Carbon Black Cb Response Reviews
- Highest Rating
- Lowest Rating
- Review Length
Feb 19 2020
Malicious activity detection response and automatic quarantining for endpoint security of your environment
What is most valuable?What we mainly find valuable in the product is exactly what our use case is. We use Carbon Black for the intrusion alerts and quarantine. Those would be our favorite features.
What needs improvement?If Carbon Black could improve in the area or reducing the number of false positives or if there was a better way to filter out false positives that would enhance efficiency and utility. But in general, I think we are happy with the performance of Carbon Black. It would be nice to be able to… more»
Which solution did I use previously and why did I switch?Security-wise, we are using a few different security tools for different purposes. We use Red Cloak which we deployed at the same time as Carbon Black. We tested and are using Trend Micro Tripwire and we are using Imperva as well. Red Cloak is very similar to Carbon Black.
What other advice do I have?I do not think I have a lot of advice for people who are considering implementing the product at this point because most of our experience with the product has been relatively straightforward. I would just suggest that you have your white list set up before deploying if you are using automatic… more»
Apr 05 2018
What is most valuable?The ability to quickly isolate a system from the network, while still being able to perform some forensics and mitigation work remotely, was of great value to us since we… more»
How has it helped my organization?The enhanced logging and data analysis of the incident response and investigation components allowed us to quickly identify and resolve security issues before they could… more»
What needs improvement?Cb Response is really designed to complement Carbon Black’s Defense product. While Response can be used on its own, coupling with Defense seems like the best strategy if… more»
What's my experience with pricing, setup cost, and licensing?We had no issues purchasing through our preferred reseller and were able to get a fair price even when not purchasing direct. Carbon Black Enterprise Response didn’t break… more»
Which solution did I use previously and why did I switch?We did not have a similar, previous solution that we were replacing. This was part of an initial push we were trying to make at the time into better systems security.
What other advice do I have?Explore all options in the space and see if you’re ready to really use an incident response platform such as this for threat hunting in your environment, or if you should… more»
Which other solutions did I evaluate?There wasn’t much similar to Response that I was familiar with at the time. Though some other vendors are starting to include similar features now, Response was a leader… more»
Find out what your peers are saying about Carbon Black Cb Response vs. Cynet and other solutions. Updated: March 2020.
406,312 professionals have used our research since 2012.
Jul 21 2019
What is most valuable?The market information they gather from the community is really good. Their configuration capabilities are good.
What needs improvement?One of the big issues we're facing is that their solution doesn't support multi-tenants. The second area for improvement is that they have different products, but if we wanted to take their protection and their EPR, then we would need to have two agents. In our scenario, having a client work within the cloud is not an option, so we cannot extend the support for Carbon Black to provide the… more»
What other advice do I have?I would recommend anyone to go ahead with Carbon Black if they are looking for an EDR solution. From my experience with selling, some people have a misunderstanding of what it is they are supposed to do. I would recommend going with it but be aware that you will be overwhelmed with the number of receipts which require somebody to begin to follow up and investigate each incident. This is not… more»
Mar 24 2019
What is most valuable?The most valuable features are the threat-hunting and the batch console.
How has it helped my organization?When a machine gets infected and the user is not in sight, you cannot go to the user and ask them to analyze their machine, what was in their system. With this solution, you can do so remotely. This… more»
What needs improvement?They need to improve the batch console. It needs more capabilities. We are limited by the ones it provides, although we can type commands from the native operating system.
Which solution did I use previously and why did I switch?This system is the only one I have used.
What other advice do I have?You need to analyze your organization's needs. If you just want to protect things, it's very useful. I rate the solution at eight out of ten because they need to improve the console. We would like it… more»
Which other solutions did I evaluate?I was not part of the decision-making process. It was the engineers who decided.
Jul 02 2019
What is most valuable?The feature we have found most valuable in Carbon Black is the defense.
How has it helped my organization?Carbon Black ensures the probability that any ransomware will be stopped before spreading. This is very important. The solution provides this for our business.
What needs improvement?This product has room for improvement in the cloud console. The cloud console has a lot of bugs and issues in the analysis part. The additional features I would like to see included in the next release are IT access components. We need to… more»
Which solution did I use previously and why did I switch?We switched because of the effectiveness of Carbon Black. The software has a feature that it does not remove a threat but it kills their effect. Then later, you can do the scan in the night or the next day. I don't want to make the killing… more»
What other advice do I have?I recommend using Carbon Black, but get enough training before deploying. This is very important. On a scale from 1 to 10, I would rate this product an 8.5 overall.
May 21 2018
What is most valuable?Carbon Black Cb Response excels at providing context to indicators when responding to incidents. It allows responders to understand the entire scope of an incident and quickly contain it to minimize impact and disruption. In incident… more»
How has it helped my organization?Carbon Black Cb Response significantly reduced time to containment in the environment which enabled the isolation of incidents to single hosts or network segments.
What needs improvement?The solution needs to simplify the process of adding custom watchlists, as well as embrace YARA for rule creation.
What's my experience with pricing, setup cost, and licensing?Purchase Professional Services up front as part of the implementation package, then renew hours annually to ensure you have adequate support for upgrades and enhancements. Overbuy by at least 10% to account for infrastructure growth.
What other advice do I have?Ensure that you have sufficient resources to dedicate to maintaining and utilizing the product, including maintenance staff as well as incident responders and threat hunters. Be prepared to define metrics and use them to quantify the ROSI… more»
Aug 13 2019
What is most valuable?The most valuable feature is its ability to seek out abnormal activity and to create alerts.
What needs improvement?The first thing they can do is make it more available. It's not highly available, so you have to have a core server. If the primary server goes down, you need a new one. It's not available at the same time, however. It's not automatically swapped from one server to another. The second thing is that they need to have a multi-tenancy feature, especially for the MSSP model. We wanted to have this… more»
What other advice do I have?We are using both on-premises and cloud deployment models. I would rate the solution eight out of ten. Carbon Black is a very good product, but you still have to work on it from the perspective of MLA analyzing and installation. You have to fine-tune it to create a watch list and so on. These are the main things that they need to work on in order to improve the EDR services on their product.
Jul 12 2019
What is most valuable?Integration and scalability are the most valuable. For example, if you chose a cloud solution, it's not very scalable, because it doesn't support any integration. But on the client side, you can combine materials, you can combine everything. You can add anything.
What needs improvement?It's maybe it's too verbose. For a junior user or admin. You have to know some basic rules. It's not simple. For a junior engineer, it's confusing. It's hard to use Carbon Black Response. It will take time. It may take more than one year to understand the uses of the product. I'd like the ability to see all the kernel-side features also on the client side.
What other advice do I have?I would rate this solution a nine out of ten.
See 1 More Carbon Black Cb Response Reviews
User Assessments By Topic About Carbon Black Cb Response
Carbon Black Cb Response Questions
What is Carbon Black Cb Response?
CB Response is an industry-leading incident response and threat hunting solution designed
for security operations center (SOC) teams. CB Response continuously records and stores
unfiltered endpoint data, so that security professionals can hunt threats in real time and
visualize the complete attack kill chain. It leverages the CB Predictive Security Cloud’s
aggregated threat intelligence, which is applied to the endpoint activity system of record for
evidence and detection of these identified threats and patterns of behavior.
Carbon Black Cb Response customers