VMware Carbon Black Endpoint Primary Use Case
IT
Imad Taha
Group CIO at a construction company with 10,001+ employees
We started using it to protect our environment from ransomware specifically.
View full review »RL
Randy Lahti
Founding Partner, Security Architect at ISS
Some of my client's use cases are typical endpoint protection, telemetry, and threat hunting. We are using all three of the most popular services that point back to the cloud central console.
UK
Uday S
Director-International Trade Operations - India Middle East at Dow
In my company, we install VMware Carbon Black Endpoint at the workstations of end users to monitor events and verify logs to see if there is any malicious content running at an end user's workstation. The solution allows my company to track, find the logs, and do the verification based on a user's activities.
Buyer's Guide
VMware Carbon Black Endpoint
March 2024
Learn what your peers think about VMware Carbon Black Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
768,740 professionals have used our research since 2012.
I implement the solution as an EDR tool for customers.
View full review »Our primary use case is for protection and as an EDR solution. Moreover, it has all the same features as the other vendors, but what sets it apart is its very good coverage on the VMware side since it's a VMware product.
View full review »MK
reviewer1754481
IT Infrastructure and Security Manager at a paper AND forest products with 1,001-5,000 employees
It is a default software that goes on every computer. This is antivirus endpoint protection. It's pretty simple. The standard application goes on every single machine that we deploy that is Windows based. We have it running on machines that are deployed on the cloud, machines that are deployed on-premise, and on machines that people are using strictly on the internet.
We're using the Carbon Black Endpoint. We're using the latest sensors. We've used 3.7 and 3.8.
Initially when we deployed it, there were over 2,000 users in terms of giving access to the console. We had roles created for security analysts. There were different roles. For example, the field services who take care of the PCs could go take a look. They could bypass if needed, but they could not change any roles or uninstall the agent.
Other roles, such as mine, have full access. We had roles where we had actually created the API integration key where we were sending the Carbon Black logs to a third party who was our SIM for review. There are different roles you can define in there.
View full review »A(
AlexWalker1
Cyber Security and Compliance Consultant at Caretower
Our customers use the product for extended visibility and integrations with various solutions they have. They use it for consolidation and advancing their current measures. They also look to reduce costs. If a customer is a VMware client, they may go for Carbon Black to keep it all under one hat.
View full review »IT
reviewer1619394
Group CIO at a construction company with 10,001+ employees
It has various use cases like firewalls and antivirus. It's been working great for us so far.
View full review »We have a dedicated team using this solution. They create incidents, escalate the incidents, and then respond to the events detected by the EDR.
VMware Carbon Black Endpoint is a log system for one of the clients, and that's the main source where we get logs for their endpoints.
View full review »We use Carbon Black agents that are monitored by the Forescout Extended Module for CB. It will check that CB Agents are deployed and are in running state to secure containers across vmware environment.
The dashboard shows the security analyst who looks at the reports of the threats around policies monitoring Carbon Black agents. The discovery happens in Carbon Black, and as part of the discovery, it will monitor multiple Carbon Black agents. Deployment is on hybrid cloud VM cloud on AWS.
KL
KELVIN LARRUE
Senior Director, Information Technology at C.E. Niehoff & Co.
Carbon Black CB Defense is a sensor for ongoing monitoring. It was deployed and is being used in conjunction with a cloud product called Red Canary.
View full review »KB
Karthik Balakrishnan
Senior Security Consultant at a manufacturing company with 10,001+ employees
It was basically for an EDR solution. We were apparently in the migration phase, to be frank. We were using McAfee VSE, and we wanted a media solution which would give us more insight in terms of the events that are happening with respect to Malware threats. So that's the reason why we went for the Carbon Black Defense.
View full review »We use Cyber Defense to protect our machines from all kinds of attacks. We use this solution to protect ourselves from advanced threat attacks as well as viruses and malware. We also do threat hunting with the help of CyberArk for defense solutions.
View full review »GM
reviewer1799544
Lead IT Security Analyst at a government with 501-1,000 employees
I know they have different forms in their Carbon Black Endpoint now, but we were using Carbon Black Prevent, which was basically just a pure whitelisting product. We didn't look at the other kinds of things that it was doing.
We were basically just using it for, "If Carbon Black picks up a new file in the machine and it's executable or something and it hasn't seen it before, it has to be whitelisted first. It has to be approved before it's allowed to run." That's what we're using it for.
We were technically one and a half versions behind the current version which is out there right now.
The solution is deployed on-prem.
We have cut back the amount of users. At one point, we had about 1,500 or 2,000 users. We're down to about 750 right now.
View full review »AB
Andre B.
Executive Business Analyst & Advisor at a financial services firm with 10,001+ employees
We use it for endpoint visibility and endpoint detection and response. It is our central mechanism for the cyber defense or endpoint detection, response and visibility.
View full review »We're providing this product to our customers. The main intention of using this product is to detect small malware and for vulnerabilities and scanning detection in real-time.
View full review »We use VMware Carbon Black Endpoint to protect endpoints in our company.
View full review »We use this solution as our endpoint security system. The solution is cloud-based.
View full review »DK
Darrick Kristich
Founder/CEO at KRISTICH SECURITY SERVICES LLC
We are a partner in the managed security service provider (MSSP) space. We service hundreds of customers globally. We implement these solutions on behalf of our customers.
With Carbon Black, we've been using them for about six years. We're an MSSP and channel partner with them, as well as an incident response partner. We were like the second incident response company registered with them (through that program) to start using the cb Defense platform. We also integrate it with SIEM. However, we're using it in a managed service capacity. We usually implement it, then manage the platform for our clients long-term. It's used for traditional antivirus, real-time threat protection and prevention, and it also provides us with the ability to do more in-depth investigations into endpoints. With the product, we can do a bit of threat hunting along with managed detection and response. The platform works quite well using it in this capacity.
With Symantec, we have been using it for about six years. We integrate it with our SIEM products. We have a lot of customers who actually run it, so we see it quite often. We collect a lot of data from Symantec and help with responding to anything that Symantec finds. We've had a chance to use the product quite a lot.
MR
reviewer2251128
Head Of Information Security Department at a insurance company with 201-500 employees
My company uses VMware Carbon Black Endpoint for generic endpoint activity detection. We also use it for some investigation using an osquery in our company. VMware Carbon Black Endpoint is useful for blocking some applications and vulnerability assessment of endpoints.
View full review »We need it to secure some PCs and virtual machines inside the company.
View full review »I use VMware Carbon Black Endpoint for its capabilities related to EDR and antivirus support. The tool offers protection to me with its advanced antivirus technology. The tool also protects me from threats.
EK
reviewer2173167
Cyber Security Manager Senior Specialist at a university with 501-1,000 employees
I am associated with the incident response team, and we use Carbon Visibility for converged networks.
View full review »SL
Shibu Lona
ICT/Systems Application Engineer at Honeywell
Our primary use case is for application control.
View full review »SF
Syed Faisal
ICT Manager at SecurEyes
Carbon Black CB Defense is a multi-purpose solution. We can use it for XDR ADF. This way, if someone is trying to attack one's end point, in which there is a script such as PowerShell, but without a signature, the solution will be aware of such an attack and respond accordingly. It will detect the behavior and respond to the SOC.
MP
Maria Palacios Escobedo
IT Cybersecurity at a manufacturing company with 10,001+ employees
The solution is deployed in our computers in the company. However, I can't speak to the use cases, as I'm still quite new to the company.
After we apply some policies we will receive, for example, alerts. We'll look at the devices that have given us alerts and we'll look to see if there is an issue. Then we can prioritize the issues into high and low categories.
We try to know what is a malicious file or malicious application and we can investigate what's happening according to the alerts in Carbon Black. Many times we've found that our policies avoid false positives. That said, sometimes, we have false positives and we get many alerts. We're working with this in Carbon Black.
Carbon black is basically blocking my application. I cannot open files and I cannot install software without it passing the policies. Not just any application can be installed on our computers. They need to be pre-approved. If we need to, however, we can manually bypass to finish an installation.
While there is an IR team that is responsible for managing EDR or deep analytics, our focus is on endpoint and antivirus protection. This is where we encounter signature updates. We look for false positives in their relation to file interpretation. Should anything occur, we can instantly respond. Instead of sending a sample and getting coverage, we can put a policy and place an immediate stop on the false positives.
View full review »BW
Brody Wright
System Analyst at a hospitality company with 1,001-5,000 employees
We include it as another layer of security for our endpoints/servers. The software is based off TTP (tactics, techniques, and procedures), and it complements our antivirus products. The software basically takes a snapshot of the system, then if anything happens which is out of the norm, the software alerts us. In some cases, it denies execution and will quarantine the endpoint from other systems.
View full review »KO
reviewer1465668
Senior NOC Security Engineer at a wholesaler/distributor with 51-200 employees
My clients are using this solution for security as their frontline defense. They are using a whitelist that has all known software allowed.
View full review »TR
TaxoveRao
Product Engineer Cyber Security at a energy/utilities company with 51-200 employees
We use the solution for threat detection and endpoint protection. It generates alerts in case of invalid signatures while installing software.
View full review »Carbon Black is an EDR solution and a Next Generation AV. It works on the basis of machine learning and artificial intelligence. It's used to manage multiple endpoints from a central location and detects alerts on the basis of AI. If we have any custom alerts, they can be triggered or flagged. In that case, we can have a centralized alerting system. It can also be used to isolate, repair, or remediate a machine when it is taken by an attack.
We aren't responsible for managing the infrastructure of this particular tool. We're using it for investigation purposes and to monitor products that are being used by our clients.
It's deployed on a public cloud.
View full review »LA
reviewer1450803
Information Security Specialist at a comms service provider with 5,001-10,000 employees
The product is an endpoint security product. It's kind of like a replacement for a traditional antivirus.
View full review »We primarily leverage the product for its security functionality.
View full review »JS
reviewer1516587
System Eng at a wholesaler/distributor with 1,001-5,000 employees
The solution is primarily used for protection. It's used on all of our servers and all of our workstations.
View full review »JM
reviewer1762626
IT Administrator at a manufacturing company with 501-1,000 employees
It is used for protecting our file servers. Its version is kept up to date, so it should be fairly current.
View full review »Our primary use case for this solution involves addressing incidents related to malware outbreaks and malicious signatures.
View full review »JB
reviewer1265103
Cyber Security Consultant with 1,001-5,000 employees
Basically we use the solution for protecting and detecting misuse of end-users while using their end-points to access the internet, especially for browsing websites, or suspicious activity as far as misusing their web browser. It protects them from web-based attacks such as DDos (Denial of Service) or ransomware.
View full review »JG
reviewer1439934
Infrastructure and support manager at a healthcare company with 51-200 employees
We used it for EDR, as well as endpoint protection, the whitelisting feature.
View full review »MS
reviewer1344240
IT Infrastructure - Global Head at a comms service provider with 10,001+ employees
We primarily use the solution as endpoint security.
View full review »MA
Mark Adams
Senior Manager, IT Security and Compliance / CISO at Superior Energy Services, Inc.
We use this solution for endpoint security and protection.
View full review »SS
reviewer917823
IT Manager - System Administration at a pharma/biotech company with 501-1,000 employees
We primarily use the solution for operations and also security. On the security front, we have a specific project that's ongoing right now. We are moving away from the on-prem Carbon Black to the cloud one.
We primarily use the solution for endpoint protection.
View full review »TT
reviewer1785597
IT Manager at a financial services firm with 51-200 employees
We primarily use this product to provide threat intelligence to our SOC about our endpoints.
View full review »MP
reviewer1167921
Information Security Consultant at a healthcare company with 10,001+ employees
We are using the Carbon Black CB Defense for endpoint security.
View full review »HL
HeathLord
Vice President of Sales (previously Sales Engineer) at a computer software company with 11-50 employees
The primary use case is for stopping spyware, malware, and viruses in their tracks.
It's very good at doing that. It has intelligent learning behind it and we have been very successful in preventing attacks.
View full review »JW
Jayandra Wickramasinghe
Senior Systems engineer at SAT
This product would help any organization to increase its detection and prevention with event investigations and immediate response to data infiltration.
View full review »KT
Kostia Tkachov
IT Security Solutions Engineer at Softprom
We are a distributor for Carbon Black and CB Defense is one of the products that we work with and demo for our customers.
View full review »CS
reviewer1236738
Assistant Technical Manager at a tech services company with 11-50 employees
We are a distributor of Carbon Black in Asia. Generally our customers are looking for endpoint features such as EDR (endpoint detection and response). Their existing solutions are usually from another vendor that has provided a normal antivirus solution. They are looking for endpoint protection and detection and response.
View full review »The first case was in a financial institution with offices in several states which needed to increase the ability to detect and respond to threats.
View full review »SS
reviewer1300992
Owner at a tech services company with 1-10 employees
We are an MSP, and we deployed this solution for a banking client. We use it to help us defend against advanced persistent threats.
View full review »AE
reviewer1740045
Cyber Security Engineer at a tech services company with 201-500 employees
CB Defense is a threat identification and protection solution. In general, it's more often deployed on the cloud than on-prem. The customer decides.
View full review »MN
SrSecuria175
Sr. Security Analyst, Enterprise Architecture and Security at a tech services company with 5,001-10,000 employees
We use this solution as an endpoint solution for protection.
View full review »AU
reviewer1454073
Security Engineer at a tech services company with 11-50 employees
We manage service providers. We provide this solution to other clients and companies that need it, and we are using the latest version.
View full review »Buyer's Guide
VMware Carbon Black Endpoint
March 2024
Learn what your peers think about VMware Carbon Black Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
768,740 professionals have used our research since 2012.