Carbon Black CB Defense OverviewUNIXBusinessApplication

Carbon Black CB Defense is the #1 ranked solution in our list of top Security Incident Response tools. It is most often compared to CrowdStrike Falcon: Carbon Black CB Defense vs CrowdStrike Falcon

What is Carbon Black CB Defense?

CB Defense is an industry-leading next-generation antivirus (NGAV) and endpoint detection and response (EDR) solution. CB Defense is delivered through the CB Predictive Security Cloud, an endpoint protection platform that consolidates security in the cloud using a single agent, console and data set. CB Defense is certified to replace AV and designed to deliver the best endpoint security with the least amount of administrative effort. It protects against the full spectrum of modern cyber attacks, including the ability to detect and prevent both known and unknown attacks. CB Defense leverages the powerful capabilities of the CB Predictive Security Cloud, applying our unique streaming analytics to unfiltered endpoint data in order to predict, detect, prevent, respond to and remediate cyber threats. In addition, CB Defense provides a suite of response and remediation tools, including Live Response, which allows security personnel to perform remote live investigations, intervene with ongoing attacks and instantly remediate endpoint threats. For peace of mind, CB Defense customers can also leverage CB ThreatSight, Carbon Black’s managed threat alert service, to validate alerts and uncover new threats.

Carbon Black CB Defense is also known as Bit9, Confer.

Carbon Black CB Defense Buyer's Guide

Download the Carbon Black CB Defense Buyer's Guide including reviews and more. Updated: September 2021

Carbon Black CB Defense Customers

Netflix, Progress Residential, Indeed, Hologic, Gentle Giant, Samsung Research America

Carbon Black CB Defense Video

Pricing Advice

What users are saying about Carbon Black CB Defense pricing:
  • "We have branches, we have different companies, but we cannot buy less than 100 licenses. This does not make sense to me... It should be more flexible. I can understand their saying, "Okay, to be a customer you need 100," but to add on to that number it should be something very straightforward. If I need to add five, for example, I shouldn't need to add 100."

Filter Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Imad Taha
Group CIO at a construction company with 10,001+ employees
Real User
Top 20
Centralization via the cloud allows us to protect and control people working from home

What is our primary use case?

We started using it to protect our environment from ransomware specifically.

Pros and Cons

  • "You can deploy it through the cloud so that even if your stuff is outside of your controlled environment, you are still under control, based on the policies you create. The policies are controlled through the cloud. For example, if I don't allow anyone to do a certain activity or to install a particular app, and a consultant or a partner who is not part of our environment is doing so, it will stop them as well."
  • "As far as I know, Carbon Defense has nothing that can be installed on mobile devices. It lacks a defense solution for mobile devices, especially mobile tablets. I would like to see support for mobile devices and the pricing should be less than the pricing for a normal workstation."

What other advice do I have?

My advice is to get enough information about the differences in Carbon Black products from day one. In other words, if Carbon Black is claiming that Carbon Black CB Defense is enough, why are they always promoting the more expensive product, which is Carbon Black Protect? So, you need to be educated well about the differences between the products. Also, look at the roadmap of the product regarding whether there will be good mobile protection for mobile users or not. And be aware of the minimum license purchasing policy. The number of people for maintenance of the solution depends on how your…
Randy Lahti
Founding Partner, Security Architect at ISS
Reseller
Top 10
Well organized documentation, overall superior functionality, and helpful visualizations

What is our primary use case?

Some of my client's use cases are typical endpoint protection, telemetry, and threat hunting. We are using all three of the most popular services that point back to the cloud central console.

Pros and Cons

  • "Some of the valuable features I have found are the online documentation of the solution is well organized and thorough. I like the simplicity of bypass and the visualization of the active components."
  • "This solution could have greater granular control on how certain applications work."

What other advice do I have?

My advice to others is to take advantage of the POC and work with your POC rigorously. I think we have good responses on the POC as they get closer and closer to wanting to close. We were able to get stronger and stronger and more timely support. It is a good program and they are very fair about it. In any EDR, I would test them heavily and do not rely on marketing. When applying an overall rating to this solution I do not think there are any tens in the marketplace. We very pleased and we evaluate this every year or two. In our POC, we had 200 samples including ones that were available but…
Learn what your peers think about Carbon Black CB Defense. Get advice and tips from experienced pros sharing their opinions. Updated: September 2021.
536,114 professionals have used our research since 2012.
JS
System Eng at a wholesaler/distributor with 1,001-5,000 employees
Real User
Easy to deploy, extremely scalable, and offers very good protection

What is our primary use case?

The solution is primarily used for protection. It's used on all of our servers and all of our workstations.

Pros and Cons

  • "The solution is extremely scalable."
  • "In the past, we've seen some stability issues in the latest version releases. We tend to hang back one version just to make sure issues are fully resolved to avoid user disruption."

What other advice do I have?

We're generally always using the latest version of the solution, minus one. What I mean by that is it's not always current, however, it's always at least within one of the most current versions. We've got too many things going on to really be on the bleeding edge if you will. At times to go up to the next one I want to be sure I have a good stable one. What I'll do is let's say 3.3 comes out next week, I won't necessarily go to it. I will wait until 3.4 comes out to go to 3.3. While the agents are installed locally, everything basically goes through the cloud. We don't deal with on-premises…
JB
Cyber Security Consultant with 1,001-5,000 employees
Real User
Top 20
Very customizable with good documentation and an easy initial setup

What is our primary use case?

Basically we use the solution for protecting and detecting misuse of end-users while using their end-points to access the internet, especially for browsing websites, or suspicious activity as far as misusing their web browser. It protects them from web-based attacks such as DDos (Denial of Service) or ransomware.

Pros and Cons

  • "There's lots of very useful documentation online to help troubleshoot and learn about the product."
  • "I'm not sure as to the logic of how we've decided to customize it. We've only really used it since February and therefore there may be more to do on that front. That's why it's hard to say if something is missing or if we just aren't utilizing it."

What other advice do I have?

We're just customers and end-users. We don't implement this solution for clients or anything like that. I'm not sure which version of the solution I'm using. It might be the latest, however, I can't say for sure. We use it at a bank for our endpoints. Therefore, it's likely the latest. There are between 20,000-30,000 people using the solution within our organization. It's definitely 20,000 at least. I would advise others to basically set the expectations as far as the features they expect or need from a security solution. This solution can't solve problems related to security practices within…
MP
IT Cybersecurity at a manufacturing company with 10,001+ employees
Real User
Top 20
Good alerts, easy to manually override, and allows remote access to machines

What is our primary use case?

The solution is deployed in our computers in the company. However, I can't speak to the use cases, as I'm still quite new to the company. After we apply some policies we will receive, for example, alerts. We'll look at the devices that have given us alerts and we'll look to see if there is an issue. Then we can prioritize the issues into high and low categories. We try to know what is a malicious file or malicious application and we can investigate what's happening according to the alerts in Carbon Black. Many times we've found that our policies avoid false positives. That said, sometimes, we… more »

Pros and Cons

  • "We can access computers remotely if we need to."
  • "Occasionally, we'll have issues with the latest version and they'll basically tell us that they will improve it in the next iteration. They need to work on their version release quality."

What other advice do I have?

We have deployed different versions of the solution. At this moment we have 3.5 or we have, for example, for Windows we have 3.1. We deploy it to many computers and in different countries. You need to upgrade or maybe you need to downgrade, depending on the device it's attached to. For example, we have many servers including 2016 and 2019 versions, and then we have different versions of Windows. When we decide to deploy a new version we deploy it throughout the region. We have been in America, Asia, and Europe. I'd advise other potential users that, like any solution, you need to know how to…
Dhrubo Roy
Threat and Vulnerability Engineer at Horizon Blue Cross Blue Shield of New Jersey
Real User
Top 20
Has simplified management, has a nice UI, and it's very simple but EDR needs improvement

Pros and Cons

  • "What I like the most about it is the dynamic grouping, where you get to group endpoints based on setup criteria. That's pretty cool. I like the simplified policy management and simplified white-listing process."
  • "The EDR portion could be better. I'm not a big fan, but it works."

What other advice do I have?

The implementation is very easy but the security aspects could be better. If you don't have a SIEM solution in your organization, you're probably engaging via email.But there's no way to point me to customize the email templates if I want to see more information on that email before going to the console. It's still a business and company, but I'm the only one who is managing everything. So when I see the email on my phone, I want to see more information before logging into the console. I want to see more filtering options to narrow down more field training. I also wish it was easier and more…
IG
Senior Infrastructure and Security Engineer at a manufacturing company with 51-200 employees
Real User
Top 20
Allows us to lock the environment pretty tightly and protects our organization

Pros and Cons

  • "I like its protection very much. It protects and allows us to lock the environment pretty tightly. Nothing that is not approved through Carbon Black can run in the environment. There is no default. Everything goes through Carbon Black Protect, and everything has to be first approved. Every software is considered to be guilty before prove innocent."
  • "It could be a bit complicated. You have to be very familiar with Carbon Black to understand what it is doing and why it is doing. I would like to have more explanations and simplification in the user interface. It would be good to get help and see more explanations. It should tell us that a software is blocked and the reason for it. It would be good to be able to build chains in terms of what caused what, what worked, and what caused an issue. We are now moving from Carbon Black to Cortex XDR. While choosing antivirus software, we were also looking at Carbon Black because it also has an antivirus package, and it is next-generation, but we were told that Carbon Black doesn't support firewalls. We have Palo Alto firewalls. We would have chosen this solution if it supported firewalls, in particular next-generation firewalls, but unfortunately, it doesn't. Therefore, we decided on Cortex XDR because it integrates with Palo Alto firewalls."

What other advice do I have?

It does everything that we need. We can configure it very strongly and lock the environment, which sometimes can create an administrative headache for us and some hassle for users because the users cannot install some of the software and have to ask us to enable the software, but it is exactly what we wanted. I'm pretty happy with this solution, but unfortunately, at this point, we will have to stop using this solution, but this is not what we want. We are going to use Cortex XDR, but we are not sure if it is possible to work back to back with Carbon Black. Cortex initially told us that Carbon…
HeathLord
Vice President of Sales (previously Sales Engineer) at a computer software company with 11-50 employees
Real User
Top 20
Easy to scale, technical support is good, and the product stops spyware, malware, and viruses in their tracks

What is our primary use case?

The primary use case is for stopping spyware, malware, and viruses in their tracks. It's very good at doing that. It has intelligent learning behind it and we have been very successful in preventing attacks.

Pros and Cons

  • "It has intelligent learning behind it and we have been very successful in preventing attacks."
  • "At this point, we're test-bedding several other providers right now to see if there's anything that does equally or better and that comes at a better price point."

What other advice do I have?

We have the cloud center, however, the application's installed on each endpoint individually. Each client machine has it installed, locally, so it's off-premises for us. I'm assuming that they would be running on individual client PC. The software is run here, we manage it within the cloud atmosphere. We were an authorized reseller or we were an authorized business associate of Carbon Black. Since that's moved under Dell, I don't think that's a thing anymore. I would state that as we are mainly a Dell shop, we're an all in Dell shop. And so that's just a business decision we've made. We were a…
See 15 more Carbon Black CB Defense Reviews
Buyer's Guide
Download our free Carbon Black CB Defense Report and get advice and tips from experienced pros sharing their opinions.