VMware Carbon Black Endpoint Valuable Features

IT
Group CIO at a construction company with 10,001+ employees

Carbon Black works completely differently from other products. We tested different products and Carbon Black was selected because it does not remove a virus but it kills any suspect operations and it's up to the admin to check the scenario. It kills the "effect," if you will. If you receive ransomware or anything suspicious, it will kill the process unless you allow it, after receiving warnings.

I cannot say it's pure AI, but the way it works is that it stops any suspicious activity, not based on signature-based attacks. It works in a way that it detects that a given effect is unusual.

Also, you can deploy it through the cloud so that even if your stuff is outside of your controlled environment, you are still under control, based on the policies you create. The policies are controlled through the cloud. For example, if I don't allow anyone to do a certain activity or to install a particular app, and a consultant or a partner who is not part of our environment is doing so, it will stop them as well. Because of COVID-19, we are all working from home. Imagine if the centralization and control provided by the product were not on the cloud. We would lose control of the people working from home. So the centralized cloud control is one of its more effective aspects.

View full review »
RL
Founding Partner, Security Architect at ISS

Some of the valuable features I have found are the online documentation of the solution is well organized and thorough. I like the simplicity of bypass and the visualization of the active components. If I want to know which file is being utilized and what sub-files it is calling, the visualization given is very helpful.

I would like to see them continue to run some of the AI-type comparisons. I know everyone is really secretive about what they do and what they have engineered, but I think Cylance was a good market disruptor years ago with their approach. Now we see SentinelOne and everyone is approaching that piece of the puzzle similarly now. I just would like to see more of a comparison. We have done our own technical comparison but it is fairly expensive. All solutions have pros and cons, if more third-party organizations or teams could evaluate how each product works in pros and cons many people would benefit.

View full review »
Durai  Singh - PeerSpot reviewer
Business Owner at Ararat Technologies

Customers want solutions that provide endpoint detection and response. The traditional antivirus solutions and the market trend are changing. Customers are asking for the latest technologies. Carbon Black has very good market strategies. We do the marketing activities and promote the product to the customers.

View full review »
Buyer's Guide
VMware Carbon Black Endpoint
March 2024
Learn what your peers think about VMware Carbon Black Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.
UK
Director-International Trade Operations - India Middle East at Dow

The most valuable feature of the solution stems from the support it provides. In my company, whenever we face any issues or downtime with the solution, there is no need to adhere to any timeline wherein we can only get support from the vendor within business hours since it provides support twenty-four hours and seven days a week.

View full review »
Matthew Weisler - PeerSpot reviewer
Sole Proprietor at Core-Infosec

The solution is cloud based which makes it easy to use for remote devices or work-at-home situations. 

The solution supports full trust or signature-based approvals. 

You can get very granular and band out policies or applications without having to do hash values. You can band through the entire environment by execution of the name or desk IDXE. This can be achieved on the policy side because of the signature, IOC, or naming convention itself. This is very effective for pushing more blockage or removing threats across the board. 

The solution has a very nice API on the back end for remoting into a system and executing scripts or utilizing self automation. This is useful for monitoring several different companies in a workspace or workbook-type format. For example, I report and send out mass emails from a clickable button in an Excel workbook. The APIs all exist for each client. I push out automatic endpoint monitoring and reports every single day at a particular time, with a simple clickable button that serves as a scheduled task for fifty clients. 

View full review »
KarthikR1 - PeerSpot reviewer
Consultant at NCR Corporation

When it comes to the pros of Carbon Black CB Defense, it produces a lot of events as per the MitraVax framework, which is good. It provides continuous monitoring and threat detection on endpoints and responds to security incidents. It uses machine learning and behavioral analytics to detect and respond to advanced threats.

View full review »
MK
IT Infrastructure and Security Manager at a paper AND forest products with 1,001-5,000 employees

The new feature that we're deploying, the new offering from Carbon Black, is MDR, which stands for manage, detect, and response. It's the most valuable feature because Carbon Black will be continuously checking the logs, and they will be advising us on how to improve some of the policies as well as review the logs. If there are any nefarious agents or things happening on the end points, they will know. 

They also have the ability to take action based on what we've already agreed upon, what rights we give them, or what we tell them they can or can't do as part of their response. Hypothetically, if there's a rogue machine that is trying to infect other machines, we can tell them that they should try to contact us, but if they don't get a hold of anybody in GreenFirst IT in 15 minutes, they should go ahead and quarantine that machine. They can take actions, they can do remediation or response. Instead of advising, they will be taking action.

View full review »
GM
Lead IT Security Analyst at a government with 501-1,000 employees

I'm on the security department, so it's just in the layer of our prevention to give us protections against, for example, ransomware that might kick off and try to execute different files. If someone downloads something or whatever, it has to be whitelisted first. It has to be approved before it can run it all.

That's better to me than some signature-based thing, because it protects against zero-day. There are things that it doesn't know about, so it has to check them. We have Check Point now as well, but we have a Check Point on our firewalls, not our endpoints.

We have another piece of that infrastructure that does what they call threat emulation. You may have heard of it. It's like sandboxing where it takes files that it doesn't know about, puts them in a VM-type environment, and it kicks them off to see if there's any malware or tendencies that might look like malware, that kind of thing.

It's also a zero-day type of prevention thing, but it kicks them off in a safe environment so that you can see what it's doing. You need integration with Check Point to do that, but that integration went away with the latest release, the one we just put out there.

That was a big part of why we liked Carbon Black, because it is integration to not only do the whitelisting, but also we could have automatic rules set up so that if a new file got downloaded by a user, we could automatically send that over to Check Point and it could do its emulation on it in the sandbox. And if it came back clean, then we could automatically approve it.

We wouldn't have to go through a manual process of having our people approve every single file that comes across as having been seen before. So, it was a really good way to work those two products together. But that went away. And so now I'm like, "Okay, what are we going to do now?" I hadn't looked at the Harmony Endpoint at all.

I haven't looked at Check Point's piece, but I was wondering to myself, "If it does something like Carbon Black was doing and then we already have Check Point on the other one, that would work." So, that was what I was trying to do.

View full review »
A(
Cyber Security and Compliance Consultant at Caretower

The tool is pretty stable.

View full review »
KarthikR1 - PeerSpot reviewer
Consultant at NCR Corporation

I rate Carbon Black CB Defense an eight out of ten for the ease of its initial setup.

View full review »
IT
Group CIO at a construction company with 10,001+ employees

I found the offline scanning to be particularly useful. Compared to CrowdStrike, it had better IT capabilities and beautiful analytics. Overall, it was cost-effective too.

View full review »
RizwanAlam - PeerSpot reviewer
AVP - Information Security Governence & Risk Management at Allied Bank Limited

The best feature of this solution is that we have a live response, which is really tailored to our needs. 

View full review »
Nikunj Kamboj - PeerSpot reviewer
Cybersecurity Analyst at OnX Canada

VMware Carbon Black Endpoint is a highly stable solution.

View full review »
Abbasi Poonawala - PeerSpot reviewer
Chief Enterprise Architect at a financial services firm with 10,001+ employees

Technical support is excellent. It's also stable, scalable, and easy to implement.

View full review »
KL
Senior Director, Information Technology at C.E. Niehoff & Co.

The feature I found most valuable in Carbon Black CB Defense is the ongoing monitoring, though I'm not sure if it's because of the solution, or if it's because of Red Canary. The ongoing monitoring feature works by emailing updates about any detections found.

View full review »
KB
Senior Security Consultant at a manufacturing company with 10,001+ employees

Carbon Black Defense has a higher detection ratio because it's cloud-based and it also does a lookup to virus total, so it is out of like 65 vendors that are normally listed in virus total, if there are any kind of hits out of those, in that case, it is getting recognized as a known Malware or a suspected Malware. Under these categorizations, we are able to see a spike in the detection ratio. It is enlightening us with respect to what are the programs that are generally used in our environment and how they are compliant with our environment.

View full review »
WAKKAS AHMAD - PeerSpot reviewer
Security Consultant at Mahle

The Carbon Black CB Defense feature I found most valuable is that it gives us the ability to do log analysis as well as the current state of the environment and activity on the user machines.

View full review »
AB
Executive Business Analyst & Advisor at a financial services firm with 10,001+ employees

I think something that is the most valuable is the time-lining capability for any breach activity. It gives us the ability for us to actively threat hunt. This is not something where it's a passive response tool where we watch things happen. In contrast, it actually does some heuristics, and some behavioral analysis, and we're able to do some prevention with it as well. I think that's really the strongest attribute, and it makes this a more aggressive tool than others.

View full review »
Andrew Nai - PeerSpot reviewer
Lead Infrastructure Engineer at Government of Singapore

The Intel fit was very extensive and comprehensive enough. The visualization tree product feature in this CB defense is quite good. These are the two more notable product features.

The pricing is excellent.

The solution is stable.

View full review »
Adriano Gross - PeerSpot reviewer
Information Security Consultant at a recruiting/HR firm with 10,001+ employees

The product’s most valuable feature is incident detection and response.

View full review »
Isanka Attanayake - PeerSpot reviewer
Manager - Information Technology Infrastructure and Development Support at Royal Ceramics

The solution is very useful and easy to handle. You don't need much intervention with this product.

View full review »
DR
Threat and Vulnerability Engineer at Horizon Blue Cross Blue Shield of New Jersey

What I like the most about it is the dynamic grouping, where you get to group endpoints based on setup criteria. That's pretty cool. I like the simplified policy management and simplified white-listing process. Coming from McAfee, management has been much simpler and much easier to look at. 

I like the simplified management, it has a nice UI, and it's very simple.

View full review »
DK
Founder/CEO at KRISTICH SECURITY SERVICES LLC

The biggest feature out of Carbon Black is its ability to dive in with more depth. You can look at the entire kill chain and understand, not only if an alarm or identified incident is truly a true security issue versus a false positive, and it allows us to backtrack and figure out why it actually happened and how it got into the environment. It also helps us determine what other things may have been impacted along with it, from an asset standpoint. It allows us to go into more depth than a more traditional antivirus, like Symantec.

Symantec is more of a traditional antivirus. A lot of it is signature-based. It works quite well for normal protection. It is pretty stable and consistent. It seems to work across the board. There are no real issues to speak of it, which is a definitely a positive thing. One of the more beneficial things is that it does include the active endpoint firewall with it, which allows your endpoints to have a bit more above the standard Windows firewall, then collect all the logs from that. This is a good feature from their firewall piece. Also, the logging out of Symantec is quite good, as you put a lot of great logs into a SIEM or any other log collector from the platform.

The difference between the two products is the level of visibility and depth that you get when investigating alarms or issues. You can go a bit deeper with Carbon Black. Symantec does have an additional add-on, which we have not seen since it is a relatively new component. They call it Advanced Threat Protection. It uses the same endpoint, but has a separate license with additional costs, which is meant to allow you to go a little deeper in terms of endpoint and incident investigations. However, it doesn't provide the interactive drill down, prevention, and response capabilities that you need to be able to isolate a system, delete files, or actively kill processes which have been helpful with Carbon Black.

View full review »
MR
Head Of Information Security Department at a insurance company with 201-500 employees

The most valuable feature of the solution is its EDR functionality. The osquery functionality of the product is also very good since it allows us to investigate special cases. Vulnerability management is another good feature of the product.

View full review »
Ricardo Franco Mahecha - PeerSpot reviewer
VMware Consultant at V2S Corporation

For Carbon Black Endpoint, the possibility of integration with different other software's log servers is the important thing. Having just one point of view is more interesting so you don't need to go to different places to see all the information.

View full review »
JT
Senior Consultant at Palsys

The product's most valuable feature is its ability to be fully integrated with the VMware environment.

View full review »
Luciano Batalha - PeerSpot reviewer
Systems Engineer at EVONICEVONIC

The most valuable feature of the solution stems from the fact that it is one of the best EDR tools in the market.

View full review »
SL
ICT/Systems Application Engineer at Honeywell

The whole purpose of the product, like application control, is very good, and also if you need to update some policies, it works well and instantly.

View full review »
SF
ICT Manager at SecurEyes

The solution will prevent communication of one compromised device with another. 

View full review »
MP
IT Cybersecurity at a manufacturing company with 10,001+ employees

The solution allows you to override it and manually install an application if you need it ti.

It's very good at alerting you to malicious content or unauthorized software. 

We can access computers remotely if we need to.

View full review »
BW
System Analyst at a hospitality company with 1,001-5,000 employees
  • The software uses very few resources; it is almost invisible to the end user. 
  • Behavioral Monitoring stops known malicious events before they even begin. 
  • The whitelist: Being a Casino, we have some odd software packages. Being able to whitelist them is a must.
  • The option to quarantine a device and use the cloud-based portal to gain a “shell” on the infected machine. With this, we can dump the entire system memory to a machine in our lab, then run analysis.
View full review »
KO
Senior NOC Security Engineer at a wholesaler/distributor with 51-200 employees

Once the solution is installed and configured correctly it does not require a lot of hands-on attention until you need upgrading.

View full review »
TR
Product Engineer Cyber Security at a energy/utilities company with 51-200 employees

The solution's most valuable feature is live response. We can verify and view the task list and the processes. Also, we can create policies with its help.

View full review »
Ashish Dubey - PeerSpot reviewer
Lead Security Analyst at SecurityHQ

The solution has a library where we can have multiple threat intels onboarded. We just have to subscribe to a particular site intel and they'll provide us with all of the truncated details so that we can create IOCs and alerts on the basis of those IOCs. 

It's one of the best features because there are multiple third-party vendors who can provide us with site intel in one location. You just have to subscribe to them, and they'll start providing you with IOCs. If a new attack starts, you will have all the basic IOCs on that list, which can be used to identify if the same attack is happening in your environment.

We can isolate devices in just two clicks. That's also a great feature. We can remediate and repair devices from a central location. It's not too difficult to use that particular tool. The user interface is very easy to understand. You are not required to roam around the console to find where the alert went. It's easy to resolve that.

When we onboarded Carbon Black, there weren't many EDR solutions available in the market. It was one of the best tools when it was launched. We don't have any complaints with the tool. The tool is very good. It highlights many of the alerts and events.

View full review »
LA
Information Security Specialist at a comms service provider with 5,001-10,000 employees

The visibility provided has been great.

The ease of deployment is definitely a great selling feature.

The stability is good and the product is pretty lightweight.

The solution scales well.

View full review »
Nadeem Syed - PeerSpot reviewer
CEO at Haniya Technologies

The product is pretty strong in terms of security and their features are very good in that respect. Their research engine, the antivirus engine, it's very strong compared to any other product on the market right now.

The solution is stable.

They do have options on the market that can scale. 

Technical support is great.

It's not too difficult to set up and the deployment is fast. 

View full review »
JS
System Eng at a wholesaler/distributor with 1,001-5,000 employees

The solution's most valuable aspect is its process monitoring due to the fact that it doesn't necessarily use signature-based definitions. It uses processor-based definitions. If a process tries to spawn some type of malicious process, it'll stop it.

The initial setup is easy.

The organization has to protect against users and Carbon Black does just that for the company. What I mean by that is not all users are savvy enough to understand, "Hey, I shouldn't be running this or I get a pop-up on a browser and I don't click on it." Carbon Black stops that if they do.

The solution is extremely scalable.

View full review »
IG
Senior Infrastructure and Security Engineer at a manufacturing company with 51-200 employees

I like its protection very much. It protects and allows us to lock the environment pretty tightly. Nothing that is not approved through Carbon Black can run in the environment. There is no default. Everything goes through Carbon Black Protect, and everything has to be first approved. Every software is considered to be guilty before prove innocent.

View full review »
JM
IT Administrator at a manufacturing company with 501-1,000 employees

I found it very valuable as a whole. It is good at detecting anything and has kept us very safe. It is also very easy to use. 

View full review »
Ramesh RP - PeerSpot reviewer
Security Analyst at Halian

Sandboxing is one of the features I found to be the most valuable in Carbon Black CB Defense.

View full review »
JB
Cyber Security Consultant with 1,001-5,000 employees

What I find most interesting is the performance of the end-point client, as well as the capability of detecting any activity on the end-user while using their browsers to navigate the internet. 

To monitor that activity from a security standpoint, detecting cross-site scripting or SQL injection activities that might be coming out from the browser. That's a very needed feature that allows it to distribute the security across the company and not centralizing it only on the firewalls or in the intrusion detection systems. 

The solution is quite customizable.

It's easy to set up the solution.

There's lots of very useful documentation online to help troubleshoot and learn about the product.

View full review »
JG
Infrastructure and support manager at a healthcare company with 51-200 employees

The EDR was amazing. It was very responsive. It did an excellent job of providing us the information we needed in a timely fashion, as long as the latest agent was up-to-date on the client.

View full review »
MS
IT Infrastructure - Global Head at a comms service provider with 10,001+ employees

The security, specifically the endpoint security that the solution provides, is its most valuable aspect.

The initial setup is pretty straightforward.

View full review »
MA
Senior Manager, IT Security and Compliance / CISO at Superior Energy Services, Inc.

The most valuable feature is that it detects and stops malicious executables.

Admins can use the portal to obtain a command shell on an endpoint to perform further investigation.

View full review »
SS
IT Manager - System Administration at a pharma/biotech company with 501-1,000 employees

The protection of the user machines has been great. For example, if a laptop gets stolen, or let's say, an employee gets let go, the product provides us with the ability to actually lock people out of the network and handle remote wipes and stuff like that.

The initial setup is very easy.

View full review »
TT
IT Manager at a financial services firm with 51-200 employees

One of the most valuable features is that it will block vulnerable sites. If there was a connection between one of our devices to a known malware site, it will block it. Then also alerts our SOC.

View full review »
GR
SOC Manager at Nais Srl

It is a very complete platform. It is very useful for my customers.

Carbon Black CB Defense is ideal for a medium-sized business. It is not, in my opinion, suited for large enterprise companies.

Carbon Black works very well for the endpoint. It explains the situation very clearly.

View full review »
MP
Information Security Consultant at a healthcare company with 10,001+ employees

I like the historical features, interface, and integration.

View full review »
HL
Vice President of Sales (previously Sales Engineer) at a computer software company with 11-50 employees

It has intelligent learning behind it and we have been very successful in preventing attacks.

View full review »
JW
Senior Systems engineer at SAT

Carbon Black Cb Defense has a nice component called Alert Triage. It has helped to detect threats across the data. It contains full details of the process execution "kill chain" and "go live" for immediate remediation.

View full review »
KT
IT Security Solutions Engineer at Softprom

Using Open API, we were able to freely perform the necessary integration with our other security solutions.
CB Defense allows us to see our whole process as it starts on our endpoint.

The threat analysis functionality is good.

View full review »
CS
Assistant Technical Manager at a tech services company with 11-50 employees
  • The triage feature that shows you the whole kill chain of the attack/malware is useful. It shows how the malware get into the endpoints and show what it has been done
  • The solution is easy to use and easy to deploy as it is cloud solution, no appliance is needed to deploy on premise
View full review »
it_user835107 - PeerSpot reviewer
Incident Response Analyst at a security firm with 51-200 employees

The go live, because it is possible to answer incidents while they are still occurring and minimize the effects.

View full review »
RA
Solutions Manager at Samir Group

The offline networking is the most important feature. Some of our users are engineers that work offsite, and they can still be on the solution, which is also great.

View full review »
SS
Owner at a tech services company with 1-10 employees

I like its reporting.

View full review »
AE
Cyber Security Engineer at a tech services company with 201-500 employees

CB Defense is more powerful, and you can take more actions than others. Its security features and signatures are constantly updated, so it is more effective than other security solutions. We can integrate with XCDR. Carbon Black EDR integrates with Carbon Black EDE. But you don't need to integrate CB Defense with other external security solutions.

View full review »
MN
Sr. Security Analyst, Enterprise Architecture and Security at a tech services company with 5,001-10,000 employees

Data analysis is the most valuable feature because of the whitelist database. It is different than standard IDS solutions.

View full review »
AU
Security Engineer at a tech services company with 11-50 employees

It is stable and easy to set up.

View full review »
Buyer's Guide
VMware Carbon Black Endpoint
March 2024
Learn what your peers think about VMware Carbon Black Endpoint. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,234 professionals have used our research since 2012.