G2 Crowd builds the world's largest business commerce platform fueled by $100M in funding šŸš€
Cb Response

Cb Response

4.2
(26)

Cb Response is a next-generation endpoint threat prevention solution to deliver a portfolio of protection policies, real-time visibility across environments, and comprehensive compliance rule sets in a single platform.

Work for Cb Response?

Learning about Cb Response?

We can help you find the solution that fits you best.

Cb Response Reviews

Ask Cb Response a Question
Write a Review
Filter Reviews
Filter Reviews
  • Ratings
  • Company Size
  • User Role
  • For Category
  • Industry
Ratings
Company Size
User Role
For Category
Industry
Showing 26 Cb Response reviews
LinkedIn Connections
Cb Response review by Shaun H.
Shaun H.
Validated Reviewer
Verified Current User
Review Source

"Carbon Black for Threat Response"

What do you like best?

While most companies just use a typical anti-virus we use the Carbon Black Defense combined with Carbon Black Response. It's good because it gives you a play by play of every action on a particular node. Using the built in alerts or creating your own you'll find that it's easy to go through and work an issue!

What do you dislike?

The only thing I really dislike about Cb Response is the layout and the lack of documentation displayed as you do things (ie. searching, although documentation does exist you just have to look elsewhere.)

Recommendations to others considering the product

I would highly recommend this product in order to keep track of everything that happens on your computer, from an application running, to it reaching out to China, or even just one app starting another.

What business problems are you solving with the product? What benefits have you realized?

When using Cb Response we feel better equipped to handle any issues such as ransomware and other malicious content reaching out to external sites.

Sign in to G2 Crowd to see what your connections have to say about Cb Response
Cb Response review by Kevin K.
Kevin K.
Validated Reviewer
Verified Current User
Review Source

"CB Response - Improve Your Endpoint Visibility and Lower Response Times"

What do you like best?

CB Response provides our staff with an extremely detailed and concise overview of our endpoints. Utilizing the tools provided by Response, we can effectively track threats, be notified of detected threats, and quickly investigate and respond to those threats all from one interface. The fact that this is a single product which incorporates all these tools is what I like best about CB Response.

What do you dislike?

As with their CB Protection product, I feel that the administrative interface can be a bit challenging at times. Without prior training on the product, it would be difficult to navigate and perform investigations. Thankfully, the product was provided with an in-depth training process to assist our staff with being acclimated within the environment.

Recommendations to others considering the product

The biggest lift when implementing this product was the steep hardware requirements. Make sure you have a dedicated server with high-end CPU, RAM, and storage components. The product is collecting, querying, and storing data constantly and requires a significantly powerful server.

What business problems are you solving with the product? What benefits have you realized?

The biggest challenge that CB Response solves for our company is the ability to detect, quickly respond, and investigate a threat so that we can take pro-active measures in preventing future threats. The 'Watchlist' component is a valuable tool in which our staff can craft custom events, sequences, or procedures which indicate bad behavior on the system.

What Endpoint Detection & Response (EDR) solution do you use?

Thanks for letting us know!
Cb Response review by Brad M.
Brad M.
Validated Reviewer
Verified Current User
Review Source

"See Everything on your endpoints"

What do you like best?

Carbon Black Enterprise Response provides awesome visibility into your endpoints. Being able to view the process chain of an attack is very useful in learning how the attacks work, preventing them from happening again and educating our users. Very easy to deploy agents and start gathering useful data. Lots of great intelligence feeds.

What do you dislike?

I have had some issues with re-occurring alerts even after i have mark them as as Resolved or Resolved False Positive.

What business problems are you solving with the product? What benefits have you realized?

Being able to see exactly what is going on has been huge for us. We have Carbon Black Enterprise Protection keeping malicious and unwanted software from running, but Enterprise Response shows us how these items are getting on our machines. I have used Enterprise Response numerous times to track down blocked Ransom-ware attacks to malicious email attachments our users have opened. Before Enterprise Response it was difficult if not impossible to find the cause of these types of attacks.

Cb Response review by Jared H.
Jared H.
Validated Reviewer
Verified Current User
Review Source

"If you want to see the anatomy of an attack..."

What do you like best?

Ability to record and replay events and tuning capability to record fewer event types for nodes with limited connectivity or low bandwidth. Excellent forensic tool for understanding how an attack occurred.

What do you dislike?

I'd love a smaller footprint on the endpoint devices but CarbonBlack is already less intrusive to the host than most products that perform this function. Customized reporting could be easier as well.

Recommendations to others considering the product

This is a great product for analyzing attacks and malware installations. It will help you figure out which parts of your network are most vulnerable.

What business problems are you solving with the product? What benefits have you realized?

Finding out how malware was installed to a corporate endpoint . How did it evade our security software? Was it installed by a user? What machines are infected? Carbon Black has the answers.

Cb Response review by User in Electrical/Electronic Manufacturing
User in Electrical/Electronic Manufacturing
Validated Reviewer
Verified Current User
Review Source

"Carbon Black - Detect and Respond"

What do you like best?

Cb has provided us visibility into threat behavior beyond any product out there today. The ability to ban malicious files, create feeds, watch lists, open API, integrations with many other products (and ability to add other products easily), Live Response, isolation and much more, make Cb the differentiator over any other ETDR product on the market today.

Carbon Black provides the ability to also go back in time, which defeats a lot of other products in the space that only can go back a short period of time without disrupting the endpoint. The centralized infrastructure methodology makes sense for Cb as it technically can save money vs other products that will run CPU/mem to the max and begin to overwhelm the workstation/server. Cb is a very lightweight sensor, we see around 0-1% CPU, and 10-28Mb of memory. 28Mb on the high end for instances where it is a busy server like TMG or Exchange.

Cb is deployed to around 60k endpoints with no issues. We've had minor hiccups over time caused by Cb, but nothing widespread and nothing that wasn't fixed on the new patch level etc.

Working with Cb is probably one of the best things about the product. The PM team, engineering, executive team are all great people. Not forgetting the sales team, they are good people too. Everyone at Cb is committed to working and ensuring their product is the best. We have been with Cb since 4.2 and it has really grown a lot since.

the API - is probably one of the most important features to Carbon Black that many products out there fail at. The ability to automate and orchestrate a lot of threat hunting, or even remediation tasks is incredible. Many products fail at this part, or place in API in after the fact. Cb is also 100% committed to ensuring the API is very flexible. They have some of the best developers working it.

Integrations - Cb allows for many integrations, whether ones they've created or ones you create. It's very flexible.

Splunk - we use the cb-event-forwarder to dump most all data to Splunk. This allows us to quickly perform analytics on raw endpoint data. With this, we've taken our detection and response to the next level.

What do you dislike?

Not a deal breaker in any sense -

1. High availability. Not really an issue since the sensors cache data until the cluster is back online.

2. Cluster upgrade process could be better.

3. Solr has got to go...

Recommendations to others considering the product

Carbon Black is not traditional IR. It's not slow in any sense and it provides a lot of data. The point being, it will change the game and disrupt the attacker far faster than you will ever do with MIR or HX. Nothing truly compares to what Cb can provide you. If you are having issues, or want to go beyond waiting hours for triage to appear, you should really look at and consider Cb.

What business problems are you solving with the product? What benefits have you realized?

Many problems have been solved with Carbon Black including what I believe to be the most important - dwell time. If a breach takes 200+ days to detect, Carbon Black can assist with dropping that dwell time to far less than 1 month. The ability to decrease dwell time and detect things beyond malware is gold.

Cb Response review by Everett H.
Everett H.
Validated Reviewer
Verified Current User
Review Source

"Good model/framework could use some tweaking(which might be done in the upcoming version)"

What do you like best?

The ability see/analyze every process can give a huge insight into a potential threat, which makes hunting a good deal more efficient.

What do you dislike?

The biggest problem seems to be that the complexity of the inner workings makes it very difficult to identify the root cause of an issue, which I think has in turn made the whole thing a bit temperamental.

What business problems are you solving with the product? What benefits have you realized?

Cb Response is used as an endpoint threat detection and response(shockingly) tool.The biggest benefit is the ability to determine where and how an attacker was able to compromise the network.

Cb Response review by Administrator in Oil & Energy
Administrator in Oil & Energy
Validated Reviewer
Verified Current User
Review Source

"Highly effective for forensics, but not for small teams."

What do you like best?

Very detailed information on the time(s) surrounding a supposed incident.

What do you dislike?

Seems to really shine only in internet-accessible networks; not very great at isolated networks like mine.

Recommendations to others considering the product

Consider CB Defense, as many of the features of CB Response are being placed there, and it includes a true antimalware component.

What business problems are you solving with the product? What benefits have you realized?

We needed a way to determine what circumstances surrounded a breach, so we can better learn to close them.

Cb Response review by Administrator in Financial Services
Administrator in Financial Services
Validated Reviewer
Verified Current User
Review Source

"granular process insight"

What do you like best?

The granular insight into what process/files are doing what to whom, and when. The watch lists provide a great way to triage suspicious activities and direct daily monitoring and incident response. Integration with CB Enterprise Protection (formerly bit9).

What do you dislike?

We're still tuning, but the enormous amount of standard events are quite a bit to comb through. While it is a monitoring tool, i often have requests to produce reports to illustrate 'what this product is delivering for the company', which i've yet to find a good solution.

What business problems are you solving with the product? What benefits have you realized?

We brought in CB Response for a special use case in a sensitive environment where we thought we should have more detailed visibility.

Cb Response review by Executive Sponsor in Computer Software
Executive Sponsor in Computer Software
Validated Reviewer
Review Source

"One of our best security investments"

What do you like best?

Cb response gives us excellent visibility into our endpoints. We have decided to balance our strategy and focus more on detection and response. We all know if the talented bad guys want to get in, they will. With Cb, I have a virtual video recorder on all my endpoints (servers and workstations) and alerting that is effective. It took us about a month to fine tune.

What do you dislike?

The pricing model could improve. Given Cb's recent acquisitions and focus on "beyond AV", having the suite of products, including Protection makes most sense. But I find the pricing to be sometimes complex and expensive for cloud version.

What business problems are you solving with the product? What benefits have you realized?

We wanted visibility into endpoints and ability to detect and contain a threat once identified.

Cb Response review by Administrator in Government Administration
Administrator in Government Administration
Validated Reviewer
Review Source

"Incident response made easy"

What do you like best?

After installling cb Response everyhing is visibel in your environment, and you can search through your events really easy. It doesn't matter what you want to find you can do a search on it very easy.

What do you dislike?

Configuration is mostly done in conf files, and is not vrey user friendly. Not all supports have a deap linux experiance, whitch can be an problem when the product is based on linux.

Recommendations to others considering the product

Deploy it as fast as possible, its a great product.

What business problems are you solving with the product? What benefits have you realized?

CB response makes incident response very easy. you can searche on everything and makes long IR jobs really fast.

Cb Response review by Administrator in Investment Management
Administrator in Investment Management
Validated Reviewer
Verified Current User
Review Source

"A great analysis tool"

What do you like best?

-Ease of use

-Easy to deploy agents

-Ability to auto upgrade sensors as new updates are released.

-Intelligence feeds that make CB response what it is.

-Ability to create custom watch lists

What do you dislike?

CB tends to push out sensor updates and CB application updates that seem to not have been tested enough which leads to issues in Production that sometimes take longer then usual in resolving.

What business problems are you solving with the product? What benefits have you realized?

Having the ability to monitor and analyse any potential threads or attacks in progress across all end points. With CB response, we were able to detect an attack and quickly isolate hosts affected.

Cb Response review by Administrator in Utilities
Administrator in Utilities
Validated Reviewer
Verified Current User
Review Source

"Easy to use - provides valuable information quickly"

What do you like best?

This makes it very easy to search a specific threat domain to see if anyone visited it. Very helpful in analyzing Phishing attempts and if the user actually clicked on them.

What do you dislike?

Some queries can be complex, requires use of API for some more advanced searching.

Recommendations to others considering the product

Very easy endpoint to install, just "install and go" to start collecting data. Plan what type of data is relevant, so you don't overload yourself with Watchlists that trigger too many false positives.

What business problems are you solving with the product? What benefits have you realized?

This provides us with our Incident Response management, and also allows us to quickly review IOC's when they are released.

Cb Response review by Administrator in Information Technology and Services
Administrator in Information Technology and Services
Validated Reviewer
Verified Current User
Review Source

"A Powerful Tool For Techie Types"

What do you like best?

It tracks everything. Really. It correlates and provides a timeline of events. You can literally peruse the killchain. You can also find out everyplace a file exists and you can ban it making it very easy to stop an infection.

What do you dislike?

You need to under the operating system files and calls really well. The watchlists are not intuitive to create. Results are not always as expected but support will help clear it up for you.

What business problems are you solving with the product? What benefits have you realized?

Understanding how a breach occurred. Stopping an exploit in progress. Finding malware already in the environment that other tools missed.

Cb Response review by Collette K.
Collette K.
Validated Reviewer
Verified Current User
Review Source

"CB Review"

What do you like best?

Ability to see a system activity, file activity, net connections, drilling down by process

What do you dislike?

Dislike the command prompt in the go live feature, commands could be made more user friendly,

checkin time

What business problems are you solving with the product? What benefits have you realized?

Incident response, pulling memory from a host quickly

Cb Response review by Executive Sponsor in Publishing
Executive Sponsor in Publishing
Validated Reviewer
Review Source

"really good product that could be better if it didn't break stuff"

What do you like best?

in theory it should work great. It seems to be a great tool.

What do you dislike?

their updates that they push out, don't seem to be thoroughly tested as they have recalled them a few times.

We lost the ability to sandbox an infected endpoint because the update they pushed out broke our servers so we had to dial back. They have not been able to fix that yet.

Recommendations to others considering the product

due proper testing to make sure the current version can do exactly what you want.

What business problems are you solving with the product? What benefits have you realized?

security remediation

Cb Response review by Administrator in Construction
Administrator in Construction
Validated Reviewer
Verified Current User
Review Source

"Carbon Black Review"

What do you like best?

Threat detection and being able to not just see issues on bit 9 but find where it came from originally

What do you dislike?

Not the easiest to use. Find it difficult to move around in the console and look for a specific machine that has a suspected threat. Or any kind of process searching

Recommendations to others considering the product

If you can have more than just one person working on this solution. It takes a lot of time and focus

What business problems are you solving with the product? What benefits have you realized?

Being able to figure out where our infections come from

Cb Response review by Administrator in Computer Software
Administrator in Computer Software
Validated Reviewer
Verified Current User
Review Source

"CarbonBlack is a delight to work with. I like the visibility and the hunting aspect it gives me."

What do you like best?

New threat intelligence is added frequently. I like the recorded aspect and the visibility it gives me into our end points. I like the fact I can go back in time and hunt for artifacts of intrustions.

What do you dislike?

from triage page the refresh after clearing an alert is not working all the time

Recommendations to others considering the product

best product we have added into our organization for security.

What business problems are you solving with the product? What benefits have you realized?

forensics, prevention and hunting are all great aspects of this product

Cb Response review by Administrator in Financial Services
Administrator in Financial Services
Validated Reviewer
Verified Current User
Review Source

"Carbon Black gives me visibility that I desperately need."

What do you like best?

The user interface is intuitive, useful and pretty to look at. Being able to show less experienced admin's exactly what happened and when is incredibly convincing.

What do you dislike?

Stability, - had several issues with storing events, and server side issues.

What business problems are you solving with the product? What benefits have you realized?

Incident Response and forensics is actually happening now. Before we were guessing and hoping. Now I have data to act on.

Cb Response review by User in Computer Networking
User in Computer Networking
Validated Reviewer
Review Source

"CB Response- Proactive Threat Hunting"

What do you like best?

Its Highly scalable, real-time EDR with unparalleled visibility for top security operations centers.

What do you dislike?

The only thing I really dislike about Cb Response is the layout and the lack of documentation

What business problems are you solving with the product? What benefits have you realized?

Carbon Black offers endpoint detection and blocking granularity like never before! We were able to detect and block things that wasn't even detected by previous software.

Cb Response review by Administrator in Telecommunications
Administrator in Telecommunications
Validated Reviewer
Review Source

"Intelligent detection and fast response"

What do you like best?

The flexibility to create complex queries.to match malicious or non standard behavior

What do you dislike?

False positives is a problem because there is not an easy way of dealing with them

What business problems are you solving with the product? What benefits have you realized?

Incident response of remote sites, using live response. Malicious behavior is easily catched even before user realized she opened a malicious PDF or word, for example

Cb Response review by User in Telecommunications
User in Telecommunications
Validated Reviewer
Review Source

"One of the best security products I have used "

What do you like best?

Really easy to use and brilliant 'workflow' . The community around this product is also great and it's easy to create rules/watch lists

What do you dislike?

Would like to see better search result display options thT can be useful when hunting

What business problems are you solving with the product? What benefits have you realized?

Visibility into the endpoint whenever something has to be looked at , great for incident response

Cb Response review by Administrator in Investment Management
Administrator in Investment Management
Validated Reviewer
Verified Current User
Review Source

"Unrivaled visibility and invaluable IR tool"

What do you like best?

Our IR team loves the ability to get instant access to what has occurred on our endpoints in the organization. With the ability to instantly get access to the machine through Live response.

What do you dislike?

The console can get a bit slow if you haven't put in appropriate filters.

What business problems are you solving with the product? What benefits have you realized?

Incident response

Cb Response review by Administrator in Computer & Network Security
Administrator in Computer & Network Security
Validated Reviewer
Review Source

"Fantastic Forensics"

What do you like best?

Response hints threats in real time so you get instant intelligence

What do you dislike?

Would prefer for the Cb portfolio to all sit as one agent.

What business problems are you solving with the product? What benefits have you realized?

Visibility across our entire network means I can massively reduce investigation time and therefor time to remediation is much better

Cb Response review by Administrator in Information Technology and Services
Administrator in Information Technology and Services
Validated Reviewer
Review Source

"works well"

What do you like best?

the ability to search all stated events from the one problem event

how if one thing start it show all that spawned off that one item

What do you dislike?

we have not come across much yet we do not like

What business problems are you solving with the product? What benefits have you realized?

ISM controls

Cb Response review by Executive Sponsor
Executive Sponsor
Validated Reviewer
Verified Current User
Review Source

"Best EDR tools around"

What do you like best?

Integrated Threat Feeds, Integrations with SIEM, Detects threats not found by other methods. Great hunting and response tool.

What do you dislike?

It would be nice if there were granular block actions that could be performed by the product.

What business problems are you solving with the product? What benefits have you realized?

Resolving Security Risks and detecting advanced threats.

Cb Response review by Administrator in Utilities
Administrator in Utilities
Validated Reviewer
Review Source

"Great incident response tool"

What do you like best?

Real time analysis of what files are doing on your endpoints.

What do you dislike?

Cost and not a single agent with Parity.

Recommendations to others considering the product

Great product for incident response.

What business problems are you solving with the product? What benefits have you realized?

Ability to respond to threats in a timely manner.

Learn more about Cb Response

Cb Response Videos

Kate from G2 Crowd

Learning about Cb Response?

I can help.
* We monitor all Cb Response reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. Validated reviews require the user to submit a screenshot of the product containing their user ID, in order to verify a user is an actual user of the product.