2021-09-29T12:29:00Z

What's the difference between Carbon Black CB Response and Carbon Black CB Defense?

NC
  • 2
  • 2119
PeerSpot user
2

2 Answers

Real User
2021-11-01T08:31:29Z
Nov 1, 2021

Carbon Black offers two different levels of Endpoint Detection and Response. One is the VM Carbon Black Cloud Endpoint Standard (CB Defense), and the other is the Carbon Black Endpoint Detection and Response (EDR). We reviewed both and chose the CB Defense.


CB Defense is a next-generation antivirus and endpoint security solution. It uses machine learning and behavioral analytics to monitor endpoint activity and discover malicious activity. Once CB Defense detects a threat, it efficiently blocks harmful apps. It not only prevents any known threats but also prevents suspicious applications from running.


One of the advantages of CB Defense is that it protects multiple types of devices (desktops, laptops, and servers). It is a solution that works well for small and large organizations. We like the ease of use and visibility of the management portal. You can see the activity on all protected endpoints. Configuring policies is simple, too.


The only downside of CB Defense is that you cannot scan individual files on the endpoint.


Carbon Black Endpoint Detection and Response (EDR) is geared more to security operation center teams (SOC) with hybrid or on-premises environments. Unlike CB Defense, Carbon Black EDR stores endpoint activity data. This feature helps security analysts visualize the attack kill chain. Although focused on an on-premises environment, the platform uses the VMWare Carbon Black Cloud’s threat intelligence.


CB Response enables security teams to investigate an endpoint for suspicious activity. An advantage is that you can perform different types of investigations. Other advantages include seeing the process tree view of the endpoint and isolating and pulling files from a host. We also liked that you can see a timeline of changes made to a system. The defensive abilities are not as advanced as CB Defense, though.


Conclusion


Both solutions protect endpoints with advanced features. CB Defense is more useful for organizations. CB EDR offers deeper investigation features so that it could be a better solution for SOCs.

Product comparison that may be of interest to you
DM
Real User
2021-10-18T11:51:13Z
Oct 18, 2021

Neither, we have optimal results with Cynet.

Find out what your peers are saying about VMware Carbon Black Cloud vs. VMware Carbon Black Endpoint and other solutions. Updated: March 2024.
763,955 professionals have used our research since 2012.

Related Q&As