2Gravity Zone is A resource-efficient security solution Simultaneously provides high performance and protectionDelivering centralized managementEasy deploymentFreedom to choose any combination of:Virtualization vendorsCloud providersPhysical devices, virtual platforms and virtual machines
3Security for Traditional and Hybrid Cloud Endpoints GravityZone Security SolutionHybrid CloudOn-PremisePublic CloudPrivate CloudTraditional & Mobile Endpoints
6GravityZone Target Customers 1. SME with Data Centers focused on virtualization2. xSPs (Services Providers with Data Centers and Cloud)3. SMB adopting virtualization
7GravityZone: Defeat Threats Top protection and compliance for endpoints, virtualization and cloud environments#1 rated Bitdefender technologies provide the best protection, and best removal- performance and speedConstantly outperform competition at protection, performance and usability according to AV-Test Corporate:Windows 8 - October 2014Windows 7 - August 2014Windows XP - June 2014
8GravityZone: Deliver Control GravityZone is hypervisor-agnostic and delivered as a virtual appliance for quick and easy deployment across any combination of virtualization platforms and devicesUnlike others, GravityZone provides a unified management console across all security services on physical, virtualized and mobile endpoints.GravityZone is integrated with VMware vCenter, Citrix XenServer and Microsoft Active Directory.
9GravityZone: Key Features Built-in redundancy and high availabilityDuplication of roles for the GravityZone appliance : Database, Update server, Web console (Control Center) and / or Communication serverEven distribution of scanning traffic with load balancingIntegrated management and controlSupport for VMware vCenter, Citrix XenServer and Microsoft Active DirectoryEnforcing security policies on entire inventory objects including hosts, VM folders or resource pools.Intuitive reporting and monitoringGranular access rights for permission-based access to Control CenterDetailed, centralized reporting on the security state across the organization:Malware activity, network and update statusInstant access through 12 configurable portlets on the Dashboard
10GravityZone: Key Benefits Simplicity and ease of use: Straightforward administration from the GravityZone Control Center, with separate views and specific policy sets for each of the three security services.One security platform across multiple regions: Architected to scale globally and protect organizational units across distributed regions. By operating on any or all four appliance roles that can be partially load balanced, GravityZone can be connected to, and managed centrally from, different local deployments, worldwide.Turnkey deployment from a single virtual appliance: Alleviate administrative overhead with root-level initial setup from CLI and one-time configuration of the scanning appliances, without the need to deploy and configure other components.Flexible modular licensing: Every security service is licensed separately and can be activated whenever necessary to accommodate business growth. Licensing per CPU socket provides even greater flexibility to companies with VDI infrastructures
11GravityZone licensing and pricing ServiceLicense type - SubscriptionLicense units countGravityZone Control CenterProvided for free with any security serviceSecurity for Endpoints1, 2 or 3 years# of protected desktops, laptops and serversSecurity for Virtualized Environments# of protected virtual desktops (VDI) and # of virtual servers (VS)- or -# of physical CPUs that powers the protected virtualized environmentSecurity for Mobile Devices# of protected smartphones and tabletsFree trial for 60 day of the fully featured product availableTechnical support for Proof of Concept available
12November 2014 updated features Centralized notification areaNew reportsSyslog configurationStatus alert customizationOffline registrationDatabase role replication
13Benefits Features Benefits Centralized notification area New reports Syslog configurationEnhanced support for audits and compliance (HIPAA, PCI,…)Status alert customizationAdmin friendlyDatabase role replicationScalability and resilienceOffline registrationCover a wide range of use cases now including closed networks
14New Reports Status Report Modules – shows installed endpoint agent modules and their status;Security for Virtualized EnvironmentsVM update status report;SVA status report (including load);Malware reports at file levelFull detailsAll eventsMost requested features: malware event report with files details!DONE
16Customizable Status Alert Syslog ConfigurationAvailable in the consoleSelect relevant eventsCustomizable Status AlertPolicy based and granular configurationAdmin choses when the agent turns REDOffline GravityZone RegistrationOffline environmentsFor “paranoid” industries: Gov …
17Database Role Replication MongoDB automated replicationReplica set
18GravityZone Security Services GravityZone ControlCenterUnified security for physical, virtualization and mobilesBuilt in redundancy and auto-scalingIntegrated with 3rd parties like VMware, Citrix & MicrosoftSecurity for Virtualized EnvironmentsRemote scan protection for ANY hypervisorIncreased server consolidationWindows and Linux supportSecurity for EndpointsWindows systems and Mac protectionHost-based firewall, IDS, web filtering & control, data protection and application controlSecurity for Mobiles DevicesIOS and Android supportDevice compliance & profile controlOn-access scanning & encryption
19GravityZone Security for Virtualized Environments (SVE)
20IT budgets for 2014 of Progressive SMEs Spiceworks report: North America IT spend in 2014
21IT budgets for 2014 of Progressive SMEs Spiceworks research: State of SMB IT 1H 2013
22Virtualization market drivers and adoption TraditionalAntimalwareVirtualization penetration has surpassed 50% of all server workloads, and continues to grow.
23THREAT OVERVIEWFrom new unique malware every day to in just 5 years! Source: AV-Test in Germany.
24AV signature update frequency Every24 hoursEvery8 hoursEvery8 hoursHourlyEven hourly updates present 12,500 possible infections per hour, when AV-Test isRegistering +300,000 new threats per day..
26TRADITIONAL AGENT BASED PROTECTION Client on every VMAntimalware engines, signatures, cache databases are stored locally and requires constant updatesTypically, 750MB – 1GB of disk space and MB of memory when loaded, more memory when scanning
27TRADITIONAL AGENT BASED PROTECTION Resource contentionClients on virtual machines compete for host resources with production workloadsExacerbated when clients simultaneously start scan processes on several VMs or download and install updates Massive impact on CPU, memory and I/O activity on the storage
28TRADITIONAL AGENT BASED PROTECTION Boot latency and boot time security gapsScanning engines and signatures loadingRecovering from older snapshots/backupsCheck for updates after loading This time window leaves the system unsecured and vulnerable to malware attacks
29TRADITIONAL AGENT BASED PROTECTION CONCLUSION: It’s better than having no protection at all,BUT:Ridiculously high resource consumption (Memory, CPU, Storage, I/O)Unintelligently duplicating AV operations over and overHighly capably of generating bottlenecksMore or less impossible with VDITime consuming to deploy, manage and monitor!
30Resource Optimization with GravityZone SVE Security ServerVMBD ToolsSCAN ENGINEPotentially available resources
31Security for Virtualized Environments Hypervisor agnostic; supports VMware, Citrix, Microsoft, AWS, Oracle, and Red Hat virtualizationComprehensive solution for Windows and Linux servers and VDI machinesIntegrated management VMware, Citrix, Amazon Web ServicesIncreased server consolidation with centralized antimalware: up to 30% more VMs per physical hostSmall footprint on the VMs: 60 MB of disk and 30 MB of memory in non-VMware environments
32Approach to virtualized environments Two GravityZone key componentsEnforcement point or endpoint agentWhat is in each VM, what and how it offloadsManagement of virtualized environmentWhat manages VM security, how it is integratedArchitectureSingle point of management
33Enforcement point: “Agentless” and “Light Agent” Two approaches available in Bitdefender Security for Virtualized Environments…VMware vShield EndpointProprietary solution, API for security vendor integrationProvides remote introspection from virtual appliance (scanning offload)Bitdefender Tools for vShield adds additional functionalityBitdefender ToolsEnd-to-end provided by Bitdefender
34Comparing “Agentless” versus “Light Agent” BD ToolsvShield Endpoint IntegrationHypervisor agnosticESXi onlyWindows and Linux VMsWindows onlyNo external dependencyRequires vShield ManagerScanning offload across hostsScanning offload within hostFail-over between VAsTied to VA on-host; no fail-overIn-VM GUINot native; in-VM GUI provided by BitdefenderOn-demand memory/process scanningNot native; provided by BitdefenderIn-VM footprint is BD ToolsIn-VM footprint is vShield file system driver (in VMware Tools) and optional BD Tools for vShield VMs
35Agentless protection with VMware vSphere Tightly integrated with VMware vShield Endpoint EPSEC APIVMware vCenter integrated management for unified visibilityBitdefender Tools:Extends coverage to non-Windows environments.Provides deep introspection capabilities: file systems, processes and memory
36VSHIELD - AGENTLESS PROTECTION vShield Endpoint SDKOther limitationsNo monitoring of:Running processesMemoryRegistry databaseMax 1 AV engine per hostDepends on VMware ToolsNo cache between hostsNo failover possible
37VSHIELD - AGENTLESS PROTECTION vShield Endpoint SDKAllow centralizedAV introspection as theVM is accessing localdisks.Only works for Windows!
38Hypervisor-agnostic security for complex datacenters Universal platform coverage - full support for any hypervisor: VMware, Citrix, Microsoft, Red Hat, KVM, Oracle, or any other virtualization.Protects virtualized desktops and servers running on: Windows & LinuxPre-trained, self-learning cache mechanismsCentralized antimalware for improved performance
39Load Balancing Deploy as many AV engines per host as you wish Shared cache between all AV enginesEndpoints will automatically be serviced by the AV engine with the fastest response time (allowed by policy)
40GravityZone SVE Management GravityZone has superior management for virtualized environments because is:Built from the ground-up for environments of todayDelivered as a virtual applianceIntegrated with vCenter, XenServer, Active Directory, etc.Scales horizontally – to get more horsepower, add more VMs to a deploymentIncludes MongoDB; non-relational, open-source database; single database instance can be spread across 1000 nodes
41GravityZone SVE Management Virtual applianceEach VA can play one or more role (load balancer, database, management console) to distribute across geographies, scale as much as neededBuilt-in load distribution, fault tolerancevCenter, XenServerManagement integration is key to keep-up with hugely dynamic environmentsSupports ESXi, Xen, Hyper-V, RedHat, Oracle, etc.Extend to public cloud easily (VPC in AWS, for example)
42Bitdefender Tools Windows and Linux version Static installation – requires no updating50 MB disk space inside each VMThree major components:Gateway, allowing centralized engine to access the system Maximum 15MB memory footprint No CPU load Runs as an unstoppable local serviceLocal tools (uncompress, file move, file deletion, etc.Optional UI, including pop-up notification, policy controlled
43Optimized scanning technique Myfile.extension = 25 MB on diskSegments capable of execution, which might contain malicious code = 2.5 MBFile areas scanned using Bitdefender technology: 2.5 MB
44Multi-level cachingUnique files and processes are only scanned once, regardless VM or AV engine (SVA)Modified files are rescanned, but only on changed areasConsequence: reduced CPU and I/O activity
45Login VSI: “Best-performing virtualization security out there” Server consolidation is keyLowest latency and baselineon virtual desktops
46GravityZone: Drive Performance GravityZone showed a 30% increase in VDI density.Customers report lower operational costs and significant savings in time and effort, based on GravityZone management tools and simple deployment.GravityZone is elastic, which allows customers to spin up or scale down virtual appliances, physical machines and devices, on demand.
47performance leadership No reboots required – anywhere!SVE engine is pre taught on most commonly known Microsoft recommended exclusionsIncreases VM density by 30% Proved using Login VSI performance tools.
48GravityZone SVE Key benefits Better ROI on virtualization projects.3rd party tested 30% increase in VM density. Removes all issues of traditional antimalware and helps to attain virtualization objectives.Protect multi-platform virtualized datacentersThe only hypervisor agnostic solution – protects VMware, Citrix, Microsoft. Oracle, KVM, Red Hat or any virtualization platform from one console.Improved operational efficiencyAutomated tasks due to integration with VMware vCenter and Citrix XenServer. Turn-key deployment of Security Server virtual appliance.Best performance in VDI environmentsLowest impact on applications running in virtualized environments, when compared to other virtualization security solutions. (VSI Login tests)
49GravityZone SVE Common Questions Isn’t vShield “agentless”?Great marketing term; really means “no security vendor footprint in-VM”VMware provides file system driver in VMware toolsGUI, memory/process scanning layered on top by security vendorWhich has fewer components?BD Tools has BD Tools in-VM, GravityZone managementvShield integrated version has vShield Manager, VMware Tools, BD Tools for vShield VMs, GravityZone managementAre they mutually exclusive?At the VM level, yes; either BD Tools or vShield + BD Tools for vShield VMsAt the management level (deployment level), no
51Security for Endpoints Multiple protection levels with Bitdefender antivirus engines, B- HAVE and AVC technologies for any number of desktops, laptops and serversRemote deployment and real- time control and monitoring of all systemsProductivity module that enables the administrator to control or restrict internet access or access to certain applicationsActive Directory integration and proprietary endpoint discovery
52Security for Endpoints features Protects Windows* laptops, desktops and serversUn-obstructive protection - requires no end-user interactionTwo-way firewall, with intrusion detectionWeb access control and filteringSensitive data protectionApplication controlLow resource consumptionOptimized system scanning
53Security for Endpoints - Features & Benefits Protects Windows laptops, desktops, servers and tabletsOne single AV solution across various corporate terminalsUnobtrusive protectionRequires no end-user interaction. Comes with a GUI to inform the user on the security status, tasks and events occurring on the protected systemLow resource consumptionRuns silently in the background without slowing the system. Lightweight, not overloaded with unnecessary features.Two-way firewall with IDSMonitors network packages and blocks intrusion or hijack attempts when connecting to public networks.Web and application controlImproves employee productivity by scheduling or restricting access to specific websites and applications that may be considered untrusted or improper in a workplace.Antiphising and sensitive data protectionPrevents loss of confidential data and protects against phishing, fraud, or malicious web content.Remote installationEasy to deploy remotely within the network through Microsoft AD or Network Discovery on computers outside AD. The solution can automatically detect and remove other incompatible security solutions at installation time.NEW: Endpoint Security Relay (currently called Super Agent in the Administrator's Guide)This role from Security for Endpoints acts as a single point of exit (relay) for geographically-dispersed organizational units/ branches. It helps to save bandwidth consumption and optimizes the update traffic by leveraging the update server functionality.
55GravityZone Mobile Client delivery Centralized management integrated with Microsoft Active DirectoryEase of access via Apple Store and Google PlaySimple app activation through QR code scanningAutomatic updates via Marketplace
56Security for Mobile Devices features Centralized management, integrated with Active DirectoryApplication and updates delivered via marketplaceDevice compliance detection: allow or deny rooted/ jailbroken devices - NACNon-compliance actions: Ignore, Deny Access, Lock, WipeRemote locate, lock/unlock and wipe deviceLocate device on mapReal-time protection with on-access scanning (Android)Removable media encryption (Android)Remote scan tasks (Android)Removable media scanning on mount
57Security for Mobile Devices - Features & Benefits Unified ManagementCentralized administration of mobile, physical and virtualized endpoints through an easy-to-use web-based consoleIntegrated with Active DirectorySimple deployment through Active Directory user groups Ensures consistent security policies on all users’ devicesInstallation and updates via Google Play /App Store Enrollment invites by Simple app activation through QR code scanningRemoves the need of users visiting IT help desk due to easy self setup No end-user interventionScreen locking with passwordControls device screen lock and authentication for effective device protectionRemote device location, lock, unlock and wipe capabilities (from Control Center network inventory)Finds lost devices by showing them on map Prevents use of lost devices by remote locking Prevents data leakage by wiping data remotelyDetection and access control of rooted and jailbroken devicesAllows enterprise-wide policies to be applied on rooted/ jailbroken devicesDevice compliance checking and automatic non-compliance actions (Ignore, Deny Access, Lock, Wipe, Unlink)Prevents non-compliant devices from accessing corporate data and servicesProfiles: Wi-Fi settings, VPN settings (iOSonly), Web Access, Web Access Control for Android (with built-in browser), Safari settings for iOSAdapts the security needs of both professional and personal use of mobile devices Simplifies management of VPN and Wi-Fi access point settingsDevice inventory management (including hardware, network and OS details)Provides full visibility into the mobile device network Keeps track of devices’ IMEI and serial numbers Admins can use the device Wi-Fi MAC to restrict access to corporate Wi- Fi access pointsAndroid security:- Real-time malware protection - On-demand scanning from Control Center - Require Android encryption (Android 3+)Keeps the device safe with real-time scanning of installed applications and SD cards Ensures detection of malware with remote scan Activate encryption in Android OS, keeping sensitive data safe