1. W W W . B I T D E F E N D E R . C O M
BITDEFENDER
GRAVITYZONE
M r . S o n g k l o d S r i p h u m b a n g P r o d u c t M a n a g e r
E N D P O I N T N E T W O R K C L O U D
2. OCTOBER 20, 2023
END-TO-END BREACH AVOIDANCE
OCTOBER 20, 2023
AGENDA o About Bitdefender
o Introduction GravityZone
o Security Solution
o Q&A
4. 4
OUR MISSION
Trusted cybersecurity technology
provider in the world
We are committed to help secure your
organization from breaches and
business disruptions.
5. 5
WE ARE: A GLOBAL
CYBER-SECURITY INNOVATOR
We provide end-to-end breach avoidance.
@endpoint @network @cloud
MAIN HQ IN BUCHAREST, ROMANIA
ENTERPRISE HQ IN SILICON VALLEY (SANTA CLARA, CALIFORNIA US)
FOUNDED IN 2001 1,600+ EMPLOYEES WORLDWIDE
800+ IN R&D / ENGINEERING
38% OF GLOBAL
CYBER-SECURITY FIRMS USE
BITDEFENDER TECHNOLOGY
20K+ PARTNERS WORLDWIDE
150+ OEM PARTNERS
500M+ Protecting
Users Worldwide
6. The Progression of Endpoint Security
Evolution of Endpoint Security
Beyond Anti-Malware
AV
Antivirus
NGAV
Next Generation
Antivirus
EPP
Endpoint
Protection
NGEP
Next Generation
Endpoint Protection
EDR
Endpoint Detection
& Response
uses a database
of known 'signatures’
to detect virus
uses a database
of known 'signatures’
+ heuristic analysis,
HIPS, and more
features
uses a database
of known 'signatures’
+ heuristics, behavior
analysis, internet and
network access (Web,
Mail, Firewall, IPS,
Device Control,
Application Control)
Machine Learning
based protection
against new and
unknown threats,
fileless & PowerShell
attacks, zero-day
vulnerabilities,
Ransomware Rollback,
Sandboxing
Discover and
investigate techniques,
tactics
and procedures (TTPs),
Root Cause
Analysis, MITRE
ATT&CK framework
IoC, Threat hunting,
Incident Response
7. The Progression of Endpoint Security
Evolution of Endpoint Security
Beyond Anti-Malware
The evolution of EDR
and XDR
The integrated
solution, combines
EDR and Network Traffic
Analytics
email, endpoint, server,
cloud workloads, and
network
XDR
eXtended Detection and
Response
MDR
Managed Detection
and Response Services
Outsourced
Cybersecurity Operations
for endpoints, plus
network and security
analytics, with the threat-
hunting expertise of a
SOC
Feature..
8. 8
CONFIDENTIAL
OCTOBER 20, 2023
ACKNOWLEDGED INNOVATION
LEADER
First machine learning-
based detection
First automated stream detection
based on machine learning
2008 2011 2013 2014 2015 2016 2017 2018 2019
First IoT security
(Bitdefender Box)
First tunable machine learning
(HyperDetect)
First integrated Prevention,
Detection, Response and Risk
Analytics
First noise reduction algorithm
for finding misclassified
samples
First use of deep learning to
increase detection rates
Only Hypervisor-based memory
introspection (HVI)
First tunable machine learning in
agentless virtualization security
2022
First human risk
analytics
/xEDR
9. OCTOBER 20, 2023
PARTNERED BY
LAW ENFORCEMENT AGENCIES
AGAINST CYBER CRIME
Actively engaged in countering international cybercrime with
major law enforcement agencies, in takedowns
operations or as part of international initiatives.
• Takedown of Hansa, the second-largest black market, in collaboration with Europol &
FBI.
• Part of Europol’s NoMoreRansom and Microsoft’s TechAccord. Helped victims save
$632 million in ransomware claims.
• Appointed CVE Numbering Authority in MITRE Partnership.
10. OCTOBER 20, 2023
TRUSTED BY
KEY ORGANIZATIONS
WORLDWIDE
“Bitdefender allows us to show Citrix to the world
without the paralyzing fear of being hacked.”
11. OCTOBER 20, 2023
RELIED ON
IN KEY TECHNOLOGY
PARTNERSHIPS
Proud technology alliance partner to major virtualization vendors, directly contributing
to the development of secure ecosystems with VMware, Nutanix, Citrix, Linux
Foundation, Microsoft, AWS, and Pivotal.
12. October 20, 2023 12
RECOGNIZED BY
GLOBAL SECURITY ANALYSTS &
REVIEWERS
TRUSTED BY
ENTERPRISES AND LAW
ENFORCEMENT AGENCIES
RELIED ON
in key technology
partnerships
Leader in the inaugural Forrester® WAVE ™ for Cloud
Workload Security
100% detection in the first Advanced Real-
World test by AV-Comparatives
“Received a score of 100% for evasions.
No false positives” NSS Labs
PROTECTING KEY ORGANIZATIONS
WORLDWIDE
FBI Department of Justice
PARTNERING AGAINST CYBER CRIME
13. October 20, 2023
13
OCTOBER 20, 2023
EDR LEADER ACROSS THE BOARD
Independent labs AV-TEST & AV-COMPARATIVES confirm EDR
excellency
With "Endpoint Security
(Ultra)", Bitdefender succeeded
at fielding a top product in 2021
which was able to meet the high
standards of the AV-TEST
Institute.
MARCH 2020 AV-TEST Award for
Bitdefender – certified proof of peak
excellence
Staggering 100% score in AV-
Comparatives first APT attack
test
DECEMBER 2019 AV-Comparatives
Enhanced Real World Protection Test
Bitdefender, a global
cybersecurity leader, was named
a Customers’ Choice in North
America in the 2021
15. October 20, 2023
15
OCTOBER 20, 2023
"Bitdefender is the biggest
EDR vendor you haven’t
considered but should have."
The Forrester Wave™: Enterprise Detection And Response, Q2 2022
21. 20 octobre 2023 | Confidentiel
In cybersecurity and Formula 1, every millisecond counts.
Technology makes all the difference in who has the
advantage.
Bitdefender researchers, security analysts, and engineers
are on the cutting edge of cybersecurity, developing threat
and behavioral analytics from its network of millions of
monitored and protected endpoints to prevent, detect and
respond to threats faster.
A partnership born from a passion for high
performance and technological innovation.
« Bitdefender shares with Scuderia Ferrari a heritage of
excellence and a demonstrated track record of building
state of the art, innovative technologies to deliver
winning results. »
Florin Talpes
Co-founder and CEO, Bitdefender
22. W W W . B I T D E F E N D E R . C O M
GRAVITYZONE SITE
REFERENCES
33. W W W . B I T D E F E N D E R . C O M
GRAVITYZONE PLATFORM
34. OCTOBER 20, 2023
DETECTION & RESPONSE
PREVENTION
RISK
ANALYTICS &
HARDENING
SERVICES
THE FIRST UNIFIED SECURITY AND RISK
ANALYTICS PLATFORM
BITDEFENDER
GRAVITYZONE®
Unified Prevention, Detection, Response and
Hardening Across Endpoint, Network, Cloud and
Human
35.
36. FASTER TIME-TO-PROTECTION WITH FLEXIBLE CONSOLE-DELIVERY
OPTIONS
BITDEFENDER-HOSTED CLOUD CONTROL CENTER
ON-PREMISES GRAVITY ZONE CONTROL CENTER
• Hardened Linux virtual appliance
• Spins up in <15 minutes
• Web-scale high-availability architecture
• Automatic system upgrades
• No OS or database licenses needed
• Zero deployment time
• No server resources needed
• No administration
• No additional costs
39. Bitdefender
Relay Role
Server Zone
Client Zone
Proxy Server
GravityZone Cloud Console
GRAVITYZONE CLOUD – Offline Internet
Relay Module:
• Communication Server
• Update Signature
• Installation Software
• Logs transfer
• Receive command
47. OCTOBER 20, 2023
DETECTION
&
RESPONSE
PREVENTION
RISK
ANALYTICS
&
HARDENING
SERVICES
INTEGRATED
TECHNOLOGIES
& SERVICES
FOR THE BEST
BREACH
AVOIDANCE
Bitdefender GravityZone is a
next-generation security platform that lets you
protect all the endpoints in the enterprise,
including client devices and both virtual and
physical datacenter infrastructure.
INCIDENT
VISUALIZATION
ROOT CAUSE
ANALYSIS
ANOMALY DEFENSE
PROCESS
INSPECTOR
MITRE EVENT
TAGGING
SANDBOX
INVESTIGATION
GLOBAL
THREAT
INTELLIGENCE
MANAGED
DETECTION &
RESPONSE
(MDR)
PROFESSIONAL
SERVICES
THREAT
INTELLIGENCE
SERVICE
PREMIUM SUPPORT
THREAT HUNTING PROACTIVE
REMEDIATION
LOCAL & CLOUD
MACHINE
LEARNING
AUTOMATIC
SANDBOX
ANALYZER
HYPERDETECT™
(TUNABLE MACHINE
LEARNING)
EXPLOIT DEFENSE
FILELESS ATTACK
DEFENSE
NETWORK
ATTACK DEFENSE
PATCH
MANAGEMENT
ENDPOINT RISK
ANALYTICS
FULL DISK
ENCRYPTION
WEB THREAT
PROTECTION
DEVICE
CONTROL
FIREWALL
HUMAN RISK
ANALYTICS
EXTENDED
DETECTION AND
RESPONSE
PROCESS
INSPECTOR
APPLICATION
CONTROL
RANSOMWARE
MITIGATION
53. Components Business Security Business Security
Premium
Business Security
Enterprise
A-la-Cart
Console-Delivery Options On-Premises / Cloud On-Premises / Cloud On-Premises / Cloud On-Premises
Endpoint Security Yes Endpoint Security HD Endpoint Security xEDR Yes
Mobile Security On-Premises On-Premises Yes
Security for Virtualized Environments Yes Yes Yes
Server/ WorkStation /Per-CPU
Licensing
Security for Exchange Yes Yes Yes
Hypervisor Introspection (HVI) Per-CPU Licensing (On-Prem) Per-CPU Licensing (On-Prem) Per-CPU Licensing
Coverage
Machine Learning Yes Yes Yes Yes
Advanced Anti-Exploit Yes Yes Yes Yes
Sandbox Analyzer Yes Yes HD Add-on
HyperDetect (Tunable ML) Yes Yes HD Add-on
Process Inspector (ATC) Yes Yes Yes Yes
Network Attack Defense Yes Yes Yes Yes
Fileless Attack Defense Yes Yes Yes
Central Scanning (Offloaded to an SVA) Yes Yes Yes
Visibility into Suspicious Activities Yes Yes Report Builder
Application Control Blacklisting Blacklisting
Whitelisting (On-Prem)
Blacklisting Blacklisting
Whitelisting
EDR Root Cause Analysis Yes (Full xEDR) Yes (EDR)
ERA (Endpoint Risk Analytics) Yes Yes Yes
Add-On
Full-Disk Encryption Yes Yes Yes Yes
Patch Management Yes Yes Yes Yes
Email Security Yes Yes Yes
Security for Storage Yes Yes Yes
Licensing
License Type and Term Bundle. Yearly License Bundle, Yearly License Bundle, Yearly License
Restrictions Up to 30% of Devices
Can Be Servers
Up to 35% of Devices
Can Be Servers
Up to 35% of Devices
Can Be Servers
54.
55. October 20, 2023
55
source: skyboxsecurity.com
VULNERABILITY AND THREAT TRENDS
• Almost all malware types have seen an
increase over the first six months of 2020
• Cryptocurrency miners and worms being the
only malware that have had fewer
occurrences when compared to 2019
• Ransomware is increasing in usage
because it is also increasing in sophistication
- Human-operated ransomware attacks
• Exploits taking advantage of Remote Desktop
Protocol (RDP).
New post-exploitation malware
56. OCTOBER 20, 2023
Endpoint Risk
Management and
Analytics
Key Features:
View your overall Company Risk Score and
understand how various misconfigurations
and application vulnerabilities contribute to
it
Assess prioritized misconfigurations and
application vulnerabilities across your
organization’s endpoint estate
Get a risk snapshot for servers and end-user
devices, and review the most-exposed
endpoints
Fully native to all GravityZone Cloud
products
Powered by Bitdefender Labs global threat
research
Actively reduce your organization’s attack surface by continuously assessing,
prioritizing, and addressing endpoint risk coming from misconfigurations and
application vulnerabilities.
57. OCTOBER 20, 2023
Misconfigurations
Endpoint Risk
Management and
Analytics
59. OCTOBER 20, 2023
Endpoint Risk
Management and
Analytics
• Quickly identify and patch
vulnerabilities that pose a great
threat to a company
• Find details about CVEs on
cvedetails.com
• Remediate with integrated
Patch Management
Vulnerabilities
60. OCTOBER 20, 2023
Endpoint Risk
Management and
Analytics
• Get full focus on users that
have the highest risk within an
organization
Human Risk
61. Helps improve security posture by expediently
discovering and eliminating vulnerabilities
Provides the widest range of security- and
non-security patches for operating systems,
third-party applications and golden images
Covers Windows-based physical, virtual on-
prem and cloud-based endpoints and servers
Is deployed and managed from the
GravityZone console and integrated into its
agent
INTEGRATED PATCH MANAGEMENT (ADD-ON)
62. Helps improve security posture by
expediently discovering and eliminating
vulnerabilities
Provides the widest range of security-
and non-security patches for operating
systems, third-party applications and
golden images
Covers Windows-based physical, virtual
on-prem and cloud-based endpoints
and servers
Is deployed and managed from the
GravityZone console and integrated
into its agent
INTEGRATED PATCH MANAGEMENT (ADD-ON)
64. GRAVITYZONE™
THE SECURITY PLATFORM FOR
END-TO-END BREACH AVOIDANCE
OCTOBER 20, 2023
Endpoint Hardening and Control Technologies
Application Control – On premises only
• Supports both “Default Deny” and
“Blacklisting”
• Audit or Enforcement mode
• Trusted Updater
Web Threat Protection
• Scans incoming traffic and emails
• Blocks URLs based on behavior and machine
learning
• Web category filter
Firewall
Fully featured two-way personal firewall with
host-based intrusion detection and prevention
controls
Device Control
Allows administrators to manage permissions
for external devices such as USB Flash drives,
Bluetooth devices and others
Full-Disk Encryption (add-on)
Windows BitLocker and Mac OS FileVault native
encryption with centralized deployment,
management and key recovery from
GravityZone
Patch Management (add-on)
Provides widest range of security and non-
security patches for Windows operating
systems and third party applications
65. Network Level
On-Access Level
On-Execution
Attacker
Endpoint
Run Malware
FIREWALL
WEB THREAT
PROTECTION
DEVICE
CONTROL
NETWORK ATTACK
DEFENSE
LOCAL & CLOUD
MACHINE LEARNING
EXPLOIT
DEFENSE
PROCESS INSPECTOR
LOCAL & CLOUD
MACHINE LEARNING
Pre-Hardenened
ANTIMALWARE
(Signature-Based)
FULL DISK
ENCRYPTION
PATCH
MANAGEMENT
ENDPOINT RISK
ANALYTICS
EMAIL SECURITY
DEVICE
CONTROL
OVERVIEW OF THE
BEST’s PROTECTION
LAYERS – Securely
Everywhere
Dashboard and Report
Report
66. October 20, 2023
66
ADVANCED ATTACKS REQUIRE DETECTION AND
RESPONSE
Known Threats
Evasive Malware
Zero-day attacks
Fileless attacks
Targeted attacks, Low and slow, Insider Threats
99% of the
attacks can
be prevented
with the
right tools
< 1% require
analysis over
time across
layers with ML
HARDER
TO
EXECUTE
SOPHISTICATION
DAMAGING
67. GRAVITYZONE™
THE SECURITY PLATFORM FOR
END-TO-END BREACH AVOIDANCE
OCTOBER 20, 2023
GravityZone Prevention Technologies
Dynamic Machine Learning – Pre/On/Post-Execution
Predict and block advanced attacks, learning and adapting
since 2008 with one of the world’s largest Global
Protective Networks to deliver top efficacy with low false
positives
Network Attack Defense
• ID and categorize network behaviors
• Several ML algorithms are used against specific
attack vectors, like protocol and device specific
anomaly detection
HyperDetect – Pre-Execution
Tunable machine learning and behavior-analysis
models trained to detect advanced, sophisticated
threats at pre-execution
Sandbox Analyzer – Pre/Post-Execution
Automatic submission of suspicious files from
endpoints to a cloud-based sandbox for detonation
and behavioral analysis
Exploit Defense
Anti-Exploit protection designed to tackle evasive
exploits, to help reduce the ATP attack surface and
minimize the risk of being targeted.
Process Inspector – On/Post-Execution
A behavior anomaly detection technology that
provides protection against never-before-seen
threats in on-execution stage
Fileless Attack Defense – Pre-Execution
Detects and blocks fileless malware - terminate
PowerShell running malicious command line,
blocking malicious traffic, block code injection
process into memory buffer
68. Network Level
On-Access Level
Pre-Execution
On-Execution
Attacker
Endpoint
Run Malware
FIREWALL
WEB THREAT
PROTECTION
DEVICE
CONTROL
NETWORK ATTACK
DEFENSE
HYPERDETECT™
(TUNABLE MACHINE
LEARNING)
LOCAL & CLOUD
MACHINE LEARNING
FILELESS ATTACK
DEFENSE
AUTOMATIC SANDBOX
ANALYZER
EXPLOIT
DEFENSE
PROCESS INSPECTOR
INCIDENT
VISUALIZATION
ROOT CAUSE
ANALYSIS
MITRE EVENT
TAGGING
SANDBOX
INVESTIGATION
LOCAL & CLOUD
MACHINE LEARNING
Pre-Hardenened
ANTIMALWARE
(Signature-Based)
LOCAL & CLOUD
MACHINE LEARNING
FULL DISK
ENCRYPTION
PATCH
MANAGEMENT
ENDPOINT RISK
ANALYTICS
EMAIL SECURITY
DEVICE
CONTROL
Visibility &
Response
OVERVIEW OF THE
BEST’s PROTECTION
LAYERS – Securely
Everywhere
69.
70. OCTOBER 20, 2023
Ransomware Mitigation
Ransomware mitigation helps
organizations recover files after a
blocked ransomware attack – without
any downtime.
Gain peace of mind with fast recovery
of encrypted files affected by
ransomware
• Tamper-proof, secure backup
copies to ensure data is protected
• Stop attacks coming from
endpoints not protected by
Bitdefender
• Add more value with affordable,
advanced security features – no
upcharges for Ransomware
Mitigation
74. HYPERDETECT – TUNABLE MACHINE LEARNING
Protects from:
• Ransomware
• Exploits
• Fileless attacks
• Script-based attacks
Provides maximum
detection accuracy
without false positives
Delivers full visibility
into suspicious
activities
Set the detection-aggressiveness level…
…to counter relevant threats
Gain full visibility and enable automatic action
75. SANDBOX ANALYZER
Uses machine learning and behavioral
analysis to assess suspicious files
Runs in blocking or monitoring mode
Provides a verdict in near-real-time
and takes policy-based remediation
action
Delivers in-depth reporting on malware
behavior
Protects against:
• Advanced targeted
attacks
• Custom malware
• Unknown packers
76.
77.
78. SANDBOX ANALYZER
Streamlines investigation,
enabling live tracking of
attacks and lateral
movement
Facilitates rapid
resolution, containment
and remediation
Provides real-time
endpoint visibility and
insight into suspicious
activities
Simplifies alert triage
and incident-analysis
visualization
79. SANDBOX ANALYZER
Streamlines investigation,
enabling live tracking of
attacks and lateral
movement
Facilitates rapid
resolution, containment
and remediation
Provides real-time
endpoint visibility and
insight into suspicious
activities
Simplifies alert triage
and incident-analysis
visualization
80. SANDBOX ANALYZER
Streamlines investigation,
enabling live tracking of
attacks and lateral
movement
Facilitates rapid
resolution, containment
and remediation
Provides real-time
endpoint visibility and
insight into suspicious
activities
Simplifies alert triage
and incident-analysis
visualization
81. SANDBOX ANALYZER
Streamlines investigation,
enabling live tracking of
attacks and lateral
movement
Facilitates rapid
resolution, containment
and remediation
Provides real-time
endpoint visibility and
insight into suspicious
activities
Simplifies alert triage
and incident-analysis
visualization
82. SANDBOX ANALYZER
Streamlines investigation,
enabling live tracking of
attacks and lateral
movement
Facilitates rapid
resolution, containment
and remediation
Provides real-time
endpoint visibility and
insight into suspicious
activities
Simplifies alert triage
and incident-analysis
visualization
85. W W W . B I T D E F E N D E R . C O M
ENDPOINT DETECTION AND
RESPONSE (EDR)
86. October 20, 2023
86
INTEGRATED ENDPOINT DETECTION AND RESPONSE
(EDR)
Minimizes infection
exposure and stops
breaches
Enables one-click
automated detection,
easy investigation and
in-place remediation
Reduces requirements
for resources and skills
to perform early
detection and incident
response
87. INTEGRATED EPP AND EDR SOLUTION
Streamlines investigation,
enabling live tracking of
attacks and lateral
movement
Facilitates rapid
resolution, containment
and remediation
Provides real-time
endpoint visibility and
insight into suspicious
activities
Simplifies alert triage
and incident-analysis
visualization
88. Detection and Response
MITRE attack techniques and indicators of compromise provide up to the minute insights
into named threats and other malware that may be involved.
Pre and Post Compromise
attack forensics – Root
Cause Analysis
Easy to understand visual guides highlight critical attack paths, easing burdens on IT
staff.
The end-to-end attack forensics provides visibility into past actions covering the
entire lifecycle of an attack (before, during and after). It covers both blocked attacks
and suspicious activities (EDR specific detections)
89. ADVANCED ATTACK DETECTION
AND RESPONSE
• Uncoversuspicious activity
• Machine-learning, cloud scanning
and sandbox
• MITRE ATT&CK and IoC search
• Response actions
› Killor Block Process
› Isolate Host
› Start Sandbox Analysis
› Block Hash
› Remote Connection
90. INTEGRATED EPP AND EDR SOLUTION
Streamlines investigation,
enabling live tracking of
attacks and lateral
movement
Facilitates rapid
resolution, containment
and remediation
Provides real-time
endpoint visibility and
insight into suspicious
activities
Simplifies alert triage
and incident-analysis
visualization
91. INTEGRATED EPP AND EDR SOLUTION
Streamlines investigation,
enabling live tracking of
attacks and lateral
movement
Facilitates rapid
resolution, containment
and remediation
Provides real-time
endpoint visibility and
insight into suspicious
activities
Simplifies alert triage
and incident-analysis
visualization
96. W W W . B I T D E F E N D E R . C O M
ENDPOINT NETWORK CLOUD HUMAN
BITDEFENDER EXTENDED EDR (XEDR)
GET READY FOR THE NEW STAGE OF EDR EVOLUTION
October 20, 2023
96
97. OCTOBER 20, 2023
Options to address the problems
Technical
Challenge
eXtended Detection
and Response (XDR)
Human
Resource
Challenge
Managed Detection and
Response (MDR)
Technical
Solution
Outsource eXtended EDR (XEDR)
98. OCTOBER 20, 2023
98
• Cyber-criminals increasingly difficult to detect
• Techniques individually look like routine behavior
• EDR solutions can be complex and qualified staff difficult to find
• Solutions need to be lightweight, flexible and easy-to-deploy
ADVANCED THREAT CHALLENGES
RECONNAISSANCE WEAPONISATION DELIVERY EXPLOITATION INSTALLATION COMMAND
AND CONTROL
ACTION ON
OBJECTIVES
Prevention Detection and Response
99.
100. OCTOBER 20, 2023
10
WHAT ARE THE BENEFITS OF BITDEFENDER
EDR?
Either stand-alone or part of a full-stack security package, Bitdefender Endpoint Detection and Response (EDR) quickly and effectively strengthens your security
operations.
REDUCING
OPERATIONAL BURDEN
DETERMINING
ORGANIZATIONAL RISK
BRIDGING THE CYBER SECURITY
SKILLS GAP
ADVANCED ATTACK
DETECTION AND RESPONSE
101. OCTOBER 20, 2023
MORE THAN EDR: eXtended EDR* (XEDR)
The cross-endpoint event correlation technology, the eXtended EDR (XEDR), takes threat detection and visibility to a new level by combining the granularity and rich
security context of EDR with the cross-endpoint event correlation of XDR (eXtended Detection and Response).
ORGANIZATION-LEVEL INCIDENT
VISIBILITY
(EXTENDED VISIBILITY)
CROSS-ENDPOINT EVENT
CORRELATION
(EXTENDED DETECTIONS)
*XEDR is available only for cloud-deployed solutions. Standard EDR is available for on-premises deployments.
107. October 20, 2023 107
BRIDGING THE
CYBER SECURITY
SKILLS GAP
• Respond, limit spread, stop attacks
• Threat visualizations
• Understand complex detections
• Identify root cause
• Prioritized alerts
• Respond with one click
108.
109. W W W . B I T D E F E N D E R . C O M
SECURITY FOR VIRTUALIZED
ENVIRONMENTS
110. Public cloud IaaS
(AWS, Azure)
Any hypervisor
VM 1 VM 2 VM 3
VM 1 VM 2 VM 3
SVA
Physical endpoints
Control
Center
Bitdefender
Global Protective
Network
On-premises infrastructure
OCTOBER 20, 2023
MAXIMIZES VISIBILITY AND MANAGEABILITY
111. Featherweight agent
Offloaded scanning, threat database
Any hypervisor
VMware ESXi, Citrix Xen, Microsoft Hyper-V,
Red Hat KVM, Oracle VM
SVA not required on each host
SVA redundancy
Security Server
GravityZone
Control Center
VM VM VM VM
BEST with Central Scan
OCTOBER 20, 2023
HOW DOES SVE WORK?
112. Two-level caching on both the virtual machine (VM) and the
security virtual appliance (SVA) enables high antimalware
efficiency
The SVA inspects each file only once even if it appears on
multiple VMs
This helps avoid redundant scanning, significantly reducing
CPU, RAM, IO, and network load
Security Virtual Appliance
VM1
Local Cache
Central Cache
VM2
Local Cache
TCP/IP
Update
Local
Cache
Update Central
Cache
SVE CACHING ARCHITECTURE
OCTOBER 20, 2023
113. OCTOBER 20, 2023
One or more GravityZone Security Virtual Appliances (SVA) perform the role
of ICAP server(s) providing antimalware-analysis services to Network-
Attached Storage (NAS) and file-sharing solutions compliant with the
Internet Content Adaptation Protocol
The GravityZone Control
Center acts as a central
management console for
Security for Storage
GRAVITYZONE
SECURITY
FOR
STORAGE
115. GRAVITYZONE
THE ENTERPRISE SECURITY PLATFORM
FOR THE BEST BREACH AVOIDANCE
BITDEFENDER
GRAVITYZONE®
Unified Prevention, Detection, Response and
Hardening Across Endpoint, Network and Cloud
LAPTOPS AND
WORKSTATIONS
MOBILE
DEVICES
VIRTUAL
DESKTOPS
VDI / DAAS
SERVERS
EMAIL
Hosted or On-prem
STORAGE
ICAP Compatible
PUBLIC, PRIVATE &
HYBRID CLOUD
SOFTWARE-DEFINED &
HYPERCONVERGED
INFRASTRUCTURE
116. Bitdefender
Global Protective
Network
GRAVITYZONE ARCHITECTURE AND PRODUCTS
SVA
Any hypervisor
VM 1 VM 2 VM 3
On-premises infrastructure
GZ Security for Endpoints GZ Security for Virtualized Environments (SVE)
ENTERPRISE HQ AND
DATACENTER
Firewall
GZ Security for Virtualized Environments; Security for AWS
SVA*
VM 1 VM 2 VM 3
Public-cloud infrastructure (AWS, Azure)
PUBLIC-CLOUD ESTATE
Firewall
Threat dbase update
False positive checks
Malware algorithm- and threat-feed updates
Policy updates Reporting System software updates
GravityZone
Control Center
GZ Security for Endpoints
Firewall
REMOTE / HOME OFFICE
Relay
117. Components Business Security Business Security
Premium
Business Security
Enterprise
A-la-Cart
Console-Delivery Options On-Premises / Cloud On-Premises / Cloud On-Premises / Cloud On-Premises
Endpoint Security Yes Endpoint Security HD Endpoint Security xEDR Yes
Mobile Security On-Premises On-Premises Yes
Security for Virtualized Environments Yes Yes Yes
Server/ WorkStation /Per-CPU
Licensing
Security for Exchange Yes Yes Yes
Hypervisor Introspection (HVI) Per-CPU Licensing (On-Prem) Per-CPU Licensing (On-Prem) Per-CPU Licensing
Coverage
Machine Learning Yes Yes Yes Yes
Advanced Anti-Exploit Yes Yes Yes Yes
Sandbox Analyzer Yes Yes HD Add-on
HyperDetect (Tunable ML) Yes Yes HD Add-on
Process Inspector (ATC) Yes Yes Yes Yes
Network Attack Defense Yes Yes Yes Yes
Fileless Attack Defense Yes Yes Yes
Central Scanning (Offloaded to an SVA) Yes Yes Yes
Visibility into Suspicious Activities Yes Yes Report Builder
Application Control Blacklisting Blacklisting
Whitelisting (On-Prem)
Blacklisting Blacklisting
Whitelisting
EDR Root Cause Analysis Yes (Full xEDR) Yes (EDR)
ERA (Endpoint Risk Analytics) Yes Yes Yes
Add-On
Full-Disk Encryption Yes Yes Yes Yes
Patch Management Yes Yes Yes Yes
Email Security Yes Yes Yes
Security for Storage Yes Yes Yes
Licensing
License Type and Term Bundle. Yearly License Bundle, Yearly License Bundle, Yearly License
Restrictions Up to 30% of Devices
Can Be Servers
Up to 35% of Devices
Can Be Servers
Up to 35% of Devices
Can Be Servers
120. 120
GravityZone – the next level
of agile cybersecurity
• Centralized management - security policies, configurations, and
updates across multiple endpoints and locations
• Real-time threat detection and response - advanced machine
learning and behavior analysis techniques to detect and
respond to threats in real-time
• Cloud-based or on-premise security that can be deployed
quickly and easily, and is scalable to meet the changing needs
of an organization
• Advanced endpoint and network protection features such as
anti-malware, anti-phishing, and anti-ransomware, as well as
device control and web filtering, sandbox, hyper detect, EDR,
XDR and more
• Integrated risk management includes vulnerability assessment,
compliance management, and security audits
121. 121
Bitdefender
support for
partners
• Free certification training for
partners (sales and technical)
• Second level support from our local
distributors and help desk technical
support from our office in Bangkok
• GOV/EDU/NGO and business
discounts on request
• Account protection for registered
and verified projects
• Free pre-sales support including
trials and POC deployment
• Free online user training
• MDF, discounts for partners at the
gold level or higher