One area for improvement in VMware Carbon Black Cloud is the maturity of its vulnerability features. Currently, these features aren't robust enough to replace our existing vulnerability management tools.
VMware Carbon Black Cloud is a user-friendly solution that can isolate machines from the rest of the network. When a machine is quarantined, it cannot communicate with any other machines on the network except for the Carbon Black Cloud server. This allows you to investigate the machine without the risk of malware escaping to the network. Carbon Black Cloud's server can communicate with the quarantined machine through DNS and VSCP. This allows you to collect data from the machine, such as system logs, process activity, and registry changes. This data can be used to investigate the infection and determine the next steps. CrowdStrike and Cybereason are also popular EDR solutions. They offer similar features to VMware Carbon Black Cloud but may have different strengths and weaknesses. It is important to evaluate all of your options before choosing an EDR solution. Additionally, it is complex to use, and the pricing should be improved.
The support team of Carbon Black CB Response needs improvement. At present, they need a lot of information. Then they give you an answer that they already gave you. You tell them it didn't work, and then they take a long time. They then come back with a solution that may need to be more practical. Like, most of the suite I've supported over the years is MacOS. However, I have some Windows experience under my belt management for SCCM. The support from the Windows side is much better. But for Carbon Black, the support will tell you that you need to disable SIP and uninstall the Carbon Black agent. We've looked at a few other products recently that seem to have a bit more granularity compared to Carbon Black. For example, what sort of network communications am I receiving using Carbon Black to connect catch in the binary running on a machine and the files? Regarding the things that I've received from Carbon Black, I don't get a sense that I could necessarily get good information if someone launched a fake Notepad executable or if it opened a bunch of backdoors and called out to the command control server because it was a piece of malware. I don't think Carbon Black at this current iteration will get me that information in a straightforward and easy-to-search way. So Carbon Black should improve and get more network communications information because it just stopped running out of giving anything.
The solution can only handle about 500 bans or blocks. You will start having performance issues and lagging for the agent and endpoint if you go beyond 500 blocks. If you need to add additional stuff, you really should move to Carbon Black Defense. Training is needed to understand the built-in Python library because there is no console access. You need to build the back-end system or understand the server to utilize the Python library scripts for running reports. Otherwise, the library's capabilities are unutilized.
The education and awareness of customers here in Vietnam for Carbon Black CB Response is not good at the moment. Not a lot of customers know about this solution. Here in Vietnam, we mostly use Symantec and Trend Micro. I know Carbon Black CB Response is a very good product, but educating customers on why and how to use it, and how to market it, VMware Vietnam has not been doing a very good job, so that area could be improved. Areas for improvement would be training and education for both partner and customer, plus the marketing, particularly how to reach out to the customers. The customers are not well educated on the product, so once they use it, they don't know what more they can do with it. They don't know that they can integrate Carbon Black CB Response with other VMware solutions or other products.
Senior Manager at a financial services firm with 1,001-5,000 employees
Real User
2020-02-13T07:50:54Z
Feb 13, 2020
If Carbon Black could improve in the area or reducing the number of false positives or if there was a better way to filter out false positives that would enhance efficiency and utility. But in general, I think we are happy with the performance of Carbon Black. It would be nice to be able to consolidate all of our tools. We have Imperva for database monitoring, we have Red Cloak, we have Carbon Black, and we have Trend Micro. So when you end up installing multiple different tools that do various different things and they each come with their own agents that need to be on all the endpoints, it takes a toll on the utilization. One of the issues that we tend to encounter — especially when we have all these tools on all the endpoints — the number of agents can affect the performance of desktops and servers. So we get those issues from time to time because there are many agents on the endpoints. So it might be nice to either have a lighter-weight agent or an agent that encompasses multiple functions and different purposes for better integration so we do not have to install various tools.
Senior Software Developer Engineer at Diyar United Company
Reseller
2019-08-07T06:15:00Z
Aug 7, 2019
The first thing they can do is make it more available. It's not highly available, so you have to have a core server. If the primary server goes down, you need a new one. It's not available at the same time, however. It's not automatically swapped from one server to another. The second thing is that they need to have a multi-tenancy feature, especially for the MSSP model. We wanted to have this solution in our stock so we could create a different tenant or one tenant per customer. They also have to have a bigger number of watch lists pre-configured already. They should add file integrity monitoring as well. One of the major things that attackers will try to do to is to modify files.
Group CIO at a construction company with 10,001+ employees
Real User
2019-07-02T11:47:00Z
Jul 2, 2019
This product has room for improvement in the cloud console. The cloud console has a lot of bugs and issues in the analysis part. The additional features I would like to see included in the next release are IT access components. We need to have IT access as a feature like CloudStrike.
Senior Information Security Specialist at a tech services company with 1,001-5,000 employees
Real User
2019-07-01T07:59:00Z
Jul 1, 2019
It's maybe it's too verbose. For a junior user or admin. You have to know some basic rules. It's not simple. For a junior engineer, it's confusing. It's hard to use Carbon Black Response. It will take time. It may take more than one year to understand the uses of the product. I'd like the ability to see all the kernel-side features also on the client side.
SOC Analyst at a tech services company with 201-500 employees
Real User
2019-07-01T07:59:00Z
Jul 1, 2019
The dashboard should be more user-friendly. The additional features I would like to see included in the next release are better analytics and report generation.
Cyber Defense Consulunt at a security firm with 11-50 employees
Reseller
2019-06-26T05:26:00Z
Jun 26, 2019
One of the big issues we're facing is that their solution doesn't support multi-tenants. The second area for improvement is that they have different products, but if we wanted to take their protection and their EPR, then we would need to have two agents. In our scenario, having a client work within the cloud is not an option, so we cannot extend the support for Carbon Black to provide the protection that comes from Carbon Black. This will cause resource consumption. What I would like to see in the new platform is for it to have a higher visibility for being able to fix the solution. Having also just the visibility to separate the collectors on site. If the informed agent can connect to the collectors the ability to be connected to the management consult or superior management directly.
Fortify Endpoint and Workload Protection
Legacy approaches fall short as cybercriminals update tactics and obscure their actions. Get advanced cybersecurity fueled by behavioral analytics to spot minor fluctuations and adapt in response.
Recognize New Threats
Analyze attackers’ behavior patterns to detect and stop never-before-seen attacks with continuous endpoint activity data monitoring. Don’t get stuck analyzing only what’s worked in the past.
Simplify Your Security Stack
Streamline the...
Technical support for the solution should be improved because there is a scarcity of support teams in the Middle East.
One area for improvement in VMware Carbon Black Cloud is the maturity of its vulnerability features. Currently, these features aren't robust enough to replace our existing vulnerability management tools.
VMware Carbon Black Cloud is a user-friendly solution that can isolate machines from the rest of the network. When a machine is quarantined, it cannot communicate with any other machines on the network except for the Carbon Black Cloud server. This allows you to investigate the machine without the risk of malware escaping to the network. Carbon Black Cloud's server can communicate with the quarantined machine through DNS and VSCP. This allows you to collect data from the machine, such as system logs, process activity, and registry changes. This data can be used to investigate the infection and determine the next steps. CrowdStrike and Cybereason are also popular EDR solutions. They offer similar features to VMware Carbon Black Cloud but may have different strengths and weaknesses. It is important to evaluate all of your options before choosing an EDR solution. Additionally, it is complex to use, and the pricing should be improved.
The support team of Carbon Black CB Response needs improvement. At present, they need a lot of information. Then they give you an answer that they already gave you. You tell them it didn't work, and then they take a long time. They then come back with a solution that may need to be more practical. Like, most of the suite I've supported over the years is MacOS. However, I have some Windows experience under my belt management for SCCM. The support from the Windows side is much better. But for Carbon Black, the support will tell you that you need to disable SIP and uninstall the Carbon Black agent. We've looked at a few other products recently that seem to have a bit more granularity compared to Carbon Black. For example, what sort of network communications am I receiving using Carbon Black to connect catch in the binary running on a machine and the files? Regarding the things that I've received from Carbon Black, I don't get a sense that I could necessarily get good information if someone launched a fake Notepad executable or if it opened a bunch of backdoors and called out to the command control server because it was a piece of malware. I don't think Carbon Black at this current iteration will get me that information in a straightforward and easy-to-search way. So Carbon Black should improve and get more network communications information because it just stopped running out of giving anything.
The solution can only handle about 500 bans or blocks. You will start having performance issues and lagging for the agent and endpoint if you go beyond 500 blocks. If you need to add additional stuff, you really should move to Carbon Black Defense. Training is needed to understand the built-in Python library because there is no console access. You need to build the back-end system or understand the server to utilize the Python library scripts for running reports. Otherwise, the library's capabilities are unutilized.
The education and awareness of customers here in Vietnam for Carbon Black CB Response is not good at the moment. Not a lot of customers know about this solution. Here in Vietnam, we mostly use Symantec and Trend Micro. I know Carbon Black CB Response is a very good product, but educating customers on why and how to use it, and how to market it, VMware Vietnam has not been doing a very good job, so that area could be improved. Areas for improvement would be training and education for both partner and customer, plus the marketing, particularly how to reach out to the customers. The customers are not well educated on the product, so once they use it, they don't know what more they can do with it. They don't know that they can integrate Carbon Black CB Response with other VMware solutions or other products.
If Carbon Black could improve in the area or reducing the number of false positives or if there was a better way to filter out false positives that would enhance efficiency and utility. But in general, I think we are happy with the performance of Carbon Black. It would be nice to be able to consolidate all of our tools. We have Imperva for database monitoring, we have Red Cloak, we have Carbon Black, and we have Trend Micro. So when you end up installing multiple different tools that do various different things and they each come with their own agents that need to be on all the endpoints, it takes a toll on the utilization. One of the issues that we tend to encounter — especially when we have all these tools on all the endpoints — the number of agents can affect the performance of desktops and servers. So we get those issues from time to time because there are many agents on the endpoints. So it might be nice to either have a lighter-weight agent or an agent that encompasses multiple functions and different purposes for better integration so we do not have to install various tools.
The first thing they can do is make it more available. It's not highly available, so you have to have a core server. If the primary server goes down, you need a new one. It's not available at the same time, however. It's not automatically swapped from one server to another. The second thing is that they need to have a multi-tenancy feature, especially for the MSSP model. We wanted to have this solution in our stock so we could create a different tenant or one tenant per customer. They also have to have a bigger number of watch lists pre-configured already. They should add file integrity monitoring as well. One of the major things that attackers will try to do to is to modify files.
This product has room for improvement in the cloud console. The cloud console has a lot of bugs and issues in the analysis part. The additional features I would like to see included in the next release are IT access components. We need to have IT access as a feature like CloudStrike.
It's maybe it's too verbose. For a junior user or admin. You have to know some basic rules. It's not simple. For a junior engineer, it's confusing. It's hard to use Carbon Black Response. It will take time. It may take more than one year to understand the uses of the product. I'd like the ability to see all the kernel-side features also on the client side.
The dashboard should be more user-friendly. The additional features I would like to see included in the next release are better analytics and report generation.
One of the big issues we're facing is that their solution doesn't support multi-tenants. The second area for improvement is that they have different products, but if we wanted to take their protection and their EPR, then we would need to have two agents. In our scenario, having a client work within the cloud is not an option, so we cannot extend the support for Carbon Black to provide the protection that comes from Carbon Black. This will cause resource consumption. What I would like to see in the new platform is for it to have a higher visibility for being able to fix the solution. Having also just the visibility to separate the collectors on site. If the informed agent can connect to the collectors the ability to be connected to the management consult or superior management directly.