Cb Defense is the flagship product built upon Carbon Black's cloud-based endpoint security platform, the Predictive Security Cloud (PSC). Cb Defense combines prevention, detection, and response capabilities with threat prediction based on big data and analytics. Prevention capabilities combine numerous technologies and incorporate Endpoint Detection and Response (EDR) data to identify attacks, even if the attack has never been seen before.
Carbon Black also offers Cb ThreatSight as an add-on, which is incredibly useful. Cb ThreatSight is a managed threat hunting and triage service. This tool provides visual monitoring of your environment and enables you to see the entire kill chain of an attack. This makes it extremely easy to understand what happened at the endpoint, and quickly take the right action. This is a feature we feel should be a standard in the modern endpoint security landscape.
Cb Defense's web management console is clean and organized. The navigation pane is on the left of the page, which is where most of the main sections are located. The default landing page is the dashboard which provides an overview of your endpoints. You can also drag and drop them in any order that you'd like so you can organize the information that is most important to you.
Cb Defense's simplistic architecture allows for a quick and hassle-free setup. A lightweight sensor is required to be installed on the endpoint; whether you have under 100 or closer to 1,000 there are two ways to deploy. An attended installation is used for a small number of sensors to deploy where the sensor can be installed directly onto the endpoint. A larger enterprise environment can push the sensors through the unattended installation.
During testing, Cb Defense performed as a top-quality endpoint security program. The alerts section shows threats and suspicious events currently being monitored. You can select the threat and whitelist, blacklist, or delete the application. The investigation button takes you to the event timeline indicating each timestamped event and the application with which it was flagged. Selecting the alert triage button takes you to a visual representation of the attack and each process it touched; this is known as the kill chain. The kill chain approach is the best method to understand the flow of an attack and isolate the threatening process and taking the correct action against it.
Carbon Black offers standard, premium, and platinum support levels. All levels receive unlimited cases, phone and email, customer portal support, access to the knowledgebase, and access to the user exchange community. Standard support includes 8 a.m. - 8 p.m. phone support, while Premium stretches to 24x7, and Platinum provides 24x7 coverage but also offers a designated support engineer.
- Matthew Hreben
tested by: Matthew Hreben
