Carbon Black Enterprise Response

Unravel the entire attack and disrupt attacker behavior

Back Home

Carbon Black Enterprise Response is the most complete endpoint detection and response solution available to security teams who want a single platform for hunting threats, disrupting adversary behavior and changing the economics of security operations. Only Cb Enterprise Response continuously records all endpoint activity, centralizes and correlates that data with unified intelligence sources, and reveals a complete kill chain that pinpoints attack root cause to power live threat containment, banning and remediation activities. Built entirely on open APIs, Cb Enterprise Response pushes and pulls data through the security infrastructure to automate and enhance adaptive threat response processes, helping to make it the #1 EDR solution among global enterprises and 70+ of the world’s leading IR and MSSP firms.

Carbon Black Enterprise Response was formerly known as “Carbon Black.”

Related Resources

White Paper: Next-Generation Endpoint Security
White Paper: Next-Generation Endpoint Security

The definitive guide for how to secure your endpoints against today’s advanced threats.

White Paper: Reducing the Cost of Incident Response
White Paper: Reducing the Cost of Incident Response

Reduce the cost and complexity of incident response with proactive continuous monitoring and recording on endpoints and servers.

65 %
of data breaches happen on endpoints
of incident responders claim to lack endpoint visibility
faster time to root cause identification with Cb Enterprise Response
of IR Professionals choose Cb Enterprise Response over any other EDR solution

Unravel the Entire Attack with Continuous & Centralized Recording

You can’t know bad in advance and every second counts. Only Cb Enterprise Response captures all critical endpoint activity so when an attack happens, defenders have record of the entire attack at their fingertips. This centralized system of record powers the most complete platform for the incident response lifecycle, from full visibility to live response and attack recovery.

Automate data collection with continuous recording, centralization and retention of endpoint activity

Own a master system of record that dynamically models the complete kill chain in seconds.

Map attacks across the enterprise to quickly scope the incident and easily determine root cause.

Isolate, terminate, remediate and ban endpoint threats from the same interface, in minutes.

Cb Enterprise Response is the only solution that empowers security teams to watch an attacker’s every move, unravel the entire attack, understand the precise root cause and respond quickly and efficiently.


Complete endpoint visibility.

Faster root cause.

Full attack scope.

Reduce cost of IR.

Track an Attacker

Disrupt Your Adversaries

Make attackers change their behavior. File signatures are easy for attackers to change. Patterns of behavior are not. Detecting and responding to attack behavior takes away the tactics your adversaries rely upon.

Create customized detection, tailored to organizational risk profiles and industry vulnerabilities.

Apply a layer of threat intelligence to your centralized endpoint data.

Hunt threats, then use findings to build a better defense by proactively banning behaviors and files.

Leverage the collective knowledge of 10,000 other defenders who use the product and feed the intelligence platform.

Only Cb Enterprise Response enables you to detect and ban patterns of attack rather than chasing indicators of compromise.


Decrease dwell time.

Detect advanced threats.

Instant attack disruption.

Disrupt Your Adversaries

Automate & Integrate

Change the economics. Open APIs and a broad ecosystem of technical alliances mean endpoint threat data can be shared across a security infrastructure to enhance alerts generated by other tools.

Centralized endpoint information to easily correlate with data from other tools and build a complete picture of threats.

Use endpoint intelligence to feed popular SIEM technologies such as Splunk and IBM QRadar.

Improve response efficiency and maximum return on security technology and personnel investments.

Enterprise Response makes it easy to share information and detection and response capabilities with other tools to streamline attack analysis and automate adaptive threat response.


Enriched data provides a more complete picture of attacks

Faster response by integrating and automating with other tools.

Remove slow, manual analyst intervention by enabling orchestration.

automate and integrate
It tracks everything. Really. It correlates and provides a timeline of events. You can literally peruse the killchain. You can also find out everyplace a file exists and you can ban it making it very easy to stop an infection.
Information Technology & Services
I like the recorded aspect and the visibility it gives me into our end points. I like the fact I can go back in time and hunt for artifacts of intrusions.
Computer Software
Best product we have added into our organization for security
Computer Software
Carbon Black [Enterprise Response] gives me visibility that I desperately need.
Financial Services

Flexible Deployment

Match your deployment model to fit your business needs. Multiple deployment options can support every organization from the largest global enterprises to the most dynamic start-ups.

Available as on-premises software or a SaaS offering.

Large global enterprises can use federated capabilities that enable detection and response across server clusters.

The lightweight endpoint sensors never disrupt the endpoint or the end user.

Easily accommodates virtual desktops and supports all major enterprise operating systems– Mac, Windows and Linux.

Only Cb Enterprise Response has the flexibility to support all of your deployment needs–offering both a powerful on-premises deployment model and a low-complexity cloud-based option.  Carbon Black offers hosting options in the United States & the European Union to simplify regulatory compliance for global organizations that prefer a SaaS deployment model.


Fit your deployment to your business.

Faster deployment for faster time to value.

Minimal ongoing maintenance with SaaS solution.

Flexible Deployment

Community of Experts

Hit back with a united front. Cb Enterprise Response is the trusted, #1 choice of the industry’s leading security professionals.

The top choice of incident response professionals, preferred by 68% of the industry.

Join a community backed by 70+ top incident response (IR) firms and managed security service providers (MSSP) consisting of more than500 trained professionals.

Collective expertise of the community is feeding a powerful, unified threat intelligence platform.

Confidently select the solution preferred by professionals, knowing that experts are sharing knowledge and patterns of attack behavior, so you don’t have to go it alone


Faster root cause through community-sourced threat intel.

Become a stronger security team by learning from other users.

Detect advanced threats as soon as other Cb customers face them.

Community of Experts
Market Share
Data sheet: Cb Enterprise Response
In today's security landscape, you can't know bad ahead of time, so incomplete endpoint visibility makes incident detection and response impossible. Learn how full visibility makes root cause and scope easily attainable.

Carbon Black Enterprise Response for Incident Responders

The most challenging tasks of an incident response job are collecting the necessary data to unravel the attack and then scoping its reach. Collecting data retroactively is a backwards approach and makes it nearly impossible to understand lateral movement or the root cause of advanced attacks. Antiquated forensics tools and antivirus information deliver very little visibility into the full context of an incident. Slow and costly data collection and scoping means incident responders are delayed in stopping the bleeding and properly remediating damage.

Learn More