Alternativas de Carbon Black EDR Mejor Valoradas
86 Carbon Black EDR Reseñas
Sentimiento General de la Reseña para Carbon Black EDR
Inicia sesión para ver el sentimiento de la revisión.
Response hints threats in real time so you get instant intelligence Reseña recopilada por y alojada en G2.com.
Would prefer for the Cb portfolio to all sit as one agent. Reseña recopilada por y alojada en G2.com.
After installling cb Response everyhing is visibel in your environment, and you can search through your events really easy. It doesn't matter what you want to find you can do a search on it very easy. Reseña recopilada por y alojada en G2.com.
Configuration is mostly done in conf files, and is not vrey user friendly. Not all supports have a deap linux experiance, whitch can be an problem when the product is based on linux. Reseña recopilada por y alojada en G2.com.
Our IR team loves the ability to get instant access to what has occurred on our endpoints in the organization. With the ability to instantly get access to the machine through Live response. Reseña recopilada por y alojada en G2.com.
The console can get a bit slow if you haven't put in appropriate filters. Reseña recopilada por y alojada en G2.com.
Cb response gives us excellent visibility into our endpoints. We have decided to balance our strategy and focus more on detection and response. We all know if the talented bad guys want to get in, they will. With Cb, I have a virtual video recorder on all my endpoints (servers and workstations) and alerting that is effective. It took us about a month to fine tune. Reseña recopilada por y alojada en G2.com.
The pricing model could improve. Given Cb's recent acquisitions and focus on "beyond AV", having the suite of products, including Protection makes most sense. But I find the pricing to be sometimes complex and expensive for cloud version. Reseña recopilada por y alojada en G2.com.
Integrated Threat Feeds, Integrations with SIEM, Detects threats not found by other methods. Great hunting and response tool. Reseña recopilada por y alojada en G2.com.
It would be nice if there were granular block actions that could be performed by the product. Reseña recopilada por y alojada en G2.com.
Really easy to use and brilliant 'workflow' . The community around this product is also great and it's easy to create rules/watch lists Reseña recopilada por y alojada en G2.com.
Would like to see better search result display options thT can be useful when hunting Reseña recopilada por y alojada en G2.com.
Carbon Black Enterprise Response proporciona una visibilidad impresionante en sus puntos finales. Poder ver la cadena de procesos de un ataque es muy útil para aprender cómo funcionan los ataques, prevenir que vuelvan a ocurrir y educar a nuestros usuarios. Muy fácil de desplegar agentes y comenzar a recopilar datos útiles. Muchas fuentes de inteligencia excelentes. Reseña recopilada por y alojada en G2.com.
He tenido algunos problemas con alertas recurrentes incluso después de marcarlas como Resueltas o Resueltas Falsos Positivos. Reseña recopilada por y alojada en G2.com.
The granular insight into what process/files are doing what to whom, and when. The watch lists provide a great way to triage suspicious activities and direct daily monitoring and incident response. Integration with CB Enterprise Protection (formerly bit9). Reseña recopilada por y alojada en G2.com.
We're still tuning, but the enormous amount of standard events are quite a bit to comb through. While it is a monitoring tool, i often have requests to produce reports to illustrate 'what this product is delivering for the company', which i've yet to find a good solution. Reseña recopilada por y alojada en G2.com.
Cb has provided us visibility into threat behavior beyond any product out there today. The ability to ban malicious files, create feeds, watch lists, open API, integrations with many other products (and ability to add other products easily), Live Response, isolation and much more, make Cb the differentiator over any other ETDR product on the market today.
Carbon Black provides the ability to also go back in time, which defeats a lot of other products in the space that only can go back a short period of time without disrupting the endpoint. The centralized infrastructure methodology makes sense for Cb as it technically can save money vs other products that will run CPU/mem to the max and begin to overwhelm the workstation/server. Cb is a very lightweight sensor, we see around 0-1% CPU, and 10-28Mb of memory. 28Mb on the high end for instances where it is a busy server like TMG or Exchange.
Cb is deployed to around 60k endpoints with no issues. We've had minor hiccups over time caused by Cb, but nothing widespread and nothing that wasn't fixed on the new patch level etc.
Working with Cb is probably one of the best things about the product. The PM team, engineering, executive team are all great people. Not forgetting the sales team, they are good people too. Everyone at Cb is committed to working and ensuring their product is the best. We have been with Cb since 4.2 and it has really grown a lot since.
the API - is probably one of the most important features to Carbon Black that many products out there fail at. The ability to automate and orchestrate a lot of threat hunting, or even remediation tasks is incredible. Many products fail at this part, or place in API in after the fact. Cb is also 100% committed to ensuring the API is very flexible. They have some of the best developers working it.
Integrations - Cb allows for many integrations, whether ones they've created or ones you create. It's very flexible.
Splunk - we use the cb-event-forwarder to dump most all data to Splunk. This allows us to quickly perform analytics on raw endpoint data. With this, we've taken our detection and response to the next level. Reseña recopilada por y alojada en G2.com.
Not a deal breaker in any sense -
1. High availability. Not really an issue since the sensors cache data until the cluster is back online.
2. Cluster upgrade process could be better.
3. Solr has got to go... Reseña recopilada por y alojada en G2.com.
Capacidad para grabar y reproducir eventos y capacidad de ajuste para grabar menos tipos de eventos para nodos con conectividad limitada o ancho de banda bajo. Excelente herramienta forense para comprender cómo ocurrió un ataque. Reseña recopilada por y alojada en G2.com.
Me encantaría una huella más pequeña en los dispositivos finales, pero CarbonBlack ya es menos intrusivo para el host que la mayoría de los productos que realizan esta función. Los informes personalizados también podrían ser más fáciles. Reseña recopilada por y alojada en G2.com.
