2018-10-02T19:04:00Z

What needs improvement with Carbon Black CB Defense?


Please share with the community what you think needs improvement with Carbon Black CB Defense.

What are its weaknesses? What would you like to see changed in a future version?

Guest
1919 Answers

author avatar
PopularConsultant

It is still evolving, as we see. We started using the version 3.0. We've been migrating and upgrading as well, laterally, until version 3.2. So, we have been seeing a lot of improvements in general in terms of bug fixes and in terms of what are the things that we had encountered. I think they can probably bring in because there is a little bit of a gap between the native Antivirus solutions like Symantec or McAfee. So, you really can't say whether an end user will not be able to judge whether it's a Malware-free software that they are downloading or not. In those cases, if you have an application and a device control feature, I think it would be of great help.

2018-10-08T17:34:00Z
author avatar
Top 10Reseller

This solution could have greater granular control on how certain applications work. You are able to do the operation of allowing or disallow, or you can block unusual usage of an application, but they do not define it well. The PowerShell is being called in any way that the threat actor might use it versus an administrator. You are in a way taking this solutions' best guess at it or their understanding of it. They do not clearly tell you in technical terms how they make that determination. They should be more forthright about it, or if they can not tell us, they should just give us the control to make those selections. We are choosing it because at least we have that control where we do not have that same amount of control with other solutions like Cylance. However, they are still not telling us precisely what constitutes suspicious behavior, what actions, or what calls. It is a check box to say, lock if we have inappropriate use, or block if we have suspicious behavior. It would be helpful to tell us what that actually meant. In the future, I would like to see more granular control of PowerShell and more administrative tools.

2021-05-12T07:27:47Z
author avatar
Top 5LeaderboardReal User

In the next release, it would help if we can get better control over containers. This will help secure the containers in multiple environments. For example, we need to secure the Kubernetes containers. Apart from admin user login to see containers processes running, developers & operate team users also should be seeing the container's processes running.

2021-02-24T23:26:00Z
author avatar
Top 20Real User

It could be a bit complicated. You have to be very familiar with Carbon Black to understand what it is doing and why it is doing. I would like to have more explanations and simplification in the user interface. It would be good to get help and see more explanations. It should tell us that a software is blocked and the reason for it. It would be good to be able to build chains in terms of what caused what, what worked, and what caused an issue. We are now moving from Carbon Black to Cortex XDR. While choosing antivirus software, we were also looking at Carbon Black because it also has an antivirus package, and it is next-generation, but we were told that Carbon Black doesn't support firewalls. We have Palo Alto firewalls. We would have chosen this solution if it supported firewalls, in particular next-generation firewalls, but unfortunately, it doesn't. Therefore, we decided on Cortex XDR because it integrates with Palo Alto firewalls.

2021-01-23T19:25:33Z
author avatar
Top 20Real User

I can't think of any feature that needs to be enhanced or reviewed at this time. Some of the features that I see as an end-user, unfortunately, I haven't been able to see from a project management standpoint. I'm not sure if we're actually taking advantage of all the available features. I don't know if it's because we haven't configured it yet, or we are not using it. I'm not sure as to the logic of how we've decided to customize it. We've only really used it since February and therefore there may be more to do on that front. That's why it's hard to say if something is missing or if we just aren't utilizing it.

2021-01-16T05:10:33Z
author avatar
Top 5LeaderboardReal User

The whitelisting system, and the concept of it, overall, is pretty decent. The problem with the whitelisting capability is that it's pretty archaic. Based on all the security roles and the release privilege, it could take time for an application to be whitelisted and approved for use. The Mac support needs improvement, as it had next to none. The biggest problem we had was the Mac support. It had very little, and my C-suite is almost exclusively Mac, as is my marketing and development department.

2021-01-11T19:44:34Z
author avatar
Top 20Real User

The application control can be improved. It should also have an automatic update of the agents.

2020-11-20T07:47:34Z
author avatar
Top 20Real User

The solution needs better overall compatibility with other products.

2020-11-11T15:30:03Z
author avatar
Top 20Real User

Its compatibility can be improved. It did crash a server during deployment, which is not something that I want to happen. Its deployment should also be easier. The whole deployment cycle needs to be simplified. It is an enterprise solution, and to set it up right now, you have to be an expert.

2020-11-11T08:48:45Z
author avatar
Top 5LeaderboardReal User

To improve the ability to connect also feeds of third resources (communities).

2020-11-05T01:08:01Z
author avatar
Top 10Consultant

The feature set for the firewall needs improvement. I am looking forward to learning more about the integration with VMware at the hypervisor layer.

2020-10-11T08:58:21Z
author avatar
Top 10Real User

The EDR portion could be better. I'm not a big fan, but it works. The End Point Detection Response and the way it lays our processes with our endpoint and its detection engine, in the way that it detects the admin or alerts we based on a threat. I feel that they're a little behind on the market from my perspective. Overall, areas of improvement would be the EDR part, the detection, also the cloud console. If you're trying to write queries or something, it's very slow, just not robust. It's a cloud console so it should be fast. If I run a query and I press enter, if it took two seconds, it wouldn't give me a nice loading interface, because it's stuck. I would see an operating system most of the time. I feel like it should be faster. But as far as the price and everything, I think it's a good product.

2020-07-19T08:15:00Z
author avatar
Top 10Reseller

When you view the triage, it will show you everything within a given time frame, and not only the attack that caused the alert, which is what I want to see. It shows you all the events during that time, and that can be quite confusing. If they could focus on the alert and the event that the user wants to see, that would be better. There is also room for improvement on the reporting side, because it doesn't have reports. Many of our customers would prefer some kind of exportable report, like a summary. Carbon Black should have this feature.

2020-04-23T10:13:00Z
author avatar
Top 5Real User

As far as I know, Carbon Defense has nothing that can be installed on mobile devices. It lacks a defense solution for mobile devices, especially mobile tablets. I would like to see support for mobile devices and the pricing should be less than the pricing for a normal workstation. Also, there is not much education for customers about Defense versus its other products. They promote Defense as enough, but then they say if you need more protection you can go for CB Response. I don't know whether it's a technology issue or a marketing issue, but they should teach the customer more. They tell you you are secure with Carbon Defense but then they recommend Carbon Protect. There is not a lot of education on this. I don't want to have an incident in the future and their answer will be, "Sorry, you did not buy Protect." Security is a continuous process. I can accept that it has more features, but don't tell me, "You are not protected because you did not buy the more expensive product." In addition, these other products should be add-ons, not separate products. And the cost for them should be much less for adding on because you are already a customer. Finally, we receive a lot of high alerts. There is no priority system, from one to 10, where 10 is very dangerous and one is something easy. There is no way for us to tell why this alert is similar to that one.

2020-04-06T08:22:00Z
author avatar
Top 20Real User

This solution works well but needs lots of tuning and optimization.

2019-10-30T14:12:00Z
author avatar
Real User

The endpoint machines need improvement. The solution needs to be more effective for the end-user. It would be helpful to understand how to do some queries, but we’re still testing the solution right now, so everything is very new and we’re still learning the system.

2019-09-29T12:11:00Z
author avatar
Consultant

Symantec needs more investigative features out-of-the-box. Though, they are using the Advanced Threat Protection add-on to correct some of this. It is also not quite as feature-rich as some of the more advanced MDR platforms out there. Carbon Black needs to do a better job of proving their platform in the industry, and providing a bit more access to do industry testing with real world examples to help prove their platform. In additional, they have been actively porting over a lot of features from some of their other products, and they should continue to expand on that. Going forward, this will be extremely helpful.

2019-04-17T08:37:00Z
author avatar
Real User

The UI interface needs improvement. The management needs further work in future versions.

2018-10-28T09:33:00Z
author avatar
Vendor

In some areas one of the big issues for me is responsiveness to issues that arise with the solution. There are some components that leave a bit to be desired and/or that are bugs, or that even if it's a feature update request. These kinds of things are not the fastest company to respond to those. We did have a bug that was persistent for it's now going on two months and it hasn't been fixed. That is one of the drawbacks. This is really impacting what we need to do with it. But, the bigger issue is the organizational responsiveness to clients. In addition, I think there should be a cloud gateway. It needs to move into a transitory space between our On-Premise and external where it does not have to be in two separate instances. It should marry the two. Also, it would be good to have them working in the containerization space, as well. To have a mechanism for securing cloud modules a bit better. This would be ideal. It would help encompass more of the broad range security so we do not have to couple this with other outside solutions.

2018-10-02T19:04:00Z
Learn what your peers think about Carbon Black CB Defense. Get advice and tips from experienced pros sharing their opinions. Updated: June 2021.
509,570 professionals have used our research since 2012.