installation. So, since we cannot have that kind of a set up for an image, we are not able to put it into an image, basically. So if there comes any kind of a version where it can be done, probably it might be more helpful in terms of a mass deployment. They might have to create a little bit of better knowledge base articles which will give us an insight as to how this is working and what logs we can look into for analysis. The gap can be made much shorter in that aspect. The report generation and trend analysis or data analysis can be improved.
* Make ssure that your firewall ports open and really test communication back to their server. * Make sure you don't have anything else that may be impeding it. * If you are dealing with any PIA countries or GSA (also known as TAA) countries, make sure you're working through their work councils. * Make sure you look at a holistic perspective and have a plan in place on how to use this tool.
VMware Carbon Black Endpoint provides comprehensive endpoint security against ransomware, spyware, malware, and viruses, catering to both cloud and on-premise environments.
VMware Carbon Black Endpoint facilitates endpoint detection and response, threat hunting, application control, antivirus support, and protection for virtual and physical machines. Features include intelligent learning, whitelisting, and integration with other security tools, making it suitable for distributors, MSPs,...
The portal is easy to use and manage. It proves effective for endpoint security purposes. It has good threat-hunting capabilities, as I have not received any critical alerts. However, it is not integrated enough compared with other AI endpoint systems. Before choosing Carbon Black, purchasing support for the first year is advisable. During this initial period, support may be necessary to manage alerts and understand how to use the system effectively. I rate it a five out of ten.
The solution's integration with our existing security infrastructure is good. Whenever we have any alert in VMware Carbon Black Endpoint, we can easily that alert in our SIEM tool and check logs from the SIEM tool itself. VMware Carbon Black Endpoint is just a secondary security tool for us, and we are just monitoring the alerts from it. The solution's behavioral analytics feature helps in identifying suspicious activities pretty well. Whenever we have even a small thing, we get an alert. The solution is deployed on the cloud in our organization. Performance-wise, the solution is doing great in terms of connecting to the host directly. Performing a malware scan usually takes a lot of time, more than 24 hours. A malware scan is something that we do only on Carbon Black for the old endpoint devices and servers. It used to take sometimes three days to perform. I would recommend the solution to other users. Overall, I rate the solution an eight out of ten.
I recommend the product to those who plan to use it since it is a stable solution. I rate the overall tool a ten out of ten.
We conduct market and customer events for the solution. We help customers understand the product. Customers need monitoring software with a bundle of features, including DLP, signature lists, and sandboxing technologies. When these features can be merged within a single product, it will become a complete product. Overall, I rate the solution a two out of ten.
I rate VMware Carbon Black Endpoint a seven out of ten. I recommend it to the companies with less budget. If there are no budget constraints, they can use other products like CrowdStrike Falcon or Cylance.
The interface of the solution is good. VMware provides regular updates if there are any issues that crop up in the product. For those who work in the software industry, since security is a huge responsibility, a person should not think about whether the tool is expensive or cheap. VMware Carbon Black Endpoint is a good tool that you can directly buy and use without any issues. I rate the overall solution an eight out of ten.
I would recommend trying it first. Overall, I would rate the solution a nine out of ten. It's a great product.
I would say that VMware Carbon Black Endpoint is a very good solution for those planning to use it. If a person has certain cost constraints, then VMware Carbon Black Endpoint may not be the best solution since many cheaper or even open-source solutions can provide the same functionalities as VMware Carbon Black Endpoint. I feel that with a good budget, a better solution can be available in the market. I rate the overall a seven and a half out of ten.
I rate VMware Carbon Black Endpoint a ten out of ten.
The engineering team needs to understand in detail the behavior of the environment, and they have to give us the solution according to that. A lot of issues are currently going on with the solution. Multiple issues and uncontrollable things are causing us to work till midnight. A lot of issues are coming in, and teams are putting a lot of effort into addressing them. However, we are still not able to meet the customer's expectations. Like most companies, we don't use SCCM for security reasons. Most companies use different patch tools, but we cannot use these things for pushing the sensor. The solution should make something so that we can centrally push the sensor and install it on all machines. Such a feature will reduce a lot of human efforts. The solution is deployed both on Public Cloud and On-premises. I would recommend Carbon Black CB Defense to other users. Overall, I rate Carbon Black CB Defense a seven out of ten.
I rate the solution as seven.
If the solution can address all the problems we have raised, then I think it would be a good recommendation. In NCR, we have had a very good experience with Carbon Black. Moreover, in our company, Carbon Black offers excellent support. Workaround time and issues with version control have to be put in place. Even the version release sensor can cause frustration because by the time we reach one version, two or three versions might have been released. Sometimes they even remove some of the features. So, it is better to test the version first before using it for the rest of the measures. Overall, I would rate it a seven out of ten.
To the people looking to use this solution, I'd say if you want to get better visibility into an environment and see user activity or suspicious activity, then Carbon Black CB Defense is the right solution for you. Overall, I would rate this solution an eight, on a scale from one to 10, with one being the worst and 10 being the best.
I would recommend CB Defense for users who want an on-prem solution that lets them see the whole process of any event. I would give CB Defense a rating of six out of ten.
I would rate Carbon Black CB Defense an eight out of ten.
I would rate this solution as eight out of ten. It's a good tool, but it requires some updates. It doesn't have new features like multi-tactics, which other EDR products are providing. My advice is to acknowledge or resolve a particular alert because once they resolve, it will be very difficult for you to find that alert. Handle it with care because with just a click, the device will be isolated. It could be a server, host, or network device. If you click the wrong button out of curiosity, it will destroy the machine. It has multiple accesses and won't ask if you're sure if you want to do an activity or not.
Be careful of the need to piece together multiple solutions to get the same features offered by some of the competition. The price won't look so appealing by the time you get apples to apples comparison.
I have experience with Carbon Black CB Defense. My company has already adopted a solution that uses Carbon Black CB Defense, particularly with a company called CROW. Carbon Black CB Defense was deployed hybrid in terms of what my company does. The cloud provider used was CROW. My company has 200 users of Carbon Black CB Defense. It's being used in the whole environment. Three people from IT are in charge of the maintenance and full deployment of the solution. In terms of increasing usage, the solution is being used in the entire environment, and usage will be increased if there's growth in personnel. At this junction, I'm rating Carbon Black CB Defense an eight.
This is a good solution, but there are a lot of improvements needed. I am overseeing the project part of the solution, not the deep technical side. As far as my knowledge is concerned, it's an easy-to-use solution and it has many good features, but it also has many features that require improvement. I would rate the solution as a six out of ten.
I would avoid it like the plague. Resource issues as well as blue screen of death.
I would rate this solution 8 out of 10. I'd say, "go for it" if you don't have or need Check Point for an integration. But if you're relying on that kind of integration, if you really need that like we did, then of course I wouldn't go that route. If I were to make a recommendation to somebody else just starting out, my advice is to check out the cloud first.
Overall, CB Defense is an excellent product.
On top of that, for better resiliency, we have Forescout policies monitoring CB agents. I would rate this solution as eight out of ten.
The platform is mature and easy to use.
The information is direct and helps the analyst to understand the correct activity chain.
In addition, the CB platform works with other EDR solutions without compromising the normal activity of PDL (workstation, laptop, server, etc.).
It's a good tool for the first approach (for a new cyber analyst).
I would rate it 1 out of 10.
It has caused widespread issues in my organization, as well as drastically increasing CPU and network loads to the point of leaving us near non-functional.
@Shane Alexander, can you please elaborate on some more details: scenario, use case, what happened, ...?
I would rate this solution a nine out of ten.
I would rate this solution 8 out of 10. Carbon Black gives a different offering. Their ThreatHunter gives you more of the threat hunting features, so if they basically make that a standard feature, then I would rate it higher. My advice is to use a deployment tool if you have one because it will come in handy. I would also suggest that you enable the feature in Carbon Defense because uninstallation requires a key so that people can't get rid of it. If you are going to be buying it, my advice would be to take a look at their manage, detect, and response feature because you take the onus away from your internal team, and you also take away potential misconfiguration out of your internal IT group because they will be looking at all the logs, and they will be reviewing the policies and they can actually tell you how to do it. If you do not have the manage, detect and response, it all falls on you, and then you would have to integrate it with your own. If you have a SIM, you would have to learn how to integrate it to your SIM.
If you're running a VMware environment, you can definitely go ahead and use it. I would rate it a 10 out of 10.
I would rate Carbon Black CB Defense an eight out of ten.
I rate CB Defense nine out of 10. It's different, so it stands out among all the others. Carbon Black is more costly but also more powerful and effective, so I recommend it.
We are resellers. The solution can be deployed both on-premises and in the cloud. I would definitely advise new users of just this one thing: that before thinking about Carbon Black or purchasing it, they should look for other solutions as well. As far as the cost is concerned, Carbon Black is much more expensive than any other product. That's something that needs to be taken into account. I would rate the solution at a nine out of ten.
There are two versions of Carbon Black that VMware has, one of them is the on-prem one and the endpoint clients are in the user machines and servers, so AWS and data center and VSS. I'd advise those interested in the solution to go with the cloud deployment model. We've had a lot of issues with the on-premises version. I'd rate the solution at a seven out of ten. There seems to be quite a disparity between the cloud and on-premises versions.
We have deployed different versions of the solution. At this moment we have 3.5 or we have, for example, for Windows we have 3.1. We deploy it to many computers and in different countries. You need to upgrade or maybe you need to downgrade, depending on the device it's attached to. For example, we have many servers including 2016 and 2019 versions, and then we have different versions of Windows. When we decide to deploy a new version we deploy it throughout the region. We have been in America, Asia, and Europe. I'd advise other potential users that, like any solution, you need to know how to use it, you need to know how to implement, and you need to know how to do the best configuration and update that configuration. If you don't have a good configuration on any application, it will work not for you. In general, the solution is good. I would rate it at an eight out of ten.
My advice to others is to take advantage of the POC and work with your POC rigorously. I think we have good responses on the POC as they get closer and closer to wanting to close. We were able to get stronger and stronger and more timely support. It is a good program and they are very fair about it. In any EDR, I would test them heavily and do not rely on marketing. When applying an overall rating to this solution I do not think there are any tens in the marketplace. We very pleased and we evaluate this every year or two. In our POC, we had 200 samples including ones that were available but not as popular and we received a 100% efficacy. We were very pleased with the results. I rate Carbon Black CB Defense an eight out of ten.
On a scale from one to ten, I would give Carbon Black CB Defense a seven.
It does everything that we need. We can configure it very strongly and lock the environment, which sometimes can create an administrative headache for us and some hassle for users because the users cannot install some of the software and have to ask us to enable the software, but it is exactly what we wanted. I'm pretty happy with this solution, but unfortunately, at this point, we will have to stop using this solution, but this is not what we want. We are going to use Cortex XDR, but we are not sure if it is possible to work back to back with Carbon Black. Cortex initially told us that Carbon Black and Cortex XDR are not compatible, but it was just word of mouth. At the same time, Carbon Black is not on their incompatible products list. It would be good if these two are compatible because I can imagine the amount of time it would take to translate all the rules from Carbon Black to Cortex and handle all errors and other things. I would rate Carbon Black CB Defense a nine out of ten.
We're just customers and end-users. We don't implement this solution for clients or anything like that. I'm not sure which version of the solution I'm using. It might be the latest, however, I can't say for sure. We use it at a bank for our endpoints. Therefore, it's likely the latest. There are between 20,000-30,000 people using the solution within our organization. It's definitely 20,000 at least. I would advise others to basically set the expectations as far as the features they expect or need from a security solution. This solution can't solve problems related to security practices within the company. Internal policies must be in place. Then, figure out how to integrate this solution and its available features into your internal security protocols. Overall, I would rate the solution at a nine out of ten. We've been pretty happy with the product so far.
For others who are interested in using Carbon Black, I would recommend checking your use case. If your use case is Linux and Mac, then it will be problematic, based on my experience. These days, with VMware taking them over, I'm willing to bet that that's going to change. I see some redemption in their future, with VMware owning them. VMware is a very strong player in the workspace, and especially with their workspace tool that VMware's building to work with Windows, Mac, and Linux clients, in order to do VDI. For the Windows endpoints, it was incredibly useful, nothing got through it, which is a bad thing in some cases because we hadn't tagged the certificate platform appropriately. So, it's a bit of an improvement needed there, but the biggest complaint is around the operating systems not being available. I would rate Carbon Black CB Defense a seven out of ten.
I would recommend this solution. We are going to keep providing this product. I would rate Carbon Black CB Defense a six out of ten.
We're just a customer. We don't have any business affiliation with Carbon Black. We're currently using the latest version of the solution. Overall, I would rate the solution seven out of ten.
I would advise making sure that it won't cause problems with your servers. Whenever possible, it is good to fully test a product before deploying it. I would rate this solution an eight out of ten. It needs better ease of use and deployment.
Overall, this is a very good product. I would rate this solution a ten out of ten.
I would recommend Carbon Black CB Defense for anyone who is interested in implementing this solution. I would rate Carbon Black CB Defense and eight out of ten.
We have the cloud center, however, the application's installed on each endpoint individually. Each client machine has it installed, locally, so it's off-premises for us. I'm assuming that they would be running on individual client PC. The software is run here, we manage it within the cloud atmosphere. We were an authorized reseller or we were an authorized business associate of Carbon Black. Since that's moved under Dell, I don't think that's a thing anymore. I would state that as we are mainly a Dell shop, we're an all in Dell shop. And so that's just a business decision we've made. We were a Dell VMware Carbon Black client and we had a relationship with them that preexisted our Dell partnership. Before Dell acquired Carbon Black, we were a partner of Carbon Black's. We had acquired this technology and we were utilizing this technology for several years in advance of that acquisition. I'd recommended Carbon Black CB Defense 100%. I would rate this solution an eight out of ten.
The implementation is very easy but the security aspects could be better. If you don't have a SIEM solution in your organization, you're probably engaging via email.But there's no way to point me to customize the email templates if I want to see more information on that email before going to the console. It's still a business and company, but I'm the only one who is managing everything. So when I see the email on my phone, I want to see more information before logging into the console. I want to see more filtering options to narrow down more field training. I also wish it was easier and more intuitive in terms of searching for queries. I feel like it should be simpler. It doesn't make sense to have it this hard. I would rate it a seven out of ten.
I would recommend this product to other people.
My advice is to get enough information about the differences in Carbon Black products from day one. In other words, if Carbon Black is claiming that Carbon Black CB Defense is enough, why are they always promoting the more expensive product, which is Carbon Black Protect? So, you need to be educated well about the differences between the products. Also, look at the roadmap of the product regarding whether there will be good mobile protection for mobile users or not. And be aware of the minimum license purchasing policy. The number of people for maintenance of the solution depends on how your environment is structured, but in our company I need five people.
We did a POC with the solution. We’re still in the process of testing it, so we’re still learning the system. I would rate the solution eight out of ten.
Symantec aligns with a more traditional antivirus that a lot of people are just more familiar with. It has traditional signature sets, exceptions, and policies. When you're talking medium sized implementations, where it's several hundred or a couple thousand endpoints, it's pretty straightforward. The learning curve with Carbon Black is considerably more extensive. You have considerably more ability in the platform to do investigations and custom policies, as it can do more in-depth searches and queries about what's actually going on at an endpoint level, which you don't have with Symantec. You really have to understand exactly what you're trying to accomplish. The product itself works quite well. It's pretty intuitive, but there is so much more data and capabilities at your fingertips. It definitely takes more time to learn it. If you are evaluating these products: Evaluate what your enterprise looks like and what your current security controls are. Understand what exists, what needs to be protected, and what other tools there are in the organization. This makes a big difference in the decision-making process. For example, Carbon Black is 100 percent cloud-based. There is no on-premise option. If you have requirements for systems that can't access the internet, whether it be classified environments or otherwise, it's more difficult to get as much value out of a system which is only cloud-based if you have air gaps. A more traditional on-premise solution might work better, like Symantec, in this scenario. However, if you have a largely mobile workforce with a lot of high risk employees who travel, having cloud-based works perfectly for that sort of environment, as you're getting data with the ability to access and respond to issues regardless of where systems are, as long as they're online. However, if EDR tools already exist in an environment, you might not need a full in-depth product, like CarbonBlack, where a more traditional antivirus coupled with another EDR product might get you the capabilities that you need. Albeit, it would require multiple products to cover the environment. I would rate Carbon Black as a nine out of ten, because it provides industry leading features, which give us the ability to do the investigations that we need to. It just makes an enormous difference. I would rate Symantec as a seven out of ten. It works quite well. It is feature-rich, stable, more traditional product.
I would advise Carbon Black to work on the automation and make it a bit easier for the solution.
In terms of the fixes from what the behavior was with the environment, it has been evolving. And the only thing that could be improved is enabling Carbon Black to be a part of the image so that when we are doing a image refresh, Carbon Black would be present by default. But in the current conditions, by definition, it needs to have an internet connection for you to install Carbon Black. Because it connects to the cloud as a first step after you start the installation. So, since we cannot have that kind of a set up for an image, we are not able to put it into an image, basically. So if there comes any kind of a version where it can be done, probably it might be more helpful in terms of a mass deployment. They might have to create a little bit of better knowledge base articles which will give us an insight as to how this is working and what logs we can look into for analysis. The gap can be made much shorter in that aspect. The report generation and trend analysis or data analysis can be improved.
* Make ssure that your firewall ports open and really test communication back to their server. * Make sure you don't have anything else that may be impeding it. * If you are dealing with any PIA countries or GSA (also known as TAA) countries, make sure you're working through their work councils. * Make sure you look at a holistic perspective and have a plan in place on how to use this tool.