The document provides an overview of Bitdefender's GravityZone security platform. Some key points: - GravityZone is an integrated security platform that provides unified prevention, detection, response and risk analytics across endpoints, network, cloud and human assets. - It features next-generation endpoint protection, extended detection and response (EDR) capabilities, sandboxing, anti-exploit technologies, and risk analytics. - GravityZone can be deployed via a Bitdefender-hosted cloud control center or an on-premises GravityZone control center virtual appliance.

1. W W W . B I T D E F E N D E R . C O M
BITDEFENDER
GRAVITYZONE
M r . S o n g k l o d S r i p h u m b a n g P r o d u c t M a n a g e r
E N D P O I N T N E T W O R K C L O U D

2. OCTOBER 20, 2023
END-TO-END BREACH AVOIDANCE
OCTOBER 20, 2023
AGENDA o About Bitdefender
o Introduction GravityZone
o Security Solution
o Q&A

3. 3 SKO 2020
COMPANY OVERVIEW

4. 4
OUR MISSION
Trusted cybersecurity technology
provider in the world
We are committed to help secure your
organization from breaches and
business disruptions.

5. 5
WE ARE: A GLOBAL
CYBER-SECURITY INNOVATOR
We provide end-to-end breach avoidance.
@endpoint @network @cloud
MAIN HQ IN BUCHAREST, ROMANIA
ENTERPRISE HQ IN SILICON VALLEY (SANTA CLARA, CALIFORNIA US)
FOUNDED IN 2001 1,600+ EMPLOYEES WORLDWIDE
800+ IN R&D / ENGINEERING
38% OF GLOBAL
CYBER-SECURITY FIRMS USE
BITDEFENDER TECHNOLOGY
20K+ PARTNERS WORLDWIDE
150+ OEM PARTNERS
500M+ Protecting
Users Worldwide

6. The Progression of Endpoint Security
Evolution of Endpoint Security
Beyond Anti-Malware
AV
Antivirus
NGAV
Next Generation
Antivirus
EPP
Endpoint
Protection
NGEP
Next Generation
Endpoint Protection
EDR
Endpoint Detection
& Response
 uses a database
of known 'signatures’
to detect virus
 uses a database
of known 'signatures’
+ heuristic analysis,
HIPS, and more
features
 uses a database
of known 'signatures’
+ heuristics, behavior
analysis, internet and
network access (Web,
Mail, Firewall, IPS,
Device Control,
Application Control)
 Machine Learning
based protection
against new and
unknown threats,
fileless & PowerShell
attacks, zero-day
vulnerabilities,
Ransomware Rollback,
Sandboxing
 Discover and
investigate techniques,
tactics
and procedures (TTPs),
Root Cause
Analysis, MITRE
ATT&CK framework
IoC, Threat hunting,
Incident Response

7. The Progression of Endpoint Security
Evolution of Endpoint Security
Beyond Anti-Malware
 The evolution of EDR
and XDR
 The integrated
solution, combines
EDR and Network Traffic
Analytics
email, endpoint, server,
cloud workloads, and
network
XDR
eXtended Detection and
Response
MDR
Managed Detection
and Response Services
 Outsourced
Cybersecurity Operations
for endpoints, plus
network and security
analytics, with the threat-
hunting expertise of a
SOC
Feature..

8. 8
CONFIDENTIAL
OCTOBER 20, 2023
ACKNOWLEDGED INNOVATION
LEADER
First machine learning-
based detection
First automated stream detection
based on machine learning
2008 2011 2013 2014 2015 2016 2017 2018 2019
First IoT security
(Bitdefender Box)
First tunable machine learning
(HyperDetect)
First integrated Prevention,
Detection, Response and Risk
Analytics
First noise reduction algorithm
for finding misclassified
samples
First use of deep learning to
increase detection rates
Only Hypervisor-based memory
introspection (HVI)
First tunable machine learning in
agentless virtualization security
2022
First human risk
analytics
/xEDR

9. OCTOBER 20, 2023
PARTNERED BY
​LAW ENFORCEMENT AGENCIES
AGAINST CYBER CRIME​
Actively engaged in countering international cybercrime with
major law enforcement agencies, in takedowns
operations or as part of international initiatives.
• Takedown of Hansa, the second-largest black market, in collaboration with Europol &
FBI.
• Part of Europol’s NoMoreRansom and Microsoft’s TechAccord. Helped victims save
$632 million in ransomware claims.
• Appointed CVE Numbering Authority in MITRE Partnership.

10. OCTOBER 20, 2023
TRUSTED BY
​​KEY ORGANIZATIONS
WORLDWIDE
“Bitdefender allows us to show Citrix to the world
without the paralyzing fear of being hacked.”

11. OCTOBER 20, 2023
RELIED ON
​​IN KEY TECHNOLOGY
PARTNERSHIPS
Proud technology alliance partner to major virtualization vendors, directly contributing
to the development of secure ecosystems with VMware, Nutanix, Citrix, Linux
Foundation, Microsoft, AWS, and Pivotal.

12. October 20, 2023 12
RECOGNIZED BY
GLOBAL SECURITY ANALYSTS &
REVIEWERS
TRUSTED BY
ENTERPRISES AND LAW
ENFORCEMENT AGENCIES
RELIED ON
in key technology
partnerships
Leader in the inaugural Forrester® WAVE ™ for Cloud
Workload Security
100% detection in the first Advanced Real-
World test by AV-Comparatives
“Received a score of 100% for evasions.
No false positives” NSS Labs
PROTECTING KEY ORGANIZATIONS
WORLDWIDE
FBI Department of Justice
PARTNERING AGAINST CYBER CRIME

13. October 20, 2023
13
OCTOBER 20, 2023
EDR LEADER ACROSS THE BOARD
Independent labs AV-TEST & AV-COMPARATIVES confirm EDR
excellency
With "Endpoint Security
(Ultra)", Bitdefender succeeded
at fielding a top product in 2021
which was able to meet the high
standards of the AV-TEST
Institute.
MARCH 2020 AV-TEST Award for
Bitdefender – certified proof of peak
excellence
Staggering 100% score in AV-
Comparatives first APT attack
test
DECEMBER 2019 AV-Comparatives
Enhanced Real World Protection Test
Bitdefender, a global
cybersecurity leader, was named
a Customers’ Choice in North
America in the 2021

14. BITDEFENDER AWARDS & CERTIFICATIONS

15. October 20, 2023
15
OCTOBER 20, 2023
"Bitdefender is the biggest
EDR vendor you haven’t
considered but should have."
The Forrester Wave™: Enterprise Detection And Response, Q2 2022

17. WORLD’S LARGEST SECURITY-DELIVERY INFRASTRUCTURE
500+ Million
Endpoints Protected
170
Countries
150+
OEM Partners

18. 150+
OEM Partners

19. TECHNOLOGY LICENSING (OEM)
MORE THAN 150 OEM PARTNERSHIPS
Confidential

20. October 20, 2023
20
TRUSTED BY GLOBAL AND LOCAL LEADERS
CONFIDENTIAL PRESENTATION

21. 20 octobre 2023 | Confidentiel
In cybersecurity and Formula 1, every millisecond counts.
Technology makes all the difference in who has the
advantage.
Bitdefender researchers, security analysts, and engineers
are on the cutting edge of cybersecurity, developing threat
and behavioral analytics from its network of millions of
monitored and protected endpoints to prevent, detect and
respond to threats faster.
A partnership born from a passion for high
performance and technological innovation.
« Bitdefender shares with Scuderia Ferrari a heritage of
excellence and a demonstrated track record of building
state of the art, innovative technologies to deliver
winning results. »
Florin Talpes
Co-founder and CEO, Bitdefender

22. W W W . B I T D E F E N D E R . C O M
GRAVITYZONE SITE
REFERENCES

23. Site Reference - Education

24. Site Reference – Healthcare, Hospital

25. Site Reference - Government

26. Site Reference – Telecom, Technology and Insurance

27. Site Reference – Corporate

28. Site Reference – Retails

29. Site Reference – Factory, Transport

30. +15 MILLION
NEW MALWARE

33. W W W . B I T D E F E N D E R . C O M
GRAVITYZONE PLATFORM

34. OCTOBER 20, 2023
DETECTION & RESPONSE
PREVENTION
RISK
ANALYTICS &
HARDENING
SERVICES
THE FIRST UNIFIED SECURITY AND RISK
ANALYTICS PLATFORM
BITDEFENDER
GRAVITYZONE®
Unified Prevention, Detection, Response and
Hardening Across Endpoint, Network, Cloud and
Human

36. FASTER TIME-TO-PROTECTION WITH FLEXIBLE CONSOLE-DELIVERY
OPTIONS
BITDEFENDER-HOSTED CLOUD CONTROL CENTER
ON-PREMISES GRAVITY ZONE CONTROL CENTER
• Hardened Linux virtual appliance
• Spins up in <15 minutes
• Web-scale high-availability architecture
• Automatic system upgrades
• No OS or database licenses needed
• Zero deployment time
• No server resources needed
• No administration
• No additional costs

37. 37
Hypervisor
Introspection
Security for
Virtualized
Environments
Security for
Exchange
Security for
Endpoints
Security for
Mobile
GRAVITYZONE ON-PREMISE
Overview
Security for
Storage

38. 38
Security for
Virtualized
Environments
Security for
Exchange
Security for
Endpoints
GRAVITYZONE CLOUD
Overview
Security for
Storage

39. Bitdefender
Relay Role
Server Zone
Client Zone
Proxy Server
GravityZone Cloud Console
GRAVITYZONE CLOUD – Offline Internet
Relay Module:
• Communication Server
• Update Signature
• Installation Software
• Logs transfer
• Receive command

41. INTEGRATED SINGLE AGENT & SINGLE CONSOLE

44. INTEGRATED SINGLE AGENT & SINGLE CONSOLE

45. INTEGRATED SINGLE AGENT & SINGLE CONSOLE

46. Single
Modular
Agent
INTEGRATED LAYERED NEXT-GEN EPP AND EDR
PLATFORM
Next-Gen EPP
EDR
Sandbox
Anti-Exploit
Full-Disk
Encryption
Patch
Management

47. OCTOBER 20, 2023
DETECTION
&
RESPONSE
PREVENTION
RISK
ANALYTICS
&
HARDENING
SERVICES
INTEGRATED
TECHNOLOGIES
& SERVICES
FOR THE BEST
BREACH
AVOIDANCE
Bitdefender GravityZone is a
next-generation security platform that lets you
protect all the endpoints in the enterprise,
including client devices and both virtual and
physical datacenter infrastructure.
INCIDENT
VISUALIZATION
ROOT CAUSE
ANALYSIS
ANOMALY DEFENSE
PROCESS
INSPECTOR
MITRE EVENT
TAGGING
SANDBOX
INVESTIGATION
GLOBAL
THREAT
INTELLIGENCE
MANAGED
DETECTION &
RESPONSE
(MDR)
PROFESSIONAL
SERVICES
THREAT
INTELLIGENCE
SERVICE
PREMIUM SUPPORT
THREAT HUNTING PROACTIVE
REMEDIATION
LOCAL & CLOUD
MACHINE
LEARNING
AUTOMATIC
SANDBOX
ANALYZER
HYPERDETECT™
(TUNABLE MACHINE
LEARNING)
EXPLOIT DEFENSE
FILELESS ATTACK
DEFENSE
NETWORK
ATTACK DEFENSE
PATCH
MANAGEMENT
ENDPOINT RISK
ANALYTICS
FULL DISK
ENCRYPTION
WEB THREAT
PROTECTION
DEVICE
CONTROL
FIREWALL
HUMAN RISK
ANALYTICS
EXTENDED
DETECTION AND
RESPONSE
PROCESS
INSPECTOR
APPLICATION
CONTROL
RANSOMWARE
MITIGATION

48. INTEGRATED SINGLE AGENT & SINGLE CONSOLE

49. INTEGRATED SINGLE AGENT & SINGLE CONSOLE

50. INTEGRATED SINGLE AGENT & SINGLE CONSOLE

51. INTEGRATED SINGLE AGENT & SINGLE CONSOLE

52. INTEGRATED SINGLE AGENT & SINGLE CONSOLE

53. Components Business Security Business Security
Premium
Business Security
Enterprise
A-la-Cart
Console-Delivery Options On-Premises / Cloud On-Premises / Cloud On-Premises / Cloud On-Premises
Endpoint Security Yes Endpoint Security HD Endpoint Security xEDR Yes
Mobile Security On-Premises On-Premises Yes
Security for Virtualized Environments Yes Yes Yes
Server/ WorkStation /Per-CPU
Licensing
Security for Exchange Yes Yes Yes
Hypervisor Introspection (HVI) Per-CPU Licensing (On-Prem) Per-CPU Licensing (On-Prem) Per-CPU Licensing
Coverage
Machine Learning Yes Yes Yes Yes
Advanced Anti-Exploit Yes Yes Yes Yes
Sandbox Analyzer Yes Yes HD Add-on
HyperDetect (Tunable ML) Yes Yes HD Add-on
Process Inspector (ATC) Yes Yes Yes Yes
Network Attack Defense Yes Yes Yes Yes
Fileless Attack Defense Yes Yes Yes
Central Scanning (Offloaded to an SVA) Yes Yes Yes
Visibility into Suspicious Activities Yes Yes Report Builder
Application Control Blacklisting Blacklisting
Whitelisting (On-Prem)
Blacklisting Blacklisting
Whitelisting
EDR Root Cause Analysis Yes (Full xEDR) Yes (EDR)
ERA (Endpoint Risk Analytics) Yes Yes Yes
Add-On
Full-Disk Encryption Yes Yes Yes Yes
Patch Management Yes Yes Yes Yes
Email Security Yes Yes Yes
Security for Storage Yes Yes Yes
Licensing
License Type and Term Bundle. Yearly License Bundle, Yearly License Bundle, Yearly License
Restrictions Up to 30% of Devices
Can Be Servers
Up to 35% of Devices
Can Be Servers
Up to 35% of Devices
Can Be Servers

55. October 20, 2023
55
source: skyboxsecurity.com
VULNERABILITY AND THREAT TRENDS
• Almost all malware types have seen an
increase over the first six months of 2020
• Cryptocurrency miners and worms being the
only malware that have had fewer
occurrences when compared to 2019
• Ransomware is increasing in usage
because it is also increasing in sophistication
- Human-operated ransomware attacks
• Exploits taking advantage of Remote Desktop
Protocol (RDP).
New post-exploitation malware

56. OCTOBER 20, 2023
Endpoint Risk
Management and
Analytics
Key Features:
 View your overall Company Risk Score and
understand how various misconfigurations
and application vulnerabilities contribute to
it
 Assess prioritized misconfigurations and
application vulnerabilities across your
organization’s endpoint estate
 Get a risk snapshot for servers and end-user
devices, and review the most-exposed
endpoints
 Fully native to all GravityZone Cloud
products
 Powered by Bitdefender Labs global threat
research
Actively reduce your organization’s attack surface by continuously assessing,
prioritizing, and addressing endpoint risk coming from misconfigurations and
application vulnerabilities.

57. OCTOBER 20, 2023
 Misconfigurations
Endpoint Risk
Management and
Analytics

58. OCTOBER 20, 2023
Vulnerabilities

59. OCTOBER 20, 2023
Endpoint Risk
Management and
Analytics
• Quickly identify and patch
vulnerabilities that pose a great
threat to a company
• Find details about CVEs on
cvedetails.com
• Remediate with integrated
Patch Management
Vulnerabilities

60. OCTOBER 20, 2023
Endpoint Risk
Management and
Analytics
• Get full focus on users that
have the highest risk within an
organization
Human Risk

61. Helps improve security posture by expediently
discovering and eliminating vulnerabilities
Provides the widest range of security- and
non-security patches for operating systems,
third-party applications and golden images
Covers Windows-based physical, virtual on-
prem and cloud-based endpoints and servers
Is deployed and managed from the
GravityZone console and integrated into its
agent
INTEGRATED PATCH MANAGEMENT (ADD-ON)

62.  Helps improve security posture by
expediently discovering and eliminating
vulnerabilities
 Provides the widest range of security-
and non-security patches for operating
systems, third-party applications and
golden images
 Covers Windows-based physical, virtual
on-prem and cloud-based endpoints
and servers
 Is deployed and managed from the
GravityZone console and integrated
into its agent
INTEGRATED PATCH MANAGEMENT (ADD-ON)

63. UNIQUE ENDPOINT RISK ANALYTICS & PATCHING

64. GRAVITYZONE™
THE SECURITY PLATFORM FOR
END-TO-END BREACH AVOIDANCE
OCTOBER 20, 2023
Endpoint Hardening and Control Technologies
Application Control – On premises only
• Supports both “Default Deny” and
“Blacklisting”
• Audit or Enforcement mode
• Trusted Updater
Web Threat Protection
• Scans incoming traffic and emails
• Blocks URLs based on behavior and machine
learning
• Web category filter
Firewall
Fully featured two-way personal firewall with
host-based intrusion detection and prevention
controls
Device Control
Allows administrators to manage permissions
for external devices such as USB Flash drives,
Bluetooth devices and others
Full-Disk Encryption (add-on)
Windows BitLocker and Mac OS FileVault native
encryption with centralized deployment,
management and key recovery from
GravityZone
Patch Management (add-on)
Provides widest range of security and non-
security patches for Windows operating
systems and third party applications

65. Network Level
On-Access Level
On-Execution
Attacker
Endpoint
Run Malware
FIREWALL
WEB THREAT
PROTECTION
DEVICE
CONTROL
NETWORK ATTACK
DEFENSE
LOCAL & CLOUD
MACHINE LEARNING
EXPLOIT
DEFENSE
PROCESS INSPECTOR
LOCAL & CLOUD
MACHINE LEARNING
Pre-Hardenened
ANTIMALWARE
(Signature-Based)
FULL DISK
ENCRYPTION
PATCH
MANAGEMENT
ENDPOINT RISK
ANALYTICS
EMAIL SECURITY
DEVICE
CONTROL
OVERVIEW OF THE
BEST’s PROTECTION
LAYERS – Securely
Everywhere
Dashboard and Report
Report

66. October 20, 2023
66
ADVANCED ATTACKS REQUIRE DETECTION AND
RESPONSE
Known Threats
Evasive Malware
Zero-day attacks
Fileless attacks
Targeted attacks, Low and slow, Insider Threats
99% of the
attacks can
be prevented
with the
right tools
< 1% require
analysis over
time across
layers with ML
HARDER
TO
EXECUTE
SOPHISTICATION
DAMAGING

67. GRAVITYZONE™
THE SECURITY PLATFORM FOR
END-TO-END BREACH AVOIDANCE
OCTOBER 20, 2023
GravityZone Prevention Technologies
Dynamic Machine Learning – Pre/On/Post-Execution
Predict and block advanced attacks, learning and adapting
since 2008 with one of the world’s largest Global
Protective Networks to deliver top efficacy with low false
positives
Network Attack Defense
• ID and categorize network behaviors
• Several ML algorithms are used against specific
attack vectors, like protocol and device specific
anomaly detection
HyperDetect – Pre-Execution
Tunable machine learning and behavior-analysis
models trained to detect advanced, sophisticated
threats at pre-execution
Sandbox Analyzer – Pre/Post-Execution
Automatic submission of suspicious files from
endpoints to a cloud-based sandbox for detonation
and behavioral analysis
Exploit Defense
Anti-Exploit protection designed to tackle evasive
exploits, to help reduce the ATP attack surface and
minimize the risk of being targeted.
Process Inspector – On/Post-Execution
A behavior anomaly detection technology that
provides protection against never-before-seen
threats in on-execution stage
Fileless Attack Defense – Pre-Execution
Detects and blocks fileless malware - terminate
PowerShell running malicious command line,
blocking malicious traffic, block code injection
process into memory buffer

68. Network Level
On-Access Level
Pre-Execution
On-Execution
Attacker
Endpoint
Run Malware
FIREWALL
WEB THREAT
PROTECTION
DEVICE
CONTROL
NETWORK ATTACK
DEFENSE
HYPERDETECT™
(TUNABLE MACHINE
LEARNING)
LOCAL & CLOUD
MACHINE LEARNING
FILELESS ATTACK
DEFENSE
AUTOMATIC SANDBOX
ANALYZER
EXPLOIT
DEFENSE
PROCESS INSPECTOR
INCIDENT
VISUALIZATION
ROOT CAUSE
ANALYSIS
MITRE EVENT
TAGGING
SANDBOX
INVESTIGATION
LOCAL & CLOUD
MACHINE LEARNING
Pre-Hardenened
ANTIMALWARE
(Signature-Based)
LOCAL & CLOUD
MACHINE LEARNING
FULL DISK
ENCRYPTION
PATCH
MANAGEMENT
ENDPOINT RISK
ANALYTICS
EMAIL SECURITY
DEVICE
CONTROL
Visibility &
Response
OVERVIEW OF THE
BEST’s PROTECTION
LAYERS – Securely
Everywhere

70. OCTOBER 20, 2023
Ransomware Mitigation
Ransomware mitigation helps
organizations recover files after a
blocked ransomware attack – without
any downtime.
Gain peace of mind with fast recovery
of encrypted files affected by
ransomware
• Tamper-proof, secure backup
copies to ensure data is protected
• Stop attacks coming from
endpoints not protected by
Bitdefender
• Add more value with affordable,
advanced security features – no
upcharges for Ransomware
Mitigation

71. Fileless Attack Protection

73. Ransomware Mitigation
Ransomware mitigation
helps organizations recover
files after a blocked
ransomware attack –
without any downtime.
Ransomware Activity
• Automatic recovery files

74. HYPERDETECT – TUNABLE MACHINE LEARNING
Protects from:
• Ransomware
• Exploits
• Fileless attacks
• Script-based attacks
Provides maximum
detection accuracy
without false positives
Delivers full visibility
into suspicious
activities
Set the detection-aggressiveness level…
…to counter relevant threats
Gain full visibility and enable automatic action

75. SANDBOX ANALYZER
Uses machine learning and behavioral
analysis to assess suspicious files
Runs in blocking or monitoring mode
Provides a verdict in near-real-time
and takes policy-based remediation
action
Delivers in-depth reporting on malware
behavior
Protects against:
• Advanced targeted
attacks
• Custom malware
• Unknown packers

78. SANDBOX ANALYZER
Streamlines investigation,
enabling live tracking of
attacks and lateral
movement
Facilitates rapid
resolution, containment
and remediation
Provides real-time
endpoint visibility and
insight into suspicious
activities
Simplifies alert triage
and incident-analysis
visualization

79. SANDBOX ANALYZER
Streamlines investigation,
enabling live tracking of
attacks and lateral
movement
Facilitates rapid
resolution, containment
and remediation
Provides real-time
endpoint visibility and
insight into suspicious
activities
Simplifies alert triage
and incident-analysis
visualization

80. SANDBOX ANALYZER
Streamlines investigation,
enabling live tracking of
attacks and lateral
movement
Facilitates rapid
resolution, containment
and remediation
Provides real-time
endpoint visibility and
insight into suspicious
activities
Simplifies alert triage
and incident-analysis
visualization

81. SANDBOX ANALYZER
Streamlines investigation,
enabling live tracking of
attacks and lateral
movement
Facilitates rapid
resolution, containment
and remediation
Provides real-time
endpoint visibility and
insight into suspicious
activities
Simplifies alert triage
and incident-analysis
visualization

82. SANDBOX ANALYZER
Streamlines investigation,
enabling live tracking of
attacks and lateral
movement
Facilitates rapid
resolution, containment
and remediation
Provides real-time
endpoint visibility and
insight into suspicious
activities
Simplifies alert triage
and incident-analysis
visualization

83. SANDBOX ANALYZER

84. SANDBOX ANALYZER

85. W W W . B I T D E F E N D E R . C O M
ENDPOINT DETECTION AND
RESPONSE (EDR)

86. October 20, 2023
86
INTEGRATED ENDPOINT DETECTION AND RESPONSE
(EDR)
Minimizes infection
exposure and stops
breaches
Enables one-click
automated detection,
easy investigation and
in-place remediation
Reduces requirements
for resources and skills
to perform early
detection and incident
response

87. INTEGRATED EPP AND EDR SOLUTION
Streamlines investigation,
enabling live tracking of
attacks and lateral
movement
Facilitates rapid
resolution, containment
and remediation
Provides real-time
endpoint visibility and
insight into suspicious
activities
Simplifies alert triage
and incident-analysis
visualization

88. Detection and Response
MITRE attack techniques and indicators of compromise provide up to the minute insights
into named threats and other malware that may be involved.
Pre and Post Compromise
attack forensics – Root
Cause Analysis
Easy to understand visual guides highlight critical attack paths, easing burdens on IT
staff.
The end-to-end attack forensics provides visibility into past actions covering the
entire lifecycle of an attack (before, during and after). It covers both blocked attacks
and suspicious activities (EDR specific detections)

89. ADVANCED ATTACK DETECTION
AND RESPONSE
• Uncoversuspicious activity
• Machine-learning, cloud scanning
and sandbox
• MITRE ATT&CK and IoC search
• Response actions
› Killor Block Process
› Isolate Host
› Start Sandbox Analysis
› Block Hash
› Remote Connection

90. INTEGRATED EPP AND EDR SOLUTION
Streamlines investigation,
enabling live tracking of
attacks and lateral
movement
Facilitates rapid
resolution, containment
and remediation
Provides real-time
endpoint visibility and
insight into suspicious
activities
Simplifies alert triage
and incident-analysis
visualization

91. INTEGRATED EPP AND EDR SOLUTION
Streamlines investigation,
enabling live tracking of
attacks and lateral
movement
Facilitates rapid
resolution, containment
and remediation
Provides real-time
endpoint visibility and
insight into suspicious
activities
Simplifies alert triage
and incident-analysis
visualization

93. INTEGRATED EPP AND EDR SOLUTION

94. INTEGRATED EPP AND EDR SOLUTION

95. INTEGRATED EPP AND EDR SOLUTION

96. W W W . B I T D E F E N D E R . C O M
ENDPOINT NETWORK CLOUD HUMAN
BITDEFENDER EXTENDED EDR (XEDR)
GET READY FOR THE NEW STAGE OF EDR EVOLUTION
October 20, 2023
96

97. OCTOBER 20, 2023
Options to address the problems
Technical
Challenge
eXtended Detection
and Response (XDR)
Human
Resource
Challenge
Managed Detection and
Response (MDR)
Technical
Solution
Outsource eXtended EDR (XEDR)

98. OCTOBER 20, 2023
98
• Cyber-criminals increasingly difficult to detect
• Techniques individually look like routine behavior
• EDR solutions can be complex and qualified staff difficult to find
• Solutions need to be lightweight, flexible and easy-to-deploy
ADVANCED THREAT CHALLENGES
RECONNAISSANCE WEAPONISATION DELIVERY EXPLOITATION INSTALLATION COMMAND
AND CONTROL
ACTION ON
OBJECTIVES
Prevention Detection and Response

100. OCTOBER 20, 2023
10
WHAT ARE THE BENEFITS OF BITDEFENDER
EDR?
Either stand-alone or part of a full-stack security package, Bitdefender Endpoint Detection and Response (EDR) quickly and effectively strengthens your security
operations.
REDUCING
OPERATIONAL BURDEN
DETERMINING
ORGANIZATIONAL RISK
BRIDGING THE CYBER SECURITY
SKILLS GAP
ADVANCED ATTACK
DETECTION AND RESPONSE

101. OCTOBER 20, 2023
MORE THAN EDR: eXtended EDR* (XEDR)
The cross-endpoint event correlation technology, the eXtended EDR (XEDR), takes threat detection and visibility to a new level by combining the granularity and rich
security context of EDR with the cross-endpoint event correlation of XDR (eXtended Detection and Response).
ORGANIZATION-LEVEL INCIDENT
VISIBILITY
(EXTENDED VISIBILITY)
CROSS-ENDPOINT EVENT
CORRELATION
(EXTENDED DETECTIONS)
*XEDR is available only for cloud-deployed solutions. Standard EDR is available for on-premises deployments.

102. MITRE ATT&CK Framework

105. GRAVITYZONE XEDR – INCIDENT
GRAPH

107. October 20, 2023 107
 BRIDGING THE
CYBER SECURITY
SKILLS GAP
• Respond, limit spread, stop attacks
• Threat visualizations
• Understand complex detections
• Identify root cause
• Prioritized alerts
• Respond with one click

109. W W W . B I T D E F E N D E R . C O M
SECURITY FOR VIRTUALIZED
ENVIRONMENTS

110. Public cloud IaaS
(AWS, Azure)
Any hypervisor
VM 1 VM 2 VM 3
VM 1 VM 2 VM 3
SVA
Physical endpoints
Control
Center
Bitdefender
Global Protective
Network
On-premises infrastructure
OCTOBER 20, 2023
MAXIMIZES VISIBILITY AND MANAGEABILITY

111.  Featherweight agent
Offloaded scanning, threat database
 Any hypervisor
VMware ESXi, Citrix Xen, Microsoft Hyper-V,
Red Hat KVM, Oracle VM
 SVA not required on each host
 SVA redundancy
Security Server
GravityZone
Control Center
VM VM VM VM
BEST with Central Scan
OCTOBER 20, 2023
HOW DOES SVE WORK?

112. Two-level caching on both the virtual machine (VM) and the
security virtual appliance (SVA) enables high antimalware
efficiency
The SVA inspects each file only once even if it appears on
multiple VMs
This helps avoid redundant scanning, significantly reducing
CPU, RAM, IO, and network load
Security Virtual Appliance
VM1
Local Cache
Central Cache
VM2
Local Cache
TCP/IP
Update
Local
Cache
Update Central
Cache
SVE CACHING ARCHITECTURE
OCTOBER 20, 2023

113. OCTOBER 20, 2023
One or more GravityZone Security Virtual Appliances (SVA) perform the role
of ICAP server(s) providing antimalware-analysis services to Network-
Attached Storage (NAS) and file-sharing solutions compliant with the
Internet Content Adaptation Protocol
The GravityZone Control
Center acts as a central
management console for
Security for Storage
GRAVITYZONE
SECURITY
FOR
STORAGE

114. October 20, 2023
114
BITDEFENDER GRAVITYZONE®
Bundles Solution Package

115. GRAVITYZONE
THE ENTERPRISE SECURITY PLATFORM
FOR THE BEST BREACH AVOIDANCE
BITDEFENDER
GRAVITYZONE®
Unified Prevention, Detection, Response and
Hardening Across Endpoint, Network and Cloud
LAPTOPS AND
WORKSTATIONS
MOBILE
DEVICES
VIRTUAL
DESKTOPS
VDI / DAAS
SERVERS
EMAIL
Hosted or On-prem
STORAGE
ICAP Compatible
PUBLIC, PRIVATE &
HYBRID CLOUD
SOFTWARE-DEFINED &
HYPERCONVERGED
INFRASTRUCTURE

116. Bitdefender
Global Protective
Network
GRAVITYZONE ARCHITECTURE AND PRODUCTS
SVA
Any hypervisor
VM 1 VM 2 VM 3
On-premises infrastructure
GZ Security for Endpoints GZ Security for Virtualized Environments (SVE)
ENTERPRISE HQ AND
DATACENTER
Firewall
GZ Security for Virtualized Environments; Security for AWS
SVA*
VM 1 VM 2 VM 3
Public-cloud infrastructure (AWS, Azure)
PUBLIC-CLOUD ESTATE
Firewall
Threat dbase update
False positive checks
Malware algorithm- and threat-feed updates
Policy updates  Reporting  System software updates
GravityZone
Control Center
GZ Security for Endpoints
Firewall
REMOTE / HOME OFFICE
Relay

117. Components Business Security Business Security
Premium
Business Security
Enterprise
A-la-Cart
Console-Delivery Options On-Premises / Cloud On-Premises / Cloud On-Premises / Cloud On-Premises
Endpoint Security Yes Endpoint Security HD Endpoint Security xEDR Yes
Mobile Security On-Premises On-Premises Yes
Security for Virtualized Environments Yes Yes Yes
Server/ WorkStation /Per-CPU
Licensing
Security for Exchange Yes Yes Yes
Hypervisor Introspection (HVI) Per-CPU Licensing (On-Prem) Per-CPU Licensing (On-Prem) Per-CPU Licensing
Coverage
Machine Learning Yes Yes Yes Yes
Advanced Anti-Exploit Yes Yes Yes Yes
Sandbox Analyzer Yes Yes HD Add-on
HyperDetect (Tunable ML) Yes Yes HD Add-on
Process Inspector (ATC) Yes Yes Yes Yes
Network Attack Defense Yes Yes Yes Yes
Fileless Attack Defense Yes Yes Yes
Central Scanning (Offloaded to an SVA) Yes Yes Yes
Visibility into Suspicious Activities Yes Yes Report Builder
Application Control Blacklisting Blacklisting
Whitelisting (On-Prem)
Blacklisting Blacklisting
Whitelisting
EDR Root Cause Analysis Yes (Full xEDR) Yes (EDR)
ERA (Endpoint Risk Analytics) Yes Yes Yes
Add-On
Full-Disk Encryption Yes Yes Yes Yes
Patch Management Yes Yes Yes Yes
Email Security Yes Yes Yes
Security for Storage Yes Yes Yes
Licensing
License Type and Term Bundle. Yearly License Bundle, Yearly License Bundle, Yearly License
Restrictions Up to 30% of Devices
Can Be Servers
Up to 35% of Devices
Can Be Servers
Up to 35% of Devices
Can Be Servers

118. Components Business Security Business
Premium
Business Enterprise A-la-Cart MSP
Console-Delivery Options On-Premises / Cloud On-Premises / Cloud On-Premises / Cloud On-Premises Cloud
SaaS
Endpoint Security Yes Endpoint Security HD Endpoint Security xEDR Yes Yes
Mobile Security On-Premises On-Premises Yes
Security for Virtualized Environments Yes Yes Yes Per-CPU / VS /VDI/License
Security for Exchange Yes Yes Yes Yes
Hypervisor Introspection (HVI)
Per-CPU Licensing (On-
Prem)
Per-CPU Licensing (On-Prem) Per-CPU Licensing
Coverage
Machine Learning Yes Yes Yes Yes Yes
Advanced Anti-Exploit Yes Yes Yes Yes Yes
Sandbox Analyzer Yes Yes HD Add-on Yes
HyperDetect (Tunable ML) Yes Yes HD Add-on Yes
Process Inspector (ATC) Yes Yes Yes Yes Yes
Network Attack Defense Yes Yes Yes Yes Yes
Fileless Attack Defense Yes Yes Yes Yes
Central Scanning (Offloaded to an SVA) Yes Yes Yes Yes
Visibility into Suspicious Activities Yes Yes Report Builder Yes
Application Control Blacklisting Blacklisting
Whitelisting (On-Prem)
Blacklisting Blacklisting
Whitelisting
Yes
EDR Root Cause Analysis Yes (Full xEDR) Yes (EDR) Yes
ERA (Endpoint Risk Analytics) Yes Yes Yes Yes
Add-On
Full-Disk Encryption Yes Yes Yes Yes Yes
Patch Management Yes Yes Yes Yes Yes
Email Security Yes Yes Yes Yes
Security for Storage
Container Protection
Integrity Monitoring
Data Retention Integrity Monitoring (90/180/365) days
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes

119. 119

120. 120
GravityZone – the next level
of agile cybersecurity
• Centralized management - security policies, configurations, and
updates across multiple endpoints and locations
• Real-time threat detection and response - advanced machine
learning and behavior analysis techniques to detect and
respond to threats in real-time
• Cloud-based or on-premise security that can be deployed
quickly and easily, and is scalable to meet the changing needs
of an organization
• Advanced endpoint and network protection features such as
anti-malware, anti-phishing, and anti-ransomware, as well as
device control and web filtering, sandbox, hyper detect, EDR,
XDR and more
• Integrated risk management includes vulnerability assessment,
compliance management, and security audits

121. 121
Bitdefender
support for
partners
• Free certification training for
partners (sales and technical)
• Second level support from our local
distributors and help desk technical
support from our office in Bangkok
• GOV/EDU/NGO and business
discounts on request
• Account protection for registered
and verified projects
• Free pre-sales support including
trials and POC deployment
• Free online user training
• MDF, discounts for partners at the
gold level or higher

122. Bitdefender HERO !!!

123. THANK YOU!

124. CONSUMER PRODUCTS (HOME USER)

125. © Bitdefender 2018. For internal use only.
BITDEFENDER CONSUMER PRODUCT 2022

126. PRODUCTS COMMERCIAL COMPARISON 2022
126

127. W W W . B I T D E F E N D E R . C O M