https://www.carbonblack.com/products/enterprise-response/ Another next gen end point. White Paper: Next-Generation Endpoint Security The definitive guide for how to secure your endpoints against today’s advanced threats. Download Now
A couple of brief reviews here: https://www.upguard.com/articles/bit9-carbon-black-vs.-symantec-endpoint-protection-how-do-they-stack-up https://www.carbonblack.com/2015/04...ews-bit9-carbon-black-scep-emet-integrations/ Very, very pricey. Based on the details from the above last link, appears to be more of a network intrusion detection and analysis tool than endpoint protection. Note the use of EMET with it for exploit protection.
Yeah- it detects and isolates endpoints when it finds something that is amiss and provides ample logs for remediation. Definitely an Enterprise solution (although for a great many endpoints the logs tend to be voluminous). A fun Fact- they use VT (not exclusively- but as a setting within it to speed things up) and don't have a scanner to include on Virus Total. So that option may be going bye-bye.
I have used Bit9 tech (TAT/Lookup) and they were always pretty solid. The new post-merger product is much stronger and, as suggested, quite pricey, solely aimed at enterprise sales. They have one of the strongest reputation services backing application controls. Along with heavy partnerships and integration, it really gains value. These partners also help feed their threat intelligence. It's essentially a whitelist app-control base on steroids supported by remediation/viz that correlates where files went and did. Without a good admin, other products, and siem/etc rules to make sense of these feeds, the product starts to lose value; hence, it's a heavily commercial oriented product. @Virustotal: VT once had CBlack integration in the "additional info" tab, so CB has assets to offer. But honestly granted the data gathered from elsewhere--they don't really need it.
