What is your primary use case for Carbon Black CB Defense?

Our primary use case for Carbon Black is endpoint security, similar to antivirus software.

VMware Carbon Black Endpoint is a log system for one of the clients, and that's the main source where we get logs for their endpoints.

I use VMware Carbon Black Endpoint for its capabilities related to EDR and antivirus support. The tool offers protection to me with its advanced antivirus technology. The tool also protects me from threats.

We use VMware Carbon Black Endpoint to protect endpoints in our company.

In my company, we install VMware Carbon Black Endpoint at the workstations of end users to monitor events and verify logs to see if there is any malicious content running at an end user's workstation. The solution allows my company to track, find the logs, and do the verification based on a user's activities.

We need it to secure some PCs and virtual machines inside the company.

My company uses VMware Carbon Black Endpoint for generic endpoint activity detection. We also use it for some investigation using an osquery in our company. VMware Carbon Black Endpoint is useful for blocking some applications and vulnerability assessment of endpoints.

We use the solution for threat detection and endpoint protection. It generates alerts in case of invalid signatures while installing software.

Our primary use case is for protection and as an EDR solution. Moreover, it has all the same features as the other vendors, but what sets it apart is its very good coverage on the VMware side since it's a VMware product.

I implement the solution as an EDR tool for customers.

Our primary use case is for application control.

Carbon Black is an EDR solution and a Next Generation AV. It works on the basis of machine learning and artificial intelligence. It's used to manage multiple endpoints from a central location and detects alerts on the basis of AI. If we have any custom alerts, they can be triggered or flagged. In that case, we can have a centralized alerting system. It can also be used to isolate, repair, or remediate a machine when it is taken by an attack. We aren't responsible for managing the infrastructure of this particular tool. We're using it for investigation purposes and to monitor products that are being used by our clients. It's deployed on a public cloud.

Carbon Black CB Defense is a sensor for ongoing monitoring. It was deployed and is being used in conjunction with a cloud product called Red Canary.

We have a dedicated team using this solution. They create incidents, escalate the incidents, and then respond to the events detected by the EDR.

I know they have different forms in their Carbon Black Endpoint now, but we were using Carbon Black Prevent, which was basically just a pure whitelisting product. We didn't look at the other kinds of things that it was doing. We were basically just using it for, "If Carbon Black picks up a new file in the machine and it's executable or something and it hasn't seen it before, it has to be whitelisted first. It has to be approved before it's allowed to run." That's what we're using it for. We were technically one and a half versions behind the current version which is out there right now. The solution is deployed on-prem. We have cut back the amount of users. At one point, we had about 1,500 or 2,000 users. We're down to about 750 right now.

We primarily use this product to provide threat intelligence to our SOC about our endpoints.

It is a default software that goes on every computer. This is antivirus endpoint protection. It's pretty simple. The standard application goes on every single machine that we deploy that is Windows based. We have it running on machines that are deployed on the cloud, machines that are deployed on-premise, and on machines that people are using strictly on the internet. We're using the Carbon Black Endpoint. We're using the latest sensors. We've used 3.7 and 3.8. Initially when we deployed it, there were over 2,000 users in terms of giving access to the console. We had roles created for security analysts. There were different roles. For example, the field services who take care of the PCs could go take a look. They could bypass if needed, but they could not change any roles or uninstall the agent. Other roles, such as mine, have full access. We had roles where we had actually created the API integration key where we were sending the Carbon Black logs to a third party who was our SIM for review. There are different roles you can define in there.

It is used for protecting our file servers. Its version is kept up to date, so it should be fairly current.

CB Defense is a threat identification and protection solution. In general, it's more often deployed on the cloud than on-prem. The customer decides.

We primarily leverage the product for its security functionality.

We primarily use the solution for operations and also security. On the security front, we have a specific project that's ongoing right now. We are moving away from the on-prem Carbon Black to the cloud one. We primarily use the solution for endpoint protection.

The solution is deployed in our computers in the company. However, I can't speak to the use cases, as I'm still quite new to the company. After we apply some policies we will receive, for example, alerts. We'll look at the devices that have given us alerts and we'll look to see if there is an issue. Then we can prioritize the issues into high and low categories. We try to know what is a malicious file or malicious application and we can investigate what's happening according to the alerts in Carbon Black. Many times we've found that our policies avoid false positives. That said, sometimes, we have false positives and we get many alerts. We're working with this in Carbon Black. Carbon black is basically blocking my application. I cannot open files and I cannot install software without it passing the policies. Not just any application can be installed on our computers. They need to be pre-approved. If we need to, however, we can manually bypass to finish an installation.

Some of my client's use cases are typical endpoint protection, telemetry, and threat hunting. We are using all three of the most popular services that point back to the cloud central console.

We use Carbon Black agents that are monitored by the Forescout Extended Module for CB. It will check that CB Agents are deployed and are in running state to secure containers across vmware environment. The dashboard shows the security analyst who looks at the reports of the threats around policies monitoring Carbon Black agents. The discovery happens in Carbon Black, and as part of the discovery, it will monitor multiple Carbon Black agents. Deployment is on hybrid cloud VM cloud on AWS.

Basically we use the solution for protecting and detecting misuse of end-users while using their end-points to access the internet, especially for browsing websites, or suspicious activity as far as misusing their web browser. It protects them from web-based attacks such as DDos (Denial of Service) or ransomware.

We used it for EDR, as well as endpoint protection, the whitelisting feature.

We manage service providers. We provide this solution to other clients and companies that need it, and we are using the latest version.

We primarily use the solution as endpoint security.

We are an MSP, and we deployed this solution for a banking client. We use it to help us defend against advanced persistent threats.

We are a distributor for Carbon Black and CB Defense is one of the products that we work with and demo for our customers.

We are using the Carbon Black CB Defense for endpoint security.

The primary use case is for stopping spyware, malware, and viruses in their tracks. It's very good at doing that. It has intelligent learning behind it and we have been very successful in preventing attacks.

A few agents want to develop our own cloud and looking at protection technology

We are a distributor of Carbon Black in Asia. Generally our customers are looking for endpoint features such as EDR (endpoint detection and response). Their existing solutions are usually from another vendor that has provided a normal antivirus solution. They are looking for endpoint protection and detection and response.

We started using it to protect our environment from ransomware specifically.

We use this solution for endpoint security and protection.

We are a partner in the managed security service provider (MSSP) space. We service hundreds of customers globally. We implement these solutions on behalf of our customers. With Carbon Black, we've been using them for about six years. We're an MSSP and channel partner with them, as well as an incident response partner. We were like the second incident response company registered with them (through that program) to start using the cb Defense platform. We also integrate it with SIEM. However, we're using it in a managed service capacity. We usually implement it, then manage the platform for our clients long-term. It's used for traditional antivirus, real-time threat protection and prevention, and it also provides us with the ability to do more in-depth investigations into endpoints. With the product, we can do a bit of threat hunting along with managed detection and response. The platform works quite well using it in this capacity. With Symantec, we have been using it for about six years. We integrate it with our SIEM products. We have a lot of customers who actually run it, so we see it quite often. We collect a lot of data from Symantec and help with responding to anything that Symantec finds. We've had a chance to use the product quite a lot.

We use this solution as an endpoint solution for protection.

It was basically for an EDR solution. We were apparently in the migration phase, to be frank. We were using McAfee VSE, and we wanted a media solution which would give us more insight in terms of the events that are happening with respect to Malware threats. So that's the reason why we went for the Carbon Black Defense.

We use it for endpoint visibility and endpoint detection and response. It is our central mechanism for the cyber defense or endpoint detection, response and visibility.