TrustRadius Insights
Cb Defense by VMware Carbon Black Endpoint is used by organizations across various industries to address their endpoint security needs. …
Overview
What is Carbon Black Endpoint?
The VMware Carbon Black Endpoint solution (formerly Cb Defense) is an endpoint security and "next-gen antivirus (NGAV)" that uses machine learning and behavioral models to analyze endpoint data and uncover malicious activity to stop all types of attacks before they…
Recent Reviews
Pricing
N/A
Unavailable
What is Carbon Black Endpoint?
The VMware Carbon Black Endpoint solution (formerly Cb Defense) is an endpoint security and "next-gen antivirus (NGAV)" that uses machine learning and behavioral models to analyze endpoint data and uncover malicious activity to stop all types of attacks before they reach critical systems. Endpoint…
Entry-level set up fee?
- No setup fee
Offerings
- Free Trial
- Free/Freemium Version
- Premium Consulting/Integration Services
Would you like us to let the vendor know that you want pricing?
57 people also want pricing
Alternatives Pricing
What is Kaspersky EDR Optimum?
Kaspersky Endpoint Detection and Response (EDR) Optimum helps identify, analyze and neutralize evasive threats by providing easy-to-use advanced detection, simplified investigation and automated response. It is a basic EDR tool for mid-market organizations who are just starting to build their…
What is Kaspersky EDR Expert?
Kaspersky Endpoint Detection and Response (EDR) Expert provides endpoint protection, advanced detection, threat hunting and investigation capabilities and multiple response options in a single package. It is an EDR solution for IT security teams with more mature incident response processes,…
Product Details
- About
- Competitors
- Tech Details
- Downloadables
- FAQs
What is Carbon Black Endpoint?
Carbon Black Endpoint Screenshots
Carbon Black Endpoint Video
Cb Defense Demo
Carbon Black Endpoint Competitors
- Symantec Endpoint Security
- Sophos Intercept X
- Trend Micro Apex One
- McAfee Antivirus
Carbon Black Endpoint Technical Details
| Deployment Types | On-premise, Software as a Service (SaaS), Cloud, or Web-Based |
|---|---|
| Operating Systems | Windows, Linux, Mac |
| Mobile Application | No |
| Supported Languages | English |
Carbon Black Endpoint Downloadables
Frequently Asked Questions
The VMware Carbon Black Endpoint solution (formerly Cb Defense) is an endpoint security and "next-gen antivirus (NGAV)" that uses machine learning and behavioral models to analyze endpoint data and uncover malicious activity to stop all types of attacks before they reach critical systems. Endpoint Standard captures and stores endpoint activity, enabling a comprehensive view of any suspicious activity on endpoints, including visibility into the entire attack chain, so users can understand the impact of any attacks and take action.
VMware acquired Carbon Black October 2019.
Symantec Endpoint Security, Sophos Intercept X, and Trend Micro Apex One are common alternatives for Carbon Black Endpoint.
Reviewers rate Endpoint Detection and Response (EDR) and Infection Remediation highest, with a score of 9.7.
The most common users of Carbon Black Endpoint are from Mid-sized Companies (51-1,000 employees).
Comparisons
Compare with
Reviews and Ratings
(29)
Community Insights
TrustRadius Insights are summaries of user sentiment data from TrustRadius reviews and, when necessary, 3rd-party data sources. Have feedback on this content? Let us know!
- Business Problems Solved
- Pros
- Cons
Cb Defense by VMware Carbon Black Endpoint is used by organizations across various industries to address their endpoint security needs. With its advanced threat protection and management capabilities, the product serves as the primary antivirus agent, monitoring and protecting all endpoints from both known and unknown malware threats. Customers have reported that Cb Defense effectively stops 0-day threats and provides better protection compared to previous solutions against antivirus, malware, spyware, and potentially unwanted programs.
One key use case of Cb Defense is its ability to enable threat hunting and investigations through its advanced forensics capabilities. Users have found that the product goes beyond traditional threat prevention by offering tools to contain and track active threats. The Dashboard provides visibility into process executions and system history, allowing users to identify anomalies and take appropriate actions. This has been particularly useful in addressing potential endpoint infections and compromises in security.
Organizations have also found value in Cb Defense for its easy deployment and management, providing a seamless experience for users. It has replaced insufficient endpoint protection products across multiple lines of business within organizations. Users appreciate the next-gen AI capabilities and non-pattern-based approach to threat detection and prevention offered by Cb Defense.
Moreover, the introduction of version 3.2.2 has enhanced the deployment strategy by offering features such as the ability to quarantine endpoints and perform live analysis on systems. This has provided users with greater control and flexibility in managing potential threats. Additionally, Cb Defense plays a critical role in supporting PCI compliance initiatives, ensuring that organizations meet regulatory requirements.
Overall, customers have found Cb Defense to be an effective solution for their endpoint security needs. Its advanced threat protection, threat hunting capabilities, ease of use, and compliance support make it a valuable addition to any organization's security portfolio.
Dashboard's Helpful Monitoring: Users have found the Carbon Black Endpoint's Dashboard to be extremely helpful in monitoring process execution history and identifying malicious activities. Several reviewers have mentioned that it allows for easy detection of malware, backdoor, rootkit, or Trojan infections.
Quarantine Capability: The ability to quarantine a system directly from the Dashboard has been highly appreciated by users. This feature eliminates the need for manual intervention and allows for immediate analysis and response. Multiple reviewers have praised this functionality.
Seamless Live Response Integration: Reviewers have praised Carbon Black Endpoint's seamless integration of Live Response with the quarantine capability. This feature enables efficient analysis and troubleshooting directly from the user's workstation, eliminating additional steps such as pulling drives or creating hard drive images. Many users have spoken positively about this integrated functionality.
Integration with SIEM products needs improvement: Several users have expressed frustration with the integration capabilities of VMware Carbon Black Endpoint, particularly when it comes to Alien Vault and other SIEM products like Splunk. They have mentioned that detailed setup instructions are lacking, making it difficult to integrate effectively. This is especially problematic for organizations with multiple USM appliances.
Concerns about data leakage and third-party access: Some reviewers have raised concerns about the security of their data collected by the software. They have mentioned that the system uploads data to the cloud on port 443, which raises questions about potential visibility to third parties. These concerns highlight a need for clearer communication and reassurance regarding data privacy.
False positive alerts: A number of users have reported experiencing false positive alerts generated by VMware Carbon Black Endpoint. Examples include Outlook scraping memory being flagged as ransomware activity or triggers from Word, Excel, and Chrome resulting in unnecessary alerts. While some reviewers suggest whitelisting within the alert itself, they express a lack of time for manual actions required to address these false positives efficiently.
Attribute Ratings
Reviews
(1-5 of 5)Companies can't remove reviews or game the system. Here's why
September 15, 2019
Best "Bang for the Buck" in the NGAV field
We are utilizing the Carbon Black (Cb Defense) across all lines of business in our organization. We had previously been using Microsoft System Center Endpoint Protection (SCEP) and determined that it was insufficient to adequately protect us from threats. We researched 4 other products and ultimately determined that Cb Defense was the best "bang for the buck" when it came to NGAV solutions.
- Affordability was a huge factor in our decision to purchase this solution. The level of protection and the feature set provided was well above any of their competitors in the same price range.
- The ability to quickly triage alerts and to see the process-trees are what helps Cb Defense to stand out from their competitors. The process-tree helps us to immediately see what actions are taking place in the offending application and what responses were taken (or are needed).
- The agent is very light-weight and does not affect system performance of our clients.
- At times (depending on how your policy is configured) the system can be a little "noisy" in the sense that you can get many false positives. However, this is not so much of a "con" as it is a result of an overly-aggressive policy configuration.
- Configuring the policy will take some time to really "fine tune" it so that you strike a nice balance between false positives and letting questionable actions take place.
- Getting the software deployed via SCCM can be a pain.
93.33333333333334%
9.3
- Cb Defense is providing us ROI by helping to protect us from potential loss of revenue that would be caused by malware or a compromised account.
- The cost of implementing Cb Defense was (overall) more than we previously were spending with our old AV solution, however it is less expensive than some of their competitors so they are saving us money in that aspect.
- The Cb Defense software was very quick to stand up in our environment so we have saved money (in man hours) by the time savings of quickly being able to deploy.
We evaluated 3 other competitors and determined that Cb Defense was the best "bang for the buck" when it comes to Next-Generation Anti Virus. Their support (and sales) teams have been very helpful and offered a tremendous level of transparency. Our sales representative went above and beyond to work with us on making sure that the pricing fit in our budget. One of the other competitors that we reached out to never even contacted us back so they were immediately eliminated as a possible AV solution.
September 03, 2019
Cb Defense Provides Next Gen Security with great visiblity into what is occuring on your EndPoints
Cb Defense is being used as endpoint protection and product visibility. It is used across two entire organizations we monitor. We previously used Kaspersky and Trend Micro enterprise endpoint protection products. We decided we wanted a product that wasn't pattern based and had next-gen AI capabilities. Through this process, we decided Cb Defense filled that need.
- Cb Defense does a great job of monitoring the endpoint activities in great detail.
- Defense is a cloud-based offering and has an easy to use centralized interface.
- The alerts are very definable, and as such are easily refined to avoid getting too many extraneous alerts.
- The Cb salespeople have been very accommodating to get to price points that we as an SMB (with tight budgets) could afford.
- We have only needed support on a couple occasions (which is a positive), but they weren't able to really resolve either issue.
- This brings me to my second con, which is that we have only used three sensor packages (the installed client) and have had issues crop up with two out of three.
90%
9.0
- Like most security products, we keep layering on there isn't an ROI. We simply spend more and more.
- The positive cost aspect of Cb Defense is that, compared to other endpoint protection we have paid for, you seem to get a lot of value for the money at only slightly higher costs.
We like the visibility in Defense. The other two products would alert on a potential issue, but details of what actually occurred to cause the alert weren't readily apparent. Defense provides all the detail of where/what/who was doing something that was alert worthy. It also appears to be much more configurable to take an aggressive blocking stance and make it manageable.
June 15, 2018
CB Defense with Live Response ....What a wonder
Cb Defense has been deployed on all our endpoints. Its used to scan memory for process execution and used to for live response situations. We have a different policy setup for different departments, all depending on the business requirements.
With the introduction of 3.2.2, The live response has given new meaning to our deployment strategy. We now have the ability to quarantine the endpoint and perform live analysis on the system. To give you an idea, if a system has triggered an alarm, we can login to the Dashboard, and see all the process executions, and a history of the system. If we see something "out of the norm" we can quarantine the system, access it remotely, and dump the memory, and transfer tools such as sys internals, and volatility to perform deeper analysis.
With the introduction of 3.2.2, The live response has given new meaning to our deployment strategy. We now have the ability to quarantine the endpoint and perform live analysis on the system. To give you an idea, if a system has triggered an alarm, we can login to the Dashboard, and see all the process executions, and a history of the system. If we see something "out of the norm" we can quarantine the system, access it remotely, and dump the memory, and transfer tools such as sys internals, and volatility to perform deeper analysis.
- History of Process Execution, really anything that happens in the system is easily seen within the Dashboard. I can determine if a bad actor has infected the system, be it malware, backdoor, rootkit, Trojan, then from that point, I can put the system into Quarantine.
- Being able to quarantine the system from the Dashboard. With these type of tools, pulling the power and running a hard drive image is not needed. Put the system in quarantine, start the analysis. A year ago, the network engineer might move the system into a VLAN that has no access to anything, except the system performing the remote analysis... Now I do not have to rely on anyone to move a system, power it down, pull the drive, or image the drive. I can just start the analysis right from my workstation.
- The Live Response, again goes hand in hand with the quarantine feature.
- By now, I am sure you see a process. Its simple, and easy and all done from a cloud-based console, called the dashboard. .. deploy the agent, create the policy, and active live response, set up email alerts, and monitor your endpoints... you are now ready to perform a triage in the event of an infection. We have step 1, step 2, step 3... but, just remember, things do happen, nothing is perfect, but this product has its advantages.
- I would like to see better integration with Alien Vault, other SIEM products such as Splunk has detailed instruction on the setup, but since we have 3 USM appliances within our organization, the integration would be key for us.
- Some say that data leakage occurs from collecting information being sent to the cloud. The way the system works is it basically looks at a system and decide after time what is normal process execution, then uploads this data on port 443 to the cloud. I have read that this data can be seen by 3rd parties, but I haven't seen it myself.
- ref: https://www.directdefense.com/harvesting-cb-response-data-leaks-fun-profit/
- Sometimes I get some crazy alerts like Outlook has scraped memory due to Ransomware. Other times it's Word or Excel, even Chrome. I could go into the policy and start whitelisting, which by the way, whitelisting can be done within the alert, but who has time.
- It actually stooped a memory scraper from stealing credit card data from our POS system. The casino was bought from awhile back, so coming into this place 4 years ago, we had a flat network. Not good with POS System. Well, a memory scraper was released (employee downloaded a game) and Cb Defense just killed it... This was before a live response, so we pulled the system from the network.
- I can't really say anything negative, at least from an ROI point of view.
To be honest, it's the only one I have experience with... This was 4 years ago.
June 13, 2018
Cb Defense: Grab your threat hunting gear!
We use Cb Defense across our entire organization as our primary endpoint protection solution. It not only provides advanced threat protection, but also gives us advanced management and forensics capabilities for threat hunting and investigations. Cb Defense goes beyond stopping threats by giving us the tools to contain and track active threats. It provides a critical piece to our security portfolio and is an essential part of our PCI compliance initiative.
- It's Cloud based. Has reduced our on premise server footprint. Has also reduced all the management overhead. Specifically, frequent updates/upgrades. Mobile devices don't need to be connected to our network.
- Threat hunting and analysis. We are able to see a ton of forensic information.
- Management interface is intuitive and easy to use.
- Tighter integration with its other products like Cb Protect.
- More specific controls for FIM.
- A definite positive impact. It has decreased the amount of resources needed to manage an on-prem solution.
- It has increased our ability to defend against and react to advanced threats.
Cb is cloud-based and has a more advanced policy management. It also has better forensics information. Cost was similar, but Cb added cost savings in terms of IT management resources. We also have the ability to talk directly with engineers and have input on feature updates.
June 06, 2017
Cb Defense NGAV
We are using Cb Defense for the whole organization. It is acting as our only antivirus agent. We use it to monitor and protect all endpoints. As a NGAV agent, it protects our endpoints from known and unknown malware threats.
- Cb Defense was simple to deploy and set up. We used our system management appliance to deploy the agent to all Mac and Windows endpoints.
- The reporting features are great and have recently been improved. You can trace the activity to see what parent application is triggering the event and how it was done.
- Cb support has been really helpful tracking down issues and helping us to resolve them.
- Cb pro services was great working with us to deploy the agents and set up policies.
- Policy management can be cumbersome. It is simple to set up a single policy but you have no way to apply the rules to multiple groups. If you need to set up the same rule to multiple policies, you need to type it over again.
- Agent updates can be very slow to deploy. We use a mix of rolling out updates via the web console and our management appliance. It can take several weeks to update all agents.
- We can be confused on why a rule will apply to a file. Sometimes something is blocked but we don't understand why.
- We removed our legacy antivirus software that was not updating correctly and ended up being difficult to manage. This freed up more admin time for different tasks.
- We have run into issues with people running scripts that are not in the whitelisted directories. They are blocked and require urgent response to resolve. This can cause extra work and some time after hours support.
- Cylance, SentinelOne and Webroot
Some of the other products did not allow you to whitelist items on a Mac. We are a heavy Mac shop so this was a requirement. Cb Defense had superior reporting, making it easy to track what was happening on a machine and how to respond.
We ran known malware and zero days against all of the products and they protected the test system.
We ran known malware and zero days against all of the products and they protected the test system.