We performed a comparison between D3 Security, VMware Carbon Black Cloud, and VMware Carbon Black Endpoint based on real PeerSpot user reviews.
Find out what your peers are saying about VMware, IBM, ServiceNow and others in Security Incident Response."It is an out-of-the-box automated integration with our 20 departments. We perform L1 LiveOps automatically through the portal."
"The enhanced logging and data analysis of the incident response and investigation components allowed us to quickly identify and resolve security issues before they could spread."
"Carbon Black Cb Response excels at providing context to indicators when responding to incidents. It allows responders to understand the entire scope of an incident and quickly contain it to minimize impact and disruption."
"Threat hunting is the most valuable feature of VMware Carbon Black Cloud."
"We also took full advantage of its incident response reporting capabilities to act as a “black box” for our infrastructure around strings of suspicious activity. The reporting and incident response capabilities were incredibly helpful during active security concerns."
"For setup, the server can be given to you as a VM image and with minimal configuration needed."
"It is nice when you're in a situation where you think someone's device is compromised and that there's some malware getting into your fleet."
"The most valuable feature is its ability to seek out abnormal activity and to create alerts."
"The most valuable features are the threat-hunting and the batch console."
"The offline networking is the most important feature. Some of our users are engineers that work offsite, and they can still be on the solution, which is also great."
"Behavioral Monitoring stops known malicious events before they even begin."
"Provides visibility into the chain of attack and threats that use valid operating system processes to execute attacks."
"The initial setup is pretty straightforward."
"The biggest feature out of CarbonBlack is its ability to dive in with more depth. You can look at the entire kill chain and understand, not only if an alarm or identified incident is truly a true security issue versus a false positive, and it allows us to backtrack and figure out why it actually happened and how it got into the environment."
"The visibility provided has been great."
"The tool is pretty stable."
"Carbon Black Cb Defense improved our endpoint level security. It helped to identify endpoint and infrastructure loopholes."
"Reporting needs improvement. MTTR and MTTD metrics aren't directly available in playbooks and require manual effort to achieve."
"The dashboard should be more user-friendly."
"The support team of Carbon Black CB Response needs improvement. At present, they need a lot of information. Then they give you an answer that they already gave you. You tell them it didn't work, and then they take a long time."
"The solution needs to simplify the process of adding custom watchlists, as well as embrace YARA for rule creation."
"The biggest issue I encountered was one where old logs were not being overwritten as expected so the system drive kept filling up from time to time. However, support was usually quite responsive and happy to jump on a remote session to take a look at it for us. That log bug has probably been resolved with an update by now."
"Technical support for the solution should be improved because there is a scarcity of support teams in the Middle East."
"Setup is incredibly complex and poorly documented. Every time an upgrade was needed we would need to engage Professional Services for troubleshooting help. Certificates and web services proved to be the most significant sticking points. Since the product runs on a Linux platform, perhaps having staff with more Linux experience could have alleviated some difficulty."
"The product detects too many false positives initially and it could integrate better with other security solutions."
"They have different products, but if we wanted to take their protection and their EPR, then we would need to have two agents"
"There could be more knowledge. I think they made a mistake when they took away the Check Point integration, because it provides more automation and also more threat intelligence."
"CB Defense could be more compatible with Linux, and its cloud provision could be improved."
"I would like to see improvements made so that we can better see all of the processes."
"The solution needs better overall compatibility with other products."
"I would personally give the tech support a rating of seven out of ten."
"The solution would be more effective if there was a way to block automatically based on behavior."
"The product's reporting capabilities are an area of concern where improvements are required."
"In our company, we also wanted to have network detection, like a host-based IDS on VMware Carbon Black Endpoint, but we did not get it."