VMware Carbon Black EDR

VMware Carbon Black EDR

About TrustRadius Scoring
Score 8.6 out of 100
VMware Carbon Black EDR

Overview

Recent Reviews

Read all reviews

Reviewer Pros & Cons

View all pros & cons

Video Reviews

Leaving a video review helps other professionals like you evaluate products. Be the first one in your network to record a review of VMware Carbon Black EDR, and make your voice heard!

Return to navigation

Pricing

View all pricing
N/A
Unavailable

What is VMware Carbon Black EDR?

VMware Carbon Black EDR (formerly Cb Response) is an incident response and threat hunting solution designed for security operations center (SOC) teams with offline environments or on-premises requirements. Carbon Black EDR records and stores endpoint activity data so that security professionals can…

Entry-level set up fee?

  • No setup fee

Offerings

  • Free Trial
  • Free/Freemium Version
  • Premium Consulting / Integration Services

Would you like us to let the vendor know that you want pricing?

12 people want pricing too

Alternatives Pricing

What is CrowdStrike Falcon?

CrowdStrike offers the Falcon Endpoint Protection suite, an antivirus and endpoint protection system emphasizing threat detection, machine learning malware detection, and signature free updating. Additionally the available Falcon Spotlight module delivers vulnerability assessment with no performance…

What is AlienVault USM?

AlienVault® Unified Security Management® (USM) delivers threat detection, incident response, and compliance management in one unified platform. It is designed to combine all the essential security capabilities needed for effective security monitoring across cloud and on-premises environments,…

Return to navigation

Product Demos

Carbon Black Enterprise Response - Archive
01:41
Return to navigation

Features Scorecard

No scorecards have been submitted for this product yet..
Return to navigation

Product Details

What is VMware Carbon Black EDR?

VMware Carbon Black EDR (formerly Cb Response) is an incident response and threat hunting solution designed for security operations center (SOC) teams with offline environments or on-premises requirements. Carbon Black EDR records and stores endpoint activity data so that security professionals can hunt threats in real time and visualize the complete attack kill chain. It leverages the VMware Carbon Black Cloud’s aggregated threat intelligence, which is applied to the endpoint activity system of record for evidence and detection of these identified threats and patterns of behavior.

VMware acquired Carbon Black October 2019.

VMware Carbon Black EDR Video

Carbon Black Enterprise Response solution overview

VMware Carbon Black EDR Downloadables

VMware Carbon Black EDR Integrations

  • Infoblox

VMware Carbon Black EDR Competitors

VMware Carbon Black EDR Technical Details

Operating SystemsUnspecified
Mobile ApplicationNo
Supported LanguagesEnglish

Frequently Asked Questions

VMware Carbon Black EDR (formerly Cb Response) is an incident response and threat hunting solution designed for security operations center (SOC) teams with offline environments or on-premises requirements. Carbon Black EDR records and stores endpoint activity data so that security professionals can hunt threats in real time and visualize the complete attack kill chain. It leverages the VMware Carbon Black Cloud’s aggregated threat intelligence, which is applied to the endpoint activity system of record for evidence and detection of these identified threats and patterns of behavior. VMware acquired Carbon Black October 2019.

Tanium and CrowdStrike Falcon Endpoint Protection are common alternatives for VMware Carbon Black EDR.

The most common users of VMware Carbon Black EDR are from Mid-sized Companies (51-1,000 employees) and the Information Technology & Services industry.
Return to navigation

Comparisons

View all alternatives
Return to navigation

Reviews and Ratings

 (16)

Reviews

(1-2 of 2)
Companies can't remove reviews or game the system. Here's why
Score 8 out of 10
Vetted Review
Verified User
Review Source
VMware Carbon Black EDR is used for investigation of endpoint. It helps in looking out for any malicious activity in the host machines. We get various information about the activity like in which machine the event is occurring, occurrence time and what all events are being performed in the endpoint. It helps in checking all the network connections made by the machine , any modification in the files made in the machine, all the processes that are running in the machine can be checked using VMware Carbon Black EDR. It helps in creating custom watchlist of events also it has threat feeds for investigation.
  • Helps in tracking network connections made by machine
  • Process Tree which show series of workflow which clear and easy to understand.
  • Enables to go live into the machine and investigate
  • Number of false positive which are triggered due to threat feeds are sometimes more needs to be fine tuned by the client.
  • In very rare scenarios processes are not captured properly.
We are able to check if any phishing link was visited by the user or not.
To check for the whether any file is executed on the machine or not.
To check on which port connections are being made by the machine.
To create custom watchlist for alert to be investigated by an analyst.
To check every process executed in the machine for a specified range.
Score 8 out of 10
Vetted Review
Verified User
Review Source
Cb Response is used to investigate an endpoint. Investigate is a broad term and CarbonBlack allows us to perform numerous types of investigations. These range from finding out what happened on an endpoint, where, when, and how. This is not only used for tracking down suspicious or malicious behavior but also for human resources/legal use cases. What was a person doing during their day, what did they browse to (ability to pull the internet history files), what programs are they running, etc. This tool is also used to isolate/quarantine a host from the rest of the network so that it can be investigated safely. CB Response has numerous threat feeds out of the box and also allows you to input your own threat intelligence to build watchlists and alerts for analysts to investigate. Overall this is a great tool and is used everyday.
  • Process tree view of endpoint activity
  • Ability to pull files from host
  • Threat Intelligence integration
  • Isolate a host
  • Needs more defensive abilities
Investigating suspicious behavior on an endpoint, ability to kill processes and run files on the host. Ability to view every change made on a system in a timeline format. Ability to search across the enterprise for indicators of compromise. Ability to pull files from the host for further analysis. Ability to safely communicate with an endpoint by isolating it from the rest of the network
Return to navigation