Carbon Black CB Defense Review

The most valuable Feature is the time-lining capability for any breach activity. It actually does some heuristics, and some behavioral analysis.


What is our primary use case?

We use it for endpoint visibility and endpoint detection and response. It is our central mechanism for the cyber defense or endpoint detection, response and visibility.

How has it helped my organization?

We've integrated it with Splunk, with ThreatConnect, and a couple of others. It has a lot of modules for integration that has streamlined our ability to respond and decrease the amount of time for response, but also allowing us not to have to pivot to so many tools where we can actually work from more of a single pane of glass perspective.

What is most valuable?

I think something that is the most valuable is the time-lining capability for any breach activity. It gives us the ability for us to actively threat hunt. This is not something where it's a passive response tool where we watch things happen. In contrast, it actually does some heuristics, and some behavioral analysis, and we're able to do some prevention with it as well. I think that's really the strongest attribute, and it makes this a more aggressive tool than others.

What needs improvement?

In some areas one of the big issues for me is responsiveness to issues that arise with the solution. There are some components that leave a bit to be desired and/or that are bugs, or that even if it's a feature update request. These kinds of things are not the fastest company to respond to those. We did have a bug that was persistent for it's now going on two months and it hasn't been fixed. That is one of the drawbacks. This is really impacting what we need to do with it. But, the bigger issue is the organizational responsiveness to clients.

In addition, I think there should be a cloud gateway. It needs to move into a transitory space between our On-Premise and external where it does not have to be in two separate instances. It should marry the two. Also, it would be good to have them working in the containerization space, as well. To have a mechanism for securing cloud modules a bit better. This would be ideal. It would help encompass more of the broad range security so we do not have to couple this with other outside solutions.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

 It implements and integrates very well with other security tools, cybersecurity tools.

How is customer service and technical support?

The tech support communicates, but it's just not with movement. They are responsive, yet there is no quick motion often in regards to resolving the issue. I would personally give the tech support a rating of seven out of ten. 

How was the initial setup?

The setup really depends on a few crucial elements. It depends on where we are, what region, what country we're in, and what PIA rules they have in place. For the most part, it is a fairly straightforward setup. I will say in the initial setup, Carbon Black was very responsive. They were really good at providing the assistance and the support we needed to get it set up, but it was not an extremely hard task.

What was our ROI?

It has the ability for you to upload the scripts or anything you want to run anywhere. The capabilities of this tool are almost limitless. That is why Carbon Black is a leader. You can run whatever script you want by uploading it to the tool. This is a very, very comprehensive feature.

Which other solutions did I evaluate?

We also looked at Rsam and ESET. We've used a multitude. So yes, we have.

What other advice do I have?

  • Make ssure that your firewall ports open and really test communication back to their server. 
  • Make sure you don't have anything else that may be impeding it. 
  • If you are dealing with any PIA countries or GSA (also known as TAA) countries, make sure you're working through their work councils.
  • Make sure you look at a holistic perspective and have a plan in place on how to use this tool.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Add a Comment
Guest
Sign Up with Email