Cb Response is great for endpoint investigation and response
June 12, 2019
Cb Response is great for endpoint investigation and response
Score 8 out of 10
Vetted Review
Verified User
Overall Satisfaction with Cb Response
Cb Response is used to investigate an endpoint. Investigate is a broad term and CarbonBlack allows us to perform numerous types of investigations. These range from finding out what happened on an endpoint, where, when, and how. This is not only used for tracking down suspicious or malicious behavior but also for human resources/legal use cases. What was a person doing during their day, what did they browse to (ability to pull the internet history files), what programs are they running, etc. This tool is also used to isolate/quarantine a host from the rest of the network so that it can be investigated safely. CB Response has numerous threat feeds out of the box and also allows you to input your own threat intelligence to build watchlists and alerts for analysts to investigate. Overall this is a great tool and is used everyday.
- Process tree view of endpoint activity
- Ability to pull files from host
- Threat Intelligence integration
- Isolate a host
- Needs more defensive abilities
- Increased visibility across the enterprise for threats
- Rapid ability to investigate and remediate threats
CB Response allows for a better view of what happened on the endpoint and provides more functionality out of the box then the FireEye Endpoint Security Product. CB Response allows you to basically have a remote connection into the CLI of an endpoint. This allows you to view the file system, run programs/scripts on the host, etc. FireEye Endpoint Security does not have this functionality.