BITDEFENDER GRAVITYZONE SME SECURITY SOLUTION
Dec 14, 2015
BITDEFENDER GRAVITYZONE
SME SECURITY SOLUTION
• A resource-efficient security solution
• Simultaneously provides high performance and protection
• Delivering centralized management
• Easy deployment
• Freedom to choose any combination of:
• Virtualization vendors
• Cloud providers
• Physical devices, virtual platforms and virtual machines
2
GRAVITY ZONE IS
SECURITY FOR TRADITIONAL AND HYBRID CLOUD ENDPOINTS
3
Public Cloud
On-Premise Hybrid Cloud
Traditional & Mobile Endpoints
Private Cloud
GravityZone Security Solution
MULTI-PLATFORM COVERAGE
4
ENTERPRISE-WIDE UNIFIED MANAGEMENT
5
GRAVITYZONE TARGET CUSTOMERS
6
1. SME with Data Centers focused on virtualization
2. xSPs (Services Providers with Data Centers and Cloud)
3. SMB adopting virtualization
GRAVITYZONE: DEFEAT THREATS
7
• Top protection and compliance for endpoints, virtualization and cloud environments
• #1 rated Bitdefender technologies provide the best protection, and best removal-performance and speed
Constantly outperform competition at protection, performance and usability according to AV-Test Corporate:
Windows 8 - October 2014 Windows 7 - August 2014 Windows XP - June 2014
• GravityZone is hypervisor-agnostic and delivered as a virtual appliance for quick and easy deployment across any combination of virtualization platforms and devices
• Unlike others, GravityZone provides a unified management console across all security services on physical, virtualized and mobile endpoints.
• GravityZone is integrated with VMware vCenter, Citrix XenServer and Microsoft Active Directory.
8
GRAVITYZONE: DELIVER CONTROL
1) Built-in redundancy and high availability
- Duplication of roles for the GravityZone appliance : Database, Update server, Web console (Control Center) and / or Communication server
- Even distribution of scanning traffic with load balancing
2) Integrated management and control
- Support for VMware vCenter, Citrix XenServer and Microsoft Active Directory
- Enforcing security policies on entire inventory objects including hosts, VM folders or resource pools.
3) Intuitive reporting and monitoring
- Granular access rights for permission-based access to Control Center
- Detailed, centralized reporting on the security state across the organization:
I. Malware activity, network and update status
II. Instant access through 12 configurable portlets on the Dashboard9
GRAVITYZONE: KEY FEATURES
1. Simplicity and ease of use: Straightforward administration from the GravityZone Control Center, with separate views and specific policy sets for each of the three security services.
2. One security platform across multiple regions: Architected to scale globally and protect organizational units across distributed regions. By operating on any or all four appliance roles that can be partially load balanced, GravityZone can be connected to, and managed centrally from, different local deployments, worldwide.
3. Turnkey deployment from a single virtual appliance: Alleviate administrative overhead with root-level initial setup from CLI and one-time configuration of the scanning appliances, without the need to deploy and configure other components.
4. Flexible modular licensing: Every security service is licensed separately and can be activated whenever necessary to accommodate business growth. Licensing per CPU socket provides even greater flexibility to companies with VDI infrastructures
10
GRAVITYZONE: KEY BENEFITS
11
GRAVITYZONE LICENSING AND PRICING
• Free trial for 60 day of the fully featured product available
• Technical support for Proof of Concept available
Service License type - Subscription
License units count
GravityZone Control Center Provided for free with any security service
Security for Endpoints 1, 2 or 3 years # of protected desktops, laptops and servers
Security for Virtualized Environments
1, 2 or 3 years # of protected virtual desktops (VDI) and # of virtual servers (VS) - or -# of physical CPUs that powers the protected virtualized environment
Security for Mobile Devices 1, 2 or 3 years # of protected smartphones and tablets
NOVEMBER 2014 UPDATED FEATURES
12
• Centralized notification area
• New reports
• Syslog configuration
• Status alert customization
• Offline registration
• Database role replication
BENEFITS
13
Features Benefits
o Centralized notification areao New reportso Syslog configuration
Enhanced support for audits and compliance (HIPAA, PCI,…)
o Status alert customization Admin friendly
o Database role replication Scalability and resilience
o Offline registration Cover a wide range of use cases now including closed networks
NEW REPORTS
14
• Status Report • Modules – shows installed endpoint agent modules and their status;• Security for Virtualized Environments
• VM update status report;• SVA status report (including load);
• Malware reports at file level• Full details• All events
• Most requested features: malware event report with files details!• DONE
CENTRALIZED NOTIFICATION AREA
15
• Notification center • Unified• Easy configuration
• All channels available:• Console• Email• Syslog
• Most requested feature: malware detection email notification!• DONE
SYSLOG CONFIGURATION
16
• Available in the console
• Select relevant events
CUSTOMIZABLE STATUS ALERT
OFFLINE GRAVITYZONE REGISTRATION
• Policy based and granular configuration• Admin choses when the agent turns RED
• Offline environments• For “paranoid” industries: Gov …
DATABASE ROLE REPLICATION
17
• MongoDB automated replication
• Replica set
GRAVITYZONE SECURITY SERVICES
18
Security for Endpoints • Windows systems and Mac protection• Host-based firewall, IDS, web filtering &
control, data protection and application control
Security for Mobiles Devices• IOS and Android support• Device compliance & profile control• On-access scanning & encryption
Security for Virtualized Environments• Remote scan protection for ANY
hypervisor • Increased server consolidation• Windows and Linux support
GravityZone Control Center• Unified security for
physical, virtualization and mobiles
• Built in redundancy and auto-scaling
• Integrated with 3rd parties like VMware, Citrix & Microsoft
GRAVITYZONE SECURITY FOR VIRTUALIZED ENVIRONMENTS (SVE)
IT BUDGETS FOR 2014 OF PROGRESSIVE SMES
20
Spiceworks report: North America IT spend in 2014
IT BUDGETS FOR 2014 OF PROGRESSIVE SMES
21
Spiceworks research: State of SMB IT 1H 2013
VIRTUALIZATION MARKET DRIVERS AND ADOPTION
22
Virtualization penetration has surpassed 50% of all server workloads, and continues to grow.
Traditional Antimalware
THREAT OVERVIEW
23
From 32.000 new unique malware every day to +300.000 in just 5 years! Source: AV-Test in Germany.
AV SIGNATURE UPDATE FREQUENCY
24
HourlyEvery
8 hoursEvery
8 hoursEvery
24 hours
Even hourly updates present 12,500 possible infections per hour, when AV-Test isRegistering +300,000 new threats per day..
CONVENTIONAL CHALLENGES
25
AV-Storm
Concurrent Updates
Storage IO
Exclusions
Boot Latency
vShield
Administration
TRADITIONAL AGENT BASED PROTECTION
26
Client on every VM
Antimalware engines, signatures, cache databases are stored locallyand requires constant updates
Typically, 750MB – 1GB of disk spaceand 170-250 MB of memory whenloaded, more memory when scanning
TRADITIONAL AGENT BASED PROTECTION
27
Resource contention
Clients on virtual machines compete for host resources with production workloads
Exacerbated when clients simultaneously start scan processes on several VMs or download and install updates
Massive impact on CPU, memory and I/Oactivity on the storage
TRADITIONAL AGENT BASED PROTECTION
28
Boot latency and boot time security gaps
Scanning engines and signatures loading
Recovering from older snapshots/backups
Check for updates after loading
This time window leaves the system unsecured and vulnerable to malware attacks
TRADITIONAL AGENT BASED PROTECTION
29
CONCLUSION: It’s better than having no protection at all,BUT:
1. Ridiculously high resource consumption (Memory, CPU, Storage, I/O)2. Unintelligently duplicating AV operations over and over3. Highly capably of generating bottlenecks4. More or less impossible with VDI5. Time consuming to deploy, manage and monitor!
RESOURCE OPTIMIZATION WITH GRAVITYZONE SVE
30
Security Server
VM
BD Tools
VM
BD Tools
VM
BD Tools
VM
BD Tools
VM
BD Tools
VM
BD Tools
VM
BD Tools
VM
BD Tools
VM
BD Tools
VM
BD Tools
VM
BD ToolsVM
BD ToolsVM
BD Tools
VM
BD Tools
VM
BD Tools
VMVMVMVMVM
VMVMVMVM VM
BD ToolsBD ToolsBD ToolsBD Tools
BD ToolsBD ToolsBD ToolsBD ToolsBD Tools
SCAN ENGINE
SCAN ENGINE
SCAN ENGINE
SCAN ENGINE
SCAN ENGINE
SCAN ENGINE
SCAN ENGINE
SCAN ENGINE
SCAN ENGINE
SCAN ENGINE
Potentially available resources
SECURITY FOR VIRTUALIZED ENVIRONMENTS
31
• Hypervisor agnostic; supports VMware, Citrix, Microsoft, AWS, Oracle, and Red Hat virtualization
• Comprehensive solution for Windows and Linux servers and VDI machines
• Integrated management VMware, Citrix, Amazon Web Services
• Increased server consolidation with centralized antimalware: up to 30% more VMs per physical host
• Small footprint on the VMs: 60 MB of disk and 30 MB of memory in non-VMware environments
APPROACH TO VIRTUALIZED ENVIRONMENTS
32
Two GravityZone key components
• Enforcement point or endpoint agent• What is in each VM, what and how it offloads
• Management of virtualized environment• What manages VM security, how it is integrated• Architecture• Single point of management
ENFORCEMENT POINT: “AGENTLESS” AND “LIGHT AGENT”
33
Two approaches available in Bitdefender Security for Virtualized Environments…
1. VMware vShield Endpoint• Proprietary solution, API for security vendor integration• Provides remote introspection from virtual appliance (scanning offload)• Bitdefender Tools for vShield adds additional functionality
2. Bitdefender Tools• End-to-end provided by Bitdefender
COMPARING “AGENTLESS” VERSUS “LIGHT AGENT”
34
BD Tools vShield Endpoint Integration
Hypervisor agnostic ESXi only
Windows and Linux VMs Windows only
No external dependency Requires vShield Manager
Scanning offload across hosts Scanning offload within host
Fail-over between VAs Tied to VA on-host; no fail-over
In-VM GUI Not native; in-VM GUI provided by Bitdefender
On-demand memory/process scanning Not native; provided by Bitdefender
In-VM footprint is BD Tools In-VM footprint is vShield file system driver (in VMware Tools) and optional BD Tools for vShield VMs
AGENTLESS PROTECTION WITH VMWARE VSPHERE
35
Tightly integrated with VMware vShield Endpoint EPSEC API
VMware vCenter integrated management for unified visibility
Bitdefender Tools:
• Extends coverage to non-Windows environments.
• Provides deep introspection capabilities: file systems, processes and memory
VSHIELD - AGENTLESS PROTECTION
36
vShield Endpoint SDK
Other limitations
No monitoring of: Running processes Memory Registry database
• Max 1 AV engine per host• Depends on VMware Tools• No cache between hosts• No failover possible
VSHIELD - AGENTLESS PROTECTION
37
vShield Endpoint SDK
Allow centralizedAV introspection as theVM is accessing localdisks.
Only works for Windows!
HYPERVISOR-AGNOSTIC SECURITY FOR COMPLEX DATACENTERS
38
Universal platform coverage - full support for any hypervisor:VMware, Citrix, Microsoft, Red Hat, KVM, Oracle, or any other virtualization.
Protects virtualized desktops and servers running on: Windows & Linux
Pre-trained, self-learning cache mechanisms
Centralized antimalware for improved performance
LOAD BALANCING
39
• Deploy as many AV engines per host as you wish• Shared cache between all AV engines• Endpoints will automatically be serviced by the AV engine
with the fastest response time (allowed by policy)
GRAVITYZONE SVE MANAGEMENT
40
GravityZone has superior management for virtualized environments because is:
Built from the ground-up for environments of today
Delivered as a virtual appliance
Integrated with vCenter, XenServer, Active Directory, etc.
Scales horizontally – to get more horsepower, add more VMs to a deployment
Includes MongoDB; non-relational, open-source database; single database instance can be spread across 1000 nodes
GRAVITYZONE SVE MANAGEMENT
41
Virtual appliance
Each VA can play one or more role (load balancer, database, management console) to distribute across geographies, scale as much as needed
Built-in load distribution, fault tolerance
vCenter, XenServer
Management integration is key to keep-up with hugely dynamic environments
Supports ESXi, Xen, Hyper-V, RedHat, Oracle, etc.
Extend to public cloud easily (VPC in AWS, for example)
BITDEFENDER TOOLS
42
Windows and Linux version Static installation – requires no updating 50 MB disk space inside each VM Three major components:
Gateway, allowing centralized engine toaccess the systemMaximum 15MB memory footprintNo CPU loadRuns as an unstoppable local service
Local tools (uncompress, file move, file deletion, etc.
Optional UI, including pop-upnotification, policy controlled
OPTIMIZED SCANNING TECHNIQUE
43
Myfile.extension = 25 MB on diskSegments capable of execution, which might contain malicious code = 2.5 MBFile areas scanned using Bitdefender technology: 2.5 MB
MULTI-LEVEL CACHING
44
Unique files and processes areonly scanned once, regardless VM or AV engine (SVA)
Modified files are rescanned, butonly on changed areas
Consequence: reduced CPU and I/O activity
LOGIN VSI: “BEST-PERFORMING VIRTUALIZATION SECURITY OUT THERE”
45
Mcafee MOVE (w/ vShield)
Trend Micro Deep Security
Symantec EP with Shared Insight Cache
No Security
0 50 100 150 200 250 300
173185
193.75204.5
205.75218247.5
Login VSImax -Max number of VDI sessions
Server consolidation is key
Mcafee MOVE (Multi-Platform)
Kaspersky Security for Virtualization
Mcafee MOVE (w/ vShield)
No Security
6067.5
5871.25
5748.75
5744.25
5685
5657.5
5373.25
LOGIN VSIMAX THRESHOLD - MAX RESPONSE TIMES
Lowest latency and baseline on virtual desktops
• GravityZone showed a 30% increase in VDI density.
• Customers report lower operational costs and significant savings in time and effort, based on GravityZone management tools and simple deployment.
• GravityZone is elastic, which allows customers to spin up or scale down virtual appliances, physical machines and devices, on demand.
46
GRAVITYZONE: DRIVE PERFORMANCE
Mcafee MOVE (w/ vShield)
Trend Micro Deep Security
Symantec EP with Shared Insight Cache
No Security
0 50 100 150 200 250 300
173185
193.75204.5205.75
218247.5
Login VSIMax number of VDI sessions
PERFORMANCE LEADERSHIP
47
No reboots required – anywhere!
SVE engine is pre taught on most commonly known Microsoft recommended exclusions
Increases VM density by 30%Proved using Login VSI performance tools.
GRAVITYZONE SVE KEY BENEFITS
48
• Better ROI on virtualization projects.– 3rd party tested 30% increase in VM density. Removes all issues of
traditional antimalware and helps to attain virtualization objectives.
• Protect multi-platform virtualized datacenters– The only hypervisor agnostic solution – protects VMware, Citrix, Microsoft.
Oracle, KVM, Red Hat or any virtualization platform from one console.
• Improved operational efficiency– Automated tasks due to integration with VMware vCenter and Citrix
XenServer. Turn-key deployment of Security Server virtual appliance.
• Best performance in VDI environments– Lowest impact on applications running in virtualized environments, when
compared to other virtualization security solutions. (VSI Login tests)
GRAVITYZONE SVE COMMON QUESTIONS
49
Isn’t vShield “agentless”?
Great marketing term; really means “no security vendor footprint in-VM”
VMware provides file system driver in VMware tools
GUI, memory/process scanning layered on top by security vendor
Which has fewer components?
BD Tools has BD Tools in-VM, GravityZone management
vShield integrated version has vShield Manager, VMware Tools, BD Tools for
vShield VMs, GravityZone management
Are they mutually exclusive?
At the VM level, yes; either BD Tools or vShield + BD Tools for vShield VMs
At the management level (deployment level), no
GRAVITYZONE SECURITY FOR ENDPOINTS
SECURITY FOR ENDPOINTS
51
• Multiple protection levels with
Bitdefender antivirus engines, B-
HAVE and AVC technologies for
any number of desktops, laptops
and servers
• Remote deployment and real-
time control and monitoring of all
systems
• Productivity module that enables
the administrator to control or
restrict internet access or access
to certain applications
• Active Directory integration and
proprietary endpoint discovery
SECURITY FOR ENDPOINTS FEATURES
52
• Protects Windows* laptops, desktops and servers
• Un-obstructive protection - requires no end-user interaction
• Two-way firewall, with intrusion detection
• Web access control and filtering
• Sensitive data protection
• Application control
• Low resource consumption
• Optimized system scanning
SECURITY FOR ENDPOINTS - FEATURES & BENEFITS
53
Features Benefits
Protects Windows laptops, desktops, servers and tablets
One single AV solution across various corporate terminals
Unobtrusive protection Requires no end-user interaction. Comes with a GUI to inform the user on the security status, tasks and events occurring on the protected system
Low resource consumption Runs silently in the background without slowing the system. Lightweight, not overloaded with unnecessary features.
Two-way firewall with IDS Monitors network packages and blocks intrusion or hijack attempts when connecting to public networks.
Web and application control Improves employee productivity by scheduling or restricting access to specific websites and applications that may be considered untrusted or improper in a workplace.
Antiphising and sensitive data protection Prevents loss of confidential data and protects against phishing, fraud, or malicious web content.
Remote installation Easy to deploy remotely within the network through Microsoft AD or Network Discovery on computers outside AD. The solution can automatically detect and remove other incompatible security solutions at installation time.
NEW: Endpoint Security Relay (currently called Super Agent in the Administrator's Guide)
This role from Security for Endpoints acts as a single point of exit (relay) for geographically-dispersed organizational units/ branches. It helps to save bandwidth consumption and optimizes the update traffic by leveraging the update server functionality.
GRAVITYZONE SECURITY FOR MOBILE DEVICES
GRAVITYZONE MOBILE CLIENT DELIVERY
55
• Centralized management integrated with Microsoft Active Directory
• Ease of access via Apple Store and Google Play
• Simple app activation through QR code scanning
• Automatic updates via Marketplace
SECURITY FOR MOBILE DEVICES FEATURES
56
• Centralized management, integrated with Active Directory
• Application and updates delivered via marketplace
• Device compliance detection: allow or deny rooted/ jailbroken devices - NAC
• Non-compliance actions: Ignore, Deny Access, Lock, Wipe
• Remote locate, lock/unlock and wipe device
• Locate device on map
• Real-time protection with on-access scanning (Android)
• Removable media encryption (Android)
• Remote scan tasks (Android)
• Removable media scanning on mount
SECURITY FOR MOBILE DEVICES - FEATURES & BENEFITS
57
Features Benefits
Unified Management Centralized administration of mobile, physical and virtualized endpoints through an easy-to-use web-based console
Integrated with Active Directory Simple deployment through Active Directory user groupsEnsures consistent security policies on all users’ devices
Installation and updates via Google Play /App StoreEnrollment invites by email Simple app activation through QR code scanning
Removes the need of users visiting IT help desk due to easy self setupNo end-user intervention
Screen locking with password Controls device screen lock and authentication for effective device protection
Remote device location, lock, unlock and wipe capabilities (from Control Center network inventory)
Finds lost devices by showing them on mapPrevents use of lost devices by remote lockingPrevents data leakage by wiping data remotely
Detection and access control of rooted and jailbroken devices
Allows enterprise-wide policies to be applied on rooted/ jailbroken devices
Device compliance checking and automatic non-compliance actions (Ignore, Deny Access, Lock, Wipe, Unlink)
Prevents non-compliant devices from accessing corporate data and services
Profiles: Wi-Fi settings, VPN settings (iOS only), Web Access, Web Access Control for Android (with built-in browser), Safari settings for iOS
Adapts the security needs of both professional and personal use of mobile devices Simplifies management of VPN and Wi-Fi access point settings
Device inventory management (including hardware, network and OS details)
Provides full visibility into the mobile device networkKeeps track of devices’ IMEI and serial numbersAdmins can use the device Wi-Fi MAC to restrict access to corporate Wi-Fi access points
Android security:- Real-time malware protection - On-demand scanning from Control Center- Require Android encryption (Android 3+)
Keeps the device safe with real-time scanning of installed applications and SD cards Ensures detection of malware with remote scanActivate encryption in Android OS, keeping sensitive data safe