Security Incident Response Features

Read what people say are the most valuable features of the solutions they use.
Jayandra Wickramasinghe says in a Carbon Black Cb Defense review
Senior Systems engineer at a tech services company
Carbon Black Cb Defense has a nice component called Alert Triage. It has helped to detect threats across the data. It contains full details of the process execution "kill chain" and "go live" for immediate remediation. View full review »
Leonardo Meneses says in a Carbon Black Cb Defense review
Incident Response Analyst at a security firm with 51-200 employees
The go live, because it is possible to answer incidents while they are still occurring and minimize the effects. View full review »
Brody Wright says in a Carbon Black Cb Defense review
System Analyst at a hospitality company with 1,001-5,000 employees
* The software uses very few resources; it is almost invisible to the end user. * Behavioral Monitoring stops known malicious events before they even begin. * The whitelist: Being a Casino, we have some odd software packages. Being able to whitelist them is a must. * The option to quarantine a device and use the cloud-based portal to gain a “shell” on the infected machine. With this, we can dump the entire system memory to a machine in our lab, then run analysis. View full review »
Karthik Balakrishnan says in a Carbon Black Cb Defense review
Senior Security Consultant at a manufacturing company with 10,001+ employees
Carbon Black Defense has a higher detection ratio because it's cloud-based and it also does a lookup to virus total, so it is out of like 65 vendors that are normally listed in virus total, if there are any kind of hits out of those, in that case, it is getting recognized as a known Malware or a suspected Malware. Under these categorizations, we are able to see a spike in the detection ratio. It is enlightening us with respect to what are the programs that are generally used in our environment and how they are compliant with our environment. View full review »
Executive Business Analyst & Advisor at a financial services firm with 10,001+ employees
I think something that is the most valuable is the time-lining capability for any breach activity. It gives us the ability for us to actively threat hunt. This is not something where it's a passive response tool where we watch things happen. In contrast, it actually does some heuristics, and some behavioral analysis, and we're able to do some prevention with it as well. I think that's really the strongest attribute, and it makes this a more aggressive tool than others. View full review »
Consultic624 says in a Carbon Black Cb Response review
Consulting IT Architect
Carbon Black Cb Response excels at providing context to indicators when responding to incidents. It allows responders to understand the entire scope of an incident and quickly contain it to minimize impact and disruption. In incident response speed is of the utmost importance, as many incidents can quickly spread through the entire organization if not immediately contained. View full review »
Philip Fong says in a Carbon Black Cb Response review
Technical Support Specialist at a financial services firm
The ability to isolate an endpoint with only the host name and a click of a button is a major time saver. No need to go hunting for an IP or typing in terminal. View full review »
Nicholas Carroll says in a Carbon Black Cb Response review
Cyber Security Manager at a insurance company with 51-200 employees
The ability to quickly isolate a system from the network, while still being able to perform some forensics and mitigation work remotely, was of great value to us since we had many mobile and distributed systems. We also took full advantage of its incident response reporting capabilities to act as a “black box” for our infrastructure around strings of suspicious activity. The reporting and incident response capabilities were incredibly helpful during active security concerns. View full review »
Sr. Global PLM Project Manager at a manufacturing company with 5,001-10,000 employees
Integration to other security tools allows for a consolidated view of all vulnerabilities, incidents, etc. for all sorts of leverage in a single platform to assess governance risk and compliance as well as an enhanced, enriched intelligence. View full review »
Information Security Engineer at a financial services firm with 1,001-5,000 employees
The customization and the transparency of data, while still maintaining a mostly user-friendly UI. It allows for me, as an engineer, to evolve the individual components and modules, and to create a much more meaningful picture than the individual pieces in isolation ever could. View full review »
Amit Lavi עמית לביא says in a SECDO Platform review
Co-Founder & CEO at a marketing services firm with 1-10 employees
* Full endpoint visibility * Records everything! Every endpoint. * IOC/BIOC rules * It basically automates the entire alert investigation process. View full review »

Sign Up with Email