Carbon Black CB Defense Valuable Features

Darrick Kristich
Founder/CEO at Sedara
The biggest feature out of Carbon Black is its ability to dive in with more depth. You can look at the entire kill chain and understand, not only if an alarm or identified incident is truly a true security issue versus a false positive, and it allows us to backtrack and figure out why it actually happened and how it got into the environment. It also helps us determine what other things may have been impacted along with it, from an asset standpoint. It allows us to go into more depth than a more traditional antivirus, like Symantec. Symantec is more of a traditional antivirus. A lot of it is signature-based. It works quite well for normal protection. It is pretty stable and consistent. It seems to work across the board. There are no real issues to speak of it, which is a definitely a positive thing. One of the more beneficial things is that it does include the active endpoint firewall with it, which allows your endpoints to have a bit more above the standard Windows firewall, then collect all the logs from that. This is a good feature from their firewall piece. Also, the logging out of Symantec is quite good, as you put a lot of great logs into a SIEM or any other log collector from the platform. The difference between the two products is the level of visibility and depth that you get when investigating alarms or issues. You can go a bit deeper with Carbon Black. Symantec does have an additional add-on, which we have not seen since it is a relatively new component. They call it Advanced Threat Protection. It uses the same endpoint, but has a separate license with additional costs, which is meant to allow you to go a little deeper in terms of endpoint and incident investigations. However, it doesn't provide the interactive drill down, prevention, and response capabilities that you need to be able to isolate a system, delete files, or actively kill processes which have been helpful with Carbon Black. View full review »
Imad Taha
Group CIO at a construction company with 10,001+ employees
Carbon Black works completely differently from other products. We tested different products and Carbon Black was selected because it does not remove a virus but it kills any suspect operations and it's up to the admin to check the scenario. It kills the "effect," if you will. If you receive ransomware or anything suspicious, it will kill the process unless you allow it, after receiving warnings. I cannot say it's pure AI, but the way it works is that it stops any suspicious activity, not based on signature-based attacks. It works in a way that it detects that a given effect is unusual. Also, you can deploy it through the cloud so that even if your stuff is outside of your controlled environment, you are still under control, based on the policies you create. The policies are controlled through the cloud. For example, if I don't allow anyone to do a certain activity or to install a particular app, and a consultant or a partner who is not part of our environment is doing so, it will stop them as well. Because of COVID-19, we are all working from home. Imagine if the centralization and control provided by the product were not on the cloud. We would lose control of the people working from home. So the centralized cloud control is one of its more effective aspects. View full review »
Dhrubo Roy
Threat and Vulnerability Engineer at Horizon Blue Cross Blue Shield of New Jersey
What I like the most about it is the dynamic grouping, where you get to group endpoints based on setup criteria. That's pretty cool. I like the simplified policy management and simplified white-listing process. Coming from McAfee, management has been much simpler and much easier to look at. I like the simplified management, it has a nice UI, and it's very simple. View full review »
Learn what your peers think about Carbon Black CB Defense. Get advice and tips from experienced pros sharing their opinions. Updated: January 2021.
454,950 professionals have used our research since 2012.
HeathLord
Vice President of Sales (previously Sales Engineer) at a computer software company with 11-50 employees
It has intelligent learning behind it and we have been very successful in preventing attacks. View full review »
reviewer1439934
Infrastructure and support manager at a healthcare company with 51-200 employees
The EDR was amazing. It was very responsive. It did an excellent job of providing us the information we needed in a timely fashion, as long as the latest agent was up-to-date on the client. View full review »
reviewer1344240
IT Infrastructure - Global Head at a comms service provider with 10,001+ employees
The security, specifically the endpoint security that the solution provides, is its most valuable aspect. The initial setup is pretty straightforward. View full review »
reviewer1236738
Assistant Technical Manager at a tech services company with 11-50 employees
* The triage feature that shows you the whole kill chain of the attack/malware is useful. It shows how the malware get into the endpoints and show what it has been done * The solution is easy to use and easy to deploy as it is cloud solution, no appliance is needed to deploy on premise View full review »
reviewer1300992
Owner at a tech services company with 1-10 employees
I like its reporting. View full review »
Kostia Tkachov
IT Security Solutions Engineer at Softprom
Using Open API, we were able to freely perform the necessary integration with our other security solutions. CB Defense allows us to see our whole process as it starts on our endpoint. The threat analysis functionality is good. View full review »
reviewer1167921
Information Security Consultant at a healthcare company with 10,001+ employees
I like the historical features, interface, and integration. View full review »
reviewer1454073
Security Engineer at a tech services company with 11-50 employees
It is stable and easy to set up. View full review »
RajaeAl Najjar
Solutions Manager at Samir Group
The offline networking is the most important feature. Some of our users are engineers that work offsite, and they can still be on the solution, which is also great. View full review »
Mark Adams
Senior Manager, IT Security and Compliance / CISO at Superior Energy Services, Inc.
The most valuable feature is that it detects and stops malicious executables. Admins can use the portal to obtain a command shell on an endpoint to perform further investigation. View full review »
Learn what your peers think about Carbon Black CB Defense. Get advice and tips from experienced pros sharing their opinions. Updated: January 2021.
454,950 professionals have used our research since 2012.