Security Incident Response Features

Read what people say are the most valuable features of the solutions they use.
Karthik Balakrishnan says in a Carbon Black CB Defense review
Senior Security Consultant at a manufacturing company with 10,001+ employees
Carbon Black Defense has a higher detection ratio because it's cloud-based and it also does a lookup to virus total, so it is out of like 65 vendors that are normally listed in virus total, if there are any kind of hits out of those, in that case, it is getting recognized as a known Malware or a suspected Malware. Under these categorizations, we are able to see a spike in the detection ratio. It is enlightening us with respect to what are the programs that are generally used in our environment and how they are compliant with our environment. View full review »
Jayandra Wickramasinghe says in a Carbon Black CB Defense review
Senior Systems engineer at a tech services company
Carbon Black Cb Defense has a nice component called Alert Triage. It has helped to detect threats across the data. It contains full details of the process execution "kill chain" and "go live" for immediate remediation. View full review »
Leonardo Meneses says in a Carbon Black CB Defense review
Incident Response Analyst at a security firm with 51-200 employees
The go live, because it is possible to answer incidents while they are still occurring and minimize the effects. View full review »
Brody Wright says in a Carbon Black CB Defense review
System Analyst at a hospitality company with 1,001-5,000 employees
* The software uses very few resources; it is almost invisible to the end user. * Behavioral Monitoring stops known malicious events before they even begin. * The whitelist: Being a Casino, we have some odd software packages. Being able to whitelist them is a must. * The option to quarantine a device and use the cloud-based portal to gain a “shell” on the infected machine. With this, we can dump the entire system memory to a machine in our lab, then run analysis. View full review »
Amit Lavi עמית לביא says in a SECDO Platform review
Co-Founder & CEO at a marketing services firm with 1-10 employees
* Full endpoint visibility * Records everything! Every endpoint. * IOC/BIOC rules * It basically automates the entire alert investigation process. View full review »
Imad Taha says in a Carbon Black CB Defense review
Group CIO at a construction company with 10,001+ employees
The deep analysis is the most valuable part of the solution. The number of false-positives is very, very low compared to other products using AI. View full review »
Snrsoftdev67 says in a Carbon Black Cb Response review
Senior Software Developer Engineer at Diyar United Company
The most valuable feature is its ability to seek out abnormal activity and to create alerts. View full review »
Group CIO at a construction company with 10,001+ employees
The feature we have found most valuable in Carbon Black is the defense. View full review »
SeniorIn8d7c says in a Carbon Black Cb Response review
Senior Information Security Specialist at a tech services company with 1,001-5,000 employees
Integration and scalability are the most valuable. For example, if you chose a cloud solution, it's not very scalable, because it doesn't support any integration. But on the client side, you can combine materials, you can combine everything. You can add anything. View full review »
CBresponse677 says in a Carbon Black Cb Response review
Cyber Defense Consulunt at a security firm
The market information they gather from the community is really good. Their configuration capabilities are good. View full review »
Darrick Kristich says in a Carbon Black CB Defense review
Founder/CEO at Sedara
The biggest feature out of Carbon Black is its ability to dive in with more depth. You can look at the entire kill chain and understand, not only if an alarm or identified incident is truly a true security issue versus a false positive, and it allows us to backtrack and figure out why it actually happened and how it got into the environment. It also helps us determine what other things may have been impacted along with it, from an asset standpoint. It allows us to go into more depth than a more traditional antivirus, like Symantec. Symantec is more of a traditional antivirus. A lot of it is signature-based. It works quite well for normal protection. It is pretty stable and consistent. It seems to work across the board. There are no real issues to speak of it, which is a definitely a positive thing. One of the more beneficial things is that it does include the active endpoint firewall with it, which allows your endpoints to have a bit more above the standard Windows firewall, then collect all the logs from that. This is a good feature from their firewall piece. Also, the logging out of Symantec is quite good, as you put a lot of great logs into a SIEM or any other log collector from the platform. The difference between the two products is the level of visibility and depth that you get when investigating alarms or issues. You can go a bit deeper with Carbon Black. Symantec does have an additional add-on, which we have not seen since it is a relatively new component. They call it Advanced Threat Protection. It uses the same endpoint, but has a separate license with additional costs, which is meant to allow you to go a little deeper in terms of endpoint and incident investigations. However, it doesn't provide the interactive drill down, prevention, and response capabilities that you need to be able to isolate a system, delete files, or actively kill processes which have been helpful with Carbon Black. View full review »
Security01c2 says in a Proofpoint Threat Response review
Security Specialist at a tech services company with 201-500 employees
Auto-pulling the emails and phishing are the most valuable features, plus also we can randomly pull the emails based upon our own requirements. View full review »
Security83d6 says in a Carbon Black Cb Response review
Security Analyst at a financial services firm with 10,001+ employees
The most valuable features are the threat-hunting and the batch console. View full review »
Manohar Baratam says in a Cybereason Deep Respond [EOL] review
Security Analyst at a manufacturing company with 1,001-5,000 employees
Deep analysis is the most valuable solution. It considers past events and gives a clear cut view about what's going on in the environment. It's very easy to understand. View full review »
SrSecuria175 says in a Carbon Black CB Defense review
Sr. Security Analyst, Enterprise Architecture and Security at a tech services company with 5,001-10,000 employees
Data analysis is the most valuable feature because of the whitelist database. It is different than standard IDS solutions. View full review »
Executive Business Analyst & Advisor at a financial services firm with 10,001+ employees
I think something that is the most valuable is the time-lining capability for any breach activity. It gives us the ability for us to actively threat hunt. This is not something where it's a passive response tool where we watch things happen. In contrast, it actually does some heuristics, and some behavioral analysis, and we're able to do some prevention with it as well. I think that's really the strongest attribute, and it makes this a more aggressive tool than others. View full review »
Consultic624 says in a Carbon Black Cb Response review
Consulting IT Architect
Carbon Black Cb Response excels at providing context to indicators when responding to incidents. It allows responders to understand the entire scope of an incident and quickly contain it to minimize impact and disruption. In incident response speed is of the utmost importance, as many incidents can quickly spread through the entire organization if not immediately contained. View full review »
Philip Fong says in a Carbon Black Cb Response review
Technical Support Specialist at a financial services firm
The ability to isolate an endpoint with only the host name and a click of a button is a major time saver. No need to go hunting for an IP or typing in terminal. View full review »
Nicholas Carroll says in a Carbon Black Cb Response review
Cyber Security Manager at a insurance company with 51-200 employees
The ability to quickly isolate a system from the network, while still being able to perform some forensics and mitigation work remotely, was of great value to us since we had many mobile and distributed systems. We also took full advantage of its incident response reporting capabilities to act as a “black box” for our infrastructure around strings of suspicious activity. The reporting and incident response capabilities were incredibly helpful during active security concerns. View full review »
Information Security Engineer at a financial services firm with 1,001-5,000 employees
The customization and the transparency of data, while still maintaining a mostly user-friendly UI. It allows for me, as an engineer, to evolve the individual components and modules, and to create a much more meaningful picture than the individual pieces in isolation ever could. View full review »
Sign Up with Email