Carbon Black CB Response Overview

Carbon Black CB Response is the #2 ranked solution in our list of top Security Incident Response tools. It is most often compared to Carbon Black CB Defense: Carbon Black CB Response vs Carbon Black CB Defense

What is Carbon Black CB Response?

CB Response is an industry-leading incident response and threat hunting solution designed
for security operations center (SOC) teams. CB Response continuously records and stores
unfiltered endpoint data, so that security professionals can hunt threats in real time and
visualize the complete attack kill chain. It leverages the CB Predictive Security Cloud’s
aggregated threat intelligence, which is applied to the endpoint activity system of record for
evidence and detection of these identified threats and patterns of behavior.

Carbon Black CB Response Buyer's Guide

Download the Carbon Black CB Response Buyer's Guide including reviews and more. Updated: January 2021

Carbon Black CB Response Customers

ALLETE

belk

Carbon Black CB Response Video

Carbon Black CB Response Reviews

Filter by:
Filter Reviews
Industry
Loading...
Filter Unavailable
Company Size
Loading...
Filter Unavailable
Job Level
Loading...
Filter Unavailable
Rating
Loading...
Filter Unavailable
Considered
Loading...
Filter Unavailable
Order by:
Loading...
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Search:
Showingreviews based on the current filters. Reset all filters
reviewer1259415
Senior Manager at a financial services firm with 1,001-5,000 employees
Real User
Top 10
Feb 19, 2020
Malicious activity detection response and automatic quarantining for endpoint security of your environment

What is our primary use case?

We use Carbon Black for detection and response. So we receive alerts from Carbon Black if it detects any malicious activity. We also use it to quarantine any devices that we may need to isolate due to the security risk that it presents.

Pros and Cons

  • "The detection response and quarantining are very good features."
  • "The product detects too many false positives initially and it could integrate better with other security solutions."

What other advice do I have?

I do not think I have a lot of advice for people who are considering implementing the product at this point because most of our experience with the product has been relatively straightforward. I would just suggest that you have your white list set up before deploying if you are using automatic quarantine. Otherwise, it can cause issues in your operating environment. This is especially important if you are a sensitive location like a bank. In that case, automatic quarantine could be a big issue. On a scale from one to ten where one is the worst and ten is the best, I would rate Carbon Black CB…
CBresponse677
Cyber Defense Consulunt at a security firm
Reseller
Jul 21, 2019
Good configuring capabilities and provides good market information gathered from the community

Pros and Cons

  • "The market information they gather from the community is really good. Their configuration capabilities are good."
  • "They have different products, but if we wanted to take their protection and their EPR, then we would need to have two agents"

What other advice do I have?

I would recommend anyone to go ahead with Carbon Black if they are looking for an EDR solution. From my experience with selling, some people have a misunderstanding of what it is they are supposed to do. I would recommend going with it but be aware that you will be overwhelmed with the number of receipts which require somebody to begin to follow up and investigate each incident. This is not something bad, it's something good because of the way that security goes, you need to go through every incident to understand whether it is a false positive or true positive so they need to be reviewed…
Find out what your peers are saying about Carbon Black, Dell EMC, IBM and others in Security Incident Response. Updated: January 2021.
455,536 professionals have used our research since 2012.
Security83d6
Security Analyst at a financial services firm with 10,001+ employees
Real User
Mar 24, 2019
Enables us to remotely analyze infected machines without delay

What is our primary use case?

When a machine gets infected we need to have a memory dump and to interact with it. We use this solution as a good way to extract that information from an infected machine.

Pros and Cons

  • "The most valuable features are the threat-hunting and the batch console."
  • "They need to improve the batch console. It needs more capabilities. We are limited by the ones it provides..."

What other advice do I have?

You need to analyze your organization's needs. If you just want to protect things, it's very useful. I rate the solution at eight out of ten because they need to improve the console. We would like it to let us type commands that are native to the operating system, not the ones that are included in the product. The product, in terms of maturity, is still at the very beginning.
Imad Taha
Group CIO at a construction company with 10,001+ employees
Real User
Top 5Leaderboard
Jul 2, 2019
An endpoint line of defense against malware and ransomware with scheduled network scans

What is our primary use case?

Our primary usage for this solution is as an endpoint response. We use Carbon Black as a threat line of defense for the endpoints.

Pros and Cons

  • "Carbon Black insures the probability that any ransomware will be stopped before spreading."
  • "The cloud console has a lot of bugs and issues in the analysis part."

What other advice do I have?

I recommend using Carbon Black, but get enough training before deploying. This is very important. On a scale from 1 to 10, I would rate this product an 8.5 overall.
Snrsoftdev67
Senior Software Developer Engineer at Diyar United Company
Reseller
Aug 13, 2019
Seeks out abnormal activity and creates alerts

What is our primary use case?

Our primary use case is to detect any abnormal activity happening on the endpoint. Carbon Black Response works like CCTV which monitors every activity and every single process running on the operating system. We use it on Windows, Linux, and Mac. Once there is an abnormal action, there is a notification that is sent to the administrator. The administrator will open up the GUI, the console for the Carbon Black Response, and start doing his investigation to get to the root cause for the issue if there is one.

Pros and Cons

  • "The most valuable feature is its ability to seek out abnormal activity and to create alerts."
  • "It's not highly available, so you have to have a core server. If the primary server goes down, you need a new one. It's not available at the same time, however. It's not automatically swapped from one server to another."

What other advice do I have?

We are using both on-premises and cloud deployment models. I would rate the solution eight out of ten. Carbon Black is a very good product, but you still have to work on it from the perspective of MLA analyzing and installation. You have to fine-tune it to create a watch list and so on. These are the main things that they need to work on in order to improve the EDR services on their product.
SeniorIn8d7c
Senior Information Security Specialist at a tech services company with 1,001-5,000 employees
Real User
Jul 12, 2019
A scalable solution that integrates well across platforms

What is our primary use case?

We use it for platform metrics, for all use cases. This is the only thing that works, this product. Carbon black is a process listener. You can call back all processes, each process on the client side or the server side. You can retrieve all the information on a process level, and you can combine all the things with an end use case.

Pros and Cons

  • "Integration and scalability are the most valuable."
  • "It's not simple."

What other advice do I have?

I would rate this solution a nine out of ten.
Augusto Jose Garcia
SOC Analyst at a tech services company with 201-500 employees
Real User
Top 5Leaderboard
Jul 1, 2019
Automatically detects many viruses, malware, and other threats on our network

What is our primary use case?

I did some tests when they came out with the solution because my manager wants an assessment with Carbon Black. I tested the solution for two weeks. It was good. 

How has it helped my organization?

The tools are good. Carbon Black detects many threats, and problems for me.

What needs improvement?

The dashboard should be more user-friendly. The additional features I would like to see included in the next release are better analytics and report generation.

For how long have I used the solution?

I have been using Carbon Black less than one year.

What do I think about the stability of the solution?

They're highly stable in comparison with other solutions I have.

What do I think about the scalability of the solution?

The scalability, in my…