VMware Carbon Black Endpoint Room for Improvement

KarthikR1 - PeerSpot reviewer
Consultant at NCR Corporation

The compatibility of Carbon Black CB Defense with operating systems is the only issue. Certain OS are not supported, resulting in an inability to install PDC. The deployment of sensors requires extensive fine-tuning, which should be a simple process. To streamline this process, they should create deployment packages with customized options based on policies and other factors. Creating these packages ourselves is time-consuming, which can impede our productivity. There is also a bypass issue that needs to be considered.

Improvements are needed to address the compatibility issues between operating systems and Carbon Black CB Defense. Sometimes, the sensor enters a block state for unknown reasons. To prevent this, it would be helpful if they added a feature to ensure that it does not cause any problems. Additionally, there are issues with collecting events from machines due to sensor problems. We are working with Gateway to connect to all PCI or DMZ environments, and it would be beneficial to have a simpler configuration at the architecture levels.

In reality, the deployment process is more complicated. We must add a script to customize the deployment process and deploy it on Mission C. Afterward, we install the sensor, which requires a company code, policy name, and other essential details. Furthermore, we are experiencing other issues, such as VMs pausing applications due to CBC. Troubleshooting these problems is time-consuming, and we usually must report the problem to the vendor, whose analysis can take an hour or longer. By that time, critical business functions may have already been impacted.

Container protection is still in the initial stage, where they have integration in the market, but there's a lot of room for improvement, and there are a lot of changes required.

View full review »
Andrew Nai - PeerSpot reviewer
Lead Infrastructure Engineer at Government of Singapore

There's some disparity between the on-premise and the cloud type of application. We basically manage applications versus SaaS-based ones. We were hoping that some of the more advanced features that they offer in the SaaS actually could be similarly offered for the on-premise managed applications. We find that cloud-based solutions are particularly more advanced in product roadmaps compared to on-prem.

There should be more roles in support. There needs to be support for multi-tenancy, the likes of multiple names space. When you use that in a very large organization, you have many departments. It doesn't really provide grouping by department, et cetera. 

There's actually a lagging feature that we saw in the SaaS, yet not on the on-premise setup. It seems like the on-premise one was really, really meant for a single department setup rather than for multiple departments.

The solution doesn't allow for high availability configuration. That's also a negative impact relating to the product.

View full review »
UK
Director-International Trade Operations - India Middle East at Dow

In my company, we face issues sometimes when there is a need to write custom rules or we want to write for some rules that are different from the standard rules provided by the solution. A person needs to set up some rules for end-user machines, during which the person needs to be completely aware of the tool and the user interface. Without proper knowledge, a person can't write custom rules. In general, a person without proper knowledge cannot set up the rules in the UI. The challenge is that if I write one custom rule and put it on all users, then sometimes it may not work for some of the users, while it may work for others. Some developers may work with some files that are mandatory for them to run regularly, and if my team wants to block such files, then we can mention it in our custom file name, but that also blocks the file for the developers. If the files used by developers get blocked, then the developers can raise an issue and state that they need an exemption for those particular programs since they need to run them regularly.

Writing custom rules, stability, and pricing are areas of concern in the solution that need improvement.

View full review »
Buyer's Guide
VMware Carbon Black Endpoint
February 2024
Learn what your peers think about VMware Carbon Black Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: February 2024.
763,955 professionals have used our research since 2012.
Ashish Dubey - PeerSpot reviewer
Lead Security Analyst at SecurityHQ

When you're investigating an alert, you will get a graph and will see the details related to the process that triggered the alert. Below the graph, there are network connections, file modifications, industry modifications, and multiple other activities. If you want to specifically find which additional modification has been performed, you will have to find the log you're searching for. There isn't a search bar to check for file modifications or network connections. In that case, you don't have a search bar, so you have to check each and every event, which could be more than 1,000.

You would have to check 1,000 events manually, or you would have to export sheets to view what you are searching for. If they added a search bar, it would reduce the time it takes to do investigations.

If you want to log into a device, there's a process named winlogon.exe, which is supposed to be initiated. If I'm using Carbon Black, I will have to check where winlogon.exe is being observed or at what time it was being observed. Because there's no search bar, I will have to check for the event in all the device events.

A search bar in the investigation page and some AI-related tasks like outgoing alerts, or recent tactics that are being used in the market, must be embedded in the tool so that it's easier to find alerts. The AI must be stronger so it can identify activity that is actually malicious.

View full review »
MR
Head Of Information Security Department at a insurance company with 201-500 employees

VMware Carbon Black Endpoint takes a step back when compared to other solutions in the market. Cortex XDR is a better solution compared to VMware Carbon Black Endpoint. In our company, we also wanted to have network detection, like a host-based IDS on VMware Carbon Black Endpoint, but we did not get it. The aforementioned reasons have forced our company to look for an upgrade or another solution altogether.

In the future, I would like to see VMware Carbon Black Endpoint offering a host-based intrusion detection system with a better incident response within the platform where you can raise an incident, assign it, and have some response functionality in it, like triaging the incident and other stuff.

View full review »
KarthikR1 - PeerSpot reviewer
Consultant at NCR Corporation

The maturity of the Kubernetes security is absent in Carbon Black CB Defense. The solution has to mature on container security and a lot of cloud environment security. Security is available only for Windows, while security for Linux and Mac is not very strong.

The deadlock issue causes me to put more effort into installing an upgrade.

The numerous issues with the environment of the product solution should be addressed. Work orders are taking more than two months to get resolved. There's been one issue open for two months, and the solution they gave is being implemented step by step. Still, it is not meeting the requirements and breaking the system. Hence, our business is completely disturbed.

View full review »
KL
Senior Director, Information Technology at C.E. Niehoff & Co.

Currently, it's hard to comment on areas for improvement, because I haven't used Carbon Black CB Defense long enough.

What was rolled out to my company are mixed versions of Carbon Black CB Defense, so what I'd like to see in the next release is more synchronization, where it can detect the endpoint that's running an old version and suggest updates. That's the only thing I can think of right now.

View full review »
IT
Group CIO at a construction company with 10,001+ employees

There is room for improvement in the support and service team. The response time could be faster. That's why I switched because the support was not as expected from a company like Carbon Black.

View full review »
Luciano Batalha - PeerSpot reviewer
Systems Engineer at EVONICEVONIC

The product's reporting capabilities are an area of concern where improvements are required.

From an improvement perspective, the price of the product needs to be lowered.

View full review »
RizwanAlam - PeerSpot reviewer
AVP - Information Security Governence & Risk Management at Allied Bank Limited

There is no option for the solution to block automatically based on behavior. First, the solution needs a lot of time to record all the behaviors. Then, we manually have to create a behavior analysis rule to detect any malicious activity. The solution would be improved and be more effective if there was a way for this process to be done automatically.

View full review »
WAKKAS AHMAD - PeerSpot reviewer
Security Consultant at Mahle

I would say that the technical support team should be improved since it takes them a lot of time to provide us with support.

In the next release, I would like to see a host-based firewall.

View full review »
EK
Cyber Security Manager Senior Specialist at a university with 501-1,000 employees

Right now, Carbon Black CB Defense doesn't support cloud computing and Kubernetes. However, if it does support them, then it would be better.

View full review »
Ramesh RP - PeerSpot reviewer
Security Analyst at Halian

It would be good if Splunk integration or something similar to Splunk integration is available for this solution.

View full review »
Ricardo Franco Mahecha - PeerSpot reviewer
VMware Consultant at V2S Corporation

There is room for improvement in the proxy servers. The implementation and management of those servers are difficult.

The proxy servers have proxy servers in place to not connect directly to the Internet, and the implementation and management of those servers are difficult.

Moreover, some customers request disabling Bluetooth in endpoints, but Carbon Black doesn't do that. So, there should be some flexibility for customization.

View full review »
Matthew Weisler - PeerSpot reviewer
Sole Proprietor at Core-Infosec

It would be nice to have additional forensic tools that you can build into the back end. Nothing extensive, but some additional capabilities for forensics or triage would be useful. 

There can be some hiccups with threat intel feeds based on a client's third-party agreements. 

View full review »
Nikunj Kamboj - PeerSpot reviewer
Cybersecurity Analyst at OnX Canada

Performing a malware scan usually takes a lot of time, more than 24 hours.

View full review »
Durai  Singh - PeerSpot reviewer
Business Owner at Ararat Technologies

Getting the right technical support is a challenge.

View full review »
A(
Cyber Security and Compliance Consultant at Caretower

The product must improve its integration. One of my clients wants to move away from Carbon Black because it doesn't integrate well with their SIEM service. They use Rapid7. Carbon Black has limited capability to integrate with Rapid7. It is something the solution must work on.

View full review »
SL
ICT/Systems Application Engineer at Honeywell

I would like to see the user credentials feature improved. I would also like to see more reporting features and better ways to roll the reports out.

View full review »
Adriano Gross - PeerSpot reviewer
Information Security Consultant at a recruiting/HR firm with 10,001+ employees

It is challenging to reach the product’s technical support team. This particular area needs improvement. The device control feature could also be compatible with the user’s profile as well.

View full review »
Suzan Demir - PeerSpot reviewer
Sales Operations Specialist at ADEO IT Consulting Services

CB Defense could be more compatible with Linux, and its cloud provision could be improved.

View full review »
JT
Senior Consultant at Palsys

The product's stability could be improved.

View full review »
TR
Product Engineer Cyber Security at a energy/utilities company with 51-200 employees

It is challenging to extract a report on the status of ongoing scans. They should work on this particular area of the solution.

View full review »
Buyer's Guide
VMware Carbon Black Endpoint
February 2024
Learn what your peers think about VMware Carbon Black Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: February 2024.
763,955 professionals have used our research since 2012.