Carbon Black EDR
Editedit
Carbon Black EDR
By Carbon Black
Show rating breakdown
4.4 out of 5 stars
See all 86 Carbon Black EDR reviews
Save to My Lists
Claimed
Claimed
This profile has been claimed by Carbon Black EDR, but it has limited features.
Do you work at Carbon Black EDR? Upgrade your plan to update branding and connect with profile visitors!

Top Rated Carbon Black EDR Alternatives

Coro Cybersecurity
(210)
4.7 out of 5
Visit WebsiteNew Tab
SponsoredYou’re seeing this ad based on the product’s relevance to this page. Sponsored content does not receive preferential treatment in any of G2’s ratings.
Microsoft Defender for Endpoint
(306)
4.4 out of 5
SentinelOne Singularity
(183)
4.7 out of 5
See all Carbon Black EDR Alternatives

Carbon Black EDR Reviews & Product Details - Page 8

Editadmin

Carbon Black EDR Overview

Editedit
What is Carbon Black EDR?

Carbon Black EDR is a market-leading incident response and threat hunting solution designed to provide responders with the most information possible, accompanied by expert threat analysis and armed with real-time response capabilities to stop attacks, minimize damage and close security gaps. Carbon Black EDR makes these teams more efficient, reducing investigations from days to hours, and more effective, enabling them to discover threats before attacks can exploit them. Carbon Black EDR also allows teams to connect to and isolate infected machines to prevent lateral movement and remediate devices without costly IT involvement. Continuous and Centralized Recording Centralized access to continuously recorded endpoint data means that security professionals have the information they need to hunt threats in real time as well as conduct in-depth investigations after a breach has occurred. Live Response for Remote Remediation With Live Response, incident responders can create a secure connection to infected hosts to pull or push files, kill processes, perform memory dumps and quickly remediate from anywhere in the world. Attack Chain Visualization and Search Carbon Black EDR provides intuitive attack chain visualization to make identifying root cause fast and easy. Analysts can quickly jump through each stage of an attack to gain insight into the attacker’s behavior, close security gaps and learn from every new attack technique to avoid falling victim to the same attack twice. Automation via Integrations and Open APIs Carbon Black boasts a robust partner ecosystem and open platform that allows security teams to integrate products like Carbon Black EDR into their existing security stack.

Carbon Black EDR Details
Discussions
Carbon Black EDR Community
Languages Supported
English
Show LessShow More
Product Description

Carbon Black EDR is an incident response and threat hunting solution designed for security teams with offline environments or on-premises requirements. Carbon Black EDR continuously records and stores comprehensive endpoint activity data, so that security professionals can hunt threats in real time and visualize the complete attack kill chain. Top SOC teams, IR firms and MSSPs have adopted Carbon Black EDR as a core component of their detection and response capability stack. Carbon Black EDR is available via MSSP or directly via on-premises deployment, virtual private cloud or software as a service.

How do you position yourself against your competitors?

Carbon Black EDR benefits security teams by providing faster end-to-end response and remediation, accelerated IR and threat hunting with continuous endpoint visibility, rapid identification of attacker activities and root cause, remote access to infected endpoints for in-depth investigation, better protection from future attacks through automated hunting, and unlimited retention and scale for the largest installations. Key capabilities include out-of-the-box and customizable behavioral detection, multiple customizable threat intel feeds, automated watchlists, process and binary search of centralized data, interactive attack chain visualization, Live Response for rapid remediation and more. Carbon Black EDR leverages the VMware Carbon Black Cloud’s aggregated threat intelligence, which is applied to the endpoint activity system of record for evidence and detection of these identified threats and patterns of behavior. Customers that augment or replace legacy antivirus solutions with Carbon Black EDR do so because those legacy solutions lack visibility and context, leaving customers blind to attacks.

Seller Details
Seller
Carbon Black
Year Founded
2002
HQ Location
Waltham, MA
LinkedIn® Page
www.linkedin.com
370 employees on LinkedIn®
Description

Carbon Black empowers top security teams to close the Risk Gap they face today. Specific directed attacks are now the cybercrime norm, and no business is exempt. There’s increasing cyber-insurance scrutiny, and government regulations continue to get stricter. In this context, security teams can no longer rely on general security platforms alone. Rather, teams must be empowered with deeper visibility and more control in order to tailor response to their unique environment. With Carbon Black, security teams have unprecedented ability to see directed attacks, contain potential impact, change policies with no user interruption, prevent repeat incidents, and measure what they stopped.

HB
Overview Provided by:
Hope Boyer

Recent Carbon Black EDR Reviews

Abhijeet K.
AK
Abhijeet K.Small-Business (50 or fewer emp.)
5.0 out of 5
"My experience with the product was great!"
The Corbon Black EDR is a powerfull cybersecurity solution designed to provide real time visibility into endpoint activities, enabling advanced thr...
Read more
Verified User
U
Verified UserMid-Market (51-1000 emp.)
4.0 out of 5
"Powerful Endpoint Visibility and Threat Hunting Tool"
Carbon Black EDR excels in presenting deep visibility into endpoint hobby, that is critical for real-time danger detection and response. The abilit...
Read more
Martins O.
MO
Martins O.Mid-Market (51-1000 emp.)
5.0 out of 5
"Endpoint Detection & Response (EDR) Software"
Carbon Black EDR has ability to monitors endpoint abd capture how data is processes, file execution and file paths, the network connection. It help...
Read more
Security Badge
This seller hasn't added their security information yet. Let them know that you'd like them to add it.
0 people requested security information

Carbon Black EDR Media

Carbon Black EDR Demo - Binary Search
Binary Search
Carbon Black EDR Demo - Event Collection
Event Collection
Carbon Black EDR Demo - Live Query
Live Query
Carbon Black EDR Demo - Live Response
Live Response
Carbon Black EDR Demo - Process Analysis
Process Analysis
Carbon Black EDR Demo - Process Search
Process Search
Answer a few questions to help the Carbon Black EDR community
Have you used Carbon Black EDR before?
Yes

86 Carbon Black EDR Reviews

4.4 out of 5
The next elements are filters and will change the displayed results once they are selected.
Search reviews
Popular Mentions
The next elements are radio elements and sort the displayed results by the item selected and will update the results displayed.
Hide FiltersMore Filters
The next elements are filters and will change the displayed results once they are selected.
  • Company SizeExpand/Collapse Company Size Filter
  • User RoleExpand/Collapse User Role Filter
  • CategoryExpand/Collapse Category Filter
  • IndustryExpand/Collapse Industry Filter
  • RegionExpand/Collapse Region Filter
The next elements are filters and will change the displayed results once they are selected.
  • Sort By:
    G2 Sort
86 Carbon Black EDR Reviews
4.4 out of 5
  • Sort By:
    G2 Sort
86 Carbon Black EDR Reviews
4.4 out of 5
  • Sort By:
    G2 Sort

Carbon Black EDR Pros and Cons

How are these determined?Information
Pros and Cons are compiled from review feedback and grouped into themes to provide an easy-to-understand summary of user reviews.
Pros
Cons

Overall Review Sentiment for Carbon Black EDRQuestion

Time to Implement
<1 day
>12 months
Return on Investment
<6 months
48+ months
Ease of Setup
0 (Difficult)
10 (Easy)
Log In
Want to see more insights from verified reviewers?
Log in to view review sentiment.
G2 reviews are authentic and verified.
Here's how.
Verified User in Computer & Network Security
AC
Small-Business(50 or fewer emp.)
More Options
Validated Reviewer
Review source: G2 invite
Incentivized Review
What do you like best about Carbon Black EDR?

Response hints threats in real time so you get instant intelligence Review collected by and hosted on G2.com.

What do you dislike about Carbon Black EDR?

Would prefer for the Cb portfolio to all sit as one agent. Review collected by and hosted on G2.com.

What problems is Carbon Black EDR solving and how is that benefiting you?

Visibility across our entire network means I can massively reduce investigation time and therefor time to remediation is much better Review collected by and hosted on G2.com.

Show More
Show Less
Helpful?
Share
Admin Approval Link
Verified User in Government Administration
AG
Mid-Market(51-1000 emp.)
More Options
Validated Reviewer
Review source: Seller invite
Incentivized Review
What do you like best about Carbon Black EDR?

After installling cb Response everyhing is visibel in your environment, and you can search through your events really easy. It doesn't matter what you want to find you can do a search on it very easy. Review collected by and hosted on G2.com.

What do you dislike about Carbon Black EDR?

Configuration is mostly done in conf files, and is not vrey user friendly. Not all supports have a deap linux experiance, whitch can be an problem when the product is based on linux. Review collected by and hosted on G2.com.

Recommendations to others considering Carbon Black EDR:

Deploy it as fast as possible, its a great product. Review collected by and hosted on G2.com.

What problems is Carbon Black EDR solving and how is that benefiting you?

CB response makes incident response very easy. you can searche on everything and makes long IR jobs really fast. Review collected by and hosted on G2.com.

Show More
Show Less
Helpful?
Share
Admin Approval Link
Verified User in Investment Management
AI
Mid-Market(51-1000 emp.)
More Options
Validated Reviewer
Verified Current User
Review source: Seller invite
Incentivized Review
What do you like best about Carbon Black EDR?

Our IR team loves the ability to get instant access to what has occurred on our endpoints in the organization. With the ability to instantly get access to the machine through Live response. Review collected by and hosted on G2.com.

What do you dislike about Carbon Black EDR?

The console can get a bit slow if you haven't put in appropriate filters. Review collected by and hosted on G2.com.

What problems is Carbon Black EDR solving and how is that benefiting you?

Incident response Review collected by and hosted on G2.com.

Show More
Show Less
Helpful?
Share
Admin Approval Link
Verified User in Computer Software
EC
Mid-Market(51-1000 emp.)
More Options
Validated Reviewer
Review source: G2 invite
Incentivized Review
What do you like best about Carbon Black EDR?

Cb response gives us excellent visibility into our endpoints. We have decided to balance our strategy and focus more on detection and response. We all know if the talented bad guys want to get in, they will. With Cb, I have a virtual video recorder on all my endpoints (servers and workstations) and alerting that is effective. It took us about a month to fine tune. Review collected by and hosted on G2.com.

What do you dislike about Carbon Black EDR?

The pricing model could improve. Given Cb's recent acquisitions and focus on "beyond AV", having the suite of products, including Protection makes most sense. But I find the pricing to be sometimes complex and expensive for cloud version. Review collected by and hosted on G2.com.

What problems is Carbon Black EDR solving and how is that benefiting you?

We wanted visibility into endpoints and ability to detect and contain a threat once identified. Review collected by and hosted on G2.com.

Show More
Show Less
Helpful?
Share
Admin Approval Link
Verified User in Consumer Goods
EC
Enterprise(> 1000 emp.)
More Options
Validated Reviewer
Verified Current User
Review source: Seller invite
Incentivized Review
What do you like best about Carbon Black EDR?

Integrated Threat Feeds, Integrations with SIEM, Detects threats not found by other methods. Great hunting and response tool. Review collected by and hosted on G2.com.

What do you dislike about Carbon Black EDR?

It would be nice if there were granular block actions that could be performed by the product. Review collected by and hosted on G2.com.

What problems is Carbon Black EDR solving and how is that benefiting you?

Resolving Security Risks and detecting advanced threats. Review collected by and hosted on G2.com.

Show More
Show Less
Helpful?
Share
Admin Approval Link
Verified User in Telecommunications
UT
Enterprise(> 1000 emp.)
More Options
Validated Reviewer
Review source: Organic
What do you like best about Carbon Black EDR?

Really easy to use and brilliant 'workflow' . The community around this product is also great and it's easy to create rules/watch lists Review collected by and hosted on G2.com.

What do you dislike about Carbon Black EDR?

Would like to see better search result display options thT can be useful when hunting Review collected by and hosted on G2.com.

What problems is Carbon Black EDR solving and how is that benefiting you?

Visibility into the endpoint whenever something has to be looked at , great for incident response Review collected by and hosted on G2.com.

Show More
Show Less
Helpful?
Share
Admin Approval Link
Brad M.
BM
Senior Enterprise Systems Engineer
Retail
Mid-Market(51-1000 emp.)
More Options
Validated Reviewer
Verified Current User
Review source: Organic
What do you like best about Carbon Black EDR?

Carbon Black Enterprise Response provides awesome visibility into your endpoints. Being able to view the process chain of an attack is very useful in learning how the attacks work, preventing them from happening again and educating our users. Very easy to deploy agents and start gathering useful data. Lots of great intelligence feeds. Review collected by and hosted on G2.com.

What do you dislike about Carbon Black EDR?

I have had some issues with re-occurring alerts even after i have mark them as as Resolved or Resolved False Positive. Review collected by and hosted on G2.com.

What problems is Carbon Black EDR solving and how is that benefiting you?

Being able to see exactly what is going on has been huge for us. We have Carbon Black Enterprise Protection keeping malicious and unwanted software from running, but Enterprise Response shows us how these items are getting on our machines. I have used Enterprise Response numerous times to track down blocked Ransom-ware attacks to malicious email attachments our users have opened. Before Enterprise Response it was difficult if not impossible to find the cause of these types of attacks. Review collected by and hosted on G2.com.

Show More
Show Less
Helpful?
Share
Admin Approval Link
Verified User in Financial Services
AF
Enterprise(> 1000 emp.)
More Options
Validated Reviewer
Verified Current User
Review source: G2 invite on behalf of seller
Incentivized Review
What do you like best about Carbon Black EDR?

The granular insight into what process/files are doing what to whom, and when. The watch lists provide a great way to triage suspicious activities and direct daily monitoring and incident response. Integration with CB Enterprise Protection (formerly bit9). Review collected by and hosted on G2.com.

What do you dislike about Carbon Black EDR?

We're still tuning, but the enormous amount of standard events are quite a bit to comb through. While it is a monitoring tool, i often have requests to produce reports to illustrate 'what this product is delivering for the company', which i've yet to find a good solution. Review collected by and hosted on G2.com.

What problems is Carbon Black EDR solving and how is that benefiting you?

We brought in CB Response for a special use case in a sensitive environment where we thought we should have more detailed visibility. Review collected by and hosted on G2.com.

Show More
Show Less
Helpful?
Share
Admin Approval Link
Verified User in Electrical/Electronic Manufacturing
UE
Enterprise(> 1000 emp.)
More Options
Validated Reviewer
Verified Current User
Review source: Organic
What do you like best about Carbon Black EDR?

Cb has provided us visibility into threat behavior beyond any product out there today. The ability to ban malicious files, create feeds, watch lists, open API, integrations with many other products (and ability to add other products easily), Live Response, isolation and much more, make Cb the differentiator over any other ETDR product on the market today.

Carbon Black provides the ability to also go back in time, which defeats a lot of other products in the space that only can go back a short period of time without disrupting the endpoint. The centralized infrastructure methodology makes sense for Cb as it technically can save money vs other products that will run CPU/mem to the max and begin to overwhelm the workstation/server. Cb is a very lightweight sensor, we see around 0-1% CPU, and 10-28Mb of memory. 28Mb on the high end for instances where it is a busy server like TMG or Exchange.

Cb is deployed to around 60k endpoints with no issues. We've had minor hiccups over time caused by Cb, but nothing widespread and nothing that wasn't fixed on the new patch level etc.

Working with Cb is probably one of the best things about the product. The PM team, engineering, executive team are all great people. Not forgetting the sales team, they are good people too. Everyone at Cb is committed to working and ensuring their product is the best. We have been with Cb since 4.2 and it has really grown a lot since.

the API - is probably one of the most important features to Carbon Black that many products out there fail at. The ability to automate and orchestrate a lot of threat hunting, or even remediation tasks is incredible. Many products fail at this part, or place in API in after the fact. Cb is also 100% committed to ensuring the API is very flexible. They have some of the best developers working it.

Integrations - Cb allows for many integrations, whether ones they've created or ones you create. It's very flexible.

Splunk - we use the cb-event-forwarder to dump most all data to Splunk. This allows us to quickly perform analytics on raw endpoint data. With this, we've taken our detection and response to the next level. Review collected by and hosted on G2.com.

What do you dislike about Carbon Black EDR?

Not a deal breaker in any sense -

1. High availability. Not really an issue since the sensors cache data until the cluster is back online.

2. Cluster upgrade process could be better.

3. Solr has got to go... Review collected by and hosted on G2.com.

Recommendations to others considering Carbon Black EDR:

Carbon Black is not traditional IR. It's not slow in any sense and it provides a lot of data. The point being, it will change the game and disrupt the attacker far faster than you will ever do with MIR or HX. Nothing truly compares to what Cb can provide you. If you are having issues, or want to go beyond waiting hours for triage to appear, you should really look at and consider Cb. Review collected by and hosted on G2.com.

What problems is Carbon Black EDR solving and how is that benefiting you?

Many problems have been solved with Carbon Black including what I believe to be the most important - dwell time. If a breach takes 200+ days to detect, Carbon Black can assist with dropping that dwell time to far less than 1 month. The ability to decrease dwell time and detect things beyond malware is gold. Review collected by and hosted on G2.com.

Show More
Show Less
Helpful?
Share
Admin Approval Link
JH
Senior Network Analyst
Government Administration
Enterprise(> 1000 emp.)
More Options
Validated Reviewer
Verified Current User
Review source: G2 invite on behalf of seller
Incentivized Review
(Original )Information
What do you like best about Carbon Black EDR?

Ability to record and replay events and tuning capability to record fewer event types for nodes with limited connectivity or low bandwidth. Excellent forensic tool for understanding how an attack occurred. Review collected by and hosted on G2.com.

What do you dislike about Carbon Black EDR?

I'd love a smaller footprint on the endpoint devices but CarbonBlack is already less intrusive to the host than most products that perform this function. Customized reporting could be easier as well. Review collected by and hosted on G2.com.

Recommendations to others considering Carbon Black EDR:

This is a great product for analyzing attacks and malware installations. It will help you figure out which parts of your network are most vulnerable. Review collected by and hosted on G2.com.

What problems is Carbon Black EDR solving and how is that benefiting you?

Finding out how malware was installed to a corporate endpoint . How did it evade our security software? Was it installed by a user? What machines are infected? Carbon Black has the answers. Review collected by and hosted on G2.com.

Show More
Show Less
Helpful?
Share
Admin Approval Link

Carbon Black EDR Comparisons

Compare Carbon Black EDR vs. Microsoft Defender for Endpoint
Compare Carbon Black EDR vs. Microsoft Defender for Endpoint
Carbon Black EDRVSMicrosoft Defender for Endpoint
Compare Carbon Black EDR vs. Carbon Black Cloud
Compare Carbon Black EDR vs. Carbon Black Cloud
Carbon Black EDRVSCarbon Black Cloud
Compare Carbon Black EDR vs. SentinelOne
Compare Carbon Black EDR vs. SentinelOne
Carbon Black EDRVSSentinelOne
Compare Carbon Black EDR ratings to similar products

Explore More

Tontine
Google Cloud SQL reviews
Last In, First Out (LIFO)
Code Climate Velocity
Quasi Contract
PCB Design Software
Microsoft 365 Reviews
Types of Advertising
Pros and Cons Details
Carbon Black EDR