VMware Carbon Black Cloud Reviews

Carbon Black Cloud solution is an incredibly robust and capable EDR solution. I appreciate the instant malware search abilities in the Admin portal. It allows you to click a link that contains all the threat vectors and immediately scans your entire network for the threat. It also has an in-depth investigation section that you can use to track the history of a file to determine how it got into your network. The standard policies it has built-in are hardened but they allow you to tweak them for your company needs.

Carbon Black Cloud is a complex solution at times. If you are not a full-time security admin, the solution can be overwhelming. Beyond the initial setup and configuration, their support team will point you to their community for answers, which can leave you frustrated.

If you are already a Dell/VMWare customer, you won't regret staying in the family. Carbon Black Cloud is a very robust EDR solution that has a lot of features (although sometimes overwhelmingly so).

A full EDR solution was required from our insurance to satisfy our cyber protection policy. We are already a VMWare/Dell shop so it made sense to bring in their EDR solution.

Carbon Black Cloud Endpoint is a fantastic security solution to use within your IT infrastructure, it protects against malware, virus, zero-day threats and much more.

You can manage profiles of each assets and set their profiles accounting tho various policies

Carbon Black Cloud Endpoint tends to block genuine applications and processes even WSUS doesn't seem to have any luck whenever you run Windows updates; I think there could be a better implementation in its coding to learn and distinguish between good and harmful code within programs.

On a broader scale, though, Carbon Black Cloud Endpoint is a vastly excellent cloud security solution for small or large businesses that are looking into minimizing security threats and making sure their network infrastructure does not get compromised at all.

Immediate value on the endpoint. Much better than legacy AV.

The only downfall is sometimes the dashboard gets sluggish or has a bug with an update. Other than that the product and the value are tremendous.

Don't wait to deploy a NGAV. It is a crucial part of any functioning security stack.

CB Defense has prevented ransomware on multiple occasions and helped our team identify existing malware on the endpoints.

I love the visibility that it gives into your endpoints. You can see what happened before and after an attack was stopped which helps put together the whole story. I also like the idea of "streaming prevention", where its not just "good" or "bad" but if a good file tries to do something bad, it will also detect that.

It is in the cloud, so the console keeps changing and sometimes its hard to find things. Once you get used to it, it might change again.

Always do a Proof Of Concept to make sure it fits well with your environment.

Visibility into the endpoint is huge for us. It also has been better performance wise on Windows 10 devices than having Defender enabled.

With Cb Defense you have complete visibility on what happens on your endpoint. This product also automatically detect malicious activity based on various TTP (Tactics, Techniques, Procedures) used by threat actors. Cb Defense allows us to define a granular protection policy that can be customised for our unique environment. For example, you can even choose to block all unknown application from running or just blocking them from connecting to Internet.

Cb Defense also offer third party integration through API. Most of its core function can be accessed through this API. This makes so easy to integrate Cb Defense with your other security solution.

While the granular protection policy is very useful to balance protection and usability, it can be hard to define a policy. You need an experienced security analyst to do this. As of September 2019, Cb Defense does not have a comprehensive reporting capability.

Before we implement Cb Defense, we don't have enough visibility on our endpoints. We also have problem defining protection policy that work best with our environment. The previous endpoint security simply do not allow us to that easily. We even end up turning off several protection capabilities to avoid disruption in our services.

I love being able to deep dive into my endpoints/servers to see exactly what is going on, what users are doing, and what processes are being run. It helps me determine what applications and processes need to be whitelisted or blacklisted in my environment and allows me to actually report with througrough information on what is happening on our company endpoints.

Deployment. It takes some doing to get used to deploying the Cb Defense sensor. I understand the reasoning for using a script to install and inject your company information, but I would like an easier approach other than having to stage the app and a script to actually install the app. Currently, I use a conjunction of MDM tools and AWS S3 to push which is the easiest method I've found so far.

Be sure that you have a dedicated team to managing Cb Defense. It is not manageable in a larger environment by just a couple of people.

I come from more a wild-west sprint environment where we were not always sure what and where things were running. Cb helped me solve these problems by searching, gathering information, and compiling reports on the apps, services, scripts, code, processes and everything else that is running. This led us to be able to identify what user behavior we wanted to stop and it allowed us to stop it.

The ability to see the full life cycle of the file/attack and any lateral movement. But more importantly, the User Exchange puts experts from Incident Response companies and MSSP's at your disposal like a cool toy in every cereal box! You don't even have to be all that smart to see the latest threats and what they are doing to stop them.

I can't think of a single thing that I dislike.

Follow the guidelines from the User Exchange on implementation and you will have success.

System security.

The insight gained into the endpoints. It helps with hunting, investigating/response, and even troubleshooting.

There are some hiccups that we went through, but you find that with any product.

Take your time to fully vet the vendors you are looking into. Defense give you a lot, so, if you're leaning towards another vendor, ensure you are getting at least what they (Defense) have to offer.

Better insight into the endpoint and strengthening the protection of the endpoint.

It's cloud based and easily manageable. They provided plenty of educational material and reference, and worked with us directly during and after implementation to ensure success and satisfaction.

I haven't run into anything yet that I'm not liking. It's been solid, responsive, and provides more than enough insight, metrics, and endpoint control, as well as deployment options.

I highly recommend them. Based on value, features/functionality, and ease of use, as well as the support and attention we were provided for a successful deployment. I really can't say we ran into many (if any) roadblocks or 'bumps' along the way, and in production.

This protects our user endpoints and provides in-depth information and methods to handle potential threats. It's intuitive and has been a pleasure to use. The dashboard is also informative, easy to access, and gives plenty of both control, and insight.

I like that CbD is constantly improving it's threat detection and prevention.

There's not much I dislike about it so far. The few challenges I've faced are not having a static set of IP addresses to permit workstations through the firewall, and configuring the sensor to use a proxy. We ended up using a forward proxy to mitigate the issue with the dynamic range of servers. If you implement a proxy, after you've installed CbD, you'll have to reinstall the agent in order for the endpoint to utilize the proxy, because it currently has to be configured at the time of install.

This isn't a set it and forget AV solution, so make sure you're able to commit to spending time analyzing, tuning, and updating the system.

CbD offers protection from traditional file-based threats, but we haven't seen much of that for some time now, which is why we decided to migrate to a new solution. It offers much more control over an endpoint than traditional anti-virus. Most of the malware we're seeing comes in the form of scripts and macros that call upon other processes to deliver payloads, and this all happens in flash memory without dropping a file on the hard drive. CbD allows you to really control what applications can call on other processes, and tighten up your security as much as you'd like.