5 out of 5.0, Reviewed Oct 17, 2016
Three years later and if we had to do it all over again, we'd still choose Carbon Black.
Talk with Carbon Black customers and continue that relationship post adoption. Cyber security is a community effort and we all can learn from each other.
Application whitelisting is a critical control and difficult to implement. Carbon Black Protect makes it easy to meet that critical control. Carbon Black Response is second to none!
All security tools have their issues, it's up to the security team to figure out if they can live with those issues.
Last year they went to local format for user conference. I'd like to see them bring back the one national user conference.
Have an internal team member on the Security staff that understands our company better than IT.
Support has changed over the last few years for the better.
5 out of 5.0, Reviewed Oct 17, 2016
Carbon Black support and Professional Services are first-class and we would not be fully implemented in High Enforcement if it wasn't for Chuck Everette and Anne Nardone.
Please allow the time necessary to get all your endpoints to High enforcement. It will take a lot of work and time but will pay you back dividends in the powerful security it provides.
Features, the security it provides, increased visibility into our environment and extremely positive customer service experience.
Long implementation time, but this is due to the complexity of the product and totally offset by the security it provides to the firm.
Plan for implementation to take slightly longer than expected.
Customer Service and Professional Services have been one of the pinnacles of our sucess of implementation of this product. So far, Carbon Black support has been second to none in my experience.
4 out of 5.0, Reviewed Oct 14, 2016
Bit9/Carbon Black has been a great product, with constant improvements and updates. There are a lot of "out of the box" rules, but creating your own rules is a fairly easy process for one-off on the fly approvals, as well as more complex rules that will approve known files as they're executed.
Do not cheap out on training. It is well worth it!
We have been able to remove administrative rights from users, while still allowing them to execute known files and pre-approved programs. Anything not approved is blocked, and we even have behavior-based blocks in place. This has essentially eliminated malware in our environment.
We would ensure every technician sits through training before ever getting into the console. It can be a lot to take in, and a misclick can be problematic.
CarbonBlack has a user portal that is very active, as well as a support portal/email. Their technicians are very knowledgeable and are usually able to help with any concerns or questions quickly.
5 out of 5.0, Reviewed Oct 13, 2016
I have had exceptional support, from Carbon Black for the past 5 years as we selected, implemented, and continue to upgrade and maintain the platform. They show a willingness to discuss their roadmap and good vision for looking forward to new OSs coming out.
The key to implimenting the Cb Protect/Bit9 system is creating a good helpdesk process for allowing users to install software that is needed quickly. If decisions for what software is allowed has to go to committee and the users have to wait for a few days before they can get new software, they will get frustrated. Often, they will revolt, and either pull rank to get un-protected, or move off their managed device and away from our ability to monitor and protect their systems.
Denying code and executables by default, and allowing only trusted code to run is a powerful shift in security posture. When implimented well, it really does free us up to focus on other things, instead of hunting for some grouping of endpoints that we must assume is compromised in the environment.
It is a challenge to get users to really understand the reasoning behind blocking new programs and applications. We do get frequent feedback from users around this, but it is managable.
I don't really have any feedback here at the moment.
Spend more time sharing data and stories of the failed attempts to fish, hack, or otherwise compromise our endpoints. Some of our users complain about blocks from Bit9/Cb Protect when they are installing new software. But when we start showing cases of failed hacking attempts, it really shows how well the tool works for ensuring our laptops and other endpoints stay safe.
We have had good experiences overall with support from Carbon Black. The recent upgrade of the customer portal and the on-going phone support have both been very good.
5 out of 5.0, Reviewed Oct 10, 2016
My experience with Carbon Black as a company has all been positive. The products are very solid and do a great job. The professional services engagements do a great job guiding you through a deployment. The user community is very active and very helpful. I believe it was a great decision to deploy Carbon Black products.
Don't think you can't get all your systems in HIGH mode in Carbon Black Protection. Not only is it possible it's easier than you think.
We would have purchased the products sooner.
I have found the support to be very responsive and very skilled. They have typically resolved my cases in a timely manner.
4 out of 5.0, Reviewed Oct 7, 2016
Service and support were excellent in our experience. Our roll-out past the compliance required areas of our environment was a bit slowed by the need to enhance the awareness of the user base for acceptance. Once installed, the ongoing management and usability were relatively easy.
Plan for what the product can do around the full capabilities.
Effectiveness and Support.
Minor usability tweaks in the software UI.
Better planning on designing the Architecture around the product. Better agent deployment design.
Very responsive and knowledgable up and down the sales and support chain.
4 out of 5.0, Reviewed Oct 5, 2016
We had some initial issues when first rolling out the product. Since it sits a the kernel level, it did not interact will with our AV solution. It caused some machines to a blue screen; however, contacting support was a great experience. They let us know exactly why it was happening and how to resolve the issue quickly. The support team is very willing to work with us even though we purchased the software through a third party vendor.
The best advice I could give is going to the user conferences and participate in the user forums. I learned more about the product in one day at the conference than I did in 6 months of using the product.
That amount of visibility that you get into your endpoints
I wish there were more documentation and training available
We contracted with at third party MSP for our initial install so I can't really say what the vendor should have done differently
I would emphasize getting training on the software up front. The product has so much functionality that it is difficult to learn everything the product can do on your own. I would also recommend going to the user conferences as early into the implementation as possible as they provide some very valuable information.
I have not had any problems with getting great support from Carbon Black or the third party vendor
5 out of 5.0, Reviewed Oct 5, 2016
While it can be a bit onerous initially to set up, the thought behind the product meets a need in the market that is lacking now. Instead of signature-based antivirus, why not focus on an executable whitelisting scheme? And with integration into a more holistic feed (Carbon Black Response) you can see where files came from, and where they went. This covers not only a component of threat detection and response that until now didn't exist, (or not well) it also makes for a lightweight AV type option. To be fair, CB Response overlaps in a few areas: 1. Endpoint control - you can create policies to restrict what can be run on endpoints, prevent the execution of files based on rules and policies, and have visibility to what is happening on the endpoint (file reads and file writes). 2. Antivirus/Antimalware - by whitelisting known good files, you can block 0-day threats based simply on existing whitelisted files. 3. Software inventory - because of the way the software tracks files, you are able to look at what files exist on the endpoint, and which another endpoint has the same files. There are a plethora of options here, but it can also help with finding problem files or check if file updates were made.
Don't be put off by the perception of complexity at the beginning. Most "easy" antivirus/next-gen antivirus products are unable to handle emerging threats. Also keep in mind this covers a much larger spectrum than most other products in competes with, so make sure you have the whole picture prior to making decisions on this product vs others.
The ability to lock down endpoints to prevent programs from being installed or run illicitly, yet the ability to quickly make changes and push them out to the same endpoints. It's nice to be able to have the freedom to allow things to run, or lock them down quickly without having to wait for updates via an outside source.
The learning curve initially was a bit much, and the understanding of the product took a lot of one-on-one hours to really see. After that, you feel like it's worth it.
Something i think they are adding is a more "traditional" antivirus product as part of the offering. With that, you would have traditional antivirus (Defense), a device control product (Protect) and an overarching unbrella which watches files moving between devices (Response). I think they are getting there, but at this moment you need to shop a different "traditional" AV product.
We did the POC, but just went straight ahead with the POC server into the live environment. This was my mistake as I didn't realize the sizing was different. It wasn't a big deal, and support walked me through that change. The other thing is for implementation if you install the client on a device it automatically locally approves all the files on that machine. So be careful to install this on either newly cloned/installed machines, or make certain that you don't have latently infected machines in your environment, as you may risk unintentionally approving them. Realise there is a big time investment up front to get everyone in "high" enforcement (where you have maximum restriction/enforcement of the endpoint), but once you are there it is really a product you can kind of forget about, as you set alerts for anything that needs to be done. It is nearly invisible on the endpoint with the exception of the initialization, which honestly isn't that bad.
Does more than the spectrum it is in, specifically controlling the endpoints.
Support from the vendor is very good and responsive.
Integration is great. Deployment, as mentioned before can be a bit daunting. Not because it's super difficult, or requires a rocket scientist, but simply because there is a time investment to make it work as well as it can.
5 out of 5.0, Reviewed Sep 29, 2016
We had several applications that needed to be whitelisted so I was very concerned it would be a long process. With the vendor's help, we were able to get everything whitelisting in a few sessions. Our implementation was very smooth and well explained. When questions came up or minor issues the vendor was right there to help and get us on track. Most of the vendors we work with help at the very beginning and then they are done, not CB they still give me amazing support. CB goes out of their way to stick by their product and make sure their customers are happy.
Try their demo and talk to current customers.
I love the fact it has saved our butts so many times. Without this product, our network would be very open to attacks. We would be using our resources in order to clean it up without CB.
There really isn't anything we don't like, the product takes care of its self.
To be honest nothing, they have been one of the easiest vendors to work with, they strive for happy customers. They have achieved that!
Works well with our products.
They are amazing and always help.
5 out of 5.0, Reviewed Sep 27, 2016
Vendor has been incredibly responsive and attentive to our questions and has developed a rich set of ways to interact with them - conferences, access to internal behind-the-scenes personnel, and social media community platforms.
Get through the whitelisting piece quickly. Don't be afraid to start going into high enforcement mode on low impact workstations after 6 weeks of tuning. That should be sufficient to ramp up your internal team on the application control rule writing process. Also, as CB utilizes the cloud for detecting malicious hashes in your environment, you may find that it discovers a lot of previously unknown malware. Use that as an opportunity to hone your incident response procedures.
Easy of use, scalability.
A little clunky to search.
Perhaps sent a person onsite for a day or two in the beginning to help get everything setup.
Would have attempted to develop a application control strategy upfront instead of figure it out as we went. Could have alleviated some of the anxiety and delay in locking down the desktop and server environment. In the end it was not that big of a deal, but the organizational changes that accompanied it would have been better dealt with during project initiation.
Very good range of detection capabilities and innovative integrations. For example, the recent acquisition of confer stands out as CB's committment to provide a continuum of protection on the endpoint. Long standing support for Microsoft EMET really stands out as early thought leadership in the augmentation of existing features.
These guys are excellent. They still haven't forgotten who they are and act nimbly to solve customer issues. Some issues are perplexing enough to have a day or two of troubleshooting but these are fairly rare edge cases.
Extemely happy with the fact that we run such a beefy app virtually without issues. Extremely happy with the log feed into our splunk environment. Extremely happy with CB's flexibilty to work with us in ingesting our threat intel from various sources.