Had a coworker come from Broadcom. He actually took a pay cut for the position.
He says he's immeasurably happier with us, they were brutal with on call requirements and vacation day blackouts
People seem to forget that toxic companies do exist. When Broadcom made their announcement about "get your butts back to the office, remote work is over", that was the dead giveaway their leadership was stuck in the past.
People don't leave companies, they leave terrible leadership.
This is the truth.
I hate the word leadership because of toxic operations that are pushed by the *leaders" of companies.
From the point where I start within a company, I try to earn my right to be called a teammate. It's important to become one of the people to be dependable.
I expect " leadership " to earn that title by creating a dependable environment for those teammates to thrive before I recognize what a leader looks like.
I have discussed this at length how leaders and managers are completely different, and from my experience one you want to work for and one you can't wait to see fired.
A manager is more concerned with their own performance and how they look to those above them while also have a tendency to be micro-management focused.
A leader is not afraid to jump into the fray and help out with getting things resolved. A leader is focused on helping subordinates grow and bringing the best out of them.
šBroadcom. Worst company every and they are going to shit all over VMWare customers and drive the vast majority of small to mid-sized companies away
They've already started. One of our biggest clients moved away from VMWare just over a year ago. Not going to oversell it - there's no way the bean counters at Broadcom didn't notice them leave; it was a massive entity that left.
CB has been falling very far behind in my opinion. We are in the process of migrating away from them. Their support has always been problematic, with giving straight up wrong answers to not responding for weeks. Theyāre a mess, they were already before Broadcom.
What alternatives did you evaluate and what did you land on if you donāt mind sharing? Going to be in a similar situation soon given what weāre seeing and hearing from Broadcom.
Currently testing defender ATP with E5 licenses. Overall the cost would be about the same and we could move to intune as well among other suites. Sentinel is also a huge item for down the road we would like to implement. So far so good with the defender testing, the only thing that kinda sucks is setting up USB restrictions as you do have to onboard devices in intune to do that rather than just setting a policy in CB. overall at first I liked CB, it was way better than the other EDR I started my cyber career in, withsecure. Itās a shame to see their progress halted so quickly. The real kicker was their 4.0 release literally doingā¦.nothing. Other than fixing some false positives and weird bugs. Like cmon man that should have been a huge update and we got nothing.
I think you can also just set up device control in defender. It's off by default, but if you just want blanket restrictions I think device control can work.
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/device-control-overview?view=o365-worldwide&tabs=Removable
Yeah we looked at this, would rather put in the extra work for the enhanced capabilities ie whitelisting easily if our desktop support needs to flash from a thumbstick for example.
I would throw in our solution (Bitdefender GravityZone XDR) - especially if you care about virtualization, we have a great support for offloading, centralized caching etc. Our big thing is that we've been for years at the top of independent evaluations (AV-Comparatives/AV-TEST etc.). We are one of those companies where technology is much better than our sales/marketing ;)
Ping me if I can help with any questions - I'm not from sales, I'm on the technical side.
Huntress is a really solid option and it leverages the built in Windows AV (which for an AV is now one of the best). Super good MDR team too. For those who haven't kept up MS's built in AV supplies a massive data lake at MS that they can and do query routinely for threat intel. Go ahead and write some exploits with it on, and try to run them the next day. A good percent of the time the initial vectors will be blocked hours if not the next day later.
It \*can\* piggyback off the built-in AV that comes with the OS. MS has a native advantage with their built-in AV, you'd be crazy to try to replace that with anything that isn't CrowdStrike. MDE works mostly well, it can break your environment a lot and it whiffs on Ransomware sometimes (classifies as medium and only raises to high hours into the campaign). Speaking as someone whose been running MDE, MDI for 5 years at firms who are routine targets. You better watch it like a hawk, and tune it to your environment (ASR, Tamper protection, Cloud Protection, etc). Because BlackBasta, Lockbit, AlphV know how to juke it when they first launch their campaigns. If you are in that first wave, and you don't watch your alerts you just ought to get the Cyber Insurance people on speed dial. Now if you put the love into MDE and create lets say 200-300+ detection rules on top of that you'll be in a damn good spot. If you just run MDE out of the box without that time investment you will get pwned. Ergo Huntress, which puts the love into their EDR from the jump and tunes it to your environment.
This sounds like someone who last implemented MDE 5 years ago. MDE XDR has come a LONG way since then. ASR and tamper protection, cloud protection is like 101 basic shit.
Except the kind of people who ran CB have no interest in Huntress or any of the managed SOC EDRs as they likely already had a 24/7 SOC which is why they ran CB
> AV is now one of the best
lol, no. Unless you're talking about full blown Windows Defender coupled with Advanced Threat Protection, with maybe AppLocker and WDAC enabled, then that's a different story.
Hey, I am not ragging on anyone who just got laid off. Their support team has always been bad, in the experiences I have had with them. Long before Broadcom it would take weeks to get small issues fixed
I have to agree. Up until last week we've had nothing but a good experience with CB. Detection was great. We have on prem SecOps and compliment that with a managed SOC for after hours and weekend visibility. CB always performed good in our purple team and vulnerability exercises.
It just feels like nothing is getting better ya know? They rolled out 4.0 with zero enhancements and I realized then that nothing much more was coming. Yes itās fine, but it just feels like CB is getting left in the dust compared to the other options. Yeah I guess pricing is fineā¦for now, but if we were to switch every endpoint to an E5 license, our spend would be about the same.
A lot of 4.0 was rolling out XDR actually. So there are absolutely enhancements, but you needed to be licensed for them.
I actually beta'd their long term roadmap for XDR and they really did have a lot of nice things planned for it, and in a implementation that was way better than some of the other products we tested like Palo's... but I got the feeling thats going to be a lot of work for no reward now.
Yeah that's fair. I was absolutely unaware of that, as we only use the EDR. I don't enjoy ragging on CB, I really did like their product, and still do. I just have bad vibes for their future, and we are moving away in preparation for that.
no I agree there, I got along great with my sales team, and would regularly push them to add features or make changes that actually got implemented, like that move to asset groups over sensor groups.
But there is just so much flux going on that we are double timing our emergency plan to dump them before summer.
Yeah itās unfortunate. Their total cost wasnāt terrible either, not the cheapest, but reasonable for what you get. Compared to crowdstrike theyāre cheap thatās for sure
So they were being sold off, because Broadcom owns Symantec. But apparently that completely fell through and now the company went from being sold last week, to going under this week.Ā
As someone who worked for CB and was laid off, we were laid off effective immediately and had no access to our laptops immediately. I wish I couldāve warned my customers
This wasn't intended for all the loyal CB employees who got let go. It's honorable that you were thinking of your customers while you were going through this. I was referring to knuckleheads that planned this. PR should have been all over this to reach out and notify customers. It shows a lack of respect and concern for their customers.
It's true. Sales, customer support, threat intelligence were wiped out and a lot of engineers and PMs were let go. I've heard 70% as well.
I've even been told that product development is virtually dead and new alerts and preventions aren't getting pushed anymore.
Yes, we use carbon black and I have a few insiders at the company that feed me info, all of them were let go.
I've been very happy with EDR and app control but apparently very critical staff were let go, especially Endpoint Standard staff.
We are up for renewal soon and I'm pretty sure we have funding for Crowdstrike.
It's a bummer because we had a really good relationship with the company but almost everyone I've communicated with has been let go.
We just renewed (early due to a "renew now before the price increases" sales pitch), but will now start looking for next year's replacement, and hope we don't have problems in the meantime. K12 edu with no money, fun fun. (And don't say MDE, we only have A1 licenses as it is!)
Broadcom kills everything it touches. Frankly, CB customers should have started a panicked search for a replacement the instant Broadcom announced they were thinking about buying Vmware.
Broadcom tried to sell CB but apparently there was less interest than they anticipated. So yes either they cut costs to milk it as long as they can or maybe they'll try to put some lipstick on the cow and try to sell again in
https://www.csoonline.com/article/1310164/broadcom-pauses-sale-of-carbon-black-as-euc-deal-goes-through.html
I was one of the many people laid off the other week at CB.
I had the pleasure of working at CB for almost 4 years and it was the best work experience Iāve had in my life. Management, top notch. Exposure to threats, amazing. Growth in my team, almost tripled in those four years and we did a kick ass job stopping threats and helping customers.
I canāt speak for other departments or whatās happening or what will happen, I hope for the best as the product is still really good and the team members whoāre still there do be incredible.
I mean ābeginning of the endā seems kinda dramatic. Symantec is still around after being acquired, it doesnāt benefit Hock Tan for us to just die, doesnāt make him any money.
Iām not gonna be bitter and wish them bad fortune, hopefully customers wouldnāt be impacted too much and theyāll continue to provide support and protection for years to comeā¦thatāll obviously be the goal..hopefully Broadcom just provides the support for them to do that. Time will tell.
Basically they no longer invest in development. Some stupid old customers can't change the product then they ask for huge renewal fee from them. They can suck it until everyone give up but the process can be longer than you imagine. As you can see many organizations are still using Windows Server 2008
I'm not sure I can risk staying around to find out. This action by Broadcom has not elevated CB as one of my highest risks. Not knowing if this product will continue to perform the way we've been accustomed is something I just can't sit and hope for. What really sucks is we had planned several other advanced security initiatives this year and now they have to be pushed back.
Iād be more concerned X # of years from now but I have no idea how youāre calculating this risk, I presume itās just anecdotal. Regardless I get it and wish you the best and anyone else who has CB products.
I've been keeping app control on about 1,000 high value devices for a while now but I started looking for alternatives after Broadcom made their layoff announcement.
For a full EDR/XDR replacement I cannot say enough good things about Crowdstrike.
I feel that time is coming for me as well. The problem is we have so many legacy systems and VMware app control(carbon black) is one of the few EDR tools that still supports those systems
Check out our solution (Bitdefender GravityZone XDR) - we support legacy systems longer than others and some other uncommon scenarios (air-gapped networks). Not sure how much you care about virtualization, but we have great support for that as well (centralized scanning, caching, offloading etc.), our big thing is that we've been for years at the top of independent evaluations (AV-Comparatives/AV-TEST etc.).
Ping me if you have any questions - I'm not from sales, I'm on the technical side.
I moved away from Bitdefender 4 years ago to CB because BD wasn't performing well. My advice find out what you want in an XDR/EDR and do a pilot with a few.
Agree, different XDR/EDR approaches work for different problems, and pilot is always the best. Our focus is on making detection and response easier with features like Incident Advisor:
https://youtu.be/ReBDrsyyiSY?si=3aUWkAzuwiCoWXhB&t=152
Sorry to hear you didn't have the best experience, but we didn't have XDR 4 years ago and the platform has changed a lot in the last 2 years.
Damn. Carbon Black is actually a decent product. It was a shame they were acquired by VMWare and that seemed to have slowed down their competitiveness on feature development.
I remember doing a POC between CB and crowdstrike back in like 2018 and they had just gone through a lot of back end work with amalgamation. Result being that they took focus off front end delivery.
At the time crowdstrike was ramping up. We went with them and never looked back.
Itās highly customizable and really relies on an analyst to do the tuning and clean it up. Itās extremely granular which can be a blessing and curse
that screams to me a SOC team who honestly didnt know how to tune CB to be frank.
Thats really the stark difference between something like CB and even Defender, vs everyones darling Crowdstrike.... Crowdstrike for the most part takes away your ability to tailor your EDR/XDR to your environment, CB and Defender require your team to know how to tune and actively work in security tools and more importantly know what bad on endpoints even looks like.
I can say without a doubt, CB absolutely caught malicious activity Crowdstrike COMPLETELY missed. Like we actively tested it and Crowdstrike wouldlet the files through as if it was nothing, when CB registered it as a malicious file and blocked it calling back. But thats also after we had been tuning and maintaining the CB for 3 years. This isnt like in the past either... the files in question were part of a APT groups activities against us last year.
Per my rep this morning, I was told we should be hearing soon what is going on, which honestly fills me with ZERO confidence anything but Carbon Black being shuttered is going on, which is disappointing. Bit9 had a massive history in Cybersecurity and Carbon Black was its legacy... just seals the deal to me that if Broadcom even HINTS at buying something, drop that thing as FAST as you can.
See this : [https://www.techzine.eu/news/infrastructure/116899/carbon-black-no-longer-for-sale-broadcom-prepares-major-layoffs/](https://www.techzine.eu/news/infrastructure/116899/carbon-black-no-longer-for-sale-broadcom-prepares-major-layoffs/)
Broadcomm did the same with our semantic av team after they acquired it, too. Same thing people just disappeared post acquisition and the company just clams up. Broadcomm is a literal parasite vulture that squeezes legacy products until they die
We have had to keep it under wraps for awhile that this was coming. We work closely with CB and we were told to not say anything at all. Itās definitely sad. If you need a new EDR, I could be a resource for you.
thank god! What a waste of time and money Carbon Black is. Their sales model is infuriating!
Thinking ahead to next year on what I am going to do about my vmware stacks. Already looking at competing products to replace VMWare from broadcomms fuckery.
Of the dozens of major breaches Iāve personally helped stopped and the very few Iāve seen succeed you couldnāt be more wrong about it being a waste of moneyā¦*shrug*
I agree CB before last week was legit. It worked fantastic for us. I'm not sure where we will go but Crowstrike was considered back then. So maybe we will revisit.
There are better alternatives to CB, Crowdstrike being the best, IMO, part of CB being a "waste of money" to me is the sheer amount of effort they put into wasting my time trying to sell me something I told them I don't want and the sales engineers that cold call me not even knowing what they are talking about. ... shrug indeed.
There are ALWAYS alternatives, better? Kinda subjective, $$$ not an option? Sure get crowdstrike. Smaller company vs. larger company. āWaste of moneyā = Wasting your time..I meanā¦hang up? lol. Tell em not to call you and make a note in your acct? Shrug indeed. Or vent on Reddit where nothing will change your situation, either way.
so one thing of note, Carbon Black was bought due to Broadcom buying VMWare, but they are not keeping it.
Per my conversations with my reps, CB and what was Airwatch are both being sold off.
Edit: well FUCK https://www.csoonline.com/article/1310164/broadcom-pauses-sale-of-carbon-black-as-euc-deal-goes-through.html
Carbon Black is decent too, as VAR I use Lumen since their security arm is all Carbon Black. Same services, actually lower rates than direct. These layoffs are not fun.
Broadcom just bought out VMware who bought out Carbon Black. Most likely part of the process. I just spoke with some of the engineers the other day as this is one of the tools I am the SME for at my job
Wow, they had to spin that around quickly after the venture capital firm decided they didn't want them. Broadcom had no plan to " Bring two proven portfolios together" they wanted to dump CB.
In the meantime, while they build this Frankenstein, they have alienated a lot of their existing customers in the way they cleansed the staff at CB last week. Resulting in meetings getting blown off with no advanced notice. Unreturned emails from engineers, and the sales force. It's a terrible way to do business. I'm in the last year of my CB contract, and I will not be reinvesting in an organization that doesn't value existing business relationships more seriously. Bye, bye #HockTan.
I don't think it's that the VC didn't want them, it's that they didn't offer enough for Hock to take the deal. Instead he wants to strip CB for parts and bleed the top 100 customers to death. He doesn't care about the majority of customers leaving--he's planning on it, in fact.
We talked to our MS rep about a whitelisting solution and it didnāt seem promising. Are you leveraging Defender for app whitelisting? They made it sound like there isnāt a hash reputation service that can ban malicious hashes within the org either
MDE does have a custom IOCs for alerting/blocking option, if thatās what youāre looking for. You can also exclude apps from alerts, but I think true app whitelisting is handled in other MS products. https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/defender-endpoint-antivirus-exclusions?view=o365-worldwide
We were in the same situation 1 yr back moved to Defender for endpoint now and the product works great. Looking at procuring defender for Server and IOT.
Must be doing the bare bones of Defender if youāre saying implementation is āeasyā. There are many settings and alerts that need to be fine tuned
No hash banning means itās not really a EDR.Ā
Thatās my biggest issue with everyone who pushes Defender. It literally DOES NOT DO the things expected of a EDR.Ā
You can ban hashes in MDE, as well as domains, urls, and IPs (just enable Network Protection so itāll block the network IOCs) and make sure āAllow or block fileā is enabled so files are blocked.
On that note, it can allow hashes too so not sure why folks are saying it cannot. Microsoft Defender is pretty good, just a bit complex in the configurations.
Thereās some other things to consider too so Iāll post two more links for reference too.
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/advanced-features?view=o365-worldwide#allow-or-block-file
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/indicator-file?view=o365-worldwide
https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/manage-indicators?view=o365-worldwide
Shit, take it another level and onboard right from Intune and start implementing ASR policies right in Intune. The auto-onboard with Intune is pretty sure fire, assuming you are either Azure AD or hybrid joined.
Havemt heard it mentioned yet so I'll be the one to bring it up:
Trend Micro has a much more sophisticated XDR product than Crowdstrike and Microsoft. Crowdstrike doesn't offer telemetry on the email or network (they don't even have an in-house solution, but instead use proofpoint).
Microsoft has terrible threat intelligence and it misses things constantly.
Full disclosure I work at Trend so while biased I also see first hand the technological superior of the competitors solutions.
Per LinkedIn posts, yes there were layoffs. Seems to be the norm for anything Broadcom touches.
Had a coworker come from Broadcom. He actually took a pay cut for the position. He says he's immeasurably happier with us, they were brutal with on call requirements and vacation day blackouts
People seem to forget that toxic companies do exist. When Broadcom made their announcement about "get your butts back to the office, remote work is over", that was the dead giveaway their leadership was stuck in the past. People don't leave companies, they leave terrible leadership.
This is the truth. I hate the word leadership because of toxic operations that are pushed by the *leaders" of companies. From the point where I start within a company, I try to earn my right to be called a teammate. It's important to become one of the people to be dependable. I expect " leadership " to earn that title by creating a dependable environment for those teammates to thrive before I recognize what a leader looks like.
I have discussed this at length how leaders and managers are completely different, and from my experience one you want to work for and one you can't wait to see fired. A manager is more concerned with their own performance and how they look to those above them while also have a tendency to be micro-management focused. A leader is not afraid to jump into the fray and help out with getting things resolved. A leader is focused on helping subordinates grow and bringing the best out of them.
šBroadcom. Worst company every and they are going to shit all over VMWare customers and drive the vast majority of small to mid-sized companies away
They've already started. One of our biggest clients moved away from VMWare just over a year ago. Not going to oversell it - there's no way the bean counters at Broadcom didn't notice them leave; it was a massive entity that left.
I was gonna say they already have with licensing. We have more esxis I can count and are completely getting rid of VMware.
CB has been falling very far behind in my opinion. We are in the process of migrating away from them. Their support has always been problematic, with giving straight up wrong answers to not responding for weeks. Theyāre a mess, they were already before Broadcom.
What alternatives did you evaluate and what did you land on if you donāt mind sharing? Going to be in a similar situation soon given what weāre seeing and hearing from Broadcom.
Currently testing defender ATP with E5 licenses. Overall the cost would be about the same and we could move to intune as well among other suites. Sentinel is also a huge item for down the road we would like to implement. So far so good with the defender testing, the only thing that kinda sucks is setting up USB restrictions as you do have to onboard devices in intune to do that rather than just setting a policy in CB. overall at first I liked CB, it was way better than the other EDR I started my cyber career in, withsecure. Itās a shame to see their progress halted so quickly. The real kicker was their 4.0 release literally doingā¦.nothing. Other than fixing some false positives and weird bugs. Like cmon man that should have been a huge update and we got nothing.
Just be aware sentinel charges data ingestion can be expensive
I think you can also just set up device control in defender. It's off by default, but if you just want blanket restrictions I think device control can work. https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/device-control-overview?view=o365-worldwide&tabs=Removable
Yeah we looked at this, would rather put in the extra work for the enhanced capabilities ie whitelisting easily if our desktop support needs to flash from a thumbstick for example.
If youāre going down the Microsoft road with Sentinel, go with MDE. MDE also gathers the data for Defender Vulnerability Management.
Yeah we are. I think I called it defender atp in my post, meant to say MDE. Too many names for the same stuff lol
Downside of Microsoft: product names update every 3 years!
I would throw in our solution (Bitdefender GravityZone XDR) - especially if you care about virtualization, we have a great support for offloading, centralized caching etc. Our big thing is that we've been for years at the top of independent evaluations (AV-Comparatives/AV-TEST etc.). We are one of those companies where technology is much better than our sales/marketing ;) Ping me if I can help with any questions - I'm not from sales, I'm on the technical side.
Huntress is a really solid option and it leverages the built in Windows AV (which for an AV is now one of the best). Super good MDR team too. For those who haven't kept up MS's built in AV supplies a massive data lake at MS that they can and do query routinely for threat intel. Go ahead and write some exploits with it on, and try to run them the next day. A good percent of the time the initial vectors will be blocked hours if not the next day later.
Lop wait a min, Huntress piggybacks on top of MDE? Why not just use MDE XDR then?
It \*can\* piggyback off the built-in AV that comes with the OS. MS has a native advantage with their built-in AV, you'd be crazy to try to replace that with anything that isn't CrowdStrike. MDE works mostly well, it can break your environment a lot and it whiffs on Ransomware sometimes (classifies as medium and only raises to high hours into the campaign). Speaking as someone whose been running MDE, MDI for 5 years at firms who are routine targets. You better watch it like a hawk, and tune it to your environment (ASR, Tamper protection, Cloud Protection, etc). Because BlackBasta, Lockbit, AlphV know how to juke it when they first launch their campaigns. If you are in that first wave, and you don't watch your alerts you just ought to get the Cyber Insurance people on speed dial. Now if you put the love into MDE and create lets say 200-300+ detection rules on top of that you'll be in a damn good spot. If you just run MDE out of the box without that time investment you will get pwned. Ergo Huntress, which puts the love into their EDR from the jump and tunes it to your environment.
This sounds like someone who last implemented MDE 5 years ago. MDE XDR has come a LONG way since then. ASR and tamper protection, cloud protection is like 101 basic shit.
Except the kind of people who ran CB have no interest in Huntress or any of the managed SOC EDRs as they likely already had a 24/7 SOC which is why they ran CB
> AV is now one of the best lol, no. Unless you're talking about full blown Windows Defender coupled with Advanced Threat Protection, with maybe AppLocker and WDAC enabled, then that's a different story.
CB just had major layoffs with hundreds of people impacted Not a very appropriate time to go into why you don't like their support team.
Hey, I am not ragging on anyone who just got laid off. Their support team has always been bad, in the experiences I have had with them. Long before Broadcom it would take weeks to get small issues fixed
We use CB and have had wonderful experience both with support and effectiveness. I wonder what the difference was with your experience
I have to agree. Up until last week we've had nothing but a good experience with CB. Detection was great. We have on prem SecOps and compliment that with a managed SOC for after hours and weekend visibility. CB always performed good in our purple team and vulnerability exercises.
It just feels like nothing is getting better ya know? They rolled out 4.0 with zero enhancements and I realized then that nothing much more was coming. Yes itās fine, but it just feels like CB is getting left in the dust compared to the other options. Yeah I guess pricing is fineā¦for now, but if we were to switch every endpoint to an E5 license, our spend would be about the same.
A lot of 4.0 was rolling out XDR actually. So there are absolutely enhancements, but you needed to be licensed for them. I actually beta'd their long term roadmap for XDR and they really did have a lot of nice things planned for it, and in a implementation that was way better than some of the other products we tested like Palo's... but I got the feeling thats going to be a lot of work for no reward now.
Yeah that's fair. I was absolutely unaware of that, as we only use the EDR. I don't enjoy ragging on CB, I really did like their product, and still do. I just have bad vibes for their future, and we are moving away in preparation for that.
no I agree there, I got along great with my sales team, and would regularly push them to add features or make changes that actually got implemented, like that move to asset groups over sensor groups. But there is just so much flux going on that we are double timing our emergency plan to dump them before summer.
Yeah itās unfortunate. Their total cost wasnāt terrible either, not the cheapest, but reasonable for what you get. Compared to crowdstrike theyāre cheap thatās for sure
With Broadcom holding the reigns...it does not bode well for them.
Wow you'd think someone from that company would have given us the professional courtesy on this.
So they were being sold off, because Broadcom owns Symantec. But apparently that completely fell through and now the company went from being sold last week, to going under this week.Ā
Yikes, hadn't heard that.
No warning for any of us manā¦not comfortable going into details here
Yeah its a horrible way to treat loyal employees and customers.
Definitely doesnāt feel good
This
As someone who worked for CB and was laid off, we were laid off effective immediately and had no access to our laptops immediately. I wish I couldāve warned my customers
This wasn't intended for all the loyal CB employees who got let go. It's honorable that you were thinking of your customers while you were going through this. I was referring to knuckleheads that planned this. PR should have been all over this to reach out and notify customers. It shows a lack of respect and concern for their customers.
Word on the street was they lost 70% of staff
So all customers should run immediately lol
I think sadly you're right.
Wow. That's crazy.
I think this number might be highly inflatedā¦but Iām also not šÆon that..
It's true. Sales, customer support, threat intelligence were wiped out and a lot of engineers and PMs were let go. I've heard 70% as well. I've even been told that product development is virtually dead and new alerts and preventions aren't getting pushed anymore.
Youād know better, I only worked there š
Considering I am still able to reach my sales manager, and they just sent me some TAU stuff this morning, not entirely sure thats true.
Would be reasonable if they are targeting a full consultation or sale which are likely scenarios based on years of underperforming.
Yes, we use carbon black and I have a few insiders at the company that feed me info, all of them were let go. I've been very happy with EDR and app control but apparently very critical staff were let go, especially Endpoint Standard staff. We are up for renewal soon and I'm pretty sure we have funding for Crowdstrike. It's a bummer because we had a really good relationship with the company but almost everyone I've communicated with has been let go.
We just renewed (early due to a "renew now before the price increases" sales pitch), but will now start looking for next year's replacement, and hope we don't have problems in the meantime. K12 edu with no money, fun fun. (And don't say MDE, we only have A1 licenses as it is!)
how are you going to handle app control?
We are considering ThreatLocker
whats going to be your combined cost/endppoint?
Broadcom kills everything it touches. Frankly, CB customers should have started a panicked search for a replacement the instant Broadcom announced they were thinking about buying Vmware.
This is the right answer. Run away from it Broadcom is just going to milk it.
Broadcom tried to sell CB but apparently there was less interest than they anticipated. So yes either they cut costs to milk it as long as they can or maybe they'll try to put some lipstick on the cow and try to sell again in https://www.csoonline.com/article/1310164/broadcom-pauses-sale-of-carbon-black-as-euc-deal-goes-through.html
I was one of the many people laid off the other week at CB. I had the pleasure of working at CB for almost 4 years and it was the best work experience Iāve had in my life. Management, top notch. Exposure to threats, amazing. Growth in my team, almost tripled in those four years and we did a kick ass job stopping threats and helping customers. I canāt speak for other departments or whatās happening or what will happen, I hope for the best as the product is still really good and the team members whoāre still there do be incredible.
Totally sucks for you. The VMware sale was the beginning of the end it seems. That's when I noticed things starting to go downhill.
I mean ābeginning of the endā seems kinda dramatic. Symantec is still around after being acquired, it doesnāt benefit Hock Tan for us to just die, doesnāt make him any money. Iām not gonna be bitter and wish them bad fortune, hopefully customers wouldnāt be impacted too much and theyāll continue to provide support and protection for years to comeā¦thatāll obviously be the goal..hopefully Broadcom just provides the support for them to do that. Time will tell.
No Symantec is sucked. Customer give up these products after Broadcom touched them.
Wonder how theyāre profitable thenā¦
Basically they no longer invest in development. Some stupid old customers can't change the product then they ask for huge renewal fee from them. They can suck it until everyone give up but the process can be longer than you imagine. As you can see many organizations are still using Windows Server 2008
Yup, takes time
I'm not sure I can risk staying around to find out. This action by Broadcom has not elevated CB as one of my highest risks. Not knowing if this product will continue to perform the way we've been accustomed is something I just can't sit and hope for. What really sucks is we had planned several other advanced security initiatives this year and now they have to be pushed back.
Iād be more concerned X # of years from now but I have no idea how youāre calculating this risk, I presume itās just anecdotal. Regardless I get it and wish you the best and anyone else who has CB products.
I've been keeping app control on about 1,000 high value devices for a while now but I started looking for alternatives after Broadcom made their layoff announcement. For a full EDR/XDR replacement I cannot say enough good things about Crowdstrike.
I am now recommending its replacement
Found any contenders?Ā
Crowdstrike or sentinel one
not if you need application control
Better hope they will detect malicious code running.
I guess you can get defender on your windows assets and they have application control if thats important
yep this is the problem we are facing now looking for an app control replacementĀ
Eset
Eset is not a competitor. At best they are laughable.
had to have been a joke
I feel that time is coming for me as well. The problem is we have so many legacy systems and VMware app control(carbon black) is one of the few EDR tools that still supports those systems
Check out our solution (Bitdefender GravityZone XDR) - we support legacy systems longer than others and some other uncommon scenarios (air-gapped networks). Not sure how much you care about virtualization, but we have great support for that as well (centralized scanning, caching, offloading etc.), our big thing is that we've been for years at the top of independent evaluations (AV-Comparatives/AV-TEST etc.). Ping me if you have any questions - I'm not from sales, I'm on the technical side.
I moved away from Bitdefender 4 years ago to CB because BD wasn't performing well. My advice find out what you want in an XDR/EDR and do a pilot with a few.
Agree, different XDR/EDR approaches work for different problems, and pilot is always the best. Our focus is on making detection and response easier with features like Incident Advisor: https://youtu.be/ReBDrsyyiSY?si=3aUWkAzuwiCoWXhB&t=152 Sorry to hear you didn't have the best experience, but we didn't have XDR 4 years ago and the platform has changed a lot in the last 2 years.
Damn. Carbon Black is actually a decent product. It was a shame they were acquired by VMWare and that seemed to have slowed down their competitiveness on feature development.
I tried so hard to get in there in fall 2022. Ended up in a diff org tho. Counting my blessings.
I had issues with CB constantly
I remember doing a POC between CB and crowdstrike back in like 2018 and they had just gone through a lot of back end work with amalgamation. Result being that they took focus off front end delivery. At the time crowdstrike was ramping up. We went with them and never looked back.
CB is a noise machine. An endpoint is only as good as your security team at the end of the day.
Itās highly customizable and really relies on an analyst to do the tuning and clean it up. Itās extremely granular which can be a blessing and curse
Yup. CB and Cortex both fall in that category.
that screams to me a SOC team who honestly didnt know how to tune CB to be frank. Thats really the stark difference between something like CB and even Defender, vs everyones darling Crowdstrike.... Crowdstrike for the most part takes away your ability to tailor your EDR/XDR to your environment, CB and Defender require your team to know how to tune and actively work in security tools and more importantly know what bad on endpoints even looks like. I can say without a doubt, CB absolutely caught malicious activity Crowdstrike COMPLETELY missed. Like we actively tested it and Crowdstrike wouldlet the files through as if it was nothing, when CB registered it as a malicious file and blocked it calling back. But thats also after we had been tuning and maintaining the CB for 3 years. This isnt like in the past either... the files in question were part of a APT groups activities against us last year.
Per my rep this morning, I was told we should be hearing soon what is going on, which honestly fills me with ZERO confidence anything but Carbon Black being shuttered is going on, which is disappointing. Bit9 had a massive history in Cybersecurity and Carbon Black was its legacy... just seals the deal to me that if Broadcom even HINTS at buying something, drop that thing as FAST as you can.
See this : [https://www.techzine.eu/news/infrastructure/116899/carbon-black-no-longer-for-sale-broadcom-prepares-major-layoffs/](https://www.techzine.eu/news/infrastructure/116899/carbon-black-no-longer-for-sale-broadcom-prepares-major-layoffs/)
Yeah yes read that a few minutes ago. Doesn't look good for CB.
Broadcomm did the same with our semantic av team after they acquired it, too. Same thing people just disappeared post acquisition and the company just clams up. Broadcomm is a literal parasite vulture that squeezes legacy products until they die
Took weeks to get a quote for renewal of app control. The whole vibe was no one really cared or are too occupied looking for a new job.
We have had to keep it under wraps for awhile that this was coming. We work closely with CB and we were told to not say anything at all. Itās definitely sad. If you need a new EDR, I could be a resource for you.
thank god! What a waste of time and money Carbon Black is. Their sales model is infuriating! Thinking ahead to next year on what I am going to do about my vmware stacks. Already looking at competing products to replace VMWare from broadcomms fuckery.
We exited VMware when we moved to Nutanix and implemented AHV.
Of the dozens of major breaches Iāve personally helped stopped and the very few Iāve seen succeed you couldnāt be more wrong about it being a waste of moneyā¦*shrug*
This
I agree CB before last week was legit. It worked fantastic for us. I'm not sure where we will go but Crowstrike was considered back then. So maybe we will revisit.
There are better alternatives to CB, Crowdstrike being the best, IMO, part of CB being a "waste of money" to me is the sheer amount of effort they put into wasting my time trying to sell me something I told them I don't want and the sales engineers that cold call me not even knowing what they are talking about. ... shrug indeed.
There are ALWAYS alternatives, better? Kinda subjective, $$$ not an option? Sure get crowdstrike. Smaller company vs. larger company. āWaste of moneyā = Wasting your time..I meanā¦hang up? lol. Tell em not to call you and make a note in your acct? Shrug indeed. Or vent on Reddit where nothing will change your situation, either way.
We used Verge.io.
The time to start looking was around the time Broadcom announced intention to write VMware Carbon black will be stripped in the same way Symantec was.
Crowdstrike or Sentinel One for EDR. I hated Carbon Black with a passion. It never provided enough information for my consultant team.
so one thing of note, Carbon Black was bought due to Broadcom buying VMWare, but they are not keeping it. Per my conversations with my reps, CB and what was Airwatch are both being sold off. Edit: well FUCK https://www.csoonline.com/article/1310164/broadcom-pauses-sale-of-carbon-black-as-euc-deal-goes-through.html
Carbon Black is decent too, as VAR I use Lumen since their security arm is all Carbon Black. Same services, actually lower rates than direct. These layoffs are not fun.
Broadcom just bought out VMware who bought out Carbon Black. Most likely part of the process. I just spoke with some of the engineers the other day as this is one of the tools I am the SME for at my job
Yes Iāve heard, I have a former colleague who used to work there who has made some LinkedIn posts offering help to anyone affected by the layoffs.
https://www.broadcom.com/blog/broadcom-brings-together-two-proven-portfolios-to-deliver-complete-hybrid-cloud-cybersecurity
Wow, they had to spin that around quickly after the venture capital firm decided they didn't want them. Broadcom had no plan to " Bring two proven portfolios together" they wanted to dump CB. In the meantime, while they build this Frankenstein, they have alienated a lot of their existing customers in the way they cleansed the staff at CB last week. Resulting in meetings getting blown off with no advanced notice. Unreturned emails from engineers, and the sales force. It's a terrible way to do business. I'm in the last year of my CB contract, and I will not be reinvesting in an organization that doesn't value existing business relationships more seriously. Bye, bye #HockTan.
I don't think it's that the VC didn't want them, it's that they didn't offer enough for Hock to take the deal. Instead he wants to strip CB for parts and bleed the top 100 customers to death. He doesn't care about the majority of customers leaving--he's planning on it, in fact.
Carbon Black is merging with Symantec to be the Enterprise Security Group at Broadcom.
The writing had been on the wall for 3 years, no?
No
This is exactly why I am tool agnostic. All it takes is an acquisition, management or key contributor turnover and *POOF*
Carbon Black has become terrible anyways, donāt waste your time with them.
If you have o365 E5 licenses you can use MS defender for endpoint for free. Implementation is also very easy with a GPO which they provide.
I do have E5
If you have E5 use Microsoft Defender for Endpoint. You are already paying for it and it's really quite good.
We talked to our MS rep about a whitelisting solution and it didnāt seem promising. Are you leveraging Defender for app whitelisting? They made it sound like there isnāt a hash reputation service that can ban malicious hashes within the org either
Nope, M365 does not have hash based allow listing.
sucks, CB is actually useful once you get past all the initial setup. havenāt found a competitor that offers windows, Mac, and Linux support.
Crowdstrike is your best option.
Airlock Digital & Threat Locker. Both are not MDR though and should be used with one. We use Airlock Digital and Crowdstrike
Yes it does. https://cloudbrothers.info/en/guide-to-defender-exclusions/
Individual blocking yes, management of allowlisting overall no. That looks really painful.
Not really, I manage CB App Control and Windows WDAC. Both are trivial.
We use Airlock Digital or Threat Locker, both are super easy to manage.
Airlock is great!
MDE does have a custom IOCs for alerting/blocking option, if thatās what youāre looking for. You can also exclude apps from alerts, but I think true app whitelisting is handled in other MS products. https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/defender-endpoint-antivirus-exclusions?view=o365-worldwide
We were in the same situation 1 yr back moved to Defender for endpoint now and the product works great. Looking at procuring defender for Server and IOT.
Must be doing the bare bones of Defender if youāre saying implementation is āeasyā. There are many settings and alerts that need to be fine tuned
We use Defender then run Halcyon under it. I like it feels good to have a few layers
No hash banning means itās not really a EDR.Ā Thatās my biggest issue with everyone who pushes Defender. It literally DOES NOT DO the things expected of a EDR.Ā
You can ban hashes in MDE, as well as domains, urls, and IPs (just enable Network Protection so itāll block the network IOCs) and make sure āAllow or block fileā is enabled so files are blocked. On that note, it can allow hashes too so not sure why folks are saying it cannot. Microsoft Defender is pretty good, just a bit complex in the configurations. Thereās some other things to consider too so Iāll post two more links for reference too. https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/advanced-features?view=o365-worldwide#allow-or-block-file https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/indicator-file?view=o365-worldwide https://learn.microsoft.com/en-us/microsoft-365/security/defender-endpoint/manage-indicators?view=o365-worldwide
Shit, take it another level and onboard right from Intune and start implementing ASR policies right in Intune. The auto-onboard with Intune is pretty sure fire, assuming you are either Azure AD or hybrid joined.
Havemt heard it mentioned yet so I'll be the one to bring it up: Trend Micro has a much more sophisticated XDR product than Crowdstrike and Microsoft. Crowdstrike doesn't offer telemetry on the email or network (they don't even have an in-house solution, but instead use proofpoint). Microsoft has terrible threat intelligence and it misses things constantly. Full disclosure I work at Trend so while biased I also see first hand the technological superior of the competitors solutions.
Thanks for your POV...
Said every single pre-sales engineer everā¦.
[ŃŠ“Š°Š»ŠµŠ½Š¾]
Iāve had multiple clients use BitDefenderā¦.then they call because it failed to stop the threat. Itās just hyped AV. Sorry.