BITDEFENDER GRAVITYZONE SME SECURITY SOLUTION. A resource-efficient security solution Simultaneously provides high performance and protection Delivering.

BITDEFENDER GRAVITYZONE

SME SECURITY SOLUTION

• A resource-efficient security solution

• Simultaneously provides high performance and protection

• Delivering centralized management

• Easy deployment

• Freedom to choose any combination of:

• Virtualization vendors

• Cloud providers

• Physical devices, virtual platforms and virtual machines

2

GRAVITY ZONE IS

SECURITY FOR TRADITIONAL AND HYBRID CLOUD ENDPOINTS

3

Public Cloud

On-Premise Hybrid Cloud

Traditional & Mobile Endpoints

Private Cloud

GravityZone Security Solution

MULTI-PLATFORM COVERAGE

4

ENTERPRISE-WIDE UNIFIED MANAGEMENT

5

GRAVITYZONE TARGET CUSTOMERS

6

1. SME with Data Centers focused on virtualization

2. xSPs (Services Providers with Data Centers and Cloud)

3. SMB adopting virtualization

GRAVITYZONE: DEFEAT THREATS

7

• Top protection and compliance for endpoints, virtualization and cloud environments

• #1 rated Bitdefender technologies provide the best protection, and best removal-performance and speed

Constantly outperform competition at protection, performance and usability according to AV-Test Corporate:

Windows 8 - October 2014 Windows 7 - August 2014 Windows XP - June 2014

• GravityZone is hypervisor-agnostic and delivered as a virtual appliance for quick and easy deployment across any combination of virtualization platforms and devices

• Unlike others, GravityZone provides a unified management console across all security services on physical, virtualized and mobile endpoints.

• GravityZone is integrated with VMware vCenter, Citrix XenServer and Microsoft Active Directory.

8

GRAVITYZONE: DELIVER CONTROL

1) Built-in redundancy and high availability

- Duplication of roles for the GravityZone appliance : Database, Update server, Web console (Control Center) and / or Communication server

- Even distribution of scanning traffic with load balancing

2) Integrated management and control

- Support for VMware vCenter, Citrix XenServer and Microsoft Active Directory

- Enforcing security policies on entire inventory objects including hosts, VM folders or resource pools.

3) Intuitive reporting and monitoring

- Granular access rights for permission-based access to Control Center

- Detailed, centralized reporting on the security state across the organization:

I. Malware activity, network and update status

II. Instant access through 12 configurable portlets on the Dashboard9

GRAVITYZONE: KEY FEATURES

1. Simplicity and ease of use: Straightforward administration from the GravityZone Control Center, with separate views and specific policy sets for each of the three security services.

2. One security platform across multiple regions: Architected to scale globally and protect organizational units across distributed regions. By operating on any or all four appliance roles that can be partially load balanced, GravityZone can be connected to, and managed centrally from, different local deployments, worldwide.

3. Turnkey deployment from a single virtual appliance: Alleviate administrative overhead with root-level initial setup from CLI and one-time configuration of the scanning appliances, without the need to deploy and configure other components.

4. Flexible modular licensing: Every security service is licensed separately and can be activated whenever necessary to accommodate business growth. Licensing per CPU socket provides even greater flexibility to companies with VDI infrastructures

10

GRAVITYZONE: KEY BENEFITS

11

GRAVITYZONE LICENSING AND PRICING

• Free trial for 60 day of the fully featured product available

• Technical support for Proof of Concept available

Service License type - Subscription

License units count

GravityZone Control Center Provided for free with any security service

Security for Endpoints 1, 2 or 3 years # of protected desktops, laptops and servers

Security for Virtualized Environments

1, 2 or 3 years # of protected virtual desktops (VDI) and # of virtual servers (VS) - or -# of physical CPUs that powers the protected virtualized environment

Security for Mobile Devices 1, 2 or 3 years # of protected smartphones and tablets

NOVEMBER 2014 UPDATED FEATURES

12

• Centralized notification area

• New reports

• Syslog configuration

• Status alert customization

• Offline registration

• Database role replication

BENEFITS

13

Features Benefits

o Centralized notification areao New reportso Syslog configuration

Enhanced support for audits and compliance (HIPAA, PCI,…)

o Status alert customization Admin friendly

o Database role replication Scalability and resilience

o Offline registration Cover a wide range of use cases now including closed networks

NEW REPORTS

14

• Status Report • Modules – shows installed endpoint agent modules and their status;• Security for Virtualized Environments

• VM update status report;• SVA status report (including load);

• Malware reports at file level• Full details• All events

• Most requested features: malware event report with files details!• DONE

CENTRALIZED NOTIFICATION AREA

15

• Notification center • Unified• Easy configuration

• All channels available:• Console• Email• Syslog

• Most requested feature: malware detection email notification!• DONE

SYSLOG CONFIGURATION

16

• Available in the console

• Select relevant events

CUSTOMIZABLE STATUS ALERT

OFFLINE GRAVITYZONE REGISTRATION

• Policy based and granular configuration• Admin choses when the agent turns RED

• Offline environments• For “paranoid” industries: Gov …

DATABASE ROLE REPLICATION

17

• MongoDB automated replication

• Replica set

GRAVITYZONE SECURITY SERVICES

18

Security for Endpoints • Windows systems and Mac protection• Host-based firewall, IDS, web filtering &

control, data protection and application control

Security for Mobiles Devices• IOS and Android support• Device compliance & profile control• On-access scanning & encryption

Security for Virtualized Environments• Remote scan protection for ANY

hypervisor • Increased server consolidation• Windows and Linux support

GravityZone Control Center• Unified security for

physical, virtualization and mobiles

• Built in redundancy and auto-scaling

• Integrated with 3rd parties like VMware, Citrix & Microsoft

GRAVITYZONE SECURITY FOR VIRTUALIZED ENVIRONMENTS (SVE)

IT BUDGETS FOR 2014 OF PROGRESSIVE SMES

20

Spiceworks report: North America IT spend in 2014

IT BUDGETS FOR 2014 OF PROGRESSIVE SMES

21

Spiceworks research: State of SMB IT 1H 2013

VIRTUALIZATION MARKET DRIVERS AND ADOPTION

22

Virtualization penetration has surpassed 50% of all server workloads, and continues to grow.

Traditional Antimalware

THREAT OVERVIEW

23

From 32.000 new unique malware every day to +300.000 in just 5 years! Source: AV-Test in Germany.

AV SIGNATURE UPDATE FREQUENCY

24

HourlyEvery

8 hoursEvery

8 hoursEvery

24 hours

Even hourly updates present 12,500 possible infections per hour, when AV-Test isRegistering +300,000 new threats per day..

CONVENTIONAL CHALLENGES

25

AV-Storm

Concurrent Updates

Storage IO

Exclusions

Boot Latency

vShield

Administration

TRADITIONAL AGENT BASED PROTECTION

26

Client on every VM

Antimalware engines, signatures, cache databases are stored locallyand requires constant updates

Typically, 750MB – 1GB of disk spaceand 170-250 MB of memory whenloaded, more memory when scanning

TRADITIONAL AGENT BASED PROTECTION

27

Resource contention

Clients on virtual machines compete for host resources with production workloads

Exacerbated when clients simultaneously start scan processes on several VMs or download and install updates

Massive impact on CPU, memory and I/Oactivity on the storage

TRADITIONAL AGENT BASED PROTECTION

28

Boot latency and boot time security gaps

Scanning engines and signatures loading

Recovering from older snapshots/backups

Check for updates after loading

This time window leaves the system unsecured and vulnerable to malware attacks

TRADITIONAL AGENT BASED PROTECTION

29

CONCLUSION: It’s better than having no protection at all,BUT:

1. Ridiculously high resource consumption (Memory, CPU, Storage, I/O)2. Unintelligently duplicating AV operations over and over3. Highly capably of generating bottlenecks4. More or less impossible with VDI5. Time consuming to deploy, manage and monitor!

RESOURCE OPTIMIZATION WITH GRAVITYZONE SVE

30

Security Server

VM

BD Tools

VM

BD Tools

VM

BD Tools

VM

BD Tools

VM

BD Tools

VM

BD Tools

VM

BD Tools

VM

BD Tools

VM

BD Tools

VM

BD Tools

VM

BD ToolsVM

BD ToolsVM

BD Tools

VM

BD Tools

VM

BD Tools

VMVMVMVMVM

VMVMVMVM VM

BD ToolsBD ToolsBD ToolsBD Tools

BD ToolsBD ToolsBD ToolsBD ToolsBD Tools

SCAN ENGINE

SCAN ENGINE

SCAN ENGINE

SCAN ENGINE

SCAN ENGINE

SCAN ENGINE

SCAN ENGINE

SCAN ENGINE

SCAN ENGINE

SCAN ENGINE

Potentially available resources

SECURITY FOR VIRTUALIZED ENVIRONMENTS

31

• Hypervisor agnostic; supports VMware, Citrix, Microsoft, AWS, Oracle, and Red Hat virtualization

• Comprehensive solution for Windows and Linux servers and VDI machines

• Integrated management VMware, Citrix, Amazon Web Services

• Increased server consolidation with centralized antimalware: up to 30% more VMs per physical host

• Small footprint on the VMs: 60 MB of disk and 30 MB of memory in non-VMware environments

APPROACH TO VIRTUALIZED ENVIRONMENTS

32

Two GravityZone key components

• Enforcement point or endpoint agent• What is in each VM, what and how it offloads

• Management of virtualized environment• What manages VM security, how it is integrated• Architecture• Single point of management

ENFORCEMENT POINT: “AGENTLESS” AND “LIGHT AGENT”

33

Two approaches available in Bitdefender Security for Virtualized Environments…

1. VMware vShield Endpoint• Proprietary solution, API for security vendor integration• Provides remote introspection from virtual appliance (scanning offload)• Bitdefender Tools for vShield adds additional functionality

2. Bitdefender Tools• End-to-end provided by Bitdefender

COMPARING “AGENTLESS” VERSUS “LIGHT AGENT”

34

BD Tools vShield Endpoint Integration

Hypervisor agnostic ESXi only

Windows and Linux VMs Windows only

No external dependency Requires vShield Manager

Scanning offload across hosts Scanning offload within host

Fail-over between VAs Tied to VA on-host; no fail-over

In-VM GUI Not native; in-VM GUI provided by Bitdefender

On-demand memory/process scanning Not native; provided by Bitdefender

In-VM footprint is BD Tools In-VM footprint is vShield file system driver (in VMware Tools) and optional BD Tools for vShield VMs

AGENTLESS PROTECTION WITH VMWARE VSPHERE

35

Tightly integrated with VMware vShield Endpoint EPSEC API

VMware vCenter integrated management for unified visibility

Bitdefender Tools:

• Extends coverage to non-Windows environments.

• Provides deep introspection capabilities: file systems, processes and memory

VSHIELD - AGENTLESS PROTECTION

36

vShield Endpoint SDK

Other limitations

No monitoring of: Running processes Memory Registry database

• Max 1 AV engine per host• Depends on VMware Tools• No cache between hosts• No failover possible

VSHIELD - AGENTLESS PROTECTION

37

vShield Endpoint SDK

Allow centralizedAV introspection as theVM is accessing localdisks.

Only works for Windows!

HYPERVISOR-AGNOSTIC SECURITY FOR COMPLEX DATACENTERS

38

Universal platform coverage - full support for any hypervisor:VMware, Citrix, Microsoft, Red Hat, KVM, Oracle, or any other virtualization.

Protects virtualized desktops and servers running on: Windows & Linux

Pre-trained, self-learning cache mechanisms

Centralized antimalware for improved performance

LOAD BALANCING

39

• Deploy as many AV engines per host as you wish• Shared cache between all AV engines• Endpoints will automatically be serviced by the AV engine

with the fastest response time (allowed by policy)

GRAVITYZONE SVE MANAGEMENT

40

GravityZone has superior management for virtualized environments because is:

Built from the ground-up for environments of today

Delivered as a virtual appliance

Integrated with vCenter, XenServer, Active Directory, etc.

Scales horizontally – to get more horsepower, add more VMs to a deployment

Includes MongoDB; non-relational, open-source database; single database instance can be spread across 1000 nodes

GRAVITYZONE SVE MANAGEMENT

41

Virtual appliance

Each VA can play one or more role (load balancer, database, management console) to distribute across geographies, scale as much as needed

Built-in load distribution, fault tolerance

vCenter, XenServer

Management integration is key to keep-up with hugely dynamic environments

Supports ESXi, Xen, Hyper-V, RedHat, Oracle, etc.

Extend to public cloud easily (VPC in AWS, for example)

BITDEFENDER TOOLS

42

Windows and Linux version Static installation – requires no updating 50 MB disk space inside each VM Three major components:

Gateway, allowing centralized engine toaccess the systemMaximum 15MB memory footprintNo CPU loadRuns as an unstoppable local service

Local tools (uncompress, file move, file deletion, etc.

Optional UI, including pop-upnotification, policy controlled

OPTIMIZED SCANNING TECHNIQUE

43

Myfile.extension = 25 MB on diskSegments capable of execution, which might contain malicious code = 2.5 MBFile areas scanned using Bitdefender technology: 2.5 MB

MULTI-LEVEL CACHING

44

Unique files and processes areonly scanned once, regardless VM or AV engine (SVA)

Modified files are rescanned, butonly on changed areas

Consequence: reduced CPU and I/O activity

LOGIN VSI: “BEST-PERFORMING VIRTUALIZATION SECURITY OUT THERE”

45

Mcafee MOVE (w/ vShield)

Trend Micro Deep Security

Symantec EP with Shared Insight Cache

No Security

0 50 100 150 200 250 300

173185

193.75204.5

205.75218247.5

Login VSImax -Max number of VDI sessions

Server consolidation is key

Mcafee MOVE (Multi-Platform)

Kaspersky Security for Virtualization

Mcafee MOVE (w/ vShield)

No Security

6067.5

5871.25

5748.75

5744.25

5685

5657.5

5373.25

LOGIN VSIMAX THRESHOLD - MAX RESPONSE TIMES

Lowest latency and baseline on virtual desktops

• GravityZone showed a 30% increase in VDI density.

• Customers report lower operational costs and significant savings in time and effort, based on GravityZone management tools and simple deployment.

• GravityZone is elastic, which allows customers to spin up or scale down virtual appliances, physical machines and devices, on demand.

46

GRAVITYZONE: DRIVE PERFORMANCE

Mcafee MOVE (w/ vShield)

Trend Micro Deep Security

Symantec EP with Shared Insight Cache

No Security

0 50 100 150 200 250 300

173185

193.75204.5205.75

218247.5

Login VSIMax number of VDI sessions

PERFORMANCE LEADERSHIP

47

No reboots required – anywhere!

SVE engine is pre taught on most commonly known Microsoft recommended exclusions

Increases VM density by 30%Proved using Login VSI performance tools.

GRAVITYZONE SVE KEY BENEFITS

48

• Better ROI on virtualization projects.– 3rd party tested 30% increase in VM density. Removes all issues of

traditional antimalware and helps to attain virtualization objectives.

• Protect multi-platform virtualized datacenters– The only hypervisor agnostic solution – protects VMware, Citrix, Microsoft.

Oracle, KVM, Red Hat or any virtualization platform from one console.

• Improved operational efficiency– Automated tasks due to integration with VMware vCenter and Citrix

XenServer. Turn-key deployment of Security Server virtual appliance.

• Best performance in VDI environments– Lowest impact on applications running in virtualized environments, when

compared to other virtualization security solutions. (VSI Login tests)

GRAVITYZONE SVE COMMON QUESTIONS

49

Isn’t vShield “agentless”?

Great marketing term; really means “no security vendor footprint in-VM”

VMware provides file system driver in VMware tools

GUI, memory/process scanning layered on top by security vendor

Which has fewer components?

BD Tools has BD Tools in-VM, GravityZone management

vShield integrated version has vShield Manager, VMware Tools, BD Tools for

vShield VMs, GravityZone management

Are they mutually exclusive?

At the VM level, yes; either BD Tools or vShield + BD Tools for vShield VMs

At the management level (deployment level), no

GRAVITYZONE SECURITY FOR ENDPOINTS

SECURITY FOR ENDPOINTS

51

• Multiple protection levels with

Bitdefender antivirus engines, B-

HAVE and AVC technologies for

any number of desktops, laptops

and servers

• Remote deployment and real-

time control and monitoring of all

systems

• Productivity module that enables

the administrator to control or

restrict internet access or access

to certain applications

• Active Directory integration and

proprietary endpoint discovery

SECURITY FOR ENDPOINTS FEATURES

52

• Protects Windows* laptops, desktops and servers

• Un-obstructive protection - requires no end-user interaction

• Two-way firewall, with intrusion detection

• Web access control and filtering

• Sensitive data protection

• Application control

• Low resource consumption

• Optimized system scanning

SECURITY FOR ENDPOINTS - FEATURES & BENEFITS

53

Features Benefits

Protects Windows laptops, desktops, servers and tablets

One single AV solution across various corporate terminals

Unobtrusive protection Requires no end-user interaction. Comes with a GUI to inform the user on the security status, tasks and events occurring on the protected system

Low resource consumption Runs silently in the background without slowing the system. Lightweight, not overloaded with unnecessary features.

Two-way firewall with IDS Monitors network packages and blocks intrusion or hijack attempts when connecting to public networks.

Web and application control Improves employee productivity by scheduling or restricting access to specific websites and applications that may be considered untrusted or improper in a workplace.

Antiphising and sensitive data protection Prevents loss of confidential data and protects against phishing, fraud, or malicious web content.

Remote installation Easy to deploy remotely within the network through Microsoft AD or Network Discovery on computers outside AD. The solution can automatically detect and remove other incompatible security solutions at installation time.

NEW: Endpoint Security Relay (currently called Super Agent in the Administrator's Guide)

This role from Security for Endpoints acts as a single point of exit (relay) for geographically-dispersed organizational units/ branches. It helps to save bandwidth consumption and optimizes the update traffic by leveraging the update server functionality.

GRAVITYZONE SECURITY FOR MOBILE DEVICES

GRAVITYZONE MOBILE CLIENT DELIVERY

55

• Centralized management integrated with Microsoft Active Directory

• Ease of access via Apple Store and Google Play

• Simple app activation through QR code scanning

• Automatic updates via Marketplace

SECURITY FOR MOBILE DEVICES FEATURES

56

• Centralized management, integrated with Active Directory

• Application and updates delivered via marketplace

• Device compliance detection: allow or deny rooted/ jailbroken devices - NAC

• Non-compliance actions: Ignore, Deny Access, Lock, Wipe

• Remote locate, lock/unlock and wipe device

• Locate device on map

• Real-time protection with on-access scanning (Android)

• Removable media encryption (Android)

• Remote scan tasks (Android)

• Removable media scanning on mount

SECURITY FOR MOBILE DEVICES - FEATURES & BENEFITS

57

Features Benefits

Unified Management Centralized administration of mobile, physical and virtualized endpoints through an easy-to-use web-based console

Integrated with Active Directory Simple deployment through Active Directory user groupsEnsures consistent security policies on all users’ devices

Installation and updates via Google Play /App StoreEnrollment invites by email Simple app activation through QR code scanning

Removes the need of users visiting IT help desk due to easy self setupNo end-user intervention

Screen locking with password Controls device screen lock and authentication for effective device protection

Remote device location, lock, unlock and wipe capabilities (from Control Center network inventory)

Finds lost devices by showing them on mapPrevents use of lost devices by remote lockingPrevents data leakage by wiping data remotely

Detection and access control of rooted and jailbroken devices

Allows enterprise-wide policies to be applied on rooted/ jailbroken devices

Device compliance checking and automatic non-compliance actions (Ignore, Deny Access, Lock, Wipe, Unlink)

Prevents non-compliant devices from accessing corporate data and services

Profiles: Wi-Fi settings, VPN settings (iOS only), Web Access, Web Access Control for Android (with built-in browser), Safari settings for iOS

Adapts the security needs of both professional and personal use of mobile devices Simplifies management of VPN and Wi-Fi access point settings

Device inventory management (including hardware, network and OS details)

Provides full visibility into the mobile device networkKeeps track of devices’ IMEI and serial numbersAdmins can use the device Wi-Fi MAC to restrict access to corporate Wi-Fi access points

Android security:- Real-time malware protection - On-demand scanning from Control Center- Require Android encryption (Android 3+)

Keeps the device safe with real-time scanning of installed applications and SD cards Ensures detection of malware with remote scanActivate encryption in Android OS, keeping sensitive data safe