What is our primary use case?
While there is an IR team that is responsible for managing EDR or deep analytics, our focus is on endpoint and antivirus protection. This is where we encounter signature updates. We look for false positives in their relation to file interpretation. Should anything occur, we can instantly respond. Instead of sending a sample and getting coverage, we can put a policy and place an immediate stop on the false positives.
What needs improvement?
While I consider the product to be top notch and am happy with it, its reporting aspects need to be addressed.
I would definitely recommend Carbon Black CB Defense to others who are contemplating using it, but its administration features need fine tuning. I believe this is already being addressed so that gaps can be filled as these relate to other leading technologies on the market.
The GUI and reporting should also be addressed.
For how long have I used the solution?
We have been using Carbon Black CB Defense for the past seven to eight months.
How are customer service and technical support?
I have not had occasion to make use of technical support, although I may have in the future, as I am the product person who is working with another experienced team and there is a process under way to migrate from McAfee to Carbon Black CB Defense.
How was the initial setup?
The initial setup was a bit difficult since we had to do it manually or through the use of a script.
What's my experience with pricing, setup cost, and licensing?
The price for the solution is completely at government level, meaning one which is very high, although it is up to management to consider this criteria.
What other advice do I have?
Our company has over a thousand people who utilize the product. Going forward, everything will be managed by Carbon Black CB Defense.
I would rate it an eight out of ten.