WAKKAS AHMAD - PeerSpot reviewer
Security Consultant at Mahle
Real User
Top 5Leaderboard
Great correlation and visibility; easy setup
Pros and Cons
  • "Carbon Black CB Defense has helped improve my organization by allowing us to have better data so that we can do correlation and get visibility into the alerts."
  • "Carbon Black CB Defense has helped improve my organization by allowing us to have better data so that we can do correlation and get visibility into the alerts."

What is our primary use case?

We use Cyber Defense to protect our machines from all kinds of attacks. We use this solution to protect ourselves from advanced threat attacks as well as viruses and malware. We also do threat hunting with the help of CyberArk for defense solutions.

How has it helped my organization?

Carbon Black CB Defense has helped improve my organization by allowing us to have better data so that we can do correlation and get visibility into the alerts. Previously, we used a different solution for protecting the devices and we were not able to get enough data.

What is most valuable?

The Carbon Black CB Defense feature I found most valuable is that it gives us the ability to do log analysis as well as the current state of the environment and activity on the user machines.

What needs improvement?

I would say that the technical support team should be improved since it takes them a lot of time to provide us with support.

In the next release, I would like to see a host-based firewall.

Buyer's Guide
VMware Carbon Black Endpoint
February 2024
Learn what your peers think about VMware Carbon Black Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: February 2024.
763,955 professionals have used our research since 2012.

For how long have I used the solution?

I have been using this solution for more than a year.

What do I think about the stability of the solution?

I would rate the stability of this solution a seven, on a scale from one to 10, with one being the worst and 10 being the best.

What do I think about the scalability of the solution?

I would rate the scalability of this solution an eight, on a scale from one to 10, with one being the worst and 10 being the best.

How was the initial setup?

The initial setup process was easy. It takes about four or five months to set up the solution. The deployment was done with the help of ten teams and five to six people who had full involvement during the implementation.

What other advice do I have?

To the people looking to use this solution, I'd say if you want to get better visibility into an environment and see user activity or suspicious activity, then

Carbon Black CB Defense  is the right solution for you.

Overall, I would rate this solution an eight, on a scale from one to 10, with one being the worst and 10 being the best.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
PeerSpot user
Executive Business Analyst & Advisor at a financial services firm with 10,001+ employees
Real User
The most valuable Feature is the time-lining capability for any breach activity. It actually does some heuristics, and some behavioral analysis.
Pros and Cons
  • "It actually does some heuristics, and some behavioral analysis."
  • "The most valuable asset is the time-lining capability for any breach activity."
  • "This product has the capability of uploading scripts to the tool and this is a very comprehensive feature."
  • "The tech support communicates, but it's just not with movement."
  • "I would personally give the tech support a rating of seven out of ten."

What is our primary use case?

We use it for endpoint visibility and endpoint detection and response. It is our central mechanism for the cyber defense or endpoint detection, response and visibility.

How has it helped my organization?

We've integrated it with Splunk, with ThreatConnect, and a couple of others. It has a lot of modules for integration that has streamlined our ability to respond and decrease the amount of time for response, but also allowing us not to have to pivot to so many tools where we can actually work from more of a single pane of glass perspective.

What is most valuable?

I think something that is the most valuable is the time-lining capability for any breach activity. It gives us the ability for us to actively threat hunt. This is not something where it's a passive response tool where we watch things happen. In contrast, it actually does some heuristics, and some behavioral analysis, and we're able to do some prevention with it as well. I think that's really the strongest attribute, and it makes this a more aggressive tool than others.

What needs improvement?

In some areas one of the big issues for me is responsiveness to issues that arise with the solution. There are some components that leave a bit to be desired and/or that are bugs, or that even if it's a feature update request. These kinds of things are not the fastest company to respond to those. We did have a bug that was persistent for it's now going on two months and it hasn't been fixed. That is one of the drawbacks. This is really impacting what we need to do with it. But, the bigger issue is the organizational responsiveness to clients.

In addition, I think there should be a cloud gateway. It needs to move into a transitory space between our On-Premise and external where it does not have to be in two separate instances. It should marry the two. Also, it would be good to have them working in the containerization space, as well. To have a mechanism for securing cloud modules a bit better. This would be ideal. It would help encompass more of the broad range security so we do not have to couple this with other outside solutions.

For how long have I used the solution?

Less than one year.

What do I think about the stability of the solution?

 It implements and integrates very well with other security tools, cybersecurity tools.

How is customer service and technical support?

The tech support communicates, but it's just not with movement. They are responsive, yet there is no quick motion often in regards to resolving the issue. I would personally give the tech support a rating of seven out of ten. 

How was the initial setup?

The setup really depends on a few crucial elements. It depends on where we are, what region, what country we're in, and what PIA rules they have in place. For the most part, it is a fairly straightforward setup. I will say in the initial setup, Carbon Black was very responsive. They were really good at providing the assistance and the support we needed to get it set up, but it was not an extremely hard task.

What was our ROI?

It has the ability for you to upload the scripts or anything you want to run anywhere. The capabilities of this tool are almost limitless. That is why Carbon Black is a leader. You can run whatever script you want by uploading it to the tool. This is a very, very comprehensive feature.

Which other solutions did I evaluate?

We also looked at Rsam and ESET. We've used a multitude. So yes, we have.

What other advice do I have?

  • Make ssure that your firewall ports open and really test communication back to their server. 
  • Make sure you don't have anything else that may be impeding it. 
  • If you are dealing with any PIA countries or GSA (also known as TAA) countries, make sure you're working through their work councils.
  • Make sure you look at a holistic perspective and have a plan in place on how to use this tool.
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Buyer's Guide
VMware Carbon Black Endpoint
February 2024
Learn what your peers think about VMware Carbon Black Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: February 2024.
763,955 professionals have used our research since 2012.
Andrew Nai - PeerSpot reviewer
Lead Infrastructure Engineer at Government of Singapore
MSP
Well priced with a good visualization tree but doesn't allow for high availability configuration
Pros and Cons
  • "The solution is stable."
  • "There's some disparity between the on-premise and the cloud type of application."

What is our primary use case?

We're providing this product to our customers. The main intention of using this product is to detect small malware and for vulnerabilities and scanning detection in real-time.

What is most valuable?

The Intel fit was very extensive and comprehensive enough. The visualization tree product feature in this CB defense is quite good. These are the two more notable product features.

The pricing is excellent.

The solution is stable.

What needs improvement?

There's some disparity between the on-premise and the cloud type of application. We basically manage applications versus SaaS-based ones. We were hoping that some of the more advanced features that they offer in the SaaS actually could be similarly offered for the on-premise managed applications. We find that cloud-based solutions are particularly more advanced in product roadmaps compared to on-prem.

There should be more roles in support. There needs to be support for multi-tenancy, the likes of multiple names space. When you use that in a very large organization, you have many departments. It doesn't really provide grouping by department, et cetera. 

There's actually a lagging feature that we saw in the SaaS, yet not on the on-premise setup. It seems like the on-premise one was really, really meant for a single department setup rather than for multiple departments.

The solution doesn't allow for high availability configuration. That's also a negative impact relating to the product.

For how long have I used the solution?

We have been using this solution for about two years.

What do I think about the stability of the solution?

Stability-wise, the product has been quite stable. There's no issue. The maintenance was quite straightforward, and if you don't really touch it, you won't have stability problems. 

What do I think about the scalability of the solution?

Medium to large companies will be selecting Carbon Black solutions mainly due to the fact that they needed this to better the security posture checks in the environment, typically in the more regulated environment. Regulatory, regulated environments or companies that are more security-centric will go for this type of product.

While it can scale, it only supports non-HA. Scalability is quite limited. You can only scale vertically - not horizontally.

How are customer service and support?

Technical support can be much improved. They're quite lagged in terms of their support and post-sales. In terms of the roadmap to sell, they tend to sell more towards endpoints and very large enterprises. For a server base, it would lose itself. That's not really their main focus at this point in time. Therefore, it's not as good there.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

I'm also familiar with Trend Micro. Trend Micro is advancing the product, keeping it fairly up to date, and covering some aspects of the EDR over time and they're doing a lot of catching up. They actually have caught up. The technology now is quite fairly similar - it's just that the initial focus was in different areas, however, they are filling this gap. It's actually a very strong competitor. In terms of user, features-wise, et cetera, this solution is quite on par. Trend Micro is a security-focused company, so from an enterprise point, probably they are more focused than Carbon Black nowadays being bought over by VMware. Security is probably not their main area of focus at this point in time. 

How was the initial setup?

The initial setup is a bit of a mix. It is simple in the sense the setup was quite straightforward, however, when it comes to configuring for other supports, like emails, notifications, Syslog, et cetera, this identity provider's power integration, which we did for our SML 2.0, is powered based, rather than supported directly through the GUI. That was not so user-friendly, or more complex in terms of configuration.

On a scale from one to five in terms of ease of setup, it'll be about three. It probably takes about half a day just to complete the configuration setup.

The maintenance so far has been quite fairly straightforward. We don't really have any issues with the maintenance. Obviously, I didn't want the downside of the product side, maybe one of the cons is that it doesn't really support HA high availability setup configuration. 

What's my experience with pricing, setup cost, and licensing?

We have a contract, we have actually a BOT tender contract where our different customers from different departments actually purchase their licensing. Generally, the pricing is from a unique cost perspective. I wouldn't know exactly how much they buy typically, as they procure their licenses on their own. Typically, if you compared the pricing to Trend Micro, it's probably about half the cost.

What other advice do I have?

We're not quite a partner. We are a systems integrator and reseller. 

We do not have the latest update. We integrate that into our Azure AD itself.

We have the solution deployed both on the cloud and on-premises. 

I'd recommend the solution based on the cost. It's really subjective to the organization's needs. If it's for a single, small department, it's fine. If it's for a large organization itself, some of it lacks. Enterprise capabilities are probably a hindrance for a large organization to take up such a product. The limitations of supporting multiple departments with different roles and users, for them to configure what they need, would be a problem. When you talk about alerts et cetera, and also certain tracks, different departments actually probably they have their own different needs, so they wanted something to be a little bit independent, where the configuration settings are unique to the department, rather than something that can only be common for all departments in the current setup.

I'd rate the solution six out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: My company has a business relationship with this vendor other than being a customer: Integrator
PeerSpot user
Adriano Gross - PeerSpot reviewer
Information Security Consultant at a recruiting/HR firm with 10,001+ employees
Consultant
Top 10
Has an efficient feature for incident detection and response, but its technical support services need improvement
Pros and Cons
  • "The product enables device controls, helping us protect the devices and prevent data leakages."
  • "The device control feature could also be compatible with the user’s profile as well."

What is our primary use case?

We use VMware Carbon Black Endpoint to protect endpoints in our company.

How has it helped my organization?

The product enables device controls, helping us protect the devices and prevent data leakages.

What is most valuable?

The product’s most valuable feature is incident detection and response.

What needs improvement?

It is challenging to reach the product’s technical support team. This particular area needs improvement. The device control feature could also be compatible with the user’s profile as well.

For how long have I used the solution?

We have been using VMware Carbon Black Endpoint for a year.

What do I think about the stability of the solution?

The product has good stability.

What do I think about the scalability of the solution?

I rate the platform’s scalability an eight out of ten.

How was the initial setup?

The initial setup process is simple.

What was our ROI?

VMware Carbon Black Endpoint generates a good return on investment regarding environment protection.

What's my experience with pricing, setup cost, and licensing?

The product’s price is less expensive than other vendors.

What other advice do I have?

I rate VMware Carbon Black Endpoint a seven out of ten. I recommend it to the companies with less budget. If there are no budget constraints, they can use other products like CrowdStrike Falcon or Cylance.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Isanka Attanayake - PeerSpot reviewer
Manager - Information Technology Infrastructure and Development Support at Royal Ceramics
Real User
Provides endpoint security without a lot of intervention, but client performance could be improved
Pros and Cons
  • "The solution is very useful and easy to handle. You don't need much intervention with this product."
  • "The local technical support is very poor, but the support from headquarters is very nice."

What is our primary use case?

We use this solution as our endpoint security system. The solution is cloud-based.

What is most valuable?

The solution is very useful and easy to handle. You don't need much intervention with this product.

What needs improvement?

The client performance could be improved. When you install it in the client, the performance gets a bit disturbed.

In the user interface, the user needs to have more visibility regarding what's happening because it gives you a very simple client for the user. It doesn't give a full output for the user. It would be great if that could be improved.

For how long have I used the solution?

I have been using this solution for more than four years. We are working with the latest version.

What do I think about the stability of the solution?

The solution is really stable. 

What do I think about the scalability of the solution?

It is scalable.

How are customer service and support?

The local technical support is very poor, but the support from headquarters is very nice.

For the local technical support, I would rather rate it at one, even zero, out of five. I would rate the global support at three or four out of five.

Which solution did I use previously and why did I switch?

We previously used Kaspersky, and we switched to Carbon Black because it's a cloud-based application. It also requires minimum handling and basically runs on its own when you set the policy, so it's very easy.

How was the initial setup?

The solution is a bit complex. Deployment took around six months.

What about the implementation team?

The partners helped us. 

What's my experience with pricing, setup cost, and licensing?

The license is annual. It's a standard license.

What other advice do I have?

I would rate this solution 7 out of 10 because of the support.

The product is very smooth and pretty simple. I like it, and anyone can use it. My advice is to be careful about the partners when you're selecting. 

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Threat and Vulnerability Engineer at Horizon Blue Cross Blue Shield of New Jersey
Real User
Has simplified management, has a nice UI, and it's very simple but EDR needs improvement
Pros and Cons
  • "What I like the most about it is the dynamic grouping, where you get to group endpoints based on setup criteria. That's pretty cool. I like the simplified policy management and simplified white-listing process."
  • "The EDR portion could be better. I'm not a big fan, but it works."

What is most valuable?

What I like the most about it is the dynamic grouping, where you get to group endpoints based on setup criteria. That's pretty cool. I like the simplified policy management and simplified white-listing process. Coming from McAfee, management has been much simpler and much easier to look at. 

I like the simplified management, it has a nice UI, and it's very simple.

What needs improvement?

The EDR portion could be better. I'm not a big fan, but it works.

The End Point Detection Response and the way it lays our processes with our endpoint and its detection engine, in the way that it detects the admin or alerts we based on a threat. I feel that they're a little behind on the market from my perspective.  

Overall, areas of improvement would be the EDR part, the detection, also the cloud console. If you're trying to write queries or something, it's very slow, just not robust.

It's a cloud console so it should be fast. If I run a query and I press enter, if it took two seconds, it wouldn't give me a nice loading interface, because it's stuck. I would see an operating system most of the time. 

I feel like it should be faster. But as far as the price and everything, I think it's a good product.

For how long have I used the solution?

We're actually doing a migration from McAfee to Carbon Black. The migration project has been about 12 months right now. We're slowly migrating.

What do I think about the stability of the solution?

Stability is one thing that's not robust. Other products are faster, but as far as the CB Defense, it's slow. We had some issues with the sensors and we also saw slowness on the Windows side, Windows file share, which actually was fixed in the next new version of the sensor.

I'm the only network security person here. But the other users who have different roles have access as well. In my team, there are five or six people. But I'm the only one actually directing changes.

We use it on a daily basis. 

There are always alerts so I'll always have to check into alerts and see what's going on and then do some more analysis. If it's a new application we are implementing that will also need to be configured on Carbon. 

How was the initial setup?

The deployment process is straightforward. 

We're still deploying it slowly, little by little because we use a lot of critical applications and if Carbon Black interferes with the application, it will stop working. It needs to be tested thoroughly. It's a long process. 

All of its applications need to be tested thoroughly and then tested in a testing environment. Then we deploy and monitor, make changes, and stuff like that. As far as general users, laptops, and stuff, that's pretty straightforward. It's just part of the image. I have to write that script to uninstall McAfee, the whole migration. It's pretty straightforward. It wasn't complex as far as the installation or deployment.

What about the implementation team?

There was also a technical lead for this project. It automatically comes with professional services for 10 hours and the documentation is pretty clear. The professors helped through the process. 

What's my experience with pricing, setup cost, and licensing?

I think it's 28 per employee a year. 

Which other solutions did I evaluate?

We also looked at CrowdStrike but it was a little too expensive. 

What other advice do I have?

The implementation is very easy but the security aspects could be better. 

If you don't have a SIEM solution in your organization, you're probably engaging via email.But there's no way to point me to customize the email templates if I want to see more information on that email before going to the console. It's still a business and company, but I'm the only one who is managing everything. So when I see the email on my phone, I want to see more information before logging into the console. I want to see more filtering options to narrow down more field training. 

I also wish it was easier and more intuitive in terms of searching for queries. I feel like it should be simpler. It doesn't make sense to have it this hard.

I would rate it a seven out of ten. 

Which deployment model are you using for this solution?

On-premises
Disclosure: I am a real user, and this review is based on my own experience and opinions.
PeerSpot user
Founder/CEO at KRISTICH SECURITY SERVICES LLC
Consultant
Symantec opened our eyes to be able to see what's out there, but then we needed Carbon Black to be able to actively fix it
Pros and Cons
  • "The biggest feature out of CarbonBlack is its ability to dive in with more depth. You can look at the entire kill chain and understand, not only if an alarm or identified incident is truly a true security issue versus a false positive, and it allows us to backtrack and figure out why it actually happened and how it got into the environment."
  • "Carbon Black needs to do a better job of proving their platform in the industry, and providing a bit more access to do industry testing with real world examples to help prove their platform."

What is our primary use case?

We are a partner in the managed security service provider (MSSP) space. We service hundreds of customers globally. We implement these solutions on behalf of our customers. 

With Carbon Black, we've been using them for about six years. We're an MSSP and channel partner with them, as well as an incident response partner. We were like the second incident response company registered with them (through that program) to start using the cb Defense platform. We also integrate it with SIEM. However, we're using it in a managed service capacity. We usually implement it, then manage the platform for our clients long-term. It's used for traditional antivirus, real-time threat protection and prevention, and it also provides us with the ability to do more in-depth investigations into endpoints. With the product, we can do a bit of threat hunting along with managed detection and response. The platform works quite well using it in this capacity.

With Symantec, we have been using it for about six years. We integrate it with our SIEM products. We have a lot of customers who actually run it, so we see it quite often. We collect a lot of data from Symantec and help with responding to anything that Symantec finds. We've had a chance to use the product quite a lot.

What is most valuable?

The biggest feature out of Carbon Black is its ability to dive in with more depth. You can look at the entire kill chain and understand, not only if an alarm or identified incident is truly a true security issue versus a false positive, and it allows us to backtrack and figure out why it actually happened and how it got into the environment. It also helps us determine what other things may have been impacted along with it, from an asset standpoint. It allows us to go into more depth than a more traditional antivirus, like Symantec.

Symantec is more of a traditional antivirus. A lot of it is signature-based. It works quite well for normal protection. It is pretty stable and consistent. It seems to work across the board. There are no real issues to speak of it, which is a definitely a positive thing. One of the more beneficial things is that it does include the active endpoint firewall with it, which allows your endpoints to have a bit more above the standard Windows firewall, then collect all the logs from that. This is a good feature from their firewall piece. Also, the logging out of Symantec is quite good, as you put a lot of great logs into a SIEM or any other log collector from the platform.

The difference between the two products is the level of visibility and depth that you get when investigating alarms or issues. You can go a bit deeper with Carbon Black. Symantec does have an additional add-on, which we have not seen since it is a relatively new component. They call it Advanced Threat Protection. It uses the same endpoint, but has a separate license with additional costs, which is meant to allow you to go a little deeper in terms of endpoint and incident investigations. However, it doesn't provide the interactive drill down, prevention, and response capabilities that you need to be able to isolate a system, delete files, or actively kill processes which have been helpful with Carbon Black.

What needs improvement?

Symantec needs more investigative features out-of-the-box. Though, they are using the Advanced Threat Protection add-on to correct some of this. It is also not quite as feature-rich as some of the more advanced MDR platforms out there.

Carbon Black needs to do a better job of proving their platform in the industry, and providing a bit more access to do industry testing with real world examples to help prove their platform. In additional, they have been actively porting over a lot of features from some of their other products, and they should continue to expand on that. Going forward, this will be extremely helpful.

For how long have I used the solution?

More than five years.

What do I think about the stability of the solution?

We've been quite happy with the stability of Carbon Black. 

Symantec has a much longer history of having a good, proven, stable platform. That is the big difference. 

I can't really speak to any particular issues that we've had with one versus the other. They both seem pretty good.

What do I think about the scalability of the solution?

The scalability is about the same between Carbon Black and Symantec. I don't know that we've actually tried to use them in an environment that was large enough to cause us any sort of issues, or even thought twice about scalability. Both of these products work quite well in extremely large environments.

One thing to consider with Carbon Black is you do have much more data. You can define many more policies that are more specific to groups. The management of that becomes more difficult as the environment gets larger. I don't think that necessarily is the case with Symantec. It might end up being a bit more time consuming to manage Carbon Black as it gets larger. In terms of these products' capabilities and the ability to support large environments all the way down to small ones, I don't think it matters.

How are customer service and technical support?

Carbon Black has a great community portal which has all sorts of documentation where you have the ability to ask questions and people answer it quite well. There is a lot of material there with access to content, which assists with the learning and troubleshooting.

Which solution did I use previously and why did I switch?

Because of the limitations that Symantec provided, and the fact that we were seeing data that was extremely helpful from the Symantec logs, yet it didn't provide us a way to investigate it further or respond to it. This led us down a path of looking for a platform like Carbon Black, which has allowed us to handle the data without having to add additional products. This opened our eyes to be able to see what's out there, but then we needed something to be able to actively fix it, as well.

How was the initial setup?

Symantec is a more traditional platform where you set it up and install it. If you're using a cloud platform, then you obtain access to the system. You need to define all the exceptions that you know need to be implemented based on the applications that you are running. Then, you deploy your endpoints, which should pull down the policies with the approved exceptions. Then, you work through any issues. 

With Carbon Black, you have to go through a longer period of monitoring what exists in the environments. We deploy the agents in a monitoring type only mode, which can exist alongside another antivirus product, like Symantec.

You could technically have Symantec installed in normal mode, then Carbon Black in monitoring mode right next to it. We let that run for a period of time to gather information about what is running in the environment actively to help identify the types of things that we'll have to build policies around. The policies can be pretty in-depth, so it can take quite a long time to actually build them, if you want to be extremely careful about not creating any false negatives in the environment. 

It can take quite a bit longer to implement Carbon Black properly. It takes one to two days to implement Symantec. Though, I don't know for certain, because we don't implement it. For Carbon Black, we typically look at three to eight days of active work over a period of a couple of months to get it implemented, working properly, and tuned up correctly.

What's my experience with pricing, setup cost, and licensing?

The licensing costs are comparable between the two products. If you're purchasing the product, they're both typically a traditional license model with an annual type fee or multiyear. The fees are the cost of the professional services to get the system up and running. It depends on the size of the environment. The size and complexity are what it really comes down to. It will be relatively consistent with whether it was MSSP versus a direct purchase.

Carbon Black might be a touch more expensive. They tend to get a premium for their capabilities. They're sort of an industry leader in a lot of areas with the functionality that they provide. 

Symantec gets a bit more aggressive with their pricing, and with their discounts as well. They do have a much larger customer base because they've been around so long.

As an MSSP, we do provide the entire platform on a monthly fee, which a lot of people do like, because that rolls the licensing and all of the management into the cost of the system on a per endpoint basis, paying for the initial costs to get up and running. Even if it's a three to five year implementation, it will be a fixed monthly cost, assuming the number of endpoints doesn't change. That's one good thing about the Carbon Black MSSP program that we have access to is that flexibility with the monthly billing. With very large implementations, this could be a significant difference in spend over three years versus having to do one extremely large capital purchase.

What other advice do I have?

Symantec aligns with a more traditional antivirus that a lot of people are just more familiar with. It has traditional signature sets, exceptions, and policies. When you're talking medium sized implementations, where it's several hundred or a couple thousand endpoints, it's pretty straightforward. 

The learning curve with Carbon Black is considerably more extensive. You have considerably more ability in the platform to do investigations and custom policies, as it can do more in-depth searches and queries about what's actually going on at an endpoint level, which you don't have with Symantec. You really have to understand exactly what you're trying to accomplish. The product itself works quite well. It's pretty intuitive, but there is so much more data and capabilities at your fingertips. It definitely takes more time to learn it.

If you are evaluating these products: Evaluate what your enterprise looks like and what your current security controls are. Understand what exists, what needs to be protected, and what other tools there are in the organization. This makes a big difference in the decision-making process. For example, Carbon Black is 100 percent cloud-based. There is no on-premise option. If you have requirements for systems that can't access the internet, whether it be classified environments or otherwise, it's more difficult to get as much value out of a system which is only cloud-based if you have air gaps. A more traditional on-premise solution might work better, like Symantec, in this scenario. However, if you have a largely mobile workforce with a lot of high risk employees who travel, having cloud-based works perfectly for that sort of environment, as you're getting data with the ability to access and respond to issues regardless of where systems are, as long as they're online.

However, if EDR tools already exist in an environment, you might not need a full in-depth product, like CarbonBlack, where a more traditional antivirus coupled with another EDR product might get you the capabilities that you need. Albeit, it would require multiple products to cover the environment. 

I would rate Carbon Black as a nine out of ten, because it provides industry leading features, which give us the ability to do the investigations that we need to. It just makes an enormous difference.

I would rate Symantec as a seven out of ten. It works quite well. It is feature-rich, stable, more traditional product.

Disclosure: My company has a business relationship with this vendor other than being a customer: Partner.
PeerSpot user
Head Of Information Security Department at a insurance company with 201-500 employees
Real User
Top 20
Though a stable tool that offers EDR functionalities, it needs to introduce a host-based IDS for improvement
Pros and Cons
  • "It is a stable solution...The initial setup of VMware Carbon Black Endpoint was easy."
  • "In our company, we also wanted to have network detection, like a host-based IDS on VMware Carbon Black Endpoint, but we did not get it."

What is our primary use case?

My company uses VMware Carbon Black Endpoint for generic endpoint activity detection. We also use it for some investigation using an osquery in our company. VMware Carbon Black Endpoint is useful for blocking some applications and vulnerability assessment of endpoints.

What is most valuable?

The most valuable feature of the solution is its EDR functionality. The osquery functionality of the product is also very good since it allows us to investigate special cases. Vulnerability management is another good feature of the product.

What needs improvement?

VMware Carbon Black Endpoint takes a step back when compared to other solutions in the market. Cortex XDR is a better solution compared to VMware Carbon Black Endpoint. In our company, we also wanted to have network detection, like a host-based IDS on VMware Carbon Black Endpoint, but we did not get it. The aforementioned reasons have forced our company to look for an upgrade or another solution altogether.

In the future, I would like to see VMware Carbon Black Endpoint offering a host-based intrusion detection system with a better incident response within the platform where you can raise an incident, assign it, and have some response functionality in it, like triaging the incident and other stuff.

For how long have I used the solution?

I have been using VMware Carbon Black Endpoint for three years. I use the solution's cloud version, which is the latest version. I am a customer of the solution.

What do I think about the stability of the solution?

It is a stable solution.

What do I think about the scalability of the solution?

Around ten to eleven people use the solution in our company.

How are customer service and support?

In our company, we did not face many technical issues with the product. Over the span of the years we have been using the solution, there were only two not-so-difficult instances we encountered using the solution, but we were able to find the answers to resolve the issues. We did not face issues that needed the intervention of technical support.

I rate the technical support a seven out of ten.

How would you rate customer service and support?

Neutral

Which solution did I use previously and why did I switch?

Previously, we were using a signature-based antivirus, Symantec Antivirus, in our company.

How was the initial setup?

The initial setup of VMware Carbon Black Endpoint was easy.

The solution is deployed on a public cloud.

The deployment phase took about a month to get deployed to all the endpoints using the agent, but the most difficult part was tuning the policy, which took the most time based on the alarm policy and alert policy. I feel the aforementioned phases of deployment are a regular process.

I do not want to discuss the actual number of people involved in the deployment process, but I can say that the deployment was not done for a small company.

What about the implementation team?

I was involved in the implementation phase of the solution.

What's my experience with pricing, setup cost, and licensing?

Price-wise, VMware Carbon Black Endpoint is a highly-priced solution. Regarding the licensing cost of the solution, one needs to opt for an annual subscription.

Which other solutions did I evaluate?

One of the main advantages of Cortex XDR over VMware Carbon Black Endpoint is that Cortex XDR has an intrusion detection system. Cortex XDR has a host-based IDS, and such a feature doesn't exist in VMware Carbon Black Endpoint. Cortex XDR has VMware Carbon Black Endpoint's functions and much more than they need.

Palo Alto is a product that our company has considered during its current evaluation process.

What other advice do I have?

I would say that VMware Carbon Black Endpoint is a very good solution for those planning to use it. If a person has certain cost constraints, then VMware Carbon Black Endpoint may not be the best solution since many cheaper or even open-source solutions can provide the same functionalities as VMware Carbon Black Endpoint. I feel that with a good budget, a better solution can be available in the market.

I rate the overall a seven and a half out of ten.

Which deployment model are you using for this solution?

Public Cloud
Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user
Buyer's Guide
Download our free VMware Carbon Black Endpoint Report and get advice and tips from experienced pros sharing their opinions.
Updated: February 2024
Buyer's Guide
Download our free VMware Carbon Black Endpoint Report and get advice and tips from experienced pros sharing their opinions.