VMware Carbon Black App Control Review

Good application whitelisting capability and offers visibility into attacks as they happen

What is our primary use case?

We use this product for server architecture protection. We have both virtual and physical servers.

How has it helped my organization?

Carbon Black offers a total lockdown solution. It shows us the attacks that are being attempted against our infrastructure, and how it is that we are being protected.

What is most valuable?

The effectiveness of application whitelisting is very good.

The details it provides have a high degree of granularity. I can perform an in-depth asset event analysis and do an effective application whitelisting.

What needs improvement?

The reporting is not good and needs to be improved. It is plain and unattractive, and you need to do a lot of sorting to get it done. Having some form of executive management reporting, in case we need to present it to the board, would be helpful. The current reports are simply too plain for that.

For how long have I used the solution?

I have been using Carbon Black App Control for two years.

What do I think about the stability of the solution?

Stability-wise, this is a great solution.

What do I think about the scalability of the solution?

This product is very scalable. One time, we had to increase the memory in the server. Otherwise, it is very scalable and works well.

We are planning to increase usage to cover our entire ATM infrastructure in the long-term.

How are customer service and technical support?

The support from the vendor is not so good, so most of the time, we engage the OEM. The support provided by the manufacturer is very good.

How was the initial setup?

The initial setup was straightforward because we had the assistance of the OEM while deploying it. The process was not complex at all.

Our deployment took more than four months because we have to do an event analysis on a daily basis. We also have a large number of assets.

What about the implementation team?

The OEM assisted us during our deployment, and there were five people involved including our side. Our side included the server owners, somebody from infrastructure, and the compliance team.

We have a team of three people who take care of the maintenance. Only my team, handling security, regularly uses the product. We did give view-only access to the compliance team, as well.

What was our ROI?

This is a good system that delivers on its proposed value.

What's my experience with pricing, setup cost, and licensing?

We pay a fee for support, which is renewed annually.

What other advice do I have?

My advice to anybody who is considering Carbon Black App Control is that it is a good solution, and probably one of the best application whitelisting solutions in the industry. However, you need to have a very scalable infrastructure for it. I would suggest using a virtual environment rather than an on-premies one, where you can scale as much as you need to. 

Overall, it delivers well on the proposed value and my only complaint is about the reporting.

I would rate this solution an eight out of ten.

Which deployment model are you using for this solution?


Which version of this solution are you currently using?

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
Find out what your peers are saying about Carbon Black, McAfee, Ivanti and others in Application Control. Updated: June 2021.
522,946 professionals have used our research since 2012.
Add a Comment
ITCS user