What is our primary use case?
We are a distributor of Carbon Black in Asia. Generally our customers are looking for endpoint features such as EDR (endpoint detection and response). Their existing solutions are usually from another vendor that has provided a normal antivirus solution. They are looking for endpoint protection and detection and response.
What is most valuable?
- The triage feature that shows you the whole kill chain of the attack/malware is useful. It shows how the malware get into the endpoints and show what it has been done
- The solution is easy to use and easy to deploy as it is cloud solution, no appliance is needed to deploy on premise
What needs improvement?
When you view the triage, it will show you everything within a given time frame, and not only the attack that caused the alert, which is what I want to see. It shows you all the events during that time, and that can be quite confusing. If they could focus on the alert and the event that the user wants to see, that would be better.
There is also room for improvement on the reporting side, because it doesn't have reports. Many of our customers would prefer some kind of exportable report, like a summary. Carbon Black should have this feature.
What do I think about the stability of the solution?
We haven't encountered any bugs.
How are customer service and technical support?
I have not needed to contact their technical support yet.
How was the initial setup?
The setup and configuration are very straightforward. The time it takes depends on the number of endpoints. For one endpoint, it takes a few minutes, tops.
What's my experience with pricing, setup cost, and licensing?
Although I'm more on the technical side and not involved in the pricing, it's more or less the same as other similar solutions.
What other advice do I have?
I would recommend this product to other people.
Which deployment model are you using for this solution?