Carbon Black Endpoint is an endpoint security and "next-gen antivirus (NGAV)" that uses machine learning and behavioral models to analyze endpoint data and uncover malicious activity to stop all types of attacks before they reach critical systems.
N/A
Kaspersky EDR Optimum
Score 8.9 out of 10
Mid-Size Companies (51-1,000 employees)
Kaspersky Endpoint Detection and Response (EDR) Optimum helps identify, analyze and neutralize evasive threats by providing easy-to-use advanced detection, simplified investigation and automated response. It is a basic EDR tool for mid-market organizations who are just starting to build their incident response processes.
$14.50
per year on a 3 year license (Pricing is for a 3-year commitment, calculated per year). 1 endpoint
Pricing
Carbon Black Endpoint
Kaspersky EDR Optimum
Editions & Modules
No answers on this topic
Kaspersky EDR Optimum
$14.50
per year on a 3 year license (Pricing is for a 3-year commitment, calculated per year). 1 and 2 year licenses also available. per endpoint
Offerings
Pricing Offerings
Carbon Black Endpoint
Kaspersky EDR Optimum
Free Trial
No
Yes
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
Yes
Entry-level Setup Fee
No setup fee
Optional
Additional Details
—
—
More Pricing Information
Community Pulse
Carbon Black Endpoint
Kaspersky EDR Optimum
Features
Carbon Black Endpoint
Kaspersky EDR Optimum
Endpoint Security
Comparison of Endpoint Security features of Product A and Product B
Cb Defense has been working very well in our organization. It is giving us much better insight into the applications that people are running on their systems (without authorization). This software is also great because it provides visibility into systems that are remote (off the network but still have Internet access). The out of band feature is great to help ensure that the systems are protected even when a user is traveling.
We have been using Kaspersky EDR Optimum for over 10 years, with the evolution of products reaching EDR now, we can verify the integrated responsiveness and visibility of our environment. Great protection tool on all OS. Very good value for money, with the new licensing, all business plans will now have native EDR.
History of Process Execution, really anything that happens in the system is easily seen within the Dashboard. I can determine if a bad actor has infected the system, be it malware, backdoor, rootkit, Trojan, then from that point, I can put the system into Quarantine.
Being able to quarantine the system from the Dashboard. With these type of tools, pulling the power and running a hard drive image is not needed. Put the system in quarantine, start the analysis. A year ago, the network engineer might move the system into a VLAN that has no access to anything, except the system performing the remote analysis... Now I do not have to rely on anyone to move a system, power it down, pull the drive, or image the drive. I can just start the analysis right from my workstation.
The Live Response, again goes hand in hand with the quarantine feature.
By now, I am sure you see a process. Its simple, and easy and all done from a cloud-based console, called the dashboard. .. deploy the agent, create the policy, and active live response, set up email alerts, and monitor your endpoints... you are now ready to perform a triage in the event of an infection. We have step 1, step 2, step 3... but, just remember, things do happen, nothing is perfect, but this product has its advantages.
KEDR Optimum is helping to see threat kill chain formation, which helps to get clear picture of the what exactly attacker was trying to do during attack.
We are crating prevent execution rules to block the threat in our complete infra.
Ioc scan to validate and remove the any active threat entry from our endpoints
Policy management can be cumbersome. It is simple to set up a single policy but you have no way to apply the rules to multiple groups. If you need to set up the same rule to multiple policies, you need to type it over again.
Agent updates can be very slow to deploy. We use a mix of rolling out updates via the web console and our management appliance. It can take several weeks to update all agents.
We can be confused on why a rule will apply to a file. Sometimes something is blocked but we don't understand why.
At the moment and unfortunately we'll not renew our licenses, due to the Russian conflict and the company policy that has forced us to get rid of any Russian related product. Before that incident, we were very happy with the product and we did not even think once about changing it... Maybe on the future...
The console of the product is very easy to use. It provides great detailed information about all aspects of things occurring on the endpoint. It was easy to deploy and set up. The centralized cloud-based interface has made it easy to add two domains and manage them under a single pane with multiple admins. The only reason I wouldn't give it a higher score is a little bit of lag between updated info from the clients and also the lack of accountability in the deployment process. You set the deployment up for multiple machines and can't easily see if it was successful and/or it takes a while to see if it succeeded or failed.
This item can always be improved, perhaps by pre-elaborating very long reports, such that they are built progressively so that when the user wants to consult them, the delay is minimal. It would also be interesting to have a warehouse of reports, which serves as a repository where they can be consulted whenever needed, adding AI capabilities that allow data to be linked together and improve the analysis and possible correlations of events.
First, I need to disclose that our support is provided by SecureWorks. We purchased CB Defense from them, and they provide 24x7 monitoring and notification services for the solution and its deployment on our endpoints. To date, we are very pleased with this arrangement
Cb is cloud-based and has a more advanced policy management. It also has better forensics information. Cost was similar, but Cb added cost savings in terms of IT management resources. We also have the ability to talk directly with engineers and have input on feature updates.
After several evaluations we concluded that the kasprsky provider has a solution for each processing environment we have.This impacts an excellent cost-benefit for achieving economies of scale on the company's infrastructure. On the other hand, we verified that during its operation, its level of effectiveness in terms of malware detection is excellent. Finally, it provides a desktop patch management solution that we found efficient and effective. Allowing you to automate the distribution of patches with a minimum staffing of technical personnel.
