Skip to main content
TrustRadius
Carbon Black EDR

Carbon Black EDR

Overview

What is Carbon Black EDR?

Carbon Black EDR is an on-premise incident response and threat hunting solution designed for security operations center (SOC) teams with offline environments or on-premises requirements.

Read more

Learn from top reviewers

Return to navigation

Product Demos

CB demo VMWARE CARBON BLACK EDR

YouTube
Return to navigation

Product Details

What is Carbon Black EDR?

Carbon Black EDR is an on-premise incident response and threat hunting solution designed for security operations center (SOC) teams with offline environments or on-premises requirements. It records and stores endpoint activity data so that security professionals can hunt threats in real time and visualize the complete attack kill chain. It leverages the Carbon Black Cloud’s aggregated threat intelligence, which is applied to the endpoint activity system of record for evidence and detection of these identified threats and patterns of behavior.

Carbon Black EDR Video

Carbon Black Enterprise Response solution overview

Carbon Black EDR Competitors

Carbon Black EDR Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo
Supported LanguagesEnglish
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews From Top Reviewers

Community Insights

TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!

Users have found VMware Carbon Black's endpoint protection solution to be highly effective in improving endpoint security and reducing response time to attacks. The product offers robust malware protection for devices running Mac, Windows, and Linux, specifically Ubuntu and Red Hat. Customers appreciate the ability to pipe logs to an S3 bucket for archival purposes.

Key features such as watchlist management, vulnerability management, and malware analysis have been instrumental in threat hunting activities. The incident response capabilities of VMware Carbon Black EDR have proven valuable for SOC teams and incident responders. The product provides a comprehensive approach to securing endpoint networks through data collection, analysis, and threat detection mechanisms.

Users have found that traditional antivirus solutions are not as effective as VMware Carbon Black EDR in detecting advanced attacks. The product eliminates the need for downloading and deploying signatures by replacing signature-based antivirus systems. This has resulted in improved efficiency and faster response times.

One notable aspect users appreciate is the actionable insights provided by Carbon Black EDR, which simplifies the investigation process. The product's AI-based technology has garnered praise for its ability to predict and prevent viruses. Additionally, customers value the depth of telemetry provided by Carbon Black EDR, enabling effective threat hunting and incident response.

VMware Carbon Black EDR has significantly enhanced visibility into endpoints, making investigations and root cause analysis easier. Users have been able to quickly detect and isolate hosts affected by attacks, facilitating prompt response and mitigation. The product has also aided users in determining the source of infections and understanding the timeline of security incidents.

In sensitive environments where detailed visibility is crucial, VMware Carbon Black EDR has proved its worth. Users appreciate the added layers of endpoint security it provides along with granular inspection of processes. Furthermore, customers have utilized the incident response and forensics capabilities of Carbon Black to obtain actionable data instead of relying on guesswork.

The product includes threat feeds and allows users to input their own threat intelligence, enabling them to build watchlists and alerts for analysts. The visibility into endpoints provided by the product has been highly valuable for incident response and security investigations, helping users detect and contain threats while improving overall endpoint visibility.

Users have also found value in the memory retrieval feature of CB Response, which has proven useful for incident response purposes. Overall, customers have successfully leveraged VMware Carbon Black EDR to strengthen their security posture, enhance threat detection capabilities, and streamline incident response processes.

User-Friendly GUI: Reviewers have consistently mentioned that the GUI of VMware Carbon Black EDR is good, indicating that the user interface is visually appealing and easy to navigate. Many users found it intuitive and convenient for managing the platform.

Efficient Performance: Several reviewers have praised the product for its efficient performance, stating that it does not consume excessive system resources. This suggests that VMware Carbon Black EDR is lightweight and runs smoothly without causing any significant impact on system performance.

Valuable Threat Insights: Users highly value VMware Carbon Black EDR's ability to go beyond cyberattack defense and enable endpoint detection and reaction - EDR. Many reviewers have expressed that it provides valuable insights into threat hunting, threat analysis, as well as incident response.

Inadequate Vendor Support: Many users have expressed frustration with the vendor support, finding it to be inadequate and lacking in responsiveness. They have mentioned slow response times from the support team and the need for constant follow-up.

Limited Detection Abilities: Users have reported that the software is not able to detect and prevent several types of attacks effectively. Some users have raised concerns about its ability to provide comprehensive security due to these limitations.

Issues with Agent/Sensor: A significant number of users have encountered various problems with the agent/sensor. These include experiencing blue screen of death, high CPU utilization, bypassed agent, and high disk space utilization. These issues have negatively impacted the overall performance and reliability of the software.

Users commonly recommend the following when it comes to CB Response: Deploy CB Response as soon as possible. Many users believe that CB Response is a must-have tool for all security professionals. They recommend deploying it quickly to enhance incident detection and response capabilities.

Gain in-house knowledge or consider managed services. Users suggest having in-house knowledge or obtaining CB Response as a managed service to fully leverage its forensics capabilities. This allows for effective threat hunting and endpoint security.

Evaluate options and conduct thorough testing. It is recommended to thoroughly assess the readiness of the organization and explore all available options before using CB Response. Users also advise conducting proper testing to ensure that the current version meets specific requirements.

Overall, these recommendations emphasize the importance of timely deployment, acquiring expertise, and thoughtful evaluation to maximize the effectiveness of CB Response in enhancing security measures.

(1-2 of 2)

Protect your endpoint with Carbon Black EDR

Rating: 8 out of 10
April 15, 2022
Vetted Review
Verified User
Carbon Black EDR
1 year of experience
VMware Carbon Black EDR is used for investigation of endpoint. It helps in looking out for any malicious activity in the host machines. We get various information about the activity like in which machine the event is occurring, occurrence time and what all events are being performed in the endpoint. It helps in checking all the network connections made by the machine , any modification in the files made in the machine, all the processes that are running in the machine can be checked using VMware Carbon Black EDR. It helps in creating custom watchlist of events also it has threat feeds for investigation.
  • Helps in tracking network connections made by machine
  • Process Tree which show series of workflow which clear and easy to understand.
  • Enables to go live into the machine and investigate
Cons
  • Number of false positive which are triggered due to threat feeds are sometimes more needs to be fine tuned by the client.
  • In very rare scenarios processes are not captured properly.
We are able to check if any phishing link was visited by the user or not.
To check for the whether any file is executed on the machine or not.
To check on which port connections are being made by the machine.
To create custom watchlist for alert to be investigated by an analyst.
To check every process executed in the machine for a specified range.
Threat Intelligence
N/A
N/A
Threat Hunting Tools
N/A
N/A
Endpoint Security
N/A
N/A
  • It is helping to protect us from potential loss of revenue that would be caused by malware or a compromised account.
  • It took some time in deploying in the environment , but that time is much worth it because of the results we are getting now.
  • It helps in hunting, which help us check and protect our environment from any cyber attacks.
  • Microsoft Defender for Endpoint (formerly Microsoft Defender ATP)
It has better UI.
Microsoft Azure, Amazon WorkSpaces (VDI), Amazon Web Services

Cb Response is great for endpoint investigation and response

Rating: 8 out of 10
June 12, 2019
Vetted Review
Verified User
Carbon Black EDR
3 years of experience
Cb Response is used to investigate an endpoint. Investigate is a broad term and CarbonBlack allows us to perform numerous types of investigations. These range from finding out what happened on an endpoint, where, when, and how. This is not only used for tracking down suspicious or malicious behavior but also for human resources/legal use cases. What was a person doing during their day, what did they browse to (ability to pull the internet history files), what programs are they running, etc. This tool is also used to isolate/quarantine a host from the rest of the network so that it can be investigated safely. CB Response has numerous threat feeds out of the box and also allows you to input your own threat intelligence to build watchlists and alerts for analysts to investigate. Overall this is a great tool and is used everyday.
  • Process tree view of endpoint activity
  • Ability to pull files from host
  • Threat Intelligence integration
  • Isolate a host
Cons
  • Needs more defensive abilities
Investigating suspicious behavior on an endpoint, ability to kill processes and run files on the host. Ability to view every change made on a system in a timeline format. Ability to search across the enterprise for indicators of compromise. Ability to pull files from the host for further analysis. Ability to safely communicate with an endpoint by isolating it from the rest of the network
Threat Intelligence
N/A
N/A
Threat Hunting Tools
N/A
N/A
Endpoint Security
N/A
N/A
  • Increased visibility across the enterprise for threats
  • Rapid ability to investigate and remediate threats
CB Response allows for a better view of what happened on the endpoint and provides more functionality out of the box then the FireEye Endpoint Security Product. CB Response allows you to basically have a remote connection into the CLI of an endpoint. This allows you to view the file system, run programs/scripts on the host, etc. FireEye Endpoint Security does not have this functionality.
Return to navigation