2018-10-02T19:04:00Z

What advice do you have for others considering Carbon Black CB Defense?

12

If you were talking to someone whose organization is considering Carbon Black CB Defense, what would you say?

How would you rate it and why? Any other tips or advice?

ITCS user
Guest
2121 Answers

author avatar
Top 5LeaderboardReal User

Be careful of the need to piece together multiple solutions to get the same features offered by some of the competition.  The price won't look so appealing by the time you get apples to apples comparison.

2020-07-01T11:36:53Z
author avatar
Top 20Real User

We have deployed different versions of the solution. At this moment we have 3.5 or we have, for example, for Windows we have 3.1. We deploy it to many computers and in different countries. You need to upgrade or maybe you need to downgrade, depending on the device it's attached to. For example, we have many servers including 2016 and 2019 versions, and then we have different versions of Windows. When we decide to deploy a new version we deploy it throughout the region. We have been in America, Asia, and Europe. I'd advise other potential users that, like any solution, you need to know how to use it, you need to know how to implement, and you need to know how to do the best configuration and update that configuration. If you don't have a good configuration on any application, it will work not for you. In general, the solution is good. I would rate it at an eight out of ten.

2021-06-29T12:53:03Z
author avatar
Top 20Reseller

My advice to others is to take advantage of the POC and work with your POC rigorously. I think we have good responses on the POC as they get closer and closer to wanting to close. We were able to get stronger and stronger and more timely support. It is a good program and they are very fair about it. In any EDR, I would test them heavily and do not rely on marketing. When applying an overall rating to this solution I do not think there are any tens in the marketplace. We very pleased and we evaluate this every year or two. In our POC, we had 200 samples including ones that were available but not as popular and we received a 100% efficacy. We were very pleased with the results. I rate Carbon Black CB Defense an eight out of ten.

2021-05-12T07:27:47Z
author avatar
Top 5LeaderboardReal User

On a scale from one to ten, I would give Carbon Black CB Defense a seven.

2021-02-24T23:26:00Z
author avatar
Top 20Real User

It does everything that we need. We can configure it very strongly and lock the environment, which sometimes can create an administrative headache for us and some hassle for users because the users cannot install some of the software and have to ask us to enable the software, but it is exactly what we wanted. I'm pretty happy with this solution, but unfortunately, at this point, we will have to stop using this solution, but this is not what we want. We are going to use Cortex XDR, but we are not sure if it is possible to work back to back with Carbon Black. Cortex initially told us that Carbon Black and Cortex XDR are not compatible, but it was just word of mouth. At the same time, Carbon Black is not on their incompatible products list. It would be good if these two are compatible because I can imagine the amount of time it would take to translate all the rules from Carbon Black to Cortex and handle all errors and other things. I would rate Carbon Black CB Defense a nine out of ten.

2021-01-23T19:25:33Z
author avatar
Top 20Real User

We're just customers and end-users. We don't implement this solution for clients or anything like that. I'm not sure which version of the solution I'm using. It might be the latest, however, I can't say for sure. We use it at a bank for our endpoints. Therefore, it's likely the latest. There are between 20,000-30,000 people using the solution within our organization. It's definitely 20,000 at least. I would advise others to basically set the expectations as far as the features they expect or need from a security solution. This solution can't solve problems related to security practices within the company. Internal policies must be in place. Then, figure out how to integrate this solution and its available features into your internal security protocols. Overall, I would rate the solution at a nine out of ten. We've been pretty happy with the product so far.

2021-01-16T05:10:33Z
author avatar
Top 5LeaderboardReal User

For others who are interested in using Carbon Black, I would recommend checking your use case. If your use case is Linux and Mac, then it will be problematic, based on my experience. These days, with VMware taking them over, I'm willing to bet that that's going to change. I see some redemption in their future, with VMware owning them. VMware is a very strong player in the workspace, and especially with their workspace tool that VMware's building to work with Windows, Mac, and Linux clients, in order to do VDI. For the Windows endpoints, it was incredibly useful, nothing got through it, which is a bad thing in some cases because we hadn't tagged the certificate platform appropriately. So, it's a bit of an improvement needed there, but the biggest complaint is around the operating systems not being available. I would rate Carbon Black CB Defense a seven out of ten.

2021-01-11T19:44:34Z
author avatar
Top 20Real User

I would recommend this solution. We are going to keep providing this product. I would rate Carbon Black CB Defense a six out of ten.

2020-11-20T07:47:34Z
author avatar
Top 20Real User

We're just a customer. We don't have any business affiliation with Carbon Black. We're currently using the latest version of the solution. Overall, I would rate the solution seven out of ten.

2020-11-11T15:30:03Z
author avatar
Top 20Real User

I would advise making sure that it won't cause problems with your servers. Whenever possible, it is good to fully test a product before deploying it. I would rate this solution an eight out of ten. It needs better ease of use and deployment.

2020-11-11T08:48:45Z
author avatar
Top 5LeaderboardReal User

Overall, this is a very good product. I would rate this solution a ten out of ten.

2020-11-05T01:08:01Z
author avatar
Top 20Consultant

I would recommend Carbon Black CB Defense for anyone who is interested in implementing this solution. I would rate Carbon Black CB Defense and eight out of ten.

2020-10-11T08:58:21Z
author avatar
Top 20Real User

We have the cloud center, however, the application's installed on each endpoint individually. Each client machine has it installed, locally, so it's off-premises for us. I'm assuming that they would be running on individual client PC. The software is run here, we manage it within the cloud atmosphere. We were an authorized reseller or we were an authorized business associate of Carbon Black. Since that's moved under Dell, I don't think that's a thing anymore. I would state that as we are mainly a Dell shop, we're an all in Dell shop. And so that's just a business decision we've made. We were a Dell VMware Carbon Black client and we had a relationship with them that preexisted our Dell partnership. Before Dell acquired Carbon Black, we were a partner of Carbon Black's. We had acquired this technology and we were utilizing this technology for several years in advance of that acquisition. I'd recommended Carbon Black CB Defense 100%. I would rate this solution an eight out of ten.

2020-10-01T09:57:00Z
author avatar
Top 20Real User

The implementation is very easy but the security aspects could be better. If you don't have a SIEM solution in your organization, you're probably engaging via email.But there's no way to point me to customize the email templates if I want to see more information on that email before going to the console. It's still a business and company, but I'm the only one who is managing everything. So when I see the email on my phone, I want to see more information before logging into the console. I want to see more filtering options to narrow down more field training. I also wish it was easier and more intuitive in terms of searching for queries. I feel like it should be simpler. It doesn't make sense to have it this hard. I would rate it a seven out of ten.

2020-07-19T08:15:00Z
author avatar
Top 20Reseller

I would recommend this product to other people.

2020-04-23T10:13:00Z
author avatar
Top 20Real User

My advice is to get enough information about the differences in Carbon Black products from day one. In other words, if Carbon Black is claiming that Carbon Black CB Defense is enough, why are they always promoting the more expensive product, which is Carbon Black Protect? So, you need to be educated well about the differences between the products. Also, look at the roadmap of the product regarding whether there will be good mobile protection for mobile users or not. And be aware of the minimum license purchasing policy. The number of people for maintenance of the solution depends on how your environment is structured, but in our company I need five people.

2020-04-06T08:22:00Z
author avatar
Top 20Real User

We did a POC with the solution. We’re still in the process of testing it, so we’re still learning the system. I would rate the solution eight out of ten.

2019-09-29T12:11:00Z
author avatar
Consultant

Symantec aligns with a more traditional antivirus that a lot of people are just more familiar with. It has traditional signature sets, exceptions, and policies. When you're talking medium sized implementations, where it's several hundred or a couple thousand endpoints, it's pretty straightforward. The learning curve with Carbon Black is considerably more extensive. You have considerably more ability in the platform to do investigations and custom policies, as it can do more in-depth searches and queries about what's actually going on at an endpoint level, which you don't have with Symantec. You really have to understand exactly what you're trying to accomplish. The product itself works quite well. It's pretty intuitive, but there is so much more data and capabilities at your fingertips. It definitely takes more time to learn it. If you are evaluating these products: Evaluate what your enterprise looks like and what your current security controls are. Understand what exists, what needs to be protected, and what other tools there are in the organization. This makes a big difference in the decision-making process. For example, Carbon Black is 100 percent cloud-based. There is no on-premise option. If you have requirements for systems that can't access the internet, whether it be classified environments or otherwise, it's more difficult to get as much value out of a system which is only cloud-based if you have air gaps. A more traditional on-premise solution might work better, like Symantec, in this scenario. However, if you have a largely mobile workforce with a lot of high risk employees who travel, having cloud-based works perfectly for that sort of environment, as you're getting data with the ability to access and respond to issues regardless of where systems are, as long as they're online. However, if EDR tools already exist in an environment, you might not need a full in-depth product, like CarbonBlack, where a more traditional antivirus coupled with another EDR product might get you the capabilities that you need. Albeit, it would require multiple products to cover the environment. I would rate Carbon Black as a nine out of ten, because it provides industry leading features, which give us the ability to do the investigations that we need to. It just makes an enormous difference. I would rate Symantec as a seven out of ten. It works quite well. It is feature-rich, stable, more traditional product.

2019-04-17T08:37:00Z
author avatar
Real User

I would advise Carbon Black to work on the automation and make it a bit easier for the solution.

2018-10-28T09:33:00Z
author avatar
Consultant

In terms of the fixes from what the behavior was with the environment, it has been evolving. And the only thing that could be improved is enabling Carbon Black to be a part of the image so that when we are doing a image refresh, Carbon Black would be present by default. But in the current conditions, by definition, it needs to have an internet connection for you to install Carbon Black. Because it connects to the cloud as a first step after you start the installation. So, since we cannot have that kind of a set up for an image, we are not able to put it into an image, basically. So if there comes any kind of a version where it can be done, probably it might be more helpful in terms of a mass deployment. They might have to create a little bit of better knowledge base articles which will give us an insight as to how this is working and what logs we can look into for analysis. The gap can be made much shorter in that aspect. The report generation and trend analysis or data analysis can be improved.

2018-10-08T17:34:00Z
author avatar
Vendor

* Make ssure that your firewall ports open and really test communication back to their server. * Make sure you don't have anything else that may be impeding it. * If you are dealing with any PIA countries or GSA (also known as TAA) countries, make sure you're working through their work councils. * Make sure you look at a holistic perspective and have a plan in place on how to use this tool.

2018-10-02T19:04:00Z
Learn what your peers think about Carbon Black CB Defense. Get advice and tips from experienced pros sharing their opinions. Updated: July 2021.
521,817 professionals have used our research since 2012.