Protect your endpoint with Carbon Black EDR
Rating: 8 out of 10
IncentivizedUse Cases and Deployment Scope
VMware Carbon Black EDR is used for investigation of endpoint. It helps in looking out for any malicious activity in the host machines. We get various information about the activity like in which machine the event is occurring, occurrence time and what all events are being performed in the endpoint. It helps in checking all the network connections made by the machine , any modification in the files made in the machine, all the processes that are running in the machine can be checked using VMware Carbon Black EDR. It helps in creating custom watchlist of events also it has threat feeds for investigation.
Pros
- Helps in tracking network connections made by machine
- Process Tree which show series of workflow which clear and easy to understand.
- Enables to go live into the machine and investigate
Cons
- Number of false positive which are triggered due to threat feeds are sometimes more needs to be fine tuned by the client.
- In very rare scenarios processes are not captured properly.
Likelihood to Recommend
We are able to check if any phishing link was visited by the user or not.
To check for the whether any file is executed on the machine or not.
To check on which port connections are being made by the machine.
To create custom watchlist for alert to be investigated by an analyst.
To check every process executed in the machine for a specified range.
To check for the whether any file is executed on the machine or not.
To check on which port connections are being made by the machine.
To create custom watchlist for alert to be investigated by an analyst.
To check every process executed in the machine for a specified range.
Vetted Review
1 year of experience