Carbon Black CB Defense Review

Amazing EDR that is responsive but there is no support for MAC and Linux


What is our primary use case?

We used it for EDR, as well as endpoint protection, the whitelisting feature.

How has it helped my organization?

The EDR and reports were helpful in improving our organization.

What is most valuable?

The EDR was amazing. It was very responsive. It did an excellent job of providing us the information we needed in a timely fashion, as long as the latest agent was up-to-date on the client.

What needs improvement?

The whitelisting system, and the concept of it, overall, is pretty decent. The problem with the whitelisting capability is that it's pretty archaic. Based on all the security roles and the release privilege, it could take time for an application to be whitelisted and approved for use.

The Mac support needs improvement, as it had next to none.

The biggest problem we had was the Mac support. It had very little, and my C-suite is almost exclusively Mac, as is my marketing and development department.

For how long have I used the solution?

We had used the Carbon Black CB Defense for two years. We changed to another solution approximately nine months ago.

We were using the latest version at the time.

What do I think about the stability of the solution?

The stability of the on-premises servers had no issues but the resource allocation on the clients was a bit high, especially with having to run two agents. The detection agent, the Whitelist, and the control agent.

What do I think about the scalability of the solution?

We didn't have any problems scaling this solution.

It did the job. It was great for Windows, but it had no Mac support and had nothing for Linux, which makes it hard.

We had 150 users in our organization. Their roles varied from CSF departments through to my C-suite.

How are customer service and technical support?

Technical support seemed pretty good and I didn't have any problems with it. 

If we had a problem or a question, and they would get back to us in a reasonable amount of time. 

The only place that we ran into trouble was with Macs. That's my general theme here with Carbon Black, unfortunately.

I would rate them an eight or a nine. They were good for the most part.

Which solution did I use previously and why did I switch?

Previously, we were on the Kaspersky Enterprise Solution for a couple of years. It was a signature-based system. Signature-based systems are getting easier to get around by the attackers these days, so we swapped over to something that is a little closer to attack vectors, which says, don't run anything that we don't approve.

How was the initial setup?

The initial setup was moderate.

What other advice do I have?

For others who are interested in using Carbon Black, I would recommend checking your use case. If your use case is Linux and Mac, then it will be problematic, based on my experience.

These days, with VMware taking them over, I'm willing to bet that that's going to change.

I see some redemption in their future, with VMware owning them. VMware is a very strong player in the workspace, and especially with their workspace tool that VMware's building to work with Windows, Mac, and Linux clients, in order to do VDI.

For the Windows endpoints, it was incredibly useful, nothing got through it, which is a bad thing in some cases because we hadn't tagged the certificate platform appropriately. So, it's a bit of an improvement needed there, but the biggest complaint is around the operating systems not being available.

I would rate Carbon Black CB Defense a seven out of ten.

Which deployment model are you using for this solution?

On-premises
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Carbon Black CB Defense reviews from users
...who work at a Healthcare Company
...who compared it with CrowdStrike Falcon
Learn what your peers think about Carbon Black CB Defense. Get advice and tips from experienced pros sharing their opinions. Updated: July 2021.
521,690 professionals have used our research since 2012.
Add a Comment
ITCS user
Guest