Carbon Black Software Review for 2020

As a cybersecurity innovator, Carbon Black has pioneered multiple endpoint security categories, including application control, endpoint detection and response (EDR), and next-generation antivirus (NGAV).


eWEEK is compiling a new IT products and services section that encompasses most of the categories that we cover on our site. In it, we will spotlight the leaders in each sector, which include enterprise software, hardware, security, on-premises-based systems and cloud services. We also will add promising new companies as they come into the market.

Today: Carbon Black (security through big data and analytics in the cloud).

Company description: Carbon Black, headquartered in Waltham, Mass., is a provider of next-generation endpoint security, serving more than 4,000 customers globally, including 33 of the Fortune 100. As a cybersecurity innovator, Carbon Black has pioneered multiple endpoint security categories, including application control, endpoint detection and response (EDR), and next-generation antivirus (NGAV). Leveraging its big data and analytics cloud platform – the Cb Predictive Security Cloud – Carbon Black solutions enable customers to defend against the most advanced cyber threats, including malware, ransomware, and non-malware attacks. Deployed via the cloud, on premise or as a managed service, customers use Carbon Black solutions to lock down critical systems, hunt threats, and replace legacy antivirus.

Founded in 2002, Carbon Black on May 4, 2018, joined the public market, listing as "CBLK" on the Nasdaq exchange. As part of its IPO, Carbon Black raised approximately $152 million at a valuation of $1.25 billion. Patrick Morley is the current CEO.

Markets: Carbon Black has offices in the following locations: Waltham, Mass. (HQ); Boston, Mass.; San Antonio, Texas; Hillsboro, Ore.; and Boulder, Colo.

International Operations: Carbon Black operates in the United Kingdom, Japan, Singapore and Australia.

Product and Services

Carbon Black offers the following platform, products, and services:

  • Cb Predictive Security Cloud: The Cb PSC is the foundation for Carbon Black’s complete, cloud-delivered endpoint security platform that combines next-generation antivirus (NGAV), endpoint detection and response (EDR), real-time query and response and managed threat hunting services within a single console and from a single agent.
  • Cb Defense: Provides next-generation antivirus + EDR in one cloud-delivered platform that stops commodity malware, advanced malware, non-malware attacks and ransomware.
  • Cb LiveOps: Built on the Cb Predictive Security Cloud (PSC), Cb LiveOps bridges the gap between security and IT operations and empowers organizations to ask questions of all endpoints, take action to remediate in real time, and simplify operational reporting, all from a single platform.
  • Cb ThreatSight: Managed threat-hunting services staffed by a dedicated team of seasoned threat experts who keep watch over your environment and notify your team of emerging threats. Cb ThreatSight delivers expert threat validation, early warning system and a roadmap to root cause.
  • Cb Defense for VMware: This integrated solution with VMware AppDefense provides advanced threat detection and in-depth application behavior insight to stop attacks in progress and accelerate response and secure virtualized data centers.
  • Cb Response (Threat Hunting and EDR): Highly scalable, real-time EDR with unfiltered visibility for top security operations centers and incident response teams.
  • Cb Protection (Application Control & Critical Infrastructure Protection): Empower security teams to lock down servers, critical systems, and fixed-function devices in highly regulated environments.
  • Carbon Black Integration Network: Partners support vendor interoperability to help customers build next-generation security infrastructures. Leveraging Open APIs, Carbon Black has partnered with industry leaders to create integrated solutions that provide end-to-end protection against advanced threats.

Insight and Analysis

Gartner Peer Insights has 142 reviews of Carbon Black’s products here. Here are highlights from the lead review on Aug. 1, 2018:

Overall Comment: “Vendor has been incredibly responsive and attentive to our questions and has developed a rich set of ways to interact with them--conferences, access to internal behind-the-scenes personnel, and social media community platforms.”

If you could start over, what would your organization do differently? “Would have attempted to develop a application control strategy upfront instead of figure it out as we went. Could have alleviated some of the anxiety and delay in locking down the desktop and server environment. In the end it was not that big of a deal, but the organizational changes that accompanied it would have been better dealt with during project initiation.”

What one piece of advice would you give other prospective customers? “Get through the whitelisting piece quickly. Don't be afraid to start going into high enforcement mode on low impact workstations after 6 weeks of tuning. That should be sufficient to ramp up your internal team on the application control rule writing process. Also, as CB utilizes the cloud for detecting malicious hashes in your environment, you may find that it discovers a lot of previously unknown malware. Use that as an opportunity to hone your incident response procedures.”

What one thing do you wish the vendor did differently? “Perhaps sent a person onsite for a day or two in the beginning to help get everything setup.”

What do you like most about the product or service? “Easy of use, scalability.”

What do you dislike most about the product or service? “A little clunky to search.”

Would you recommend this product or service to others? “Yes.”

Please explain your willingness or hesitation to recommend this product or service. “I always say, ‘I would recommended this to a friend.’ I work within the legal services industry and I speak regularly to my peers at other law firms. I routinely recommend that they implement CB. I've seen some law firms get attacked by ransomware lately which in my world is inexcusable. I can't believe they are leaving their endpoint to traditional A/V alone. I would run, not walk, to implement application control on all endpoints.”

How satisfied is your organization with the product meeting your needs? “Extremely satisfied and are leveraging additional features to understand what malicious/suspicious powershell scripts are running in the environment.”

How satisfied is your organization with the value the product provides for the money spent? “Great value for the price. We consider CB to be one of the cornerstones of our security architecture. We wouldn't choose a product that didn't fit neatly into this architecture, which is a foremost concern over price. CB provides constant threat intelligence feeds from very worthy sources for the money spent.”


IT Central Station has several reviews of Carbon Black here. Highlights from the lead review as of Aug. 1, 2018:

Overall Comment: “The software uses very few resources; it is almost invisible to the end user.”

Primary Use Case: “We include it as another layer of security for our endpoints/servers. The software is based off TTP (tactics, techniques, and procedures), and it complements our antivirus products. The software basically takes a snapshot of the system, then if anything happens which is out of the norm, the software alerts us. In some cases, it denies execution and will quarantine the endpoint from other systems.”

Improvements to My Organization: “During the company’s transition, we had a memory scraper infiltrate our network, and  with the help of Carbon Black, we isolated the outbreak to a few point of sale machines.. We saw a step-by-step account of how the software was introduced into the environment, the host it originated from, and the destination address it was connecting too. Carbon Black stopped the spread in its tracks.”

Valuable Features:

  • The software uses very few resources; it is almost invisible to the end user. 
  • Behavioral Monitoring stops known malicious events before they even begin. 
  • The whitelist: Being a Casino, we have some odd software packages. Being able to whitelist them is a must.
  • The option to quarantine a device and use the cloud-based portal to gain a “shell” on the infected machine. With this, we can dump the entire system memory to a machine in our lab, then run analysis.

Room for Improvement:  “It works the way we want and how we want. For one improvement, an easier integration with an AlienVault USM appliance would be good. The directions for Splunk are spot on, but it is difficult to find anything on integration with AlienVault.”

Use of Solution: “Three to five years.”

(Disclosure: I am a real user, and this review is based on my own experience and opinions.)


Representative list of current customers: Samsung, MLB, NHL, Stonewall Kitchen, Evernote, and Kordia, to name a few.

Delivery:  Cloud subscription.

Pricing:  For pricing information: [email protected]

Other key players in this market: CrowdStrike, Cylance, Tanium, SentinelOne, FireEye

Contact information for potential customers:  [email protected]


Gartner Peer Insights

IT Central Station






Chris Preimesberger

Chris J. Preimesberger

Chris J. Preimesberger is Editor-in-Chief of eWEEK and responsible for all the publication's coverage. In his 15 years and more than 4,000 articles at eWEEK, he has distinguished himself in reporting...