Top Rated Carbon Black Next-Generation Antivirus Alternatives
167 Carbon Black Next-Generation Antivirus Reviews
Overall Review Sentiment for Carbon Black Next-Generation Antivirus
Log in to view review sentiment.
White listing that works! We were getting eaten alive by crypto virus encrypting our users data. Started to role out microsofts SRP which worked but then started blocking useful things like webex. So being able to approve apps and installers is very useful. Review collected by and hosted on G2.com.
It can be hard to get rules correct. Would be nice if you could put an endpoint in low enforcement for say 20 minutes with out them having to enter a key. Review collected by and hosted on G2.com.
The granular insight into what process/files are doing what to whom, and when. The watch lists provide a great way to triage suspicious activities and direct daily monitoring and incident response. Integration with CB Enterprise Protection (formerly bit9). Review collected by and hosted on G2.com.
We're still tuning, but the enormous amount of standard events are quite a bit to comb through. While it is a monitoring tool, i often have requests to produce reports to illustrate 'what this product is delivering for the company', which i've yet to find a good solution. Review collected by and hosted on G2.com.
This is a great product for gaining complete control over malware. Anti-virus often times will miss things and cannot protect against all threats. Bit9 provides application white listing and really helps us only allow approved software to run on our systems. This helps us protect against zero day attacks or unapproved software on the systems. The tech support is fantastic and for good reason - you will most likely need them. Deploying the agent is easy with SCCM or the like Review collected by and hosted on G2.com.
This is a very cumbersome product. They make you attend a 2 day training class just to get started with it. They also highly suggest you work with an engineer to get it up and running. Getting it up and running involves a slow process of putting the software in visibility mode to learn and then increasing its power to lock down. Can be hard sometimes to troubleshoot why a block is happening and this is compounded by the complex nature of approving and trusting files and programs Review collected by and hosted on G2.com.
Sometimes our worst enemy is ourselves. Bit9 keeps us from going too quickly and installing things we'd regret later. It also allows us to monitor how our userbase is using and installing software. Review collected by and hosted on G2.com.
Sometimes things will continually be blocked for no apparent reason, and that requires administrators to look into the issue. Getting users to understand that they can't delete a whitelisted file since it whitelists on an individual file level. Review collected by and hosted on G2.com.
The customization that can be added to the product allow it to be extremely flexible. It can be deployed to anyone from your administrative staff to software developers. The product also has self-updating features, where rules are automatically added so applications that have their own auto-update can do so successfully. Review collected by and hosted on G2.com.
Infrastructure requirements are very heavy for large companies. The push is for large environments to be on physical hardware, but most large companies utilize some sort of virtual hardware. The product does not currently scale well for large organizations that have diverse support structures. Review collected by and hosted on G2.com.
instantly being able to block malicious files across the enterprise in minutes. Also, we've implemented several custom rules which allow us to block other unusual activities on the endpoint. While we're not yet in high enforcement, we still see a lot of benefit from the blacklisting and event rule blocking functionality. Review collected by and hosted on G2.com.
There is management overhead in maintaining a approved software/file list. Review collected by and hosted on G2.com.
Cb has provided us visibility into threat behavior beyond any product out there today. The ability to ban malicious files, create feeds, watch lists, open API, integrations with many other products (and ability to add other products easily), Live Response, isolation and much more, make Cb the differentiator over any other ETDR product on the market today.
Carbon Black provides the ability to also go back in time, which defeats a lot of other products in the space that only can go back a short period of time without disrupting the endpoint. The centralized infrastructure methodology makes sense for Cb as it technically can save money vs other products that will run CPU/mem to the max and begin to overwhelm the workstation/server. Cb is a very lightweight sensor, we see around 0-1% CPU, and 10-28Mb of memory. 28Mb on the high end for instances where it is a busy server like TMG or Exchange.
Cb is deployed to around 60k endpoints with no issues. We've had minor hiccups over time caused by Cb, but nothing widespread and nothing that wasn't fixed on the new patch level etc.
Working with Cb is probably one of the best things about the product. The PM team, engineering, executive team are all great people. Not forgetting the sales team, they are good people too. Everyone at Cb is committed to working and ensuring their product is the best. We have been with Cb since 4.2 and it has really grown a lot since.
the API - is probably one of the most important features to Carbon Black that many products out there fail at. The ability to automate and orchestrate a lot of threat hunting, or even remediation tasks is incredible. Many products fail at this part, or place in API in after the fact. Cb is also 100% committed to ensuring the API is very flexible. They have some of the best developers working it.
Integrations - Cb allows for many integrations, whether ones they've created or ones you create. It's very flexible.
Splunk - we use the cb-event-forwarder to dump most all data to Splunk. This allows us to quickly perform analytics on raw endpoint data. With this, we've taken our detection and response to the next level. Review collected by and hosted on G2.com.
Not a deal breaker in any sense -
1. High availability. Not really an issue since the sensors cache data until the cluster is back online.
2. Cluster upgrade process could be better.
3. Solr has got to go... Review collected by and hosted on G2.com.
Ability to record and replay events and tuning capability to record fewer event types for nodes with limited connectivity or low bandwidth. Excellent forensic tool for understanding how an attack occurred. Review collected by and hosted on G2.com.
I'd love a smaller footprint on the endpoint devices but CarbonBlack is already less intrusive to the host than most products that perform this function. Customized reporting could be easier as well. Review collected by and hosted on G2.com.
Ability to see a system activity, file activity, net connections, drilling down by process Review collected by and hosted on G2.com.
Dislike the command prompt in the go live feature, commands could be made more user friendly,
checkin time Review collected by and hosted on G2.com.
I find that the product is highly configurable, but at the same time the console is simple and easy to use. We were able to have the system up and running and integrated with our SIEM with little effort. In addition, Support has been quick to respond, and the team at Bit9 are always ready to assist. Review collected by and hosted on G2.com.
We did not really have any negative experiences. Nothing to complain about. Review collected by and hosted on G2.com.
