If you were talking to someone whose organization is considering Carbon Black CB Response, what would you say?
How would you rate it and why? Any other tips or advice?
I do not think I have a lot of advice for people who are considering implementing the product at this point because most of our experience with the product has been relatively straightforward. I would just suggest that you have your white list set up before deploying if you are using automatic quarantine. Otherwise, it can cause issues in your operating environment. This is especially important if you are a sensitive location like a bank. In that case, automatic quarantine could be a big issue. On a scale from one to ten where one is the worst and ten is the best, I would rate Carbon Black CB Response as between an eight or nine. For our use case, I would say it is an eight.
We are using both on-premises and cloud deployment models. I would rate the solution eight out of ten. Carbon Black is a very good product, but you still have to work on it from the perspective of MLA analyzing and installation. You have to fine-tune it to create a watch list and so on. These are the main things that they need to work on in order to improve the EDR services on their product.
I recommend using Carbon Black, but get enough training before deploying. This is very important. On a scale from 1 to 10, I would rate this product an 8.5 overall.
I would rate this solution a nine out of ten.
On a scale from one to ten, I would rate Carbon Black CB Response at a nine. They should improve the dashboard and provide more helpful tools.
I would recommend anyone to go ahead with Carbon Black if they are looking for an EDR solution. From my experience with selling, some people have a misunderstanding of what it is they are supposed to do. I would recommend going with it but be aware that you will be overwhelmed with the number of receipts which require somebody to begin to follow up and investigate each incident. This is not something bad, it's something good because of the way that security goes, you need to go through every incident to understand whether it is a false positive or true positive so they need to be reviewed. This is not an automated solution, it's something that somebody needs to take care of. I would rate this solution as a 9.5 out of 10. We know what we are doing. We know we bought Carbon Black for a reason so we are aware of everything and it's doing its job. We see that there is an area for enhancement, I think the product or business unit or product management, they need to look more into an area for enhancement which is just part of it. So that is why I didn't give it a ten. A 9.5 fair for them. Maybe other people would think to get it lowered but because they have a misunderstanding about what Carbon Black is about.
What is the difference between Incident Detection Response (IDR) e.g. in Rapid7 InsightIDR and Endpoint Detection and Response (EDR) in other solutions?