Carbon Black CB Defense Valuable Features

Karthik Balakrishnan
Senior Security Consultant at a manufacturing company with 10,001+ employees
Carbon Black Defense has a higher detection ratio because it's cloud-based and it also does a lookup to virus total, so it is out of like 65 vendors that are normally listed in virus total, if there are any kind of hits out of those, in that case, it is getting recognized as a known Malware or a suspected Malware. Under these categorizations, we are able to see a spike in the detection ratio. It is enlightening us with respect to what are the programs that are generally used in our environment and how they are compliant with our environment. View full review »
Darrick Kristich
Founder/CEO at Sedara
The biggest feature out of Carbon Black is its ability to dive in with more depth. You can look at the entire kill chain and understand, not only if an alarm or identified incident is truly a true security issue versus a false positive, and it allows us to backtrack and figure out why it actually happened and how it got into the environment. It also helps us determine what other things may have been impacted along with it, from an asset standpoint. It allows us to go into more depth than a more traditional antivirus, like Symantec. Symantec is more of a traditional antivirus. A lot of it is signature-based. It works quite well for normal protection. It is pretty stable and consistent. It seems to work across the board. There are no real issues to speak of it, which is a definitely a positive thing. One of the more beneficial things is that it does include the active endpoint firewall with it, which allows your endpoints to have a bit more above the standard Windows firewall, then collect all the logs from that. This is a good feature from their firewall piece. Also, the logging out of Symantec is quite good, as you put a lot of great logs into a SIEM or any other log collector from the platform. The difference between the two products is the level of visibility and depth that you get when investigating alarms or issues. You can go a bit deeper with Carbon Black. Symantec does have an additional add-on, which we have not seen since it is a relatively new component. They call it Advanced Threat Protection. It uses the same endpoint, but has a separate license with additional costs, which is meant to allow you to go a little deeper in terms of endpoint and incident investigations. However, it doesn't provide the interactive drill down, prevention, and response capabilities that you need to be able to isolate a system, delete files, or actively kill processes which have been helpful with Carbon Black. View full review »
Andre B.
Executive Business Analyst & Advisor at a financial services firm with 10,001+ employees
I think something that is the most valuable is the time-lining capability for any breach activity. It gives us the ability for us to actively threat hunt. This is not something where it's a passive response tool where we watch things happen. In contrast, it actually does some heuristics, and some behavioral analysis, and we're able to do some prevention with it as well. I think that's really the strongest attribute, and it makes this a more aggressive tool than others. View full review »
Find out what your peers are saying about Carbon Black, Cylance, CrowdStrike and others in Endpoint Protection (EPP) for Business. Updated: February 2020.
397,983 professionals have used our research since 2012.
Imad Taha
Group CIO at a construction company with 10,001+ employees
The deep analysis is the most valuable part of the solution. The number of false-positives is very, very low compared to other products using AI. View full review »
Brody Wright
System Analyst at a hospitality company with 1,001-5,000 employees
* The software uses very few resources; it is almost invisible to the end user. * Behavioral Monitoring stops known malicious events before they even begin. * The whitelist: Being a Casino, we have some odd software packages. Being able to whitelist them is a must. * The option to quarantine a device and use the cloud-based portal to gain a “shell” on the infected machine. With this, we can dump the entire system memory to a machine in our lab, then run analysis. View full review »
Sr. Security Analyst, Enterprise Architecture and Security at a tech services company with 5,001-10,000 employees
Data analysis is the most valuable feature because of the whitelist database. It is different than standard IDS solutions. View full review »
Leonardo Meneses
Incident Response Analyst at a security firm with 51-200 employees
The go live, because it is possible to answer incidents while they are still occurring and minimize the effects. View full review »
Jayandra Wickramasinghe
Senior Systems engineer at a tech services company
Carbon Black Cb Defense has a nice component called Alert Triage. It has helped to detect threats across the data. It contains full details of the process execution "kill chain" and "go live" for immediate remediation. View full review »
RajaeAl Najjar
Solutions Manager at Samir Group
The offline networking is the most important feature. Some of our users are engineers that work offsite, and they can still be on the solution, which is also great. View full review »
Mark Adams
Senior Manager, IT Security and Compliance / CISO at a construction company with 5,001-10,000 employees
The most valuable feature is that it detects and stops malicious executables. Admins can use the portal to obtain a command shell on an endpoint to perform further investigation. View full review »
Find out what your peers are saying about Carbon Black, Cylance, CrowdStrike and others in Endpoint Protection (EPP) for Business. Updated: February 2020.
397,983 professionals have used our research since 2012.