Carbon Black CB Defense Overview

Carbon Black CB Defense is the #1 ranked solution in our list of top Security Incident Response tools. It is most often compared to CrowdStrike Falcon: Carbon Black CB Defense vs CrowdStrike Falcon

What is Carbon Black CB Defense?

CB Defense is an industry-leading next-generation antivirus (NGAV) and endpoint detection and response (EDR) solution. CB Defense is delivered through the CB Predictive Security Cloud, an endpoint protection platform that consolidates security in the cloud using a single agent, console and data set. CB Defense is certified to replace AV and designed to deliver the best endpoint security with the least amount of administrative effort. It protects against the full spectrum of modern cyber attacks, including the ability to detect and prevent both known and unknown attacks. CB Defense leverages the powerful capabilities of the CB Predictive Security Cloud, applying our unique streaming analytics to unfiltered endpoint data in order to predict, detect, prevent, respond to and remediate cyber threats. In addition, CB Defense provides a suite of response and remediation tools, including Live Response, which allows security personnel to perform remote live investigations, intervene with ongoing attacks and instantly remediate endpoint threats. For peace of mind, CB Defense customers can also leverage CB ThreatSight, Carbon Black’s managed threat alert service, to validate alerts and uncover new threats.

Carbon Black CB Defense is also known as Bit9, Confer.

Carbon Black CB Defense Buyer's Guide

Download the Carbon Black CB Defense Buyer's Guide including reviews and more. Updated: June 2021

Carbon Black CB Defense Customers

Netflix, Progress Residential, Indeed, Hologic, Gentle Giant, Samsung Research America

Carbon Black CB Defense Video

Filter Archived Reviews (More than two years old)

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
Darrick Kristich
Founder/CEO at Sedara
Consultant
Symantec opened our eyes to be able to see what's out there, but then we needed Carbon Black to be able to actively fix it

What is our primary use case?

We are a partner in the managed security service provider (MSSP) space. We service hundreds of customers globally. We implement these solutions on behalf of our customers. With Carbon Black, we've been using them for about six years. We're an MSSP and channel partner with them, as well as an incident response partner. We were like the second incident response company registered with them (through that program) to start using the cb Defense platform. We also integrate it with SIEM. However, we're using it in a managed service capacity. We usually implement it, then manage the platform for our… more »

Pros and Cons

  • "The biggest feature out of CarbonBlack is its ability to dive in with more depth. You can look at the entire kill chain and understand, not only if an alarm or identified incident is truly a true security issue versus a false positive, and it allows us to backtrack and figure out why it actually happened and how it got into the environment."
  • "Carbon Black needs to do a better job of proving their platform in the industry, and providing a bit more access to do industry testing with real world examples to help prove their platform."

What other advice do I have?

Symantec aligns with a more traditional antivirus that a lot of people are just more familiar with. It has traditional signature sets, exceptions, and policies. When you're talking medium sized implementations, where it's several hundred or a couple thousand endpoints, it's pretty straightforward. The learning curve with Carbon Black is considerably more extensive. You have considerably more ability in the platform to do investigations and custom policies, as it can do more in-depth searches and queries about what's actually going on at an endpoint level, which you don't have with Symantec…
MN
Sr. Security Analyst, Enterprise Architecture and Security at a tech services company with 5,001-10,000 employees
Real User
Fewer false positives but the UI interface needs improvement

What is our primary use case?

We use this solution as an endpoint solution for protection.

Pros and Cons

  • "The data analysis is the most valuable because of the whitelist database. It is different than standard IDS solutions."
  • "The UI interface needs improvement. The management needs further work in future versions."

What other advice do I have?

I would advise Carbon Black to work on the automation and make it a bit easier for the solution.
Learn what your peers think about Carbon Black CB Defense. Get advice and tips from experienced pros sharing their opinions. Updated: June 2021.
511,307 professionals have used our research since 2012.
Andre B.
Executive Business Analyst & Advisor at a financial services firm with 10,001+ employees
Vendor
The most valuable Feature is the time-lining capability for any breach activity. It actually does some heuristics, and some behavioral analysis.

What is our primary use case?

We use it for endpoint visibility and endpoint detection and response. It is our central mechanism for the cyber defense or endpoint detection, response and visibility.

Pros and Cons

  • "It actually does some heuristics, and some behavioral analysis."
  • "The most valuable asset is the time-lining capability for any breach activity."
  • "This product has the capability of uploading scripts to the tool and this is a very comprehensive feature."
  • "The tech support communicates, but it's just not with movement."
  • "I would personally give the tech support a rating of seven out of ten."

What other advice do I have?

* Make ssure that your firewall ports open and really test communication back to their server. * Make sure you don't have anything else that may be impeding it. * If you are dealing with any PIA countries or GSA (also known as TAA) countries, make sure you're working through their work councils. * Make sure you look at a holistic perspective and have a plan in place on how to use this tool.
KB
Senior Security Consultant at a manufacturing company with 10,001+ employees
Consultant
Popular
It has a higher detection ratio because it's cloud-based and it also does a lookup to virus total.

What is our primary use case?

It was basically for an EDR solution. We were apparently in the migration phase, to be frank. We were using McAfee VSE, and we wanted a media solution which would give us more insight in terms of the events that are happening with respect to Malware threats. So that's the reason why we went for the Carbon Black Defense.

Pros and Cons

  • "Carbon Black Defense has a higher detection ratio because it's cloud-based and it also does a lookup to virus total."
  • "It gives you all of the information in a short and sweet fashion."
  • "Adding an application and a device control feature would be a great help for this solution."
  • "Report generation can be improved."
  • "But here, we hardly can take any kind of a report out of Carbon Black, so I think that should be something that should be more user-friendly."

What other advice do I have?

In terms of the fixes from what the behavior was with the environment, it has been evolving. And the only thing that could be improved is enabling Carbon Black to be a part of the image so that when we are doing a image refresh, Carbon Black would be present by default. But in the current conditions, by definition, it needs to have an internet connection for you to install Carbon Black. Because it connects to the cloud as a first step after you start the installation. So, since we cannot have that kind of a set up for an image, we are not able to put it into an image, basically. So if there…
ITCS user
System Analyst at a hospitality company with 1,001-5,000 employees
Real User
The software uses very few resources; it is almost invisible to the end user

What is our primary use case?

We include it as another layer of security for our endpoints/servers. The software is based off TTP (tactics, techniques, and procedures), and it complements our antivirus products. The software basically takes a snapshot of the system, then if anything happens which is out of the norm, the software alerts us. In some cases, it denies execution and will quarantine the endpoint from other systems.

Pros and Cons

  • "The software uses very few resources; it is almost invisible to the end user."
  • "Behavioral Monitoring stops known malicious events before they even begin."
  • "The directions for Splunk are spot on, but it is difficult to find anything on integration with AlienVault,"
Jayandra Wickramasinghe
Senior Systems engineer at SAT
Real User
Identifies endpoint and infrastructure loopholes

What is our primary use case?

This product would help any organization to increase its detection and prevention with event investigations and immediate response to data infiltration.

Pros and Cons

  • "Carbon Black Cb Defense improved our endpoint level security. It helped to identify endpoint and infrastructure loopholes."
  • "Carbon Black Cb Defense has a nice component called Alert Triage. It contains full details of the process execution "kill chain" and "go live" for immediate remediation."
  • "It would be a better solution if Carbon Black Cb Defense had an on-promise solution and a virus auto delete or quarantine."

What other advice do I have?

I have done a few PoCs and implementations with Carbon Black Cb Defense.
it_user835107
Incident Response Analyst at a security firm with 51-200 employees
Real User
​Provides visibility into the chain of attack and threats that use valid operating system processes to execute attacks

What is our primary use case?

The first case was in a financial institution with offices in several states which needed to increase the ability to detect and respond to threats.

Pros and Cons

  • "​Provides visibility into the chain of attack and threats that use valid operating system processes to execute attacks.​"
  • "Needs improvement in the area of infrastructure for on-premise installation.​"

What other advice do I have?

It is a product which will bring enough information and effectiveness in the detection and response to advanced threats.
Buyer's Guide
Download our free Carbon Black CB Defense Report and get advice and tips from experienced pros sharing their opinions.