TrustRadius
https://dudodiprj2sv7.cloudfront.net/product-logos/XA/fO/PO3SRD20BJKB.PNGCB Defense with Live Response ....What a wonderCb Defense has been deployed on all our endpoints. Its used to scan memory for process execution and used to for live response situations. We have a different policy setup for different departments, all depending on the business requirements. With the introduction of 3.2.2, The live response has given new meaning to our deployment strategy. We now have the ability to quarantine the endpoint and perform live analysis on the system. To give you an idea, if a system has triggered an alarm, we can login to the Dashboard, and see all the process executions, and a history of the system. If we see something "out of the norm" we can quarantine the system, access it remotely, and dump the memory, and transfer tools such as sys internals, and volatility to perform deeper analysis.,History of Process Execution, really anything that happens in the system is easily seen within the Dashboard. I can determine if a bad actor has infected the system, be it malware, backdoor, rootkit, Trojan, then from that point, I can put the system into Quarantine. Being able to quarantine the system from the Dashboard. With these type of tools, pulling the power and running a hard drive image is not needed. Put the system in quarantine, start the analysis. A year ago, the network engineer might move the system into a VLAN that has no access to anything, except the system performing the remote analysis... Now I do not have to rely on anyone to move a system, power it down, pull the drive, or image the drive. I can just start the analysis right from my workstation. The Live Response, again goes hand in hand with the quarantine feature. By now, I am sure you see a process. Its simple, and easy and all done from a cloud-based console, called the dashboard. .. deploy the agent, create the policy, and active live response, set up email alerts, and monitor your endpoints... you are now ready to perform a triage in the event of an infection. We have step 1, step 2, step 3... but, just remember, things do happen, nothing is perfect, but this product has its advantages.,I would like to see better integration with Alien Vault, other SIEM products such as Splunk has detailed instruction on the setup, but since we have 3 USM appliances within our organization, the integration would be key for us. Some say that data leakage occurs from collecting information being sent to the cloud. The way the system works is it basically looks at a system and decide after time what is normal process execution, then uploads this data on port 443 to the cloud. I have read that this data can be seen by 3rd parties, but I haven't seen it myself. ref: https://www.directdefense.com/harvesting-cb-response-data-leaks-fun-profit/ Sometimes I get some crazy alerts like Outlook has scraped memory due to Ransomware. Other times it's Word or Excel, even Chrome. I could go into the policy and start whitelisting, which by the way, whitelisting can be done within the alert, but who has time.,9,It actually stooped a memory scraper from stealing credit card data from our POS system. The casino was bought from awhile back, so coming into this place 4 years ago, we had a flat network. Not good with POS System. Well, a memory scraper was released (employee downloaded a game) and Cb Defense just killed it... This was before a live response, so we pulled the system from the network. I can't really say anything negative, at least from an ROI point of view.,,Trend Micro Endpoint Security, Tenable SecurityCenter, AlienVault USM, Tenable.ioCb Defense: Grab your threat hunting gear!We use Cb Defense across our entire organization as our primary endpoint protection solution. It not only provides advanced threat protection, but also gives us advanced management and forensics capabilities for threat hunting and investigations. Cb Defense goes beyond stopping threats by giving us the tools to contain and track active threats. It provides a critical piece to our security portfolio and is an essential part of our PCI compliance initiative.,It's Cloud based. Has reduced our on premise server footprint. Has also reduced all the management overhead. Specifically, frequent updates/upgrades. Mobile devices don't need to be connected to our network. Threat hunting and analysis. We are able to see a ton of forensic information. Management interface is intuitive and easy to use.,Tighter integration with its other products like Cb Protect. More specific controls for FIM.,9,A definite positive impact. It has decreased the amount of resources needed to manage an on-prem solution. It has increased our ability to defend against and react to advanced threats.,Symantec Endpoint Protection,Cb Protection, Tenable SecurityCenter, Mimecast Secure Email GatewayCb Defense NGAVWe are using Cb Defense for the whole organization. It is acting as our only antivirus agent. We use it to monitor and protect all endpoints. As a NGAV agent, it protects our endpoints from known and unknown malware threats.,Cb Defense was simple to deploy and set up. We used our system management appliance to deploy the agent to all Mac and Windows endpoints. The reporting features are great and have recently been improved. You can trace the activity to see what parent application is triggering the event and how it was done. Cb support has been really helpful tracking down issues and helping us to resolve them. Cb pro services was great working with us to deploy the agents and set up policies.,Policy management can be cumbersome. It is simple to set up a single policy but you have no way to apply the rules to multiple groups. If you need to set up the same rule to multiple policies, you need to type it over again. Agent updates can be very slow to deploy. We use a mix of rolling out updates via the web console and our management appliance. It can take several weeks to update all agents. We can be confused on why a rule will apply to a file. Sometimes something is blocked but we don't understand why.,9,We removed our legacy antivirus software that was not updating correctly and ended up being difficult to manage. This freed up more admin time for different tasks. We have run into issues with people running scripts that are not in the whitelisted directories. They are blocked and require urgent response to resolve. This can cause extra work and some time after hours support.,Cylance, SentinelOne and Webroot,Zendesk, JIRA Software, Atlassian ConfluenceCb Defense Stops Bad Guys ColdCb Defense is being used to stop 0-day threats and provide better antivirus/malware/spyware/pup protection than our old archaic AV. We are using the product across the organization effectively. We find the product easy to deploy and manage.,Provide analysis of where the the threat actually took place and how it worked it's way into the environment Stopping unknown threats and reporting on them appropriately Carbon Black support is a responsive team,Reporting for C-Level information Tailored email alerts templates Installation of the product needs third party tool for mass deployment,9,Cb Defense has had a positive impact on the business objectives since we've been able to check off "advanced threat prevention".,Cylance, Invincea and Digital Guardian Platform,McAfee ePolicy Orchestrator, Mimecast Secure Email Gateway, Palo Alto Networks PA-500
Windows, Linux, Mac
Cb Defense
4 Ratings
Score 9.0 out of 101
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>TRScore

Cb Defense Reviews

Cb Defense
4 Ratings
<a href='https://www.trustradius.com/static/about-trustradius-scoring' target='_blank' rel='nofollow'>trScore algorithm: Learn more.</a>
Score 9.0 out of 101
Show Filters 
Hide Filters 
Filter 4 vetted Cb Defense reviews and ratings
Clear all filters
Overall Rating
Reviewer's Company Size
Last Updated
By Topic
Industry
Department
Experience
Job Type
Role
Reviews (1-4 of 4)
  Vendors can't alter or remove reviews. Here's why.
Brody Wright profile photo
June 15, 2018

Review: "CB Defense with Live Response ....What a wonder"

Score 9 out of 10
Vetted Review
Verified User
Review Source
Cb Defense has been deployed on all our endpoints. Its used to scan memory for process execution and used to for live response situations. We have a different policy setup for different departments, all depending on the business requirements.

With the introduction of 3.2.2, The live response has given new meaning to our deployment strategy. We now have the ability to quarantine the endpoint and perform live analysis on the system. To give you an idea, if a system has triggered an alarm, we can login to the Dashboard, and see all the process executions, and a history of the system. If we see something "out of the norm" we can quarantine the system, access it remotely, and dump the memory, and transfer tools such as sys internals, and volatility to perform deeper analysis.
  • History of Process Execution, really anything that happens in the system is easily seen within the Dashboard. I can determine if a bad actor has infected the system, be it malware, backdoor, rootkit, Trojan, then from that point, I can put the system into Quarantine.
  • Being able to quarantine the system from the Dashboard. With these type of tools, pulling the power and running a hard drive image is not needed. Put the system in quarantine, start the analysis. A year ago, the network engineer might move the system into a VLAN that has no access to anything, except the system performing the remote analysis... Now I do not have to rely on anyone to move a system, power it down, pull the drive, or image the drive. I can just start the analysis right from my workstation.
  • The Live Response, again goes hand in hand with the quarantine feature.
  • By now, I am sure you see a process. Its simple, and easy and all done from a cloud-based console, called the dashboard. .. deploy the agent, create the policy, and active live response, set up email alerts, and monitor your endpoints... you are now ready to perform a triage in the event of an infection. We have step 1, step 2, step 3... but, just remember, things do happen, nothing is perfect, but this product has its advantages.
  • I would like to see better integration with Alien Vault, other SIEM products such as Splunk has detailed instruction on the setup, but since we have 3 USM appliances within our organization, the integration would be key for us.
  • Some say that data leakage occurs from collecting information being sent to the cloud. The way the system works is it basically looks at a system and decide after time what is normal process execution, then uploads this data on port 443 to the cloud. I have read that this data can be seen by 3rd parties, but I haven't seen it myself.
  • ref: https://www.directdefense.com/harvesting-cb-response-data-leaks-fun-profit/
  • Sometimes I get some crazy alerts like Outlook has scraped memory due to Ransomware. Other times it's Word or Excel, even Chrome. I could go into the policy and start whitelisting, which by the way, whitelisting can be done within the alert, but who has time.
Well suited for live response.
Well suited for process and memory monitoring.

Less appropriate for smaller organizations.
Read Brody Wright's full review
William Bocash profile photo
June 13, 2018

Review: "Cb Defense: Grab your threat hunting gear!"

Score 9 out of 10
Vetted Review
Verified User
Review Source
We use Cb Defense across our entire organization as our primary endpoint protection solution. It not only provides advanced threat protection, but also gives us advanced management and forensics capabilities for threat hunting and investigations. Cb Defense goes beyond stopping threats by giving us the tools to contain and track active threats. It provides a critical piece to our security portfolio and is an essential part of our PCI compliance initiative.
  • It's Cloud based. Has reduced our on premise server footprint. Has also reduced all the management overhead. Specifically, frequent updates/upgrades. Mobile devices don't need to be connected to our network.
  • Threat hunting and analysis. We are able to see a ton of forensic information.
  • Management interface is intuitive and easy to use.
  • Tighter integration with its other products like Cb Protect.
  • More specific controls for FIM.
Cb Defense is well suited for teams that are looking to reduce on-prem management and overhead and want more insights and forensics for their endpoint security. It is suited for companies needing to meet PCI requirements. It is not suited for teams looking for a "set it and forget it" solution. The real value with this product is the management and forensics, but you need staff that cares enough to use it.
Read William Bocash's full review
Eric Samuelson profile photo
June 06, 2017

User Review: "Cb Defense NGAV"

Score 9 out of 10
Vetted Review
Verified User
Review Source
We are using Cb Defense for the whole organization. It is acting as our only antivirus agent. We use it to monitor and protect all endpoints. As a NGAV agent, it protects our endpoints from known and unknown malware threats.
  • Cb Defense was simple to deploy and set up. We used our system management appliance to deploy the agent to all Mac and Windows endpoints.
  • The reporting features are great and have recently been improved. You can trace the activity to see what parent application is triggering the event and how it was done.
  • Cb support has been really helpful tracking down issues and helping us to resolve them.
  • Cb pro services was great working with us to deploy the agents and set up policies.
  • Policy management can be cumbersome. It is simple to set up a single policy but you have no way to apply the rules to multiple groups. If you need to set up the same rule to multiple policies, you need to type it over again.
  • Agent updates can be very slow to deploy. We use a mix of rolling out updates via the web console and our management appliance. It can take several weeks to update all agents.
  • We can be confused on why a rule will apply to a file. Sometimes something is blocked but we don't understand why.
Cb Defense works great to protect systems from known and unknown malware. It is simple to deploy and manage. You might run into some issues if you run a lot of unsigned applications or scripts in your IT environment. If that is the case, you can whitelist certain paths for your scripts to run. You can whitelist the individual applications and certs if you have them.
Read Eric Samuelson's full review
Christopher St.Amand profile photo
June 02, 2017

User Review: "Cb Defense Stops Bad Guys Cold"

Score 9 out of 10
Vetted Review
Verified User
Review Source
Cb Defense is being used to stop 0-day threats and provide better antivirus/malware/spyware/pup protection than our old archaic AV. We are using the product across the organization effectively. We find the product easy to deploy and manage.
  • Provide analysis of where the the threat actually took place and how it worked it's way into the environment
  • Stopping unknown threats and reporting on them appropriately
  • Carbon Black support is a responsive team
  • Reporting for C-Level information
  • Tailored email alerts templates
  • Installation of the product needs third party tool for mass deployment
Cb Defense is well suited for any active end user environment; downloading files, browsing internet, checking email and attachments. Though, I don't see as much of an added value in the server space since the product will not stop Exploits (that's not its function) and no one browses the internet a server.
Read Christopher St.Amand's full review

Cb Defense Scorecard Summary

About Cb Defense

Carbon Black offers Cb Defense, which is designed to go beyond a machine-learning antivirus to stop all types of attacks before they compromise an organization’s systems. The vendor says Cb Defense, with its prevention model, detection and response capabilities and single lightweight agent, is the future of antivirus.
Categories:  Antivirus

Cb Defense Screenshots

Cb Defense Competitors

Cb Defense Technical Details

Deployment Types:On-premise, SaaS
Operating Systems: Windows, Linux, Mac
Mobile Application:No
Supported Languages: English