Carbon Black CB Defense Review

Centralization via the cloud allows us to protect and control people working from home


What is our primary use case?

We started using it to protect our environment from ransomware specifically.

What is most valuable?

Carbon Black works completely differently from other products. We tested different products and Carbon Black was selected because it does not remove a virus but it kills any suspect operations and it's up to the admin to check the scenario. It kills the "effect," if you will. If you receive ransomware or anything suspicious, it will kill the process unless you allow it, after receiving warnings.

I cannot say it's pure AI, but the way it works is that it stops any suspicious activity, not based on signature-based attacks. It works in a way that it detects that a given effect is unusual.

Also, you can deploy it through the cloud so that even if your stuff is outside of your controlled environment, you are still under control, based on the policies you create. The policies are controlled through the cloud. For example, if I don't allow anyone to do a certain activity or to install a particular app, and a consultant or a partner who is not part of our environment is doing so, it will stop them as well. Because of COVID-19, we are all working from home. Imagine if the centralization and control provided by the product were not on the cloud. We would lose control of the people working from home. So the centralized cloud control is one of its more effective aspects.

What needs improvement?

As far as I know, Carbon Defense has nothing that can be installed on mobile devices. It lacks a defense solution for mobile devices, especially mobile tablets. I would like to see support for mobile devices and the pricing should be less than the pricing for a normal workstation.

Also, there is not much education for customers about Defense versus its other products. They promote Defense as enough, but then they say if you need more protection you can go for CB Response. I don't know whether it's a technology issue or a marketing issue, but they should teach the customer more. They tell you you are secure with Carbon Defense but then they recommend Carbon Protect. There is not a lot of education on this.

I don't want to have an incident in the future and their answer will be, "Sorry, you did not buy Protect." Security is a continuous process. I can accept that it has more features, but don't tell me, "You are not protected because you did not buy the more expensive product."

In addition, these other products should be add-ons, not separate products. And the cost for them should be much less for adding on because you are already a customer.

Finally, we receive a lot of high alerts. There is no priority system, from one to 10, where 10 is very dangerous and one is something easy. There is no way for us to tell why this alert is similar to that one.

For how long have I used the solution?

I have been using Carbon Black CB Defense for two years.

What do I think about the stability of the solution?

It is stable. It does not use a lot of CPU or RAM. This is one of its good points.

What do I think about the scalability of the solution?

We have about 1,000 users. Scaling is always possible because it's a cloud solution.

How are customer service and technical support?

They have good local support, here in Dubai.

How was the initial setup?

Deployment takes too much time because it has a lot of options. The implementation was not an easy process. I wish the implementation was easier. But it has a positive effect in the end. The complexity pays for itself ultimately. You do not spend time on the complexity and then get nothing as a result. So the complexity is something that is necessary.

We were new to this product. If the deployment took, say, two weeks, it took us a very long time, maybe a couple of months, until we knew this product was solid. The education services given by the partner are not enough. It was a completely new product for us, so we needed a lot of education. While the implementation took two weeks, it really took two months to go through all the options.

What about the implementation team?

We had a consultant at the beginning.

What's my experience with pricing, setup cost, and licensing?

We have branches, we have different companies, but we cannot buy less than 100 licenses. This does not make sense to me. We do have some big companies within our group. But if I have a small office with 20 users and all my licenses are in use, the next buy cannot be less than 100 licenses. We have to do a lot of implementation and communication to add that many. But we only need 20. They are not flexible in the licensing part. It should be more flexible. 

I can understand their saying, "Okay, to be a customer you need 100," but to add on to that number it should be something very straightforward. If I need to add five, for example, I shouldn't need to add 100.

I'm not happy with the way they are treating existing customers for adding licenses. I sent an angry communication to them, to the management, and said to them: "With 1,000 users, I need only another 50 licenses. Why do you want me to go for 100? It's a stupid policy." Then I got approval from them for fewer. I don't need to buy subscriptions for users I don't have.

Also, licenses should not be per endpoint but rather per user. If I am the same user on a mobile device or on a workstation it should be one license for me.

Which other solutions did I evaluate?

To compare apples to apples, before going for Carbon Black I was thinking about CrowdStrike. CrowdStrike has a lot of very beautiful features that Carbon Black does not have, like IT asset management. But I am not buying this type of software for IT asset management. I'm buying it to protect my infrastructure from big threats. While CrowdStrike has many good features that Carbon Black does not have, that's not the case when it comes to security. CrowdStrike is a very good product but it's more expensive. If you buy all the components of CrowdStrike I can assure you it will be much better than Carbon Black, but cost is a factor.

Our previous product, Kaspersky, was fine but it's not on the level of Carbon Black. Carbon Black is called a next-generation antivirus because it does not only work based on signatures. With Kaspersky we had an incident, and one of the servers affected was the Kapsersky control server.

What other advice do I have?

My advice is to get enough information about the differences in Carbon Black products from day one. In other words, if Carbon Black is claiming that Carbon Black CB Defense is enough, why are they always promoting the more expensive product, which is Carbon Black Protect? So, you need to be educated well about the differences between the products.

Also, look at the roadmap of the product regarding whether there will be good mobile protection for mobile users or not. And be aware of the minimum license purchasing policy.

The number of people for maintenance of the solution depends on how your environment is structured, but in our company I need five people.

Which deployment model are you using for this solution?

Private Cloud
**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Carbon Black CB Defense reviews from users
...who work at a Construction Company
...who compared it with Galvanize IncidentBond
Add a Comment
Guest