Principais Alternativas de Carbon Black EDR Mais Bem Avaliadas
Avaliações 86 Carbon Black EDR
Sentimento Geral da Revisão para Carbon Black EDR
Entre para ver o sentimento das avaliações.
After installling cb Response everyhing is visibel in your environment, and you can search through your events really easy. It doesn't matter what you want to find you can do a search on it very easy. Análise coletada por e hospedada no G2.com.
Configuration is mostly done in conf files, and is not vrey user friendly. Not all supports have a deap linux experiance, whitch can be an problem when the product is based on linux. Análise coletada por e hospedada no G2.com.
Our IR team loves the ability to get instant access to what has occurred on our endpoints in the organization. With the ability to instantly get access to the machine through Live response. Análise coletada por e hospedada no G2.com.
The console can get a bit slow if you haven't put in appropriate filters. Análise coletada por e hospedada no G2.com.
Cb response gives us excellent visibility into our endpoints. We have decided to balance our strategy and focus more on detection and response. We all know if the talented bad guys want to get in, they will. With Cb, I have a virtual video recorder on all my endpoints (servers and workstations) and alerting that is effective. It took us about a month to fine tune. Análise coletada por e hospedada no G2.com.
The pricing model could improve. Given Cb's recent acquisitions and focus on "beyond AV", having the suite of products, including Protection makes most sense. But I find the pricing to be sometimes complex and expensive for cloud version. Análise coletada por e hospedada no G2.com.
Integrated Threat Feeds, Integrations with SIEM, Detects threats not found by other methods. Great hunting and response tool. Análise coletada por e hospedada no G2.com.
It would be nice if there were granular block actions that could be performed by the product. Análise coletada por e hospedada no G2.com.
Really easy to use and brilliant 'workflow' . The community around this product is also great and it's easy to create rules/watch lists Análise coletada por e hospedada no G2.com.
Would like to see better search result display options thT can be useful when hunting Análise coletada por e hospedada no G2.com.
Carbon Black Enterprise Response fornece uma visibilidade incrível em seus endpoints. Ser capaz de visualizar a cadeia de processos de um ataque é muito útil para aprender como os ataques funcionam, preveni-los de acontecer novamente e educar nossos usuários. Muito fácil de implantar agentes e começar a coletar dados úteis. Muitas fontes de inteligência excelentes. Análise coletada por e hospedada no G2.com.
Eu tive alguns problemas com alertas recorrentes, mesmo depois de marcá-los como Resolvido ou Resolvido Falso Positivo. Análise coletada por e hospedada no G2.com.
The granular insight into what process/files are doing what to whom, and when. The watch lists provide a great way to triage suspicious activities and direct daily monitoring and incident response. Integration with CB Enterprise Protection (formerly bit9). Análise coletada por e hospedada no G2.com.
We're still tuning, but the enormous amount of standard events are quite a bit to comb through. While it is a monitoring tool, i often have requests to produce reports to illustrate 'what this product is delivering for the company', which i've yet to find a good solution. Análise coletada por e hospedada no G2.com.
Cb has provided us visibility into threat behavior beyond any product out there today. The ability to ban malicious files, create feeds, watch lists, open API, integrations with many other products (and ability to add other products easily), Live Response, isolation and much more, make Cb the differentiator over any other ETDR product on the market today.
Carbon Black provides the ability to also go back in time, which defeats a lot of other products in the space that only can go back a short period of time without disrupting the endpoint. The centralized infrastructure methodology makes sense for Cb as it technically can save money vs other products that will run CPU/mem to the max and begin to overwhelm the workstation/server. Cb is a very lightweight sensor, we see around 0-1% CPU, and 10-28Mb of memory. 28Mb on the high end for instances where it is a busy server like TMG or Exchange.
Cb is deployed to around 60k endpoints with no issues. We've had minor hiccups over time caused by Cb, but nothing widespread and nothing that wasn't fixed on the new patch level etc.
Working with Cb is probably one of the best things about the product. The PM team, engineering, executive team are all great people. Not forgetting the sales team, they are good people too. Everyone at Cb is committed to working and ensuring their product is the best. We have been with Cb since 4.2 and it has really grown a lot since.
the API - is probably one of the most important features to Carbon Black that many products out there fail at. The ability to automate and orchestrate a lot of threat hunting, or even remediation tasks is incredible. Many products fail at this part, or place in API in after the fact. Cb is also 100% committed to ensuring the API is very flexible. They have some of the best developers working it.
Integrations - Cb allows for many integrations, whether ones they've created or ones you create. It's very flexible.
Splunk - we use the cb-event-forwarder to dump most all data to Splunk. This allows us to quickly perform analytics on raw endpoint data. With this, we've taken our detection and response to the next level. Análise coletada por e hospedada no G2.com.
Not a deal breaker in any sense -
1. High availability. Not really an issue since the sensors cache data until the cluster is back online.
2. Cluster upgrade process could be better.
3. Solr has got to go... Análise coletada por e hospedada no G2.com.
Capacidade de gravar e reproduzir eventos e capacidade de ajuste para gravar menos tipos de eventos para nós com conectividade limitada ou baixa largura de banda. Excelente ferramenta forense para entender como um ataque ocorreu. Análise coletada por e hospedada no G2.com.
Eu adoraria uma pegada menor nos dispositivos finais, mas o CarbonBlack já é menos intrusivo para o host do que a maioria dos produtos que desempenham essa função. Relatórios personalizados também poderiam ser mais fáceis. Análise coletada por e hospedada no G2.com.
