Carbon Black CB Response Review

Good configuring capabilities and provides good market information gathered from the community

What is most valuable?

The market information they gather from the community is really good. Their configuration capabilities are good. 

What needs improvement?

One of the big issues we're facing is that their solution doesn't support multi-tenants. The second area for improvement is that they have different products, but if we wanted to take their protection and their EPR, then we would need to have two agents. In our scenario, having a client work within the cloud is not an option, so we cannot extend the support for Carbon Black to provide the protection that comes from Carbon Black. This will cause resource consumption.

What I would like to see in the new platform is for it to have a higher visibility for being able to fix the solution. Having also just the visibility to separate the collectors on site. If the informed agent can connect to the collectors the ability to be connected to the management consult or superior management directly.

What do I think about the stability of the solution?

So far we had an issue connected to the hardware. I think there was an error that happened, so from their software, we had no issue with stability. Not from agents or from the server itself. But an area they need to improve on is that they need to have an option for higher availability. We can't provide a good solution if we need to rely on virtualization, higher availability. So they need to work on building their forum support for higher availability.

What do I think about the scalability of the solution?

In terms of their scalability, so far I think we have around 5,000 endpoints. We had no issues because of the hardware. The resources could prevent the number of endpoints. They should reconsider the design of the solution where you can have them supporting all kinds of designs where you can install an aggregator or connectors for small branches that are our size and have that to provide management consultancy.

Our newest driver manages to the service provider so they cannot just make all the connection there go onto the consult of the management server. We need some kind of component that could communicate to the management. Instead of having each endpoint communicate with management.

How are customer service and technical support?

They need a big change in the region because they don't have much presence. I think they need to have to train a new manager, but they don't have enough presence. So when we need to work with their office, which is in the U.K, it is kind of a challenge. I think they need to have more support here locally. From a support perspective from our team, they're happy with their support so far, they haven't said of any big issue with them providing us with support. 

How was the initial setup?

The initial setup is straightforward. We already know how to do it but I think for maybe other clients if they do it, it can be a bit challenging.

What other advice do I have?

I would recommend anyone to go ahead with Carbon Black if they are looking for an EDR solution. From my experience with selling, some people have a misunderstanding of what it is they are supposed to do. I would recommend going with it but be aware that you will be overwhelmed with the number of receipts which require somebody to begin to follow up and investigate each incident. This is not something bad, it's something good because of the way that security goes, you need to go through every incident to understand whether it is a false positive or true positive so they need to be reviewed. This is not an automated solution, it's something that somebody needs to take care of.

I would rate this solution as a 9.5 out of 10. We know what we are doing. We know we bought Carbon Black for a reason so we are aware of everything and it's doing its job. We see that there is an area for enhancement, I think the product or business unit or product management, they need to look more into an area for enhancement which is just part of it. So that is why I didn't give it a ten. A 9.5 fair for them. Maybe other people would think to get it lowered but because they have a misunderstanding about what Carbon Black is about.

**Disclosure: My company has a business relationship with this vendor other than being a customer: Reseller.
More Carbon Black CB Response reviews from users
...who compared it with Carbon Black CB Defense
Find out what your peers are saying about Carbon Black, Dell EMC, IBM and others in Security Incident Response. Updated: June 2021.
522,281 professionals have used our research since 2012.
Add a Comment
ITCS user