Carbon Black Cb Response Review

Enables us to remotely analyze infected machines without delay


What is our primary use case?

When a machine gets infected we need to have a memory dump and to interact with it. We use this solution as a good way to extract that information from an infected machine.

How has it helped my organization?

When a machine gets infected and the user is not in sight, you cannot go to the user and ask them to analyze their machine, what was in their system. With this solution, you can do so remotely. This is valuable because you don't have to bring the computer onsite to analyze it. Even if the user is doing something wrong, like stealing information from the company, you can detect it remotely, capture it remotely, and have this information to analyze it afterward.

It saves the time required to take an image of a machine onsite. You get to the machine and make it live. You don't have to wait. Whatever activity you have to do on the machine can be done right away.

In addition, it helps us to be sure of the type of infection we have which helps reduce response time and provide a better solution to what is happening. It decreases response time by about 40 percent.

What is most valuable?

The most valuable features are the threat-hunting and the batch console.

What needs improvement?

They need to improve the batch console. It needs more capabilities. We are limited by the ones it provides, although we can type commands from the native operating system.

What do I think about the stability of the solution?

The stability is fine.

What do I think about the scalability of the solution?

It has pretty good scalability.

How are customer service and technical support?

I have not used technical support.

If you previously used a different solution, which one did you use and why did you switch?

This system is the only one I have used.

How was the initial setup?

The initial setup was pretty straightforward.

What about the implementation team?

The vendor installed it and gave us some training so we would know how to use the tool and how to deploy it in our systems.

Which other solutions did I evaluate?

I was not part of the decision-making process. It was the engineers who decided.

What other advice do I have?

You need to analyze your organization's needs. If you just want to protect things, it's very useful.

I rate the solution at eight out of ten because they need to improve the console. We would like it to let us type commands that are native to the operating system, not the ones that are included in the product.

The product, in terms of maturity, is still at the very beginning.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
Add a Comment
Guest
Sign Up with Email