Ultra reason to bet on Bitdefender GravityZone
We have written many articles about Bitdefender's security software and security services. End users who have not had the opportunity to deal with anti-viruses of this brand have certainly heard a lot of good. The most dynamically developing Romanian economy in Europe and in the area of security has been placed on charts in the development trend. The "Forrester Wave ™: Endpoint Security Suites, Q2 2018" report summarizes the company's solutions as "effective in stopping contemporary threats without increasing expenditure on the security team". Bitdefender has been placed in the part of the graph corresponding to the companies that have the greatest impact on the direction of development of security products and services. The main characteristic mentioned in the report is the global coverage of sensors that enable preventive protection of the company. The survey lists the manufacturer as a leader employing 600 employees, where the entire group of experts deals with the protection and development of software installed on over 500 million devices.
Bitdefender GravityZone Ultra is a new product that appeared a few weeks ago. Thanks to the Marken distributor Antivirus Systems, the solution is available for testing. You can get acquainted with all versions of Bitdefender from the GravityZone series by participating in free on-line workshops or by contacting a distributor or even a reseller.
The variety of Bitdefender GravityZone solutions
Five versions of Bitdefender GravityZone have been made available for free testing. A quick glance at the comparative table slightly complicates the decision for new clients, however each version is a response to the individual needs of final customers. Additional common modules for all GravityZone products are:
- Available from the console console, Full Disk Encryption, which is implemented by Bitlocker in Windows and FileVault in MacOS.
- Module for managing security updates (Patch Management).
- Integration with the AWS cloud and management of all devices in one administrator console.
- Protection of Windows, MacOS, Linux, Android, iOS.
Bitdefender GravityZone Business Security is designed for very small businesses that do not have a mobile fleet. Administrators receive scalable security for hardware and virtual systems, including Windows, Mac and Linux servers.
Bitdefender GravityZone Advanced Business Security was created for small businesses. The solution protects Microsoft Exchange e-mail servers, secures mobile devices and has a so-called virtual security server (Bitdefender Virtual Appliance) to offload workstation resources in the LAN. The virtual server is delivered as a machine image that integrates with the most popular hypervisors, namely Vmware, Hyper-V and XenServer.
Bitdefender GravityZone Elite Security is a development of the Advanced Business Security version with aggressive behavioral protection against targeted threats, as well as an automatic sandbox in the cloud. The solution is characterized by a unique approach to security, because it uses a new HyperDetect technology - combining into a coherent whole layer of protection is machine learning and techniques for analyzing the behavior and detection of the encoded code. For detecting sophisticated threats, a sandbox was used in the manufacturer's cloud, as well as local monitoring of suspicious processes. In the additional option (and only available in this version of GravityZone) it is possible to secure virtual workstations already at the hypervisor level (Hypervisor Introspection). This is another original Bitdefender technology that integrates with the Citrix XenServer hyper-software.
A unique feature of the new Bitdefender GravityZone Ultra Security solution is the visualization of suspicious activity of processes, including facilitating safety teams making decisions based on hazard indicators (IoC), managing large amounts of data and prioritizing activities. Simply put, Bitdefender GravityZone Ultra Security as an EDR (Endpoint Detection and Response) class solution allows delegated employees to manage incidents in real-time and search for traces of intrusions and attacks (infection indicators) on each endpoint. EDR allows you to avoid additional security costs and to "clean up" compromised systems.
Bitdefender GravityZone Enterprise Security is characterized only by a console installed on the local network. In the additional option, it supports protection using the Hypervisor Introspection API, so it is possible to detect attacks such as buffer overflow, injecting code into RAM, or even running malware from a virtual machine. Bitdefender HVI technology for a hypervisor Citirix XenServer detects attacks using 0-day vulnerabilities already at the ring (minus) 1 level and can automatically remove threats by injecting a temporary repair tool into a virtual machine. The solution is designed for the largest companies that draw on the virtualization of workstations and servers.
Bitdefender GravityZone Ultra
Producer with such a range of products can offer end users protection of any scaled IT environment. The new EDR (Endpoint Detection and Response) module is not complicated to use. On the contrary.
EDR displays the latest information about attacks and infections in the admin console. In items marked as incidents there is a displayed correlation of system processes, starting from launching a suspicious file - and what you need to check - undetected by scanning on the access level (on access). Detailed information about the checksum and metadata can be quickly compared to VirusTotal, sent for additional analysis in the Bitdefender cloud, search for additional information on Google or stop the suspicious process manually. All this takes place in an automated manner, however, an employee who moves freely in the area of cyber security and intermediate malware analysis should be delegated to the tasks of OPSEC.
Typically, elevated permissions from ring3 to ring0 are required to run malicious software with administrator privileges. This can be achieved, for example, via the appropriate code in Powershell. However, the same or higher permissions are needed to successfully detect the code in the system kernel. Additionally, the basic problem is that there are no permissions higher than ring0, so antivirus programs can not guarantee 100% protection on physical workstations. Virtualization introduces the "ring (minus) 1" layer, hence the proprietary Bitdefender technology is able to control RAM and the system kernel at the "lower" level than the operating system does.
Bitdefender programs operate on the level up to ring1. The Bitdefender HVI technology works at the level of the Citrix XenServer hypervisor, i.e. outside the system authority ring.
Protection does not always go hand in hand with efficiency
Adding subsequent layers of security that are installed on each workstation would be unreasonable (especially in virtual environments), which is why a virtual security server module is available for all versions of Bitdefender GravityZone. It is a picture of a machine in Polish lang, which is delivered in the form of a file to import in a virtualization program:
The main role of the virtual server is to relieve other workstations from antivirus scanning, and the additional tasks are to take control of the distribution of the virus database to the devices in the local network, as well as to balance those burdens. The Virtual Security Appliance (GravityZone Virtual Appliance) uses a caching mechanism that optimizes protection performance by transferring the necessary antivirus scan performance to a virtual server that each employee connects to, saving its own hardware resources.
A security server is a very important element of protection, because the patented scanning technology significantly relieves workstations. Then the security server is responsible for antivirus protection, and not the anti-virus installed, which becomes an intermediary, not the main guard. In other words, if for some reason communication of the anti-virus with the virtual security server was not possible, the agent may use an alternative scan, eg by communicating with the manufacturer's cloud or using the local virus database and the behavioral monitor.
In practice, the difference between traditional and "central" scanning (because this is called scanning using a virtual server) is significant. How much?
We have carried out a test, which shows that the anti-virus appetite for RAM is twice lower in scanning using a virtual security server.
Detailed methodology and description can be found in this PDF document.
The security server has one more important role. Well, only in such a way it is possible to manage mobile devices (Mobile Device Management). It is a pity that Bitdefender did not integrate the management of the mobile fleet with the console in the cloud.
For better scalability and offloading of the main console, the virtual server can balance the load assuming that it will be a balancer, or a server with individual roles (console, MDM server, proxy server). Never at the same time. The license does not impose the number of installed virtual security servers in the local network. Large and very large IT environments will benefit.
Very easy implementation and management are the greatest advantages of Bitdefender security programs and services. If you include Forrester's cited survey and a slightly different methodology used by Gartner in the magic square of endpoint protection for business, then we notice that the hard work of engineers is effective. Let us mention a few of our latest tests, in which Bitdefender programs have obtained very good results:
- The best anti-viruses 2018 based on three security tests
- Big test of protection against fileless viruses
- Antivirus protection against drive-by download attacks
And laboratories, such as MRG Effitas and AV-Test, which carry out their own tests:
At the moment there are only a few solutions of a similar class that can compete with Bitdefender and we do not mean products that implement bottom-by-default protection. Companies must recalculate the risk well and see what is more profitable. Do you invest in security? Or maybe you bear the risk of losing information and related costs? The loss of the image in the eyes of strategic customers can be much more severe than the costs of breaking B2B contracts. From 25 May this year, ie from the date of the new Personal Data Protection Act (RODO), companies must adapt and, in fact, develop an incident response strategy that sooner or later affects everyone. Bitdefender GravityZone has some DLP system modules - controlling peripherals brings no less positive effects than a good anti-intrusion system. As proven by the latest ECM Insights, only 25% of European enterprises are ready for RODO.
Bitdefender GravityZone Ultra is available for testing on partner channels and directly from the distributor in Poland. Details are available at www.bitdefender.pl
Add new comment
Learn more about our offer
We use Google Cloud Translation and Gengo API’s to translate articles with exception of our comparative tests.