TrustRadius: an HG Insights company

Carbon Black EDR Reviews & Insights

Score8.2 out of 10

29 Reviews and Ratings

Community insights

TrustRadius Insights for Carbon Black EDR are summaries of user sentiment data from TrustRadius reviews and, when necessary, third party data sources.

Pros

User-Friendly GUI: Reviewers have consistently mentioned that the GUI of VMware Carbon Black EDR is good, indicating that the user interface is visually appealing and easy to navigate. Many users found it intuitive and convenient for managing the platform.

Efficient Performance: Several reviewers have praised the product for its efficient performance, stating that it does not consume excessive system resources. This suggests that VMware Carbon Black EDR is lightweight and runs smoothly without causing any significant impact on system performance.

Valuable Threat Insights: Users highly value VMware Carbon Black EDR's ability to go beyond cyberattack defense and enable endpoint detection and reaction - EDR. Many reviewers have expressed that it provides valuable insights into threat hunting, threat analysis, as well as incident response.

Carbon Black EDR Reviews

2 Reviews

Protect your endpoint with Carbon Black EDR

Rating: 8 out of 10
Incentivized

Use Cases and Deployment Scope

VMware Carbon Black EDR is used for investigation of endpoint. It helps in looking out for any malicious activity in the host machines. We get various information about the activity like in which machine the event is occurring, occurrence time and what all events are being performed in the endpoint. It helps in checking all the network connections made by the machine , any modification in the files made in the machine, all the processes that are running in the machine can be checked using VMware Carbon Black EDR. It helps in creating custom watchlist of events also it has threat feeds for investigation.

Pros

  • Helps in tracking network connections made by machine
  • Process Tree which show series of workflow which clear and easy to understand.
  • Enables to go live into the machine and investigate

Cons

  • Number of false positive which are triggered due to threat feeds are sometimes more needs to be fine tuned by the client.
  • In very rare scenarios processes are not captured properly.

Likelihood to Recommend

We are able to check if any phishing link was visited by the user or not.
To check for the whether any file is executed on the machine or not.
To check on which port connections are being made by the machine.
To create custom watchlist for alert to be investigated by an analyst.
To check every process executed in the machine for a specified range.
Vetted Review
Carbon Black EDR
1 year of experience

Cb Response is great for endpoint investigation and response

Rating: 8 out of 10
Incentivized

Use Cases and Deployment Scope

Cb Response is used to investigate an endpoint. Investigate is a broad term and CarbonBlack allows us to perform numerous types of investigations. These range from finding out what happened on an endpoint, where, when, and how. This is not only used for tracking down suspicious or malicious behavior but also for human resources/legal use cases. What was a person doing during their day, what did they browse to (ability to pull the internet history files), what programs are they running, etc. This tool is also used to isolate/quarantine a host from the rest of the network so that it can be investigated safely. CB Response has numerous threat feeds out of the box and also allows you to input your own threat intelligence to build watchlists and alerts for analysts to investigate. Overall this is a great tool and is used everyday.

Pros

  • Process tree view of endpoint activity
  • Ability to pull files from host
  • Threat Intelligence integration
  • Isolate a host

Cons

  • Needs more defensive abilities

Likelihood to Recommend

Investigating suspicious behavior on an endpoint, ability to kill processes and run files on the host. Ability to view every change made on a system in a timeline format. Ability to search across the enterprise for indicators of compromise. Ability to pull files from the host for further analysis. Ability to safely communicate with an endpoint by isolating it from the rest of the network
Vetted Review
Carbon Black EDR
3 years of experience