To compare apples to apples, before going for Carbon Black I was thinking about CrowdStrike. CrowdStrike has a lot of very beautiful features that Carbon Black does not have, like IT asset management. But I am not buying this type of software for IT asset management. I'm buying it to protect my infrastructure from big threats. While CrowdStrike has many good features that Carbon Black does not have, that's not the case when it comes to security. CrowdStrike is a very good product but it's more expensive. If you buy all the components of CrowdStrike I can assure you it will be much better than Carbon Black, but cost is a factor.

Our previous product, Kaspersky, was fine but it's not on the level of Carbon Black. Carbon Black is called a next-generation antivirus because it does not only work based on signatures. With Kaspersky we had an incident, and one of the servers affected was the Kapsersky control server.

There are other solutions like Symantec in the market.

I use and recommend various EDR solutions to clients. 

Hana has experience with NCL, but I have worked with other organizations using NCL and have experience with Carbon Black. Previously, I worked with CrowdStrike, Sentinel, and Windows Defender. These are leaders in the market, including a native product for Microsoft. When we talk about those solutions, they offer good support and features and compatibility with different machines, providing us with a comprehensive solution. For example, we have Linux, some Oracle Linux servers, and some EL product versions that are currently not supported by Carbon Black. However, CrowdStrike or other solutions still support all legacy OS. We chose a solution that covers 100% of the machines we have, whether it's Windows or Linux. In some places, CBC doesn't support all of our OS, but they should provide a solution for that as well.

We looked at CrowdStrike, the offering from Blackberry called SentinelOne, and we looked at the major other AV providers like Sophos, McAfee, and Norton.

We did evaluate CrowdStrike Falcon and Microsoft Sentinel. These two products are fantastic. A lot of acceptable and unacceptable risks are covered in CrowdStrike Falcon. With these two solutions, the business line continues without disruption, and there's less downtime.

Carbon Black CB Defense is not compatible with many machines. Many of the machines require a minimum prerequisite. However, CrowdStrike Falcon supports even legacy machines. Around 95% of the machines in our organization are covered by Carbon Black CB Defense. However, CrowdStrike Falcon could have covered around 98.9% of machines.

The reporting system is much better in CrowdStrike Falcon, and if you want to pull data, you can customize it as per your requirements. With Carbon Black CB Defense, whatever they offer, we have to get the data. Otherwise, we have to use the API. Even if you use the API, you can only find specific information.

My company didn't evaluate other options, because Carbon Black CB Defense was suggested by CROW. My company just went with what they suggested.

We also had a review of FireEye HX as well, but we chose this in terms of the utility and also in terms of the cost involved. So that is the reason why we chose CB Defense. And, so, that's the reason why we are currently using CB Defense. We wanted to have an insight about Malware, the vectors for which they come into and what kind of a behavior they exhibit. So these are the things that we are basically looking to the Carbon Black Defense.

I think they can probably bring in because there is a little bit of a gap between the native Antivirus solutions like Symantec or McAfee. McAfee does have a separate product, the application control. And Symantec Endpoint has the application and device control as a built-in component in 11, 12, and I think in 14 it has the same. But the EDR solutions currently don't have that kind of a feature. So, if they can incorporate that, it would be a better security control and an antivirus, basically, because you do have instances where Malwares are getting into the network through an RFD or through a particular free software that users might download from the internet.

We also looked at Rsam and ESET. We've used a multitude. So yes, we have.

We also looked at CrowdStrike but it was a little too expensive. 

One of the main advantages of Cortex XDR over VMware Carbon Black Endpoint is that Cortex XDR has an intrusion detection system. Cortex XDR has a host-based IDS, and such a feature doesn't exist in VMware Carbon Black Endpoint. Cortex XDR has VMware Carbon Black Endpoint's functions and much more than they need.

Palo Alto is a product that our company has considered during its current evaluation process.

I was looking at the possibility of replacing this solution with Defender, as that's part of our Office 365 licensing package that we have. I was asking myself "will this help? Is it really worth me spending x number of dollars for CBD versus using Defender?" However, after careful examination, we decided to stick with Carbon Black.

We did not evaluate other options.

We were looking at either keeping our Symantec Endpoint, and evaluating Trend Micro, and CrowdStrike.

We chose Carbon Black because of Its integration, features, and usability.

I am currently reviewing Cylance and products from other vendors as part of our processes. We want to see what price points and feature sets and things like that, to see what would be better.

We want to know how Carbon Black compares to others; we've seen a little bit of that. I've got some documentation to review that. At this point, we're test-bedding several other providers right now to see if there's anything that does equally or better and that comes at a better price point.

We evaluated McAfee and Symantec.

We did not evaluate any other solution. We are partners of Carbon Black.

We did consider other products but we chose this solution.