VMware Carbon Black Cloud Room for Improvement

Tom Kar - PeerSpot reviewer
Senior Security Specialist at Sopra

VMware Carbon Black Cloud is a user-friendly solution that can isolate machines from the rest of the network. When a machine is quarantined, it cannot communicate with any other machines on the network except for the Carbon Black Cloud server. This allows you to investigate the machine without the risk of malware escaping to the network.

Carbon Black Cloud's server can communicate with the quarantined machine through DNS and VSCP. This allows you to collect data from the machine, such as system logs, process activity, and registry changes. This data can be used to investigate the infection and determine the next steps.

CrowdStrike and Cybereason are also popular EDR solutions. They offer similar features to VMware Carbon Black Cloud but may have different strengths and weaknesses. It is important to evaluate all of your options before choosing an EDR solution.

Additionally, it is complex to use, and the pricing should be improved. 

View full review »
GS
Information Technology System Administrator at General Assembly

The support team of Carbon Black CB Response needs improvement. At present, they need a lot of information. Then they give you an answer that they already gave you. You tell them it didn't work, and then they take a long time. They then come back with a solution that may need to be more practical. Like, most of the suite I've supported over the years is MacOS. However, I have some Windows experience under my belt management for SCCM. The support from the Windows side is much better. But for Carbon Black, the support will tell you that you need to disable SIP and uninstall the Carbon Black agent.

We've looked at a few other products recently that seem to have a bit more granularity compared to Carbon Black. For example, what sort of network communications am I receiving using Carbon Black to connect catch in the binary running on a machine and the files? Regarding the things that I've received from Carbon Black, I don't get a sense that I could necessarily get good information if someone launched a fake Notepad executable or if it opened a bunch of backdoors and called out to the command control server because it was a piece of malware. I don't think Carbon Black at this current iteration will get me that information in a straightforward and easy-to-search way. So Carbon Black should improve and get more network communications information because it just stopped running out of giving anything.

View full review »
Matthew Weisler - PeerSpot reviewer
Sole Proprietor at Core-Infosec

The solution can only handle about 500 bans or blocks. You will start having performance issues and lagging for the agent and endpoint if you go beyond 500 blocks. If you need to add additional stuff, you really should move to Carbon Black Defense.

Training is needed to understand the built-in Python library because there is no console access. You need to build the back-end system or understand the server to utilize the Python library scripts for running reports. Otherwise, the library's capabilities are unutilized. 

View full review »
Buyer's Guide
VMware Carbon Black Cloud
March 2024
Learn what your peers think about VMware Carbon Black Cloud. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.
RB
IT Architect at Human Total Care

One area for improvement in VMware Carbon Black Cloud is the maturity of its vulnerability features. Currently, these features aren't robust enough to replace our existing vulnerability management tools.

View full review »
PB
Vice President (Head Information Security & Compliance) at INFINX SERVICES PVT LTD

Technical support for the solution should be improved because there is a scarcity of support teams in the Middle East.

View full review »
IT
Group CIO at a construction company with 10,001+ employees

This product has room for improvement in the cloud console. The cloud console has a lot of bugs and issues in the analysis part.

The additional features I would like to see included in the next release are IT access components. We need to have IT access as a feature like CloudStrike.

View full review »
Nhut Vu - PeerSpot reviewer
Presales Project Manager at FPT

The education and awareness of customers here in Vietnam for Carbon Black CB Response is not good at the moment. Not a lot of customers know about this solution.

Here in Vietnam, we mostly use Symantec and Trend Micro. I know Carbon Black CB Response is a very good product, but educating customers on why and how to use it, and how to market it, VMware Vietnam has not been doing a very good job, so that area could be improved. Areas for improvement would be training and education for both partner and customer, plus the marketing, particularly how to reach out to the customers.

The customers are not well educated on the product, so once they use it, they don't know what more they can do with it. They don't know that they can integrate Carbon Black CB Response with other VMware solutions or other products.

View full review »
MA
Senior Software Developer Engineer at Diyar United Company

The first thing they can do is make it more available. It's not highly available, so you have to have a core server. If the primary server goes down, you need a new one. It's not available at the same time, however. It's not automatically swapped from one server to another.

The second thing is that they need to have a multi-tenancy feature, especially for the MSSP model. We wanted to have this solution in our stock so we could create a different tenant or one tenant per customer.

They also have to have a bigger number of watch lists pre-configured already. They should add file integrity monitoring as well. One of the major things that attackers will try to do to is to modify files.

View full review »
Ricardo Franco Mahecha - PeerSpot reviewer
VMware Consultant at V2S Corporation

The solution's support could be improved.

View full review »
it_user835122 - PeerSpot reviewer
Cyber Security Manager at a insurance company with 51-200 employees

Cb Response is really designed to complement Carbon Black’s Defense product. While Response can be used on its own, coupling with Defense seems like the best strategy if you can afford the price tag. In the end, other antivirus tools and log aggregation solutions seem to have started to incorporate many of Cb Response’s signature features, lessening its value proposition for some organizations.

View full review »
MA
Senior Manager at a financial services firm with 1,001-5,000 employees

If Carbon Black could improve in the area or reducing the number of false positives or if there was a better way to filter out false positives that would enhance efficiency and utility. But in general, I think we are happy with the performance of Carbon Black.  

It would be nice to be able to consolidate all of our tools. We have Imperva for database monitoring, we have Red Cloak, we have Carbon Black, and we have Trend Micro. So when you end up installing multiple different tools that do various different things and they each come with their own agents that need to be on all the endpoints, it takes a toll on the utilization. One of the issues that we tend to encounter — especially when we have all these tools on all the endpoints — the number of agents can affect the performance of desktops and servers. So we get those issues from time to time because there are many agents on the endpoints. So it might be nice to either have a lighter-weight agent or an agent that encompasses multiple functions and different purposes for better integration so we do not have to install various tools.  

View full review »
AD
Security Analyst at a financial services firm with 10,001+ employees

They need to improve the batch console. It needs more capabilities. We are limited by the ones it provides, although we can type commands from the native operating system.

View full review »
it_user870717 - PeerSpot reviewer
Consulting IT Architect

The solution needs to simplify the process of adding custom watchlists, as well as embrace YARA for rule creation.

View full review »
SD
Cyber Defense Consulunt at a security firm with 11-50 employees

One of the big issues we're facing is that their solution doesn't support multi-tenants. The second area for improvement is that they have different products, but if we wanted to take their protection and their EPR, then we would need to have two agents. In our scenario, having a client work within the cloud is not an option, so we cannot extend the support for Carbon Black to provide the protection that comes from Carbon Black. This will cause resource consumption.

What I would like to see in the new platform is for it to have a higher visibility for being able to fix the solution. Having also just the visibility to separate the collectors on site. If the informed agent can connect to the collectors the ability to be connected to the management consult or superior management directly.

View full review »
MY
Senior Information Security Specialist at a tech services company with 1,001-5,000 employees

It's maybe it's too verbose. For a junior user or admin. You have to know some basic rules. It's not simple. For a junior engineer, it's confusing. It's hard to use Carbon Black Response. It will take time. It may take more than one year to understand the uses of the product.

I'd like the ability to see all the kernel-side features also on the client side.

View full review »
it_user835119 - PeerSpot reviewer
Technical Support Specialist at a financial services firm

The threat intelligence feed could use some fine tweaking. We are subscribed to FS-ISAC threat indicator, but have been unsuccessful in adding it to our alliance feeds. So, rather than Cb Response being able to pull the data from the feed, we have to manually blacklist MD5 hashes.

View full review »
it_user1009236 - PeerSpot reviewer
SOC Analyst at a tech services company with 201-500 employees

The dashboard should be more user-friendly. The additional features I would like to see included in the next release are better analytics and report generation.

View full review »
Buyer's Guide
VMware Carbon Black Cloud
March 2024
Learn what your peers think about VMware Carbon Black Cloud. Get advice and tips from experienced pros sharing their opinions. Updated: March 2024.
765,386 professionals have used our research since 2012.