We started using it to protect our environment from ransomware specifically.

Some of my client's use cases are typical endpoint protection, telemetry, and threat hunting. We are using all three of the most popular services that point back to the cloud central console.

In my company, we install VMware Carbon Black Endpoint at the workstations of end users to monitor events and verify logs to see if there is any malicious content running at an end user's workstation. The solution allows my company to track, find the logs, and do the verification based on a user's activities.

I implement the solution as an EDR tool for customers. 

Our primary use case is for protection and as an EDR solution. Moreover, it has all the same features as the other vendors, but what sets it apart is its very good coverage on the VMware side since it's a VMware product. 

It is a default software that goes on every computer. This is antivirus endpoint protection. It's pretty simple. The standard application goes on every single machine that we deploy that is Windows based. We have it running on machines that are deployed on the cloud, machines that are deployed on-premise, and on machines that people are using strictly on the internet.

We're using the Carbon Black Endpoint. We're using the latest sensors. We've used 3.7 and 3.8.

Initially when we deployed it, there were over 2,000 users in terms of giving access to the console. We had roles created for security analysts. There were different roles. For example, the field services who take care of the PCs could go take a look. They could bypass if needed, but they could not change any roles or uninstall the agent. 

Other roles, such as mine, have full access. We had roles where we had actually created the API integration key where we were sending the Carbon Black logs to a third party who was our SIM for review. There are different roles you can define in there.

Our customers use the product for extended visibility and integrations with various solutions they have. They use it for consolidation and advancing their current measures. They also look to reduce costs. If a customer is a VMware client, they may go for Carbon Black to keep it all under one hat.

It has various use cases like firewalls and antivirus. It's been working great for us so far.

We have a dedicated team using this solution. They create incidents, escalate the incidents, and then respond to the events detected by the EDR.

VMware Carbon Black Endpoint is a log system for one of the clients, and that's the main source where we get logs for their endpoints.

We use Carbon Black agents that are monitored by the Forescout Extended Module for CB. It will check that CB Agents are deployed and are in running state to secure containers across vmware environment.

The dashboard shows the security analyst who looks at the reports of the threats around policies monitoring Carbon Black agents. The discovery happens in Carbon Black, and as part of the discovery, it will monitor multiple Carbon Black agents. Deployment is on hybrid cloud VM cloud on AWS.

Carbon Black CB Defense is a sensor for ongoing monitoring. It was deployed and is being used in conjunction with a cloud product called Red Canary.

It was basically for an EDR solution. We were apparently in the migration phase, to be frank. We were using McAfee VSE, and we wanted a media solution which would give us more insight in terms of the events that are happening with respect to Malware threats. So that's the reason why we went for the Carbon Black Defense.

We use Cyber Defense to protect our machines from all kinds of attacks. We use this solution to protect ourselves from advanced threat attacks as well as viruses and malware. We also do threat hunting with the help of CyberArk for defense solutions.

I know they have different forms in their Carbon Black Endpoint now, but we were using Carbon Black Prevent, which was basically just a pure whitelisting product. We didn't look at the other kinds of things that it was doing.

We were basically just using it for, "If Carbon Black picks up a new file in the machine and it's executable or something and it hasn't seen it before, it has to be whitelisted first. It has to be approved before it's allowed to run." That's what we're using it for.

We were technically one and a half versions behind the current version which is out there right now.

The solution is deployed on-prem.

We have cut back the amount of users. At one point, we had about 1,500 or 2,000 users. We're down to about 750 right now.

We use it for endpoint visibility and endpoint detection and response. It is our central mechanism for the cyber defense or endpoint detection, response and visibility.

We're providing this product to our customers. The main intention of using this product is to detect small malware and for vulnerabilities and scanning detection in real-time.

We use VMware Carbon Black Endpoint to protect endpoints in our company.

We use this solution as our endpoint security system. The solution is cloud-based.

We are a partner in the managed security service provider (MSSP) space. We service hundreds of customers globally. We implement these solutions on behalf of our customers. 

With Carbon Black, we've been using them for about six years. We're an MSSP and channel partner with them, as well as an incident response partner. We were like the second incident response company registered with them (through that program) to start using the cb Defense platform. We also integrate it with SIEM. However, we're using it in a managed service capacity. We usually implement it, then manage the platform for our clients long-term. It's used for traditional antivirus, real-time threat protection and prevention, and it also provides us with the ability to do more in-depth investigations into endpoints. With the product, we can do a bit of threat hunting along with managed detection and response. The platform works quite well using it in this capacity.

With Symantec, we have been using it for about six years. We integrate it with our SIEM products. We have a lot of customers who actually run it, so we see it quite often. We collect a lot of data from Symantec and help with responding to anything that Symantec finds. We've had a chance to use the product quite a lot.

My company uses VMware Carbon Black Endpoint for generic endpoint activity detection. We also use it for some investigation using an osquery in our company. VMware Carbon Black Endpoint is useful for blocking some applications and vulnerability assessment of endpoints.

We need it to secure some PCs and virtual machines inside the company.

I use VMware Carbon Black Endpoint for its capabilities related to EDR and antivirus support. The tool offers protection to me with its advanced antivirus technology. The tool also protects me from threats.

I am associated with the incident response team, and we use Carbon Visibility for converged networks.

Our primary use case is for application control.

Carbon Black CB Defense is a multi-purpose solution. We can use it for XDR ADF. This way, if someone is trying to attack one's end point, in which there is a script such as PowerShell, but without a signature, the solution will be aware of such an attack and respond accordingly. It will detect the behavior and respond to the SOC.

The solution is  deployed in our computers in the company. However, I can't speak to the use cases, as I'm still quite new to the company.

After we apply some policies we will receive, for example, alerts. We'll look at the devices that have given us alerts and we'll look to see if there is an issue. Then we can prioritize the issues into high and low categories.

We try to know what is a malicious file or malicious application and we can investigate what's happening according to the alerts in Carbon Black. Many times we've found that our policies avoid false positives. That said, sometimes, we have false positives and we get many alerts. We're working with this in Carbon Black.

Carbon black is basically blocking my application. I cannot open files and I cannot install software without it passing the policies. Not just any application can be installed on our computers. They need to be pre-approved. If we need to, however, we can manually bypass to finish an installation.

While there is an IR team that is responsible for managing EDR or deep analytics, our focus is on endpoint and antivirus protection. This is where we encounter signature updates. We look for false positives in their relation to file interpretation. Should anything occur, we can instantly respond. Instead of sending a sample and getting coverage, we can put a policy and place an immediate stop on the false positives.

We include it as another layer of security for our endpoints/servers. The software is based off TTP (tactics, techniques, and procedures), and it complements our antivirus products. The software basically takes a snapshot of the system, then if anything happens which is out of the norm, the software alerts us. In some cases, it denies execution and will quarantine the endpoint from other systems.

My clients are using this solution for security as their frontline defense. They are using a whitelist that has all known software allowed.

We use the solution for threat detection and endpoint protection. It generates alerts in case of invalid signatures while installing software.

Carbon Black is an EDR solution and a Next Generation AV. It works on the basis of machine learning and artificial intelligence. It's used to manage multiple endpoints from a central location and detects alerts on the basis of AI. If we have any custom alerts, they can be triggered or flagged. In that case, we can have a centralized alerting system. It can also be used to isolate, repair, or remediate a machine when it is taken by an attack.

We aren't responsible for managing the infrastructure of this particular tool. We're using it for investigation purposes and to monitor products that are being used by our clients.

It's deployed on a public cloud.

The product is an endpoint security product. It's kind of like a replacement for a traditional antivirus.

We primarily leverage the product for its security functionality.

The solution is primarily used for protection. It's used on all of our servers and all of our workstations.

It is used for protecting our file servers. Its version is kept up to date, so it should be fairly current.

Our primary use case for this solution involves addressing incidents related to malware outbreaks and malicious signatures.

Basically we use the solution for protecting and detecting misuse of end-users while using their end-points to access the internet, especially for browsing websites, or suspicious activity as far as misusing their web browser. It protects them from web-based attacks such as DDos (Denial of Service) or ransomware. 

We used it for EDR, as well as endpoint protection, the whitelisting feature.

We primarily use the solution as endpoint security.

We use this solution for endpoint security and protection.

We primarily use the solution for operations and also security. On the security front, we have a specific project that's ongoing right now. We are moving away from the on-prem Carbon Black to the cloud one. 

We primarily use the solution for endpoint protection.

We primarily use this product to provide threat intelligence to our SOC about our endpoints.

We are using the Carbon Black CB Defense for endpoint security.

The primary use case is for stopping spyware, malware, and viruses in their tracks. 

It's very good at doing that. It has intelligent learning behind it and we have been very successful in preventing attacks.

This product would help any organization to increase its detection and prevention with event investigations and immediate response to data infiltration. 

We are a distributor for Carbon Black and CB Defense is one of the products that we work with and demo for our customers.

We are a distributor of Carbon Black in Asia. Generally our customers are looking for endpoint features such as EDR (endpoint detection and response). Their existing solutions are usually from another vendor that has provided a normal antivirus solution. They are looking for endpoint protection and detection and response.

The first case was in a financial institution with offices in several states which needed to increase the ability to detect and respond to threats.

We are an MSP, and we deployed this solution for a banking client. We use it to help us defend against advanced persistent threats.

CB Defense is a threat identification and protection solution. In general, it's more often deployed on the cloud than on-prem. The customer decides. 

We use this solution as an endpoint solution for protection.

We manage service providers. We provide this solution to other clients and companies that need it, and we are using the latest version.