# Carbon Black EDR Reviews **Vendor:** Broadcom **Category:** [Endpoint Detection & Response (EDR) Software](https://www.g2.com/categories/endpoint-detection-response-edr) **Average Rating:** 4.4/5.0 **Total Reviews:** 86 ## About Carbon Black EDR Carbon Black EDR is a market-leading incident response and threat hunting solution designed to provide responders with the most information possible, accompanied by expert threat analysis and armed with real-time response capabilities to stop attacks, minimize damage and close security gaps. Carbon Black EDR makes these teams more efficient, reducing investigations from days to hours, and more effective, enabling them to discover threats before attacks can exploit them. Carbon Black EDR also allows teams to connect to and isolate infected machines to prevent lateral movement and remediate devices without costly IT involvement. Continuous and Centralized Recording Centralized access to continuously recorded endpoint data means that security professionals have the information they need to hunt threats in real time as well as conduct in-depth investigations after a breach has occurred. Live Response for Remote Remediation With Live Response, incident responders can create a secure connection to infected hosts to pull or push files, kill processes, perform memory dumps and quickly remediate from anywhere in the world. Attack Chain Visualization and Search Carbon Black EDR provides intuitive attack chain visualization to make identifying root cause fast and easy. Analysts can quickly jump through each stage of an attack to gain insight into the attacker’s behavior, close security gaps and learn from every new attack technique to avoid falling victim to the same attack twice. Automation via Integrations and Open APIs Carbon Black boasts a robust partner ecosystem and open platform that allows security teams to integrate products like Carbon Black EDR into their existing security stack. ## Carbon Black EDR Pros & Cons **What users like:** - Users commend the **real-time threat detection** of Carbon Black EDR, enabling swift responses to cybersecurity incidents. (5 reviews) - Users praise Carbon Black EDR for its **rapid incident response** capabilities, ensuring effective management of cybersecurity threats. (2 reviews) - Users value the **real-time threat detection and prevention** in Carbon Black EDR, enhancing overall endpoint security effectively. (1 reviews) - Users love the **next-gen antivirus protection** of Carbon Black EDR, feeling secure against all types of attacks. (1 reviews) - Artificial Intelligence (1 reviews) - Users value the **automation capabilities** of Carbon Black EDR, enhancing efficiency through seamless task and workflow integration. (1 reviews) - Centralized Management (1 reviews) - Customer Support (1 reviews) - Ease of Use (1 reviews) - Easy Integrations (1 reviews) **What users dislike:** - Users find the **pricing of Carbon Black EDR to be steep** , which could be a barrier for small companies. (2 reviews) - Users report **high resource usage** with Carbon Black EDR, impacting performance on lower specification machines. (2 reviews) - Users often face **overwhelming alerts** from Carbon Black EDR, hampering their ability to effectively manage threats. (1 reviews) - Users experience **high false positives** with Carbon Black EDR, requiring careful tuning to reduce warning fatigue. (1 reviews) - Users report **inefficient search functionality** in Carbon Black EDR, making it challenging to find necessary information effectively. (1 reviews) - Learning Curve (1 reviews) - Poor Documentation (1 reviews) ## Carbon Black EDR Reviews ### 1. Robust EDR with excellent Incident Response Capabilities **Rating:** 4.5/5.0 stars **Reviewed by:** Prajwal V. | Security Analyst, Enterprise (> 1000 emp.) **Reviewed Date:** October 17, 2024 **What do you like best about Carbon Black EDR?** We have been using Carbon Black EDR for quite some time and it is crucial for our security as our teams use it everyday. The amount of detail it can provide into our endpoints is amazing and works effectively in real-time detections. It's easy to implement, integrate, and their support team is awesome. The benefits heavily outweigh the downsides and it's one of the best EDR products I have ever seen. **What do you dislike about Carbon Black EDR?** It requires occasional alert fine-tuning which is still common with most EDR's in the market and it also depends on an organization's environment. **What problems is Carbon Black EDR solving and how is that benefiting you?** We use Carbon Black EDR to drastically reduce the threats our organization faces. It's been a game changer for Incident Respone and Forensics helping us reduce our Mean Time to Detect (MTTD) and Mean Time to Respond (MTTR). It's detection capabilities help us with Advanced Threats that are often otherwise missed. ### 2. VMware and now Broadcom have destroyed CBC **Rating:** 0.0/5.0 stars **Reviewed by:** Joevanne V. | Principal Security Architect and Engineer, Enterprise (> 1000 emp.) **Reviewed Date:** March 04, 2024 **What do you like best about Carbon Black EDR?** Ability to remotely remove malware without having to get hands on endpoint **What do you dislike about Carbon Black EDR?** Ever since VMware took over cbc has gone on a decline and support has become a huge disappointment **What problems is Carbon Black EDR solving and how is that benefiting you?** Is helping with endpoint protection. ### 3. Corporate POV of VMware Carbon Black Next Gen AV(used- ChatGPT for clear writing) **Rating:** 5.0/5.0 stars **Reviewed by:** Animesh R. | Founder, Computer & Network Security, Enterprise (> 1000 emp.) **Reviewed Date:** September 12, 2023 **What do you like best about Carbon Black EDR?** Incredible Antivirus with Behavior Analysis: I'm absolutely thrilled with the antivirus solution I've been using - it's truly next-gen! This software goes beyond traditional antivirus by delving into attacker behaviour patterns, making it a force to reckon with. It doesn't matter whether it's malware, those sneaky fileless threats, or the cunning living-off-the-land attacks – this antivirus has my back! Powered by AI Magic: I can't stop raving about the VMware Carbon Black Cloud Endpoint Standard product. It's like having a digital guardian angel watching over my devices. The secret sauce? Well, it's got this AI technology called Next-Generation Antivirus (NGAV). Thanks to NGAV, it's become a pro at catching malware before it even has a chance to blink. I can sleep soundly knowing my digital world is safe and sound. **What do you dislike about Carbon Black EDR?** Price and Documentation Concerns: While I'm quite pleased with the antivirus itself, there are a couple of aspects that could use some improvement. The pricing can be on the steeper side, which might not be everyone's cup of tea. Additionally, I've noticed a lack of open documentation. Finding solutions or troubleshooting can sometimes be a bit tricky due to this. It would be great if there were more comprehensive resources available to help users navigate any issues that may arise. **What problems is Carbon Black EDR solving and how is that benefiting you?** AI-Powered Detection, User-Friendliness, and Comprehensive Reporting Dashboard: I'm truly impressed by the AI-based detection capabilities, the user-friendly interface, and the richness of the reporting dashboard. Additionally, I appreciate how seamlessly it integrates with EDR by allowing you to work with 'whitelisted' hashes, making scans more efficient by ignoring known safe files. we use it, as we are product based company and dev applications are not signed and usually get flagged as 'malware' ### 4. VMWare Carbon Black ER **Rating:** 4.5/5.0 stars **Reviewed by:** Wakkas A. | Solution Architect, Automotive, Enterprise (> 1000 emp.) **Reviewed Date:** December 17, 2022 **What do you like best about Carbon Black EDR?** VMWare Carbon Black is a suitable Endpoint and Detection Security Solution. We are using it for threat hunting and Threat analysis. We are getting a lot of details from this product. **What do you dislike about Carbon Black EDR?** We needed good customer support from the VMWare Carbon Black support team. Sometimes Support team takes a lot of time to provide a solution. We are tired of chasing the support team. **What problems is Carbon Black EDR solving and how is that benefiting you?** Watchlist, Vulnerability management, and malware analysis are the main features of this product. We perform threat hunting with the help of VMWare Carbon Black EDR solution. ### 5. Provides excellent results **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Primary/Secondary Education | Enterprise (> 1000 emp.) **Reviewed Date:** September 18, 2023 **What do you like best about Carbon Black EDR?** The results we are receiving have enhanced our security tremendously. **What do you dislike about Carbon Black EDR?** You must have someone experienced to setup and configure. **What problems is Carbon Black EDR solving and how is that benefiting you?** End point security no matter where are our devices are located. ### 6. A very moderate EDR **Rating:** 1.5/5.0 stars **Reviewed by:** Shagun J. | Senior Security Engineer, Enterprise (> 1000 emp.) **Reviewed Date:** May 30, 2023 **What do you like best about Carbon Black EDR?** 1. The GUI of the VMware Carbon Black EDR is good. 2. The agent/sensor deployment was easier. **What do you dislike about Carbon Black EDR?** 1. Bad vendor support. 2. Wasn't able to detect and prevent a number of attacks. 3. A number of issues were observed with their agent/sensor. Issues like blue screen of death, high CPU utilization, bypassed agent, high disk space utilization etc. 4. Limited functionalities in their console. 5. Limited supportability for a number of OS versions. **What problems is Carbon Black EDR solving and how is that benefiting you?** Endpoint detection and response ### 7. Most celebrated EDR product **Rating:** 5.0/5.0 stars **Reviewed by:** Kovendhan J. | Technical Consultant, Enterprise (> 1000 emp.) **Reviewed Date:** December 10, 2022 **What do you like best about Carbon Black EDR?** AV and response in a single shot. Advance detection techniques like ml and behavioral analysis technique to find the advanced malware. It has good sense attack prediction. Low resources consuming. **What do you dislike about Carbon Black EDR?** Costing is the one of the concern area of carbon black so companies choose other products instead Carbon black, licensing could be feature based. Would be better it has some more AV functionality. **What problems is Carbon Black EDR solving and how is that benefiting you?** It provides actionable and valuable insights of our environment. It helps to simplify the investigation. Reports and dashboard features are so good and provide greater advantage. ### 8. Best EDR Platform **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Health, Wellness and Fitness | Enterprise (> 1000 emp.) **Reviewed Date:** December 08, 2022 **What do you like best about Carbon Black EDR?** Process level tree visualization and also banning the hashes very quickly to spread the lateral movement of the attack and also we have provision to create new feeds as per the threat hunting data. **What do you dislike about Carbon Black EDR?** I didn't find any negetive part of it so far. But It would be really great if process tree structure can be enhanced to provide more artefacts in single click. **What problems is Carbon Black EDR solving and how is that benefiting you?** Threat alert analysis and remediation, triaging the alerts so that less impact on the customer if any breach occurred. Threat hunting also can be perfomed which is good for incident responder's ### 9. Carbon black EDR Functionalities and Working **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Computer & Network Security | Enterprise (> 1000 emp.) **Reviewed Date:** December 14, 2022 **What do you like best about Carbon Black EDR?** The way this EDR tool uses intelligence in detecting sophisticated attacks and threats . This is a great tool for investigation for analyst team in soc operations . **What do you dislike about Carbon Black EDR?** Some times the carbon black EDR tool is being slow when performing the hunt and running the searches for host investigation . Apart from this it also gives certail false positives. **What problems is Carbon Black EDR solving and how is that benefiting you?** Traditional antivirus solutions are not upto the mark . This EDR tool is detecting the most advanced attacks that a normal tool is failing to detect . This is always updated tool ### 10. Find your risk with that solution. **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Airlines/Aviation | Enterprise (> 1000 emp.) **Reviewed Date:** October 27, 2022 **What do you like best about Carbon Black EDR?** Soc radar EDR solution is the most useful tool in my environment, interface is vibrant and practical to increase ease of use. As a platform user, I can say that I have experience with these tools that will save the day. **What do you dislike about Carbon Black EDR?** Sometimes logs couldn't correlate correctly and it couldn't send the logs to the SIEM solution on time. **What problems is Carbon Black EDR solving and how is that benefiting you?** It helps me to find problematic user applications and malicious computers in my organization in real time. ### 11. Helpful and user friendly for SOC team to deal with incident response and threat hunting **Rating:** 4.0/5.0 stars **Reviewed by:** Rahul M. | Advanced Cyber Security Architect, Enterprise (> 1000 emp.) **Reviewed Date:** December 15, 2022 **What do you like best about Carbon Black EDR?** Endpoint protection that prevents advanced threats or attacks, it is also applicable for business of all sizes **What do you dislike about Carbon Black EDR?** Nothing as such I observed or I came across **What problems is Carbon Black EDR solving and how is that benefiting you?** Incident response is helpful for SOC team also useful for threat hunting ### 12. Best endpoint malware detection tool among the others present in the market **Rating:** 4.5/5.0 stars **Reviewed by:** Nishant K. | security Engineer, Enterprise (> 1000 emp.) **Reviewed Date:** June 17, 2021 **What do you like best about Carbon Black EDR?** This has one of the best correlation mechanics which enables Cb to fetch data from various sources and that too very precisely categorized. **What do you dislike about Carbon Black EDR?** Defensive capability needs more upgrades **Recommendations to others considering Carbon Black EDR:** Go for it best solution for an organization **What problems is Carbon Black EDR solving and how is that benefiting you?** Real time host devices scanning is one of the beat features to monitor changes that happen in any endpoint. It helps a lot in managing systems and resolving system level issues with ease. ### 13. Carbon Black Response - the standard **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Law Practice | Enterprise (> 1000 emp.) **Reviewed Date:** July 13, 2020 **What do you like best about Carbon Black EDR?** I can find what I am looking for when I need it. The product providers us with rich telemetry and can pretty much find anything on a machine where many others cannot. Isolate functions very well and it fast. Most SOC/Incident Response providers use this tool so its best to have this in your organization and deployed already. **What do you dislike about Carbon Black EDR?** Some complex searches using wild cards do not work very well. Some searching capabilities could be improved to make it easier. **Recommendations to others considering Carbon Black EDR:** An EDR tool is supposed to be used for investigations and containment. How long does it take you to contain a file/hash and machine? It should be fast and CBR delivers!! **What problems is Carbon Black EDR solving and how is that benefiting you?** CBR provides us with depth of telemetry from all our devices world-wide. It allows us to hunt and perform incident response anywhere. ### 14. Carbon Black Response **Rating:** 4.0/5.0 stars **Reviewed by:** Jeremy G. | Cyber Security Admin, Enterprise (> 1000 emp.) **Reviewed Date:** September 30, 2019 **What do you like best about Carbon Black EDR?** I mostly like the Go Live feature to be able to use that for basic administration and/or for other security reasons and being able to have this way to access a pc is useful for me. Most other features we have not even been able to dive into yet and are currently still reviewing. **What do you dislike about Carbon Black EDR?** I haven't used their support in awhile so I'm not sure on how they are currently doing in that area. Hopefully it's just our server with it being in a master/slave cluster but the email alerts to detection's seem to be slow. **Recommendations to others considering Carbon Black EDR:** Response may have more features than what you need. If you use their watchlists/alerting you can't really fine tune those out for your environment and it seems to be an either turn on or off type of thing. It's been awhile since I was able to check that and it may have changed to the better, hopefully. **What problems is Carbon Black EDR solving and how is that benefiting you?** Being able to assist with pcs that lose domain trust and no longer having to ship them to us. Used it to search out what processes happening on a device to understand what happened when something broke on a pc to know when the issue started. ### 15. Incident Response - On Prem **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Financial Services | Enterprise (> 1000 emp.) **Reviewed Date:** August 29, 2019 **What do you like best about Carbon Black EDR?** The API's - Ability to write Python or PowerShell Scripts allows us to pull data back faster than if we had to log into the system and it also saves a ton of time. We have also used their Community portal where customers share development scripts. Intelligence feeds allow us to pull down data from our Threat Intel vendor into CbR and then create WatchList from it. GoLive - I love this feature to have full access to a machine, it allows us to upload files / scripts and then pull down the results. This has speed up IR. Also gives us a quick way to determine if our AV quarantined a file or if the file still exists on the file system **What do you dislike about Carbon Black EDR?** GoLive command interface could use some work, the commands are very limited and not like the DOS or Linux commands we are used to. Ex Can't do "dir /s" or delete a whole folder. Creating complex watchlists are not that intuitive, it's easy to mess them up and you would not know it unless you had sample / test cases to run them thru. Very little access control, either have Global rights or Admin rights. We are two version back, so they have made enhancements to allow access to only certain Sensor groups and GoLive. **Recommendations to others considering Carbon Black EDR:** You need to have an understanding of the OS's that you going to deploy to. Ex. Understand the file system along with system calls. **What problems is Carbon Black EDR solving and how is that benefiting you?** Determine what happened on a machine for Incident Response by our Security Operations Center and Forensics teams Being able to figure out where the infections came from (Phishing Emails, Web Download, Unwanted Software package in with other apps, etc) We have reduced the amount of time it tasks an analysis to perform their daily job functions. ### 16. CB Response will improve your Incident Response and provide incredible endpoints visibility **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Telecommunications | Enterprise (> 1000 emp.) **Reviewed Date:** September 10, 2019 **What do you like best about Carbon Black EDR?** The installation process is very easy. The server can be up and running in less than one our and the agent's installation process is very simple. The endpoints visibility provided by the CB agent has allowed our security analyst to respond to incidents in a very efficient and quick way. **What do you dislike about Carbon Black EDR?** The white listing process is still complicated. CB provide an awesome collection of feeds, however the process of white listing some of the feed's reports is still complicated. They should improve that. **What problems is Carbon Black EDR solving and how is that benefiting you?** Our biggest challenge before CBR was the lack of visibility in our endpoints and the time required to do a security investigation. CBR has provided, since day zero, the capabilities to detect, quickly respond, and investigate threats, eradicating and preventing future threats. ### 17. greater protection and fewer threats with endpoint visibility. **Rating:** 4.5/5.0 stars **Reviewed by:** Miguel Ángel C. | electrical engineer, Enterprise (> 1000 emp.) **Reviewed Date:** June 28, 2019 **What do you like best about Carbon Black EDR?** research and analysis of amenzasas can last a long time, but thanks CB Response we can complete the search in a few minutes, because thanks to its incredible tools gives us greater efficiency allowing us to save time and money, it is also possible to access the full activity record of each endpoint, even when offline. **What do you dislike about Carbon Black EDR?** I really like this solution, I can say that it has a very intuitive and comfortable interface and I can not find anything that I do not like. Their functions are correct and they do a very efficient job. **Recommendations to others considering Carbon Black EDR:** excellent solution, very good to boost your organization quickly, prevents all types of threats quickly, designed to provide respondents with as much information as possible, in a short time **What problems is Carbon Black EDR solving and how is that benefiting you?** before using CB Responser it was a complete challenge being very difficult to find the problems, failures due to possible threats but thanks to this software we discovered malware in a matter of minutes minimizing the time, accessing the equipment register of each endpoint, it is also possible to make a preventive maintenance and get rid of possible threats. ### 18. Enhanced logging allow us to quickly identify/resolve security issue **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Information Technology and Services | Enterprise (> 1000 emp.) **Reviewed Date:** July 25, 2019 **What do you like best about Carbon Black EDR?** Enhanced logging and investigate components quickly helps us to quickly identify problem and start resolving before it spread. CB response hunts threat immediately rather than approaching security. **What do you dislike about Carbon Black EDR?** Everything seems to be good if you can afford price of software. I found pricing little bit expensive. **Recommendations to others considering Carbon Black EDR:** Explore all the options in space and see if you are ready to really use incident response such as this for threat hunting in your environment or if you should focus on closing some other large security gaps first. **What problems is Carbon Black EDR solving and how is that benefiting you?** The ability to quickly isolate the system from the network, while still being able to perform some forensics and mitigation work remotely, was of great value to us since we had many mobile and distributed systems. ### 19. Fasntastic product that collects all relevant data **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Financial Services | Enterprise (> 1000 emp.) **Reviewed Date:** August 29, 2019 **What do you like best about Carbon Black EDR?** The best part about Carbon Black Response is the amount of data that is collected, they make no assumptions about what they think you want like other vendors do but provide almost all telemetry one could want in an EDR. **What do you dislike about Carbon Black EDR?** Sluggishness of the console can sometimes cause issues. **Recommendations to others considering Carbon Black EDR:** Great product without the clutter that other products have. **What problems is Carbon Black EDR solving and how is that benefiting you?** Ability to do deep dives and investigate anything we find suspicious. ### 20. CB Response - Value shown immediately **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Oil & Energy | Enterprise (> 1000 emp.) **Reviewed Date:** November 30, 2019 **What do you like best about Carbon Black EDR?** The all-in-one dashboard to show all my devices easily. Also the minimal configuration needed. **What do you dislike about Carbon Black EDR?** The live response piece can be tricky to use. **Recommendations to others considering Carbon Black EDR:** Determine if on premise or cloud solution is your best option **What problems is Carbon Black EDR solving and how is that benefiting you?** We track IOC and other monitored activities such as command line prompt commands ### 21. Good product. Great support. **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Oil & Energy | Enterprise (> 1000 emp.) **Reviewed Date:** September 06, 2019 **What do you like best about Carbon Black EDR?** Lots of process information, providing for very in-depth investigations. **What do you dislike about Carbon Black EDR?** On-premesis setup is a bit finicky for large Enterprise environments. **What problems is Carbon Black EDR solving and how is that benefiting you?** Investigations and root cause analysis are much easier. ### 22. Great Enterprise Product, But Learning Curve Is Steep. **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Computer & Network Security | Enterprise (> 1000 emp.) **Reviewed Date:** December 31, 2018 **What do you like best about Carbon Black EDR?** The Logs are very granular. Visibility is great and deployment is a breeze. **What do you dislike about Carbon Black EDR?** The Learning curve is a little steeper than other tools **Recommendations to others considering Carbon Black EDR:** This is a very powerful tool and will require a lot of learning. I would recommend hiring some one with a lot of experience you getting plenty of training. **What problems is Carbon Black EDR solving and how is that benefiting you?** Added Layers to Endpoint Security. Gets very granular with the with current processes and new spawned processes. to allow for deep inspection for Indications of compromise. ### 23. Good model/framework could use some tweaking(which might be done in the upcoming version) **Rating:** 3.5/5.0 stars **Reviewed by:** Everett H. | Cyber Security Tool Analyst, Computer Software, Enterprise (> 1000 emp.) **Reviewed Date:** May 02, 2017 **What do you like best about Carbon Black EDR?** The ability see/analyze every process can give a huge insight into a potential threat, which makes hunting a good deal more efficient. **What do you dislike about Carbon Black EDR?** The biggest problem seems to be that the complexity of the inner workings makes it very difficult to identify the root cause of an issue, which I think has in turn made the whole thing a bit temperamental. **What problems is Carbon Black EDR solving and how is that benefiting you?** Cb Response is used as an endpoint threat detection and response(shockingly) tool.The biggest benefit is the ability to determine where and how an attacker was able to compromise the network. ### 24. Intelligent detection and fast response **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Telecommunications | Enterprise (> 1000 emp.) **Reviewed Date:** October 19, 2017 **What do you like best about Carbon Black EDR?** The flexibility to create complex queries.to match malicious or non standard behavior **What do you dislike about Carbon Black EDR?** False positives is a problem because there is not an easy way of dealing with them **What problems is Carbon Black EDR solving and how is that benefiting you?** Incident response of remote sites, using live response. Malicious behavior is easily catched even before user realized she opened a malicious PDF or word, for example ### 25. Easy to use - provides valuable information quickly **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Utilities | Enterprise (> 1000 emp.) **Reviewed Date:** May 01, 2017 **What do you like best about Carbon Black EDR?** This makes it very easy to search a specific threat domain to see if anyone visited it. Very helpful in analyzing Phishing attempts and if the user actually clicked on them. **What do you dislike about Carbon Black EDR?** Some queries can be complex, requires use of API for some more advanced searching. **Recommendations to others considering Carbon Black EDR:** Very easy endpoint to install, just "install and go" to start collecting data. Plan what type of data is relevant, so you don't overload yourself with Watchlists that trigger too many false positives. **What problems is Carbon Black EDR solving and how is that benefiting you?** This provides us with our Incident Response management, and also allows us to quickly review IOC's when they are released. ### 26. Best EDR tools around **Rating:** 4.5/5.0 stars **Reviewed by:** Verified User in Consumer Goods | Enterprise (> 1000 emp.) **Reviewed Date:** May 04, 2017 **What do you like best about Carbon Black EDR?** Integrated Threat Feeds, Integrations with SIEM, Detects threats not found by other methods. Great hunting and response tool. **What do you dislike about Carbon Black EDR?** It would be nice if there were granular block actions that could be performed by the product. **What problems is Carbon Black EDR solving and how is that benefiting you?** Resolving Security Risks and detecting advanced threats. ### 27. One of the best security products I have used **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Telecommunications | Enterprise (> 1000 emp.) **Reviewed Date:** April 21, 2017 **What do you like best about Carbon Black EDR?** Really easy to use and brilliant 'workflow' . The community around this product is also great and it's easy to create rules/watch lists **What do you dislike about Carbon Black EDR?** Would like to see better search result display options thT can be useful when hunting **What problems is Carbon Black EDR solving and how is that benefiting you?** Visibility into the endpoint whenever something has to be looked at , great for incident response ### 28. granular process insight **Rating:** 3.5/5.0 stars **Reviewed by:** Verified User in Financial Services | Enterprise (> 1000 emp.) **Reviewed Date:** June 09, 2016 **What do you like best about Carbon Black EDR?** The granular insight into what process/files are doing what to whom, and when. The watch lists provide a great way to triage suspicious activities and direct daily monitoring and incident response. Integration with CB Enterprise Protection (formerly bit9). **What do you dislike about Carbon Black EDR?** We're still tuning, but the enormous amount of standard events are quite a bit to comb through. While it is a monitoring tool, i often have requests to produce reports to illustrate 'what this product is delivering for the company', which i've yet to find a good solution. **What problems is Carbon Black EDR solving and how is that benefiting you?** We brought in CB Response for a special use case in a sensitive environment where we thought we should have more detailed visibility. ### 29. Carbon Black - Detect and Respond **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Electrical/Electronic Manufacturing | Enterprise (> 1000 emp.) **Reviewed Date:** January 23, 2016 **What do you like best about Carbon Black EDR?** Cb has provided us visibility into threat behavior beyond any product out there today. The ability to ban malicious files, create feeds, watch lists, open API, integrations with many other products (and ability to add other products easily), Live Response, isolation and much more, make Cb the differentiator over any other ETDR product on the market today. Carbon Black provides the ability to also go back in time, which defeats a lot of other products in the space that only can go back a short period of time without disrupting the endpoint. The centralized infrastructure methodology makes sense for Cb as it technically can save money vs other products that will run CPU/mem to the max and begin to overwhelm the workstation/server. Cb is a very lightweight sensor, we see around 0-1% CPU, and 10-28Mb of memory. 28Mb on the high end for instances where it is a busy server like TMG or Exchange. Cb is deployed to around 60k endpoints with no issues. We've had minor hiccups over time caused by Cb, but nothing widespread and nothing that wasn't fixed on the new patch level etc. Working with Cb is probably one of the best things about the product. The PM team, engineering, executive team are all great people. Not forgetting the sales team, they are good people too. Everyone at Cb is committed to working and ensuring their product is the best. We have been with Cb since 4.2 and it has really grown a lot since. the API - is probably one of the most important features to Carbon Black that many products out there fail at. The ability to automate and orchestrate a lot of threat hunting, or even remediation tasks is incredible. Many products fail at this part, or place in API in after the fact. Cb is also 100% committed to ensuring the API is very flexible. They have some of the best developers working it. Integrations - Cb allows for many integrations, whether ones they've created or ones you create. It's very flexible. Splunk - we use the cb-event-forwarder to dump most all data to Splunk. This allows us to quickly perform analytics on raw endpoint data. With this, we've taken our detection and response to the next level. **What do you dislike about Carbon Black EDR?** Not a deal breaker in any sense - 1. High availability. Not really an issue since the sensors cache data until the cluster is back online. 2. Cluster upgrade process could be better. 3. Solr has got to go... **Recommendations to others considering Carbon Black EDR:** Carbon Black is not traditional IR. It's not slow in any sense and it provides a lot of data. The point being, it will change the game and disrupt the attacker far faster than you will ever do with MIR or HX. Nothing truly compares to what Cb can provide you. If you are having issues, or want to go beyond waiting hours for triage to appear, you should really look at and consider Cb. **What problems is Carbon Black EDR solving and how is that benefiting you?** Many problems have been solved with Carbon Black including what I believe to be the most important - dwell time. If a breach takes 200+ days to detect, Carbon Black can assist with dropping that dwell time to far less than 1 month. The ability to decrease dwell time and detect things beyond malware is gold. ### 30. If you want to see the anatomy of an attack... **Rating:** 5.0/5.0 stars **Reviewed by:** Jared H. | Senior Network Analyst, Government Administration, Enterprise (> 1000 emp.) **Reviewed Date:** December 01, 2015 **What do you like best about Carbon Black EDR?** Ability to record and replay events and tuning capability to record fewer event types for nodes with limited connectivity or low bandwidth. Excellent forensic tool for understanding how an attack occurred. **What do you dislike about Carbon Black EDR?** I'd love a smaller footprint on the endpoint devices but CarbonBlack is already less intrusive to the host than most products that perform this function. Customized reporting could be easier as well. **Recommendations to others considering Carbon Black EDR:** This is a great product for analyzing attacks and malware installations. It will help you figure out which parts of your network are most vulnerable. **What problems is Carbon Black EDR solving and how is that benefiting you?** Finding out how malware was installed to a corporate endpoint . How did it evade our security software? Was it installed by a user? What machines are infected? Carbon Black has the answers. ### 31. CB Review **Rating:** 4.0/5.0 stars **Reviewed by:** Collette K. | Cyber Security Forensic Lead, Insurance, Enterprise (> 1000 emp.) **Reviewed Date:** May 19, 2016 **What do you like best about Carbon Black EDR?** Ability to see a system activity, file activity, net connections, drilling down by process **What do you dislike about Carbon Black EDR?** Dislike the command prompt in the go live feature, commands could be made more user friendly, checkin time **What problems is Carbon Black EDR solving and how is that benefiting you?** Incident response, pulling memory from a host quickly ### 32. Carbon Black Review **Rating:** 3.5/5.0 stars **Reviewed by:** Verified User in Construction | Enterprise (> 1000 emp.) **Reviewed Date:** December 01, 2015 **What do you like best about Carbon Black EDR?** Threat detection and being able to not just see issues on bit 9 but find where it came from originally **What do you dislike about Carbon Black EDR?** Not the easiest to use. Find it difficult to move around in the console and look for a specific machine that has a suspected threat. Or any kind of process searching **Recommendations to others considering Carbon Black EDR:** If you can have more than just one person working on this solution. It takes a lot of time and focus **What problems is Carbon Black EDR solving and how is that benefiting you?** Being able to figure out where our infections come from ### 33. Carbon Black gives me visibility that I desperately need. **Rating:** 4.0/5.0 stars **Reviewed by:** Verified User in Financial Services | Enterprise (> 1000 emp.) **Reviewed Date:** December 01, 2015 **What do you like best about Carbon Black EDR?** The user interface is intuitive, useful and pretty to look at. Being able to show less experienced admin's exactly what happened and when is incredibly convincing. **What do you dislike about Carbon Black EDR?** Stability, - had several issues with storing events, and server side issues. **What problems is Carbon Black EDR solving and how is that benefiting you?** Incident Response and forensics is actually happening now. Before we were guessing and hoping. Now I have data to act on. ### 34. Great incident response tool **Rating:** 5.0/5.0 stars **Reviewed by:** Verified User in Oil & Energy | Enterprise (> 1000 emp.) **Reviewed Date:** December 01, 2015 **What do you like best about Carbon Black EDR?** Real time analysis of what files are doing on your endpoints. **What do you dislike about Carbon Black EDR?** Cost and not a single agent with Parity. **Recommendations to others considering Carbon Black EDR:** Great product for incident response. **What problems is Carbon Black EDR solving and how is that benefiting you?** Ability to respond to threats in a timely manner. ## Carbon Black EDR Discussions - [What does carbon black software do?](https://www.g2.com/discussions/what-does-carbon-black-software-do) - 1 comment - [View Carbon Black EDR pricing details and edition comparison](https://www.g2.com/products/carbon-black-edr/reviews?filters%5Bcompany_segment%5D%5B%5D=181§ion=pricing&secure%5Bexpires_at%5D=2026-05-28+04%3A21%3A45+-0500&secure%5Bsession_id%5D=2d2f9be1-cc07-4af4-aa54-a81e095b2323&secure%5Btoken%5D=5b11e1f0b9afb348933cd87186bb8e3bff1d075475a554f886c41118b029a170&format=llm_user) ## Carbon Black EDR Integrations - [Splunk Enterprise](https://www.g2.com/products/splunk-enterprise/reviews) ## Carbon Black EDR Features **Services - Endpoint Detection & Response (EDR) ** - Managed Services **System Control** - Device Control - Web Control - Application Control - Asset Management - System Isolation **Vulnerability Prevention** - Endpoint Intelligence - Firewall **Security Management** - Incident Reports - Security Validation - Compliance ## Top Carbon Black EDR Alternatives - [Microsoft Defender for Endpoint](https://www.g2.com/products/microsoft-defender-for-endpoint/reviews) - 4.4/5.0 (301 reviews) - [SentinelOne Singularity Endpoint](https://www.g2.com/products/sentinelone-singularity-endpoint/reviews) - 4.7/5.0 (195 reviews) - [Sophos Endpoint](https://www.g2.com/products/sophos-endpoint/reviews) - 4.7/5.0 (784 reviews)