Carbon Black CB Defense Review

The software uses very few resources; it is almost invisible to the end user


What is our primary use case?

We include it as another layer of security for our endpoints/servers. The software is based off TTP (tactics, techniques, and procedures), and it complements our antivirus products. The software basically takes a snapshot of the system, then if anything happens which is out of the norm, the software alerts us. In some cases, it denies execution and will quarantine the endpoint from other systems.

How has it helped my organization?

During the company’s transition, we had a memory scraper infiltrate our network, and  with the help of Carbon Black, we isolated the outbreak to a few point of sale machines.. We saw a step-by-step account of how the software was introduced into the environment, the host it originated from, and the destination address it was connecting too. Carbon Black stopped the spread in its tracks.

What is most valuable?

  • The software uses very few resources; it is almost invisible to the end user. 
  • Behavioral Monitoring stops known malicious events before they even begin. 
  • The whitelist: Being a Casino, we have some odd software packages. Being able to whitelist them is a must.
  • The option to quarantine a device and use the cloud-based portal to gain a “shell” on the infected machine. With this, we can dump the entire system memory to a machine in our lab, then run analysis.

What needs improvement?

It works the way we want and how we want. 

For one improvement, an easier integration with an AlienVault USM appliance would be good. The directions for Splunk are spot on, but it is difficult to find anything on integration with AlienVault,

For how long have I used the solution?

Three to five years.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
1 visitor found this review helpful
2 Comments
Jayandra WickramasingheUser

IT is better if have auto deleting or quarantine after the virus detect.

30 March 18
Jayandra WickramasingheUser

it describe a good experience

28 May 18
Guest
Sign Up with Email