Carbon Black CB Response OverviewUNIXBusinessApplication

Carbon Black CB Response is the #4 ranked solution in our list of top Security Incident Response tools. It is most often compared to Carbon Black CB Defense: Carbon Black CB Response vs Carbon Black CB Defense

What is Carbon Black CB Response?

CB Response is an industry-leading incident response and threat hunting solution designed
for security operations center (SOC) teams. CB Response continuously records and stores
unfiltered endpoint data, so that security professionals can hunt threats in real time and
visualize the complete attack kill chain. It leverages the CB Predictive Security Cloud’s
aggregated threat intelligence, which is applied to the endpoint activity system of record for
evidence and detection of these identified threats and patterns of behavior.

Buyer's Guide

Download the Security Incident Response Buyer's Guide including reviews and more. Updated: September 2021

Carbon Black CB Response Customers



Carbon Black CB Response Video

Filter Reviews

Filter by:
Filter Reviews
Filter Unavailable
Company Size
Filter Unavailable
Job Level
Filter Unavailable
Filter Unavailable
Filter Unavailable
Order by:
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Showingreviews based on the current filters. Reset all filters
Senior Manager at a financial services firm with 1,001-5,000 employees
Real User
Malicious activity detection response and automatic quarantining for endpoint security of your environment

What is our primary use case?

We use Carbon Black for detection and response. So we receive alerts from Carbon Black if it detects any malicious activity. We also use it to quarantine any devices that we may need to isolate due to the security risk that it presents.

Pros and Cons

  • "The detection response and quarantining are very good features."
  • "The product detects too many false positives initially and it could integrate better with other security solutions."

What other advice do I have?

I do not think I have a lot of advice for people who are considering implementing the product at this point because most of our experience with the product has been relatively straightforward. I would just suggest that you have your white list set up before deploying if you are using automatic quarantine. Otherwise, it can cause issues in your operating environment. This is especially important if you are a sensitive location like a bank. In that case, automatic quarantine could be a big issue. On a scale from one to ten where one is the worst and ten is the best, I would rate Carbon Black CB…