Cb Protection

Cb Protection

(30)
4.5 out of 5 stars

Cb Protection is a next-generation endpoint threat prevention solution to deliver a portfolio of protection policies, real-time visibility across environments, and comprehensive compliance rule sets in a single platform.

Work for Cb Protection?

Learning about Cb Protection?

We can help you find the solution that fits you best.

Find the Right Product

Cb Protection Reviews

Ask Cb Protection a Question
Write a Review
Cb Protection review by <span>Dan A.</span>
Dan A.
Validated Reviewer
Verified Current User
Review Source
Validated Reviewer
Verified Current User
What do you like best?

With Carbon Black on our endpoints, we were able to detect and block bit coin mining software that wasn't even detected my our AV software. Using a score from Virus Total threat feed, Carbon Black alerted us of the malware. Carbon Black showed us in detail how the exe was spawned, which processes were involved and that it was communicating to an external IP address. Through the carbon black console, we were able to connect to the machine and delete the exe. Then we set the file (hash) to be banned, this way any endpoints in the future would not be able to run this process, keeping our Enterprise free of these resource stealing bit mining. This is just one real world example of how Carbon Black has paid for itself in our environment.

What do you dislike?

There isnt too much to dislike but if I had to pick it would probably be the console, it could be a little more user intuitive but we are sending our CB data to Splunk, so we use the console minimally.

Recommendations to others considering the product

Test CB out in a POC and you are sure to realize its ROI.

What business problems are you solving with the product? What benefits have you realized?

Threat hunting and detection and banning hashes are all uses of CB.

0 of 0 found this helpful.
Helpful?
Filter Reviews
Filter Reviews
  • Ratings
  • Company Size
  • User Role
  • User Industry
Ratings
Company Size
User Role
User Industry
Showing 30 Cb Protection reviews
LinkedIn Connections
Cb Protection review by Administrator in Oil & Energy
Administrator in Oil & Energy
Review Source

Highly Effective, if a bit involved

Reviewed On
Validated Review
Verified Current User
What do you like best?

This is, hands down, my favorite application whitelisting I've ever used. It can approve by the file's hash value (SHA-256), the publisher/certificate, or a number of other custom options. High customizable across the environment, and even enabled me to completely eradicate bloatware (such as ASK Toolbar) within two weeks of full implementation.

If your installation is on a server that can access the internet, it can also use VirusTotal and CB's own reputation service to auto-approve some programs based on collective input from other customers (reducing management time).

Other providers tried to get me to switch because CB Protection uses a lot of man-hours to manage (which is true), but they cannot reliably block some"benign but unwanted" programs without using a blacklisting approach. CB Protection means I can block unwanted programs from the get-go, even if they are basically harmless.

What do you dislike?

This is a highly involved implementation and management. Expect six (6) months or more to call the project done - anything else means that you may very well shut down some critical applications and/or let things through that should not be. Trust me; take the time, plan your policies, and be cautious.

Recommendations to others considering the product

Plan your implementation, and work closely with your Professional Services person. They can really help you. And pay for the training for each administrator (at the time of this review, each purchase comes with two training slots for your company).

What business problems are you solving with the product? What benefits have you realized?

(A form of) Antimalware and version control are the two biggest items. Also, in my current environment, we're using it in an offline scenario - no internet access. All other whitelisting and antimalware solutions REQUIRED internet to function - a big NO-NO for SCADA environments.

0 of 0 found this helpful.
Helpful?
Sign in to G2 Crowd to see what your connections have to say about Cb Protection
Headshots
Cb Protection review by <span>Kevin K.</span>
Kevin K.
Validated Review
Verified Current User
Review Source
Validated Review
Verified Current User
What do you like best?

The best aspect of CB Protection is its ability to hash out and quickly locate executables on all of our workstations and servers. This helps us tremendously when searching for and weeding out known-bad and suspected-bad files from our network.

What do you dislike?

At our current installation version (v7) the administration interface is a bit aged and clunky. We've also had some problems with logon scripts being blocked. However, CB support is top-notch and have always helped with we've had issues.

Recommendations to others considering the product

Speak with their representatives. We had a very good pre-launch discussion with their sales and engineering staff in order to get more comfortable with the product and educate ourselves on all of the different aspects of the product's features. Their support is top-notch!

What business problems are you solving with the product? What benefits have you realized?

The biggest problem we were looking to solve with CB Protection was to help prevent the execution of ransomware programs as we had been hit by several in quick succession. The product has delivered on this and has prevented countless other infections from malware and just unwanted applications.

0 of 0 found this helpful.
Helpful?

What Endpoint Management solution do you use?

Thanks for letting us know!
Cb Protection review by <span>Brian S.</span>
Brian S.
Validated Review
Verified Current User
Review Source

Quite a beast

Reviewed On
Validated Review
Verified Current User
What do you like best?

Carbon Black seems to be unlike any other endpoint security product that we've seen. While other (more traditional) products focus on their ability to keep your company safe, Carbon Black focuses on *your* ability to keep your company safe and giving you tools to do that. In our situation, we could not realistically remove local admin rights from the majority of our PCs, so Carbon Black gave us a way to control what people are running without fully removing admin rights. The verbosity of control that we have over our endpoints and the reaction time that Carbon Black gives us to threats is surpassed by no other software that we have seen so far.

What do you dislike?

Part of the territory of having verbose control over a system is that it is more complicated to use and time consuming to manage. This can scare some of our staff away from being trained on it, leaving only a select few who can manage the product. That being said, it is still well worth the effort.

Recommendations to others considering the product

Have at least one full time staff assigned just to Carbon Black and mitigation - especially during initial implementation.

What business problems are you solving with the product? What benefits have you realized?

Protecting our endpoints even though we couldn't realistically remove admin rights from most of them.

0 of 0 found this helpful.
Helpful?
Cb Protection review by <span>Robert G.</span>
Robert G.
Validated Review
Verified Current User
Review Source
Validated Review
Verified Current User
What do you like best?

The fact that the User Exchange is loaded with the very experts a company would call if they had an incident and needed help. It truly is like getting a free FTE for being a customer! Having endpoints in high enforcement so that only the files that are approved are allowed to run. The ability to single out the most threatening endpoints.

What do you dislike?

I would like to see a Google style search to eliminate redundant rules. I would also like to have the panes freeze on pages so I could see the column names as I scroll down.

Recommendations to others considering the product

DO NOT fail to account for the value from the User Exchange! Many members are top IR and MSSP professionals. These are the very people you pay to come in and help if you have been breached. They are sharing their findings and helping you configure the product to stop advanced threats.

What business problems are you solving with the product? What benefits have you realized?

Protecting endpoints from malware. Knowing what software exists within our organization. Having all of our endpoints in high enforcement gives us a consistent level of protection and helps eliminate lateral movement of any threats that might get in. The console also helps uncover endpoints that have general OS health issues so we can address them quickly.

0 of 0 found this helpful.
Helpful?
Cb Protection review by <span>Brad M.</span>
Brad M.
Validated Review
Verified Current User
Review Source
Validated Review
Verified Current User
What do you like best?

Carbon Black Enterprise Protection works exactly as advertised. Whether it’s malicious software or just unwanted software Carbon Black Enterprise protection stops it all while allowing what we want. We see the benefits daily. Since being in High Enforcement we have seen numerous cases of Ransom-ware stopped, along with tons of unwanted software from being installed. I wear many hats in my role and work with many technologies, and no company I work with offers the quality of services that Carbon Black does. Their Training, Planning and Implementation Services, Support, User Community, and Tech Assessments ensure customer success.

What do you dislike?

We have a handful of 3rd party unknown, unsigned software packages that can be tricky to keep running seamlessly to the end user. Especially when these packages auto update themselves. You really need to have a good understanding of these packages to be able to create the rules needed to allow them to function. Bit9 Support is great on helping you out with these rare cases.

Recommendations to others considering the product

Contact Carbon Black and setup a trial. I think you will be sold.

What business problems are you solving with the product? What benefits have you realized?

Number one is definitely stopping malicious software from executing. Shortly before rolling out Carbon Black Enterprise protection we were hit with a couple instances of Ransom-ware. Since rolling out Carbon Black in High Enforcement Mode we have had none. On top of stopping malicious software Carbon Black EP stops tons of unwanted software. We have some users who are local admins on their PC's due to a 3rd party applications requirements. Carbon Black allows this software to run, while keeping the Local admins from installing unwanted or malicious items, even with Admin Rights. We also have a level of visibility that we have never had. Paired with Carbon Black Enterprise Response you will know exactly what is going on in your Environment.

0 of 0 found this helpful.
Helpful?
Cb Protection review by <span>David M.</span>
David M.
Validated Review
Verified Current User
Review Source
Validated Review
Verified Current User
What do you like best?

Deep intelligence looking at both threats from the cloud (external connectors) and simple file based looks and reputation.

With traditional AV, you have signatures and other outdated technology. With Carbon Black Enterprise Protection, you can see not only what is suspected, but also what files appeared in the timeframe. You can also block certain files, get notifications, prevent users from installing certain programs and the like. Instead of a clunky engine that just scans all day long, you get information you can actually use both for preventing malware/viruses/worms, but also tracking user behaviors and other important information.

What do you dislike?

This isn't a "install and walk away" product. There is a lot of setup. I don't like this in the sense that I don't have a ton of time to set it up. However I will say that the more time you put into it, the more time you will ultimately save. Just be aware there is a significant investment up front that needs to happen to see gains. Else you are wasting your time.

Also, as of time of writing I'm not able to push the agents out from the console, which is annoying as I have to be at the station to install it, or use other installation tools.

You also need to change your mindset regarding how this works as compared to traditional AV, and doesn't register in Windows as an "Antivirus" product.

What business problems are you solving with the product? What benefits have you realized?

Problems Solved:

1. Visibility into the endpoint regarding files installed, changes etc.

2. Software installation blocking

3. Advanced Malware/program launch

Benefits:

1. Lightweight footprint with up to date analytics and protections from changing threat landscapes.

2. Configuration for a single program, then deploy across the enterprise.

3. More understanding of problems created with the product (if any) with the good logging.

0 of 0 found this helpful.
Helpful?

Learn more about Cb Protection

Cb Protection Videos

Kate avatar
Kate from G2 Crowd

Learning about Cb Protection?

I can help.
* We monitor all Cb Protection reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. Validated reviews require the user to submit a screenshot of the product containing their user ID, in order to verify a user is an actual user of the product.