Carbon Black CB Defense Review

Easy to deploy, extremely scalable, and offers very good protection

What is our primary use case?

The solution is primarily used for protection. It's used on all of our servers and all of our workstations.

How has it helped my organization?

The product has considerably decreased any of our malware or malicious software injection within our organization. Since March of 2018, we have not had a malicious intrusion success. It's kept us quite safe.

What is most valuable?

The solution's most valuable aspect is its process monitoring due to the fact that it doesn't necessarily use signature-based definitions. It uses processor-based definitions. If a process tries to spawn some type of malicious process, it'll stop it.

The initial setup is easy.

The organization has to protect against users and Carbon Black does just that for the company. What I mean by that is not all users are savvy enough to understand, "Hey, I shouldn't be running this or I get a pop-up on a browser and I don't click on it." Carbon Black stops that if they do.

The solution is extremely scalable.

What needs improvement?

The alerting mail needs to be customizable. Right now, it isn't. That has to change. Right now, I get a lot of what I call noise email alerts. All I hear from them is, "Well, we're working on it. We're working on it." Well, they've been working on it for four years now, and nothing has changed.

In the past, we've seen some stability issues in the latest version releases. We tend to hang back one version just to make sure issues are fully resolved to avoid user disruption.

For how long have I used the solution?

We've been using the solution since 2017. It's been a few years at this point.

What do I think about the stability of the solution?

The solution is generally mostly stable. We tend to try to stay one version back in order to get better stability. I've run into problems already where Carbon Black has flagged certain things in a later release that they weren't flagging previously and it disrupts my user base.

What do I think about the scalability of the solution?

The scalability is very good. It's pretty much unlimited at this point. A company can scale however much they like with no trouble.

We have over 500 licenses. The use cases are mostly for our servers and our workstation user roles are drafters, engineers.

We use the solution enterprise-wide. I'm not going to increase usage except maybe to increase the license count if servers or workstations go up.

How are customer service and technical support?

Their technical support is beyond compromise. They've been absolutely excellent. We're quite satisfied with their level of attention. 

Which solution did I use previously and why did I switch?

We were previously using Symantec. We switched for numerous reasons. One of them was the fact that Symantec was just not catching a lot of our intrusion at that time. Again, this would have been back in 2017, and a lot of the malware that was coming out back then, the agents weren't catching as quickly. Nobody really had much sense of what zero-day attacks meant.

How was the initial setup?

The initial setup is not overly complex. It's pretty straightforward.

The deployment was fast and the process took maybe two hours or so. The deployment strategy was just running the installation agent.

There really is no maintenance required. It's just as simple as re-installing or installing the agent.

What about the implementation team?

We didn't need to use any integrators or consultants for the deployment. We handled everything ourselves in-house.

What was our ROI?

We noticed an ROI after about six months of working with the solution.

Previous to Carbon Black, we had a malware attack that cost us a significant amount of money. We haven't had one since, and therefore, our return on investment has been significant.

What's my experience with pricing, setup cost, and licensing?

We simply auto-renew every year. I can't speak to the exact pricing. My standard license includes everything that I need without any extra costs.

Which other solutions did I evaluate?

I was looking at the possibility of replacing this solution with Defender, as that's part of our Office 365 licensing package that we have. I was asking myself "will this help? Is it really worth me spending x number of dollars for CBD versus using Defender?" However, after careful examination, we decided to stick with Carbon Black.

What other advice do I have?

We're generally always using the latest version of the solution, minus one. What I mean by that is it's not always current, however, it's always at least within one of the most current versions. We've got too many things going on to really be on the bleeding edge if you will. At times to go up to the next one I want to be sure I have a good stable one. What I'll do is let's say 3.3 comes out next week, I won't necessarily go to it. I will wait until 3.4 comes out to go to 3.3.

While the agents are installed locally, everything basically goes through the cloud. We don't deal with on-premises deployments.

I would advise new users to be cautious or policy settings. I'd also warn them that they should be prepared for lots of emails.

Overall, I would rate the solution at a nine out of ten.

Which deployment model are you using for this solution?

Public Cloud

If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Carbon Black CB Defense reviews from users
...who work at a Healthcare Company
...who compared it with CrowdStrike Falcon
Learn what your peers think about Carbon Black CB Defense. Get advice and tips from experienced pros sharing their opinions. Updated: July 2021.
522,693 professionals have used our research since 2012.
Add a Comment
ITCS user