Carbon Black Review

VMware Carbon Black combines next-gen antivirus with endpoint detection and response (EDR) to create a holistic endpoint protection solution against cyberattacks. This comprehensive technology is available to businesses through its VMware Carbon Black Cloud Endpoint Standard product. The platform allows businesses to manage any number of endpoints through a single interface and software agent, providing endpoint security at scale.

Carbon Black's foundational product suite for endpoint security is officially known as VMware Carbon Black Cloud Endpoint Standard. The lengthy name is indicative of Carbon Black's serpentine history through the annals of cybersecurity.

Carbon Black started in 2002 as Bit9, a security platform protecting endpoints such as desktops and servers. Bit9 acquired Carbon Black in 2014 and adopted the Carbon Black name two years later. VMware acquired the company in 2019.

VMware's Carbon Black security products protect over 16,000 businesses. Its cloud-based protection technology analyzes endpoint activity, identifies threats, and automates your response to block cyberattacks in real time.

This technology underpins VMware Carbon Black Cloud Endpoint Standard, which serves as the starting point for companies to obtain comprehensive cybersecurity. The platform is rich in security insights, but it's not perfect. Let's examine its pros and cons to help you decide if it's the right solution for your business.

Who is Carbon Black for?

Carbon Black's endpoint security software is flexible and powerful enough to meet the needs of any size business. This includes fulfilling regulatory and compliance requirements for your industry. In fact, VMware Carbon Black Cloud Endpoint Standard comprises the underlying component of every Carbon Black security package, even for enterprise companies.

The platform is rich with features and security data, necessitating a dedicated IT department to deploy and manage the solution. Taking advantage of its depth is best accomplished by a sizable IT team, such as those found at midsize and larger organizations.

It's investigation features make it ideally suited for companies with a security operations center (SOC). Smaller companies with limited IT staff will lack the bandwidth to fully utilize the software's capabilities.

Carbon Black supports Windows workstations and servers as well as Mac and Linux machines. You can also secure remote offices and mobile devices through VMware Carbon Black Cloud Endpoint Standard.

The Carbon Black dashboard serves as your security hub. Image source: Author

Carbon Black's features

One of Carbon Black's strengths is that the platform extends beyond cyberattack prevention into the more advanced area of cybersecurity called endpoint detection and response (EDR). Combining EDR with its antivirus capabilities provides businesses with a comprehensive security solution.

This combination is rarely available as a standard option. It's one of the many reasons why VMware Carbon Black Cloud Endpoint Standard offers compelling capabilities. Let's examine these features further.

Next-gen antivirus

Carbon Black's core security strength is malware protection. Its VMware Carbon Black Cloud Endpoint Standard product employs a class of antivirus known as NGAV (next-generation antivirus).

Carbon Black's NGAV uses technology such as artificial intelligence (AI) to improve its ability to catch malware. This sets it apart from traditional antivirus software, which relies primarily on file-based malware signatures.

Today's cybercriminals have evolved their attacks to encompass all types of malware techniques, not just file-based attacks. NGAV answers this challenge by combining AI with behavioral analysis, threat intelligence, and predictive analytics to identify threats both known and unknown.

NGAV is a powerful approach because it detects advanced malware attacks, such as fileless and polymorphic threats. This strategy allows Carbon Black's antivirus detection technology to analyze event streams across files, computer processes and applications, and network connections. Tying these disparate pieces together allows Carbon Black to identify an attack as it unfolds, so it's stopped as soon as it begins.

How does this perform in the real world? In tests performed by independent testing firm AV-Test Institute, the Carbon Black endpoint protection platform blocked 100% of the more than 13,000 malware samples thrown at it.

The software didn't cope as well against zero-day threats. These attacks are difficult to defend against since they exploit software vulnerabilities to circumvent security. Against 370 zero-day attacks, Carbon Black's product stopped 97.4%. The industry average was 98.9%.

Carbon Black software also didn't fare well when assessed in terms of its impact on computer performance.

The AV-Test Institute found that Carbon Black slowed down a standard computer configuration more than the industry average in several areas, including downloading and launching applications. For instance, Carbon Black slowed the copying of files locally on the computer and over a network connection by 38% across more than 9,500 file samples, compared to the industry average of just 5%.

Carbon Black's product performed better around false positive detections. While rival solutions falsely detected an average of 27 legitimate software as malware when evaluating more than one million samples, Carbon Black flagged just six. This is still higher than some of the best endpoint security software available, but significantly better than the overall average.

Review the details of every suspicious event for further investigation. Image source: Author

Integrated EDR

Carbon Black's integration of EDR into its VMware Carbon Black Cloud Endpoint Standard solution is a boon for users. Usually an add-on with rival services, EDR combined with NGAV creates a holistic approach to endpoint security.

When malware prevention techniques fail, EDR helps you find an attack hidden away in your IT network. Carbon Black breaks down the malware attack chain into a graphical representation. This interactive diagram lets you click on any part of the chain to view details such as what actions it's taking and on which network IP (internet protocol) address.

Carbon Black doesn't just deliver information. It also provides tools for remediation of the issue, such as quarantining an infected device or adding your team's newly-developed software script to the platform's whitelist so it's not repeatedly flagged.

View a visual diagram and details of every attack and suspicious activity. Image source: Author

Additional security features

Carbon Black's endpoint security differs from competitors in its approach to delivering security insights. Carbon Black uses a single web-based management console for its products. This console delivers a wealth of security information that exceeds what's available from many competitors.

The console's dashboard reveals key security information in a succinct, easily digestible format of charts and numbers. These include a list of suspicious activities to investigate, the number and types of attacks stopped, and your company's overall security health as represented by an Endpoint Health score. Click on any of these areas to drill into details.

A pair of interesting features within Carbon Black's console is worth noting.

• Attack lifecycle stages: A section breaks down attacks based on cybersecurity attack lifecycle stages. Carbon Black's software groups detected threats into the applicable stage, such as an attack's initial reconnaissance step.
• Threat intelligence: A valuable resource is the console's list of threat reports. Carbon Black's security experts provide these reports and keep you updated on the latest threats.

The application supports your security efforts in additional ways. An Alerts section shows you the potentially risky items to focus on. An Investigate section breaks down suspicious activity to dig into and verify if it's a security threat.

Every suspicious event includes details such as the application involved, what it was trying to do that flagged it as suspicious, and the affected endpoints. These details make investigation fast and straightforward.

Threat intelligence integrated into the dashboard makes it easy to view info on the latest threats. Image source: Author

Carbon Black's ease of use

VMware Carbon Black Cloud Endpoint Standard offers a cloud-native platform and a single, universal software agent to install on endpoints. This makes setup and ongoing maintenance straightforward.

Its management console is an intuitive tool for IT professionals, particularly those with a security background. The interface is clean and easy to navigate. It presents security intelligence in a way that allows you to effortlessly and quickly digest it. If you need more info, simply click on a data point to drill down into details.

Carbon Black's ease of use is a mixed bag if you're limited by your level of IT resources and security sophistication. For IT generalists, the VMware Carbon Black Cloud Endpoint Standard product contains a depth of security data and insights that can prove overwhelming. But a SOC will find threat hunting much easier with Carbon Black's incident response information.

Search through alerts to identify trends and zero in on threats. Image source: Author

Carbon Black's pricing

Carbon Black's products are only available through third parties the company refers to as "partners." You'll have to request quotes from these partners to determine the Carbon Black price you'll pay.

Pricing depends on factors such as the number of endpoints you're buying protection for, and the subscription term measured in years. Multi-year subscriptions provide greater discounts.

For example, one partner charges $52.99 per endpoint for a one-year subscription to VMware Carbon Black Cloud Endpoint Standard. The price drops to $38.40 per endpoint for a five-year subscription.

This pricing level is higher than most competitors, but VMware Carbon Black Cloud Endpoint Standard includes EDR features, which many do not. Yet some competitors are clear about their costs, making VMware's lack of transparent pricing seem out-of-step with modern security SaaS (software as a service) companies.

Carbon Black's support

Carbon Black support consists of phone, email, and an online self-service portal. The portal contains a knowledge base of articles and documents detailing how to use the product. Its online support includes Carbon Black training options from on-demand videos to instructor-led classes.

A robust Carbon Black community forum provides support from other users. Unlike most community forums, this one requires a login to view content.

Phone support is available twelve hours a day during the workweek. You must upgrade to a Premium plan to receive 24-hour phone support.

Standard support limits phone coverage hours but you can upgrade to a Premium plan. Image source: Author

Benefits of Carbon Black

The wealth of information at your fingertips is one of Carbon Black's greatest benefits. You can dig deep into the details of any attack or suspicious activity. It's a powerful application from a security intelligence perspective.

It also gives you tools to address issues and to strengthen (or "harden" as security experts like to say) your IT network defense. You can easily evaluate where threats are most frequently coming from -- for instance email or websites -- and perform actions to address these areas, such as adding new security policies.

Carbon Black's features not only support your security efforts, but they also accelerate your IT team's mean time to resolution (MTTR), which measures the time it takes to get a threat under control. The faster your team can find and remediate an issue, the less damage and cost to your organization.

Carbon Black also provides additional security solutions, such as an alert monitoring and triage team of experts who can help your IT group analyze, confirm, and prioritize alerts so your staff can focus on the real threats. These added services allow you to evolve your security as your business needs change over time.

A solid combo of NGAV, EDR, and security insights

As a security platform, Carbon Black provides many valuable features. Its potent security intelligence and toolset is impressive.

A combination of next-generation antivirus capabilities and EDR is not often found in a single package. The latter often requires a separate upgrade purchase. From that perspective, Carbon Black delivers a comprehensive solution.

Its protection capabilities are excellent against general malware. Challenges lie in its ability to effectively stop zero-day attacks and its impact on computer performance. Despite these shortcomings, overall, it's still a robust security solution.