Presentation on theme: "BITDEFENDER GRAVITYZONE SME SECURITY SOLUTION. A resource-efficient security solution Simultaneously provides high performance and protection Delivering."— Presentation transcript:
BITDEFENDER GRAVITYZONE SME SECURITY SOLUTION
A resource-efficient security solution Simultaneously provides high performance and protection Delivering centralized management Easy deployment Freedom to choose any combination of: Virtualization vendors Cloud providers Physical devices, virtual platforms and virtual machines 2 GRAVITY ZONE IS
SECURITY FOR TRADITIONAL AND HYBRID CLOUD ENDPOINTS 3 Public Cloud On-Premise Hybrid Cloud Traditional & Mobile Endpoints Private Cloud GravityZone Security Solution
MULTI-PLATFORM COVERAGE 4
ENTERPRISE-WIDE UNIFIED MANAGEMENT 5
GRAVITYZONE TARGET CUSTOMERS 6 1. SME with Data Centers focused on virtualization 2. xSPs (Services Providers with Data Centers and Cloud) 3. SMB adopting virtualization
GRAVITYZONE: DEFEAT THREATS 7 Top protection and compliance for endpoints, virtualization and cloud environments #1 rated Bitdefender technologies provide the best protection, and best removal- performance and speed Constantly outperform competition at protection, performance and usability according to AV-Test Corporate: Windows 8 - October 2014 Windows 7 - August 2014 Windows XP - June 2014
GravityZone is hypervisor-agnostic and delivered as a virtual appliance for quick and easy deployment across any combination of virtualization platforms and devices Unlike others, GravityZone provides a unified management console across all security services on physical, virtualized and mobile endpoints. GravityZone is integrated with VMware vCenter, Citrix XenServer and Microsoft Active Directory. 8 GRAVITYZONE: DELIVER CONTROL
1)Built-in redundancy and high availability -Duplication of roles for the GravityZone appliance : Database, Update server, Web console (Control Center) and / or Communication server -Even distribution of scanning traffic with load balancing 2)Integrated management and control -Support for VMware vCenter, Citrix XenServer and Microsoft Active Directory -Enforcing security policies on entire inventory objects including hosts, VM folders or resource pools. 3)Intuitive reporting and monitoring -Granular access rights for permission-based access to Control Center -Detailed, centralized reporting on the security state across the organization: I.Malware activity, network and update status II.Instant access through 12 configurable portlets on the Dashboard 9 GRAVITYZONE: KEY FEATURES
1.Simplicity and ease of use: Straightforward administration from the GravityZone Control Center, with separate views and specific policy sets for each of the three security services. 2.One security platform across multiple regions: Architected to scale globally and protect organizational units across distributed regions. By operating on any or all four appliance roles that can be partially load balanced, GravityZone can be connected to, and managed centrally from, different local deployments, worldwide. 3.Turnkey deployment from a single virtual appliance: Alleviate administrative overhead with root-level initial setup from CLI and one-time configuration of the scanning appliances, without the need to deploy and configure other components. 4.Flexible modular licensing: Every security service is licensed separately and can be activated whenever necessary to accommodate business growth. Licensing per CPU socket provides even greater flexibility to companies with VDI infrastructures 10 GRAVITYZONE: KEY BENEFITS
11 GRAVITYZONE LICENSING AND PRICING Free trial for 60 day of the fully featured product available Technical support for Proof of Concept available ServiceLicense type - Subscription License units count GravityZone Control CenterProvided for free with any security service Security for Endpoints1, 2 or 3 years# of protected desktops, laptops and servers Security for Virtualized Environments 1, 2 or 3 years# of protected virtual desktops (VDI) and # of virtual servers (VS) - or - # of physical CPUs that powers the protected virtualized environment Security for Mobile Devices1, 2 or 3 years# of protected smartphones and tablets
NOVEMBER 2014 UPDATED FEATURES 12 Centralized notification area New reports Syslog configuration Status alert customization Offline registration Database role replication
BENEFITS 13 FeaturesBenefits o Centralized notification area o New reports o Syslog configuration Enhanced support for audits and compliance (HIPAA, PCI,…) o Status alert customization Admin friendly o Database role replication Scalability and resilience o Offline registration Cover a wide range of use cases now including closed networks
NEW REPORTS 14 Status Report Modules – shows installed endpoint agent modules and their status; Security for Virtualized Environments VM update status report; SVA status report (including load); Malware reports at file level Full details All events Most requested features: malware event report with files details! DONE
CENTRALIZED NOTIFICATION AREA 15 Notification center Unified Easy configuration All channels available: Console Email Syslog Most requested feature: malware detection email notification! DONE
SYSLOG CONFIGURATION 16 Available in the console Select relevant events CUSTOMIZABLE STATUS ALERT OFFLINE GRAVITYZONE REGISTRATION Policy based and granular configuration Admin choses when the agent turns RED Offline environments For “paranoid” industries: Gov …
DATABASE ROLE REPLICATION 17 MongoDB automated replication Replica set
GRAVITYZONE SECURITY SERVICES 18 Security for Endpoints Windows systems and Mac protection Host-based firewall, IDS, web filtering & control, data protection and application control Security for Mobiles Devices IOS and Android support Device compliance & profile control On-access scanning & encryption Security for Virtualized Environments Remote scan protection for ANY hypervisor Increased server consolidation Windows and Linux support GravityZone Control Center Unified security for physical, virtualization and mobiles Built in redundancy and auto-scaling Integrated with 3 rd parties like VMware, Citrix & Microsoft
GRAVITYZONE SECURITY FOR VIRTUALIZED ENVIRONMENTS (SVE)
IT BUDGETS FOR 2014 OF PROGRESSIVE SMES 20 Spiceworks report: North America IT spend in 2014
IT BUDGETS FOR 2014 OF PROGRESSIVE SMES 21 Spiceworks research: State of SMB IT 1H 2013
VIRTUALIZATION MARKET DRIVERS AND ADOPTION 22 Virtualization penetration has surpassed 50% of all server workloads, and continues to grow.
THREAT OVERVIEW 23 From 32.000 new unique malware every day to +300.000 in just 5 years! Source: AV-Test in Germany.
AV SIGNATURE UPDATE FREQUENCY 24 Hourly Every 8 hours Every 8 hours Every 24 hours Even hourly updates present 12,500 possible infections per hour, when AV-Test is Registering +300,000 new threats per day..
TRADITIONAL AGENT BASED PROTECTION 26 Client on every VM Antimalware engines, signatures, cache databases are stored locally and requires constant updates Typically, 750MB – 1GB of disk space and 170-250 MB of memory when loaded, more memory when scanning
TRADITIONAL AGENT BASED PROTECTION 27 Resource contention Clients on virtual machines compete for host resources with production workloads Exacerbated when clients simultaneously start scan processes on several VMs or download and install updates Massive impact on CPU, memory and I/O activity on the storage
TRADITIONAL AGENT BASED PROTECTION 28 Boot latency and boot time security gaps Scanning engines and signatures loading Recovering from older snapshots/backups Check for updates after loading This time window leaves the system unsecured and vulnerable to malware attacks
TRADITIONAL AGENT BASED PROTECTION 29 CONCLUSION: It’s better than having no protection at all, BUT: 1.Ridiculously high resource consumption (Memory, CPU, Storage, I/O) 2.Unintelligently duplicating AV operations over and over 3.Highly capably of generating bottlenecks 4.More or less impossible with VDI 5.Time consuming to deploy, manage and monitor!
RESOURCE OPTIMIZATION WITH GRAVITYZONE SVE 30
SECURITY FOR VIRTUALIZED ENVIRONMENTS 31 Hypervisor agnostic; supports VMware, Citrix, Microsoft, AWS, Oracle, and Red Hat virtualization Comprehensive solution for Windows and Linux servers and VDI machines Integrated management VMware, Citrix, Amazon Web Services Increased server consolidation with centralized antimalware: up to 30% more VMs per physical host Small footprint on the VMs: 60 MB of disk and 30 MB of memory in non-VMware environments
APPROACH TO VIRTUALIZED ENVIRONMENTS 32 Two GravityZone key components Enforcement point or endpoint agent What is in each VM, what and how it offloads Management of virtualized environment What manages VM security, how it is integrated Architecture Single point of management
ENFORCEMENT POINT: “AGENTLESS” AND “LIGHT AGENT” 33 Two approaches available in Bitdefender Security for Virtualized Environments… 1.VMware vShield Endpoint Proprietary solution, API for security vendor integration Provides remote introspection from virtual appliance (scanning offload) Bitdefender Tools for vShield adds additional functionality 2.Bitdefender Tools End-to-end provided by Bitdefender
COMPARING “AGENTLESS” VERSUS “LIGHT AGENT” 34 BD ToolsvShield Endpoint Integration Hypervisor agnosticESXi only Windows and Linux VMsWindows only No external dependencyRequires vShield Manager Scanning offload across hostsScanning offload within host Fail-over between VAsTied to VA on-host; no fail-over In-VM GUINot native; in-VM GUI provided by Bitdefender On-demand memory/process scanningNot native; provided by Bitdefender In-VM footprint is BD ToolsIn-VM footprint is vShield file system driver (in VMware Tools) and optional BD Tools for vShield VMs
AGENTLESS PROTECTION WITH VMWARE VSPHERE 35 Tightly integrated with VMware vShield Endpoint EPSEC API VMware vCenter integrated management for unified visibility Bitdefender Tools: Extends coverage to non-Windows environments. Provides deep introspection capabilities: file systems, processes and memory
VSHIELD - AGENTLESS PROTECTION 36 vShield Endpoint SDK Other limitations No monitoring of: Running processes Memory Registry database Max 1 AV engine per host Depends on VMware Tools No cache between hosts No failover possible
VSHIELD - AGENTLESS PROTECTION 37 vShield Endpoint SDK Allow centralized AV introspection as the VM is accessing local disks. Only works for Windows!
HYPERVISOR-AGNOSTIC SECURITY FOR COMPLEX DATACENTERS 38 Universal platform coverage - full support for any hypervisor: VMware, Citrix, Microsoft, Red Hat, KVM, Oracle, or any other virtualization. Protects virtualized desktops and servers running on: Windows & Linux Pre-trained, self-learning cache mechanisms Centralized antimalware for improved performance
LOAD BALANCING 39 Deploy as many AV engines per host as you wish Shared cache between all AV engines Endpoints will automatically be serviced by the AV engine with the fastest response time (allowed by policy)
GRAVITYZONE SVE MANAGEMENT 40 GravityZone has superior management for virtualized environments because is: Built from the ground-up for environments of today Delivered as a virtual appliance Integrated with vCenter, XenServer, Active Directory, etc. Scales horizontally – to get more horsepower, add more VMs to a deployment Includes MongoDB; non-relational, open-source database; single database instance can be spread across 1000 nodes
GRAVITYZONE SVE MANAGEMENT 41 Virtual appliance Each VA can play one or more role (load balancer, database, management console) to distribute across geographies, scale as much as needed Built-in load distribution, fault tolerance vCenter, XenServer Management integration is key to keep-up with hugely dynamic environments Supports ESXi, Xen, Hyper-V, RedHat, Oracle, etc. Extend to public cloud easily (VPC in AWS, for example)
BITDEFENDER TOOLS 42 Windows and Linux version Static installation – requires no updating 50 MB disk space inside each VM Three major components: Gateway, allowing centralized engine to access the system Maximum 15MB memory footprint No CPU load Runs as an unstoppable local service Local tools (uncompress, file move, file deletion, etc. Optional UI, including pop-up notification, policy controlled
OPTIMIZED SCANNING TECHNIQUE 43 Myfile.extension = 25 MB on disk Segments capable of execution, which might contain malicious code = 2.5 MB File areas scanned using Bitdefender technology: 2.5 MB
MULTI-LEVEL CACHING 44 Unique files and processes are only scanned once, regardless VM or AV engine (SVA) Modified files are rescanned, but only on changed areas Consequence: reduced CPU and I/O activity
LOGIN VSI: “BEST-PERFORMING VIRTUALIZATION SECURITY OUT THERE” 45 Server consolidation is key Lowest latency and baseline on virtual desktops
GravityZone showed a 30% increase in VDI density. Customers report lower operational costs and significant savings in time and effort, based on GravityZone management tools and simple deployment. GravityZone is elastic, which allows customers to spin up or scale down virtual appliances, physical machines and devices, on demand. 46 GRAVITYZONE: DRIVE PERFORMANCE
PERFORMANCE LEADERSHIP 47 No reboots required – anywhere! SVE engine is pre taught on most commonly known Microsoft recommended exclusions Increases VM density by 30% Proved using Login VSI performance tools.
GRAVITYZONE SVE KEY BENEFITS 48 Better ROI on virtualization projects. –3rd party tested 30% increase in VM density. Removes all issues of traditional antimalware and helps to attain virtualization objectives. Protect multi-platform virtualized datacenters –The only hypervisor agnostic solution – protects VMware, Citrix, Microsoft. Oracle, KVM, Red Hat or any virtualization platform from one console. Improved operational efficiency –Automated tasks due to integration with VMware vCenter and Citrix XenServer. Turn-key deployment of Security Server virtual appliance. Best performance in VDI environments –Lowest impact on applications running in virtualized environments, when compared to other virtualization security solutions. (VSI Login tests)
GRAVITYZONE SVE COMMON QUESTIONS 49 Isn’t vShield “agentless”? Great marketing term; really means “no security vendor footprint in-VM” VMware provides file system driver in VMware tools GUI, memory/process scanning layered on top by security vendor Which has fewer components? BD Tools has BD Tools in-VM, GravityZone management vShield integrated version has vShield Manager, VMware Tools, BD Tools for vShield VMs, GravityZone management Are they mutually exclusive? At the VM level, yes; either BD Tools or vShield + BD Tools for vShield VMs At the management level (deployment level), no
GRAVITYZONE SECURITY FOR ENDPOINTS
SECURITY FOR ENDPOINTS 51 Multiple protection levels with Bitdefender antivirus engines, B- HAVE and AVC technologies for any number of desktops, laptops and servers Remote deployment and real- time control and monitoring of all systems Productivity module that enables the administrator to control or restrict internet access or access to certain applications Active Directory integration and proprietary endpoint discovery
SECURITY FOR ENDPOINTS FEATURES 52 Protects Windows* laptops, desktops and servers Un-obstructive protection - requires no end-user interaction Two-way firewall, with intrusion detection Web access control and filtering Sensitive data protection Application control Low resource consumption Optimized system scanning
SECURITY FOR ENDPOINTS - FEATURES & BENEFITS 53 FeaturesBenefits Protects Windows laptops, desktops, servers and tablets One single AV solution across various corporate terminals Unobtrusive protection Requires no end-user interaction. Comes with a GUI to inform the user on the security status, tasks and events occurring on the protected system Low resource consumption Runs silently in the background without slowing the system. Lightweight, not overloaded with unnecessary features. Two-way firewall with IDS Monitors network packages and blocks intrusion or hijack attempts when connecting to public networks. Web and application control Improves employee productivity by scheduling or restricting access to specific websites and applications that may be considered untrusted or improper in a workplace. Antiphising and sensitive data protection Prevents loss of confidential data and protects against phishing, fraud, or malicious web content. Remote installation Easy to deploy remotely within the network through Microsoft AD or Network Discovery on computers outside AD. The solution can automatically detect and remove other incompatible security solutions at installation time. NEW: Endpoint Security Relay (currently called Super Agent in the Administrator's Guide) This role from Security for Endpoints acts as a single point of exit (relay) for geographically-dispersed organizational units/ branches. It helps to save bandwidth consumption and optimizes the update traffic by leveraging the update server functionality.
GRAVITYZONE SECURITY FOR MOBILE DEVICES
GRAVITYZONE MOBILE CLIENT DELIVERY 55 Centralized management integrated with Microsoft Active Directory Ease of access via Apple Store and Google Play Simple app activation through QR code scanning Automatic updates via Marketplace
SECURITY FOR MOBILE DEVICES FEATURES 56 Centralized management, integrated with Active Directory Application and updates delivered via marketplace Device compliance detection: allow or deny rooted/ jailbroken devices - NAC Non-compliance actions: Ignore, Deny Access, Lock, Wipe Remote locate, lock/unlock and wipe device Locate device on map Real-time protection with on-access scanning (Android) Removable media encryption (Android) Remote scan tasks (Android) Removable media scanning on mount
SECURITY FOR MOBILE DEVICES - FEATURES & BENEFITS 57 FeaturesBenefits Unified Management Centralized administration of mobile, physical and virtualized endpoints through an easy-to-use web-based console Integrated with Active DirectorySimple deployment through Active Directory user groups Ensures consistent security policies on all users’ devices Installation and updates via Google Play /App Store Enrollment invites by email Simple app activation through QR code scanning Removes the need of users visiting IT help desk due to easy self setup No end-user intervention Screen locking with password Controls device screen lock and authentication for effective device protection Remote device location, lock, unlock and wipe capabilities (from Control Center network inventory) Finds lost devices by showing them on map Prevents use of lost devices by remote locking Prevents data leakage by wiping data remotely Detection and access control of rooted and jailbroken devices Allows enterprise-wide policies to be applied on rooted/ jailbroken devices Device compliance checking and automatic non-compliance actions (Ignore, Deny Access, Lock, Wipe, Unlink) Prevents non-compliant devices from accessing corporate data and services Profiles: Wi-Fi settings, VPN settings (iOS only), Web Access, Web Access Control for Android (with built-in browser), Safari settings for iOS Adapts the security needs of both professional and personal use of mobile devices Simplifies management of VPN and Wi-Fi access point settings Device inventory management (including hardware, network and OS details) Provides full visibility into the mobile device network Keeps track of devices’ IMEI and serial numbers Admins can use the device Wi-Fi MAC to restrict access to corporate Wi- Fi access points Android security: - Real-time malware protection - On-demand scanning from Control Center - Require Android encryption (Android 3+) Keeps the device safe with real-time scanning of installed applications and SD cards Ensures detection of malware with remote scan Activate encryption in Android OS, keeping sensitive data safe