Cb Response

Cb Response

(25)
4.2 out of 5 stars

Cb Response is a next-generation endpoint threat prevention solution to deliver a portfolio of protection policies, real-time visibility across environments, and comprehensive compliance rule sets in a single platform.

Work for Cb Response?

Learning about Cb Response?

We can help you find the solution that fits you best.

Cb Response Reviews

Ask Cb Response a Question
Write a Review
Cb Response review by <span>Jared H.</span>
Jared H.
Validated Review
Verified Current User
Review Source
Validated Review
Verified Current User
What do you like best?

Ability to record and replay events and tuning capability to record fewer event types for nodes with limited connectivity or low bandwidth. Excellent forensic tool for understanding how an attack occurred.

What do you dislike?

I'd love a smaller footprint on the endpoint devices but CarbonBlack is already less intrusive to the host than most products that perform this function. Customized reporting could be easier as well.

Recommendations to others considering the product

This is a great product for analyzing attacks and malware installations. It will help you figure out which parts of your network are most vulnerable.

What business problems are you solving with the product? What benefits have you realized?

Finding out how malware was installed to a corporate endpoint . How did it evade our security software? Was it installed by a user? What machines are infected? Carbon Black has the answers.

0 of 0 found this helpful.
Helpful?
Filter Reviews
Filter Reviews
  • Ratings
  • Company Size
  • User Role
  • User Industry
  • For Category
Ratings
Company Size
User Role
User Industry
For Category
Showing 24 Cb Response reviews
LinkedIn Connections
Cb Response review by <span>Shaun H.</span>
Shaun H.
Validated Review
Verified Current User
Review Source

Carbon Black for Threat Response

Reviewed On
Validated Review
Verified Current User
What do you like best?

While most companies just use a typical anti-virus we use the Carbon Black Defense combined with Carbon Black Response. It's good because it gives you a play by play of every action on a particular node. Using the built in alerts or creating your own you'll find that it's easy to go through and work an issue!

What do you dislike?

The only thing I really dislike about Cb Response is the layout and the lack of documentation displayed as you do things (ie. searching, although documentation does exist you just have to look elsewhere.)

Recommendations to others considering the product

I would highly recommend this product in order to keep track of everything that happens on your computer, from an application running, to it reaching out to China, or even just one app starting another.

What business problems are you solving with the product? What benefits have you realized?

When using Cb Response we feel better equipped to handle any issues such as ransomware and other malicious content reaching out to external sites.

0 of 0 found this helpful.
Helpful?
Sign in to G2 Crowd to see what your connections have to say about Cb Response
Headshots
Cb Response review by <span>Kevin K.</span>
Kevin K.
Validated Review
Verified Current User
Review Source
Validated Review
Verified Current User
What do you like best?

CB Response provides our staff with an extremely detailed and concise overview of our endpoints. Utilizing the tools provided by Response, we can effectively track threats, be notified of detected threats, and quickly investigate and respond to those threats all from one interface. The fact that this is a single product which incorporates all these tools is what I like best about CB Response.

What do you dislike?

As with their CB Protection product, I feel that the administrative interface can be a bit challenging at times. Without prior training on the product, it would be difficult to navigate and perform investigations. Thankfully, the product was provided with an in-depth training process to assist our staff with being acclimated within the environment.

Recommendations to others considering the product

The biggest lift when implementing this product was the steep hardware requirements. Make sure you have a dedicated server with high-end CPU, RAM, and storage components. The product is collecting, querying, and storing data constantly and requires a significantly powerful server.

What business problems are you solving with the product? What benefits have you realized?

The biggest challenge that CB Response solves for our company is the ability to detect, quickly respond, and investigate a threat so that we can take pro-active measures in preventing future threats. The 'Watchlist' component is a valuable tool in which our staff can craft custom events, sequences, or procedures which indicate bad behavior on the system.

0 of 0 found this helpful.
Helpful?

What Endpoint Detection & Response (EDR) solution do you use?

Thanks for letting us know!
Cb Response review by <span>Brad M.</span>
Brad M.
Validated Review
Verified Current User
Review Source

See Everything on your endpoints

Reviewed On
Validated Review
Verified Current User
What do you like best?

Carbon Black Enterprise Response provides awesome visibility into your endpoints. Being able to view the process chain of an attack is very useful in learning how the attacks work, preventing them from happening again and educating our users. Very easy to deploy agents and start gathering useful data. Lots of great intelligence feeds.

What do you dislike?

I have had some issues with re-occurring alerts even after i have mark them as as Resolved or Resolved False Positive.

What business problems are you solving with the product? What benefits have you realized?

Being able to see exactly what is going on has been huge for us. We have Carbon Black Enterprise Protection keeping malicious and unwanted software from running, but Enterprise Response shows us how these items are getting on our machines. I have used Enterprise Response numerous times to track down blocked Ransom-ware attacks to malicious email attachments our users have opened. Before Enterprise Response it was difficult if not impossible to find the cause of these types of attacks.

0 of 0 found this helpful.
Helpful?
Cb Response review by User in Electrical/Electronic Manufacturing
User in Electrical/Electronic Manufacturing
Review Source

Carbon Black - Detect and Respond

Reviewed On
Validated Review
Verified Current User
What do you like best?

Cb has provided us visibility into threat behavior beyond any product out there today. The ability to ban malicious files, create feeds, watch lists, open API, integrations with many other products (and ability to add other products easily), Live Response, isolation and much more, make Cb the differentiator over any other ETDR product on the market today.

Carbon Black provides the ability to also go back in time, which defeats a lot of other products in the space that only can go back a short period of time without disrupting the endpoint. The centralized infrastructure methodology makes sense for Cb as it technically can save money vs other products that will run CPU/mem to the max and begin to overwhelm the workstation/server. Cb is a very lightweight sensor, we see around 0-1% CPU, and 10-28Mb of memory. 28Mb on the high end for instances where it is a busy server like TMG or Exchange.

Cb is deployed to around 60k endpoints with no issues. We've had minor hiccups over time caused by Cb, but nothing widespread and nothing that wasn't fixed on the new patch level etc.

Working with Cb is probably one of the best things about the product. The PM team, engineering, executive team are all great people. Not forgetting the sales team, they are good people too. Everyone at Cb is committed to working and ensuring their product is the best. We have been with Cb since 4.2 and it has really grown a lot since.

the API - is probably one of the most important features to Carbon Black that many products out there fail at. The ability to automate and orchestrate a lot of threat hunting, or even remediation tasks is incredible. Many products fail at this part, or place in API in after the fact. Cb is also 100% committed to ensuring the API is very flexible. They have some of the best developers working it.

Integrations - Cb allows for many integrations, whether ones they've created or ones you create. It's very flexible.

Splunk - we use the cb-event-forwarder to dump most all data to Splunk. This allows us to quickly perform analytics on raw endpoint data. With this, we've taken our detection and response to the next level.

What do you dislike?

Not a deal breaker in any sense -

1. High availability. Not really an issue since the sensors cache data until the cluster is back online.

2. Cluster upgrade process could be better.

3. Solr has got to go...

Recommendations to others considering the product

Carbon Black is not traditional IR. It's not slow in any sense and it provides a lot of data. The point being, it will change the game and disrupt the attacker far faster than you will ever do with MIR or HX. Nothing truly compares to what Cb can provide you. If you are having issues, or want to go beyond waiting hours for triage to appear, you should really look at and consider Cb.

What business problems are you solving with the product? What benefits have you realized?

Many problems have been solved with Carbon Black including what I believe to be the most important - dwell time. If a breach takes 200+ days to detect, Carbon Black can assist with dropping that dwell time to far less than 1 month. The ability to decrease dwell time and detect things beyond malware is gold.

0 of 0 found this helpful.
Helpful?
Cb Response review by <span>Everett H.</span>
Everett H.
Validated Review
Verified Current User
Review Source
Validated Review
Verified Current User
What do you like best?

The ability see/analyze every process can give a huge insight into a potential threat, which makes hunting a good deal more efficient.

What do you dislike?

The biggest problem seems to be that the complexity of the inner workings makes it very difficult to identify the root cause of an issue, which I think has in turn made the whole thing a bit temperamental.

What business problems are you solving with the product? What benefits have you realized?

Cb Response is used as an endpoint threat detection and response(shockingly) tool.The biggest benefit is the ability to determine where and how an attacker was able to compromise the network.

0 of 0 found this helpful.
Helpful?
Cb Response review by Administrator in Oil & Energy
Administrator in Oil & Energy
Review Source
Validated Review
Verified Current User
What do you like best?

Very detailed information on the time(s) surrounding a supposed incident.

What do you dislike?

Seems to really shine only in internet-accessible networks; not very great at isolated networks like mine.

Recommendations to others considering the product

Consider CB Defense, as many of the features of CB Response are being placed there, and it includes a true antimalware component.

What business problems are you solving with the product? What benefits have you realized?

We needed a way to determine what circumstances surrounded a breach, so we can better learn to close them.

0 of 0 found this helpful.
Helpful?

Learn more about Cb Response

Cb Response Videos

Kate avatar
Kate from G2 Crowd

Learning about Cb Response?

I can help.
* We monitor all Cb Response reviews to prevent fraudulent reviews and keep review quality high. We do not post reviews by company employees or direct competitors. Validated reviews require the user to submit a screenshot of the product containing their user ID, in order to verify a user is an actual user of the product.