Bitdefender GravityZone SME Security Solution

Gravity Zone is A resource-efficient security solution Simultaneously provides high performance and protection Delivering centralized management Easy deployment Freedom to choose any combination of: Virtualization vendors Cloud providers Physical devices, virtual platforms and virtual machines

Security for Traditional and Hybrid Cloud Endpoints GravityZone Security Solution Hybrid Cloud On-Premise Public Cloud Private Cloud Traditional & Mobile Endpoints

MULTI-PLATFORM Coverage

Enterprise-wide unified management

GravityZone Target Customers 1. SME with Data Centers focused on virtualization 2. xSPs (Services Providers with Data Centers and Cloud) 3. SMB adopting virtualization

GravityZone: Defeat Threats Top protection and compliance for endpoints, virtualization and cloud environments #1 rated Bitdefender technologies provide the best protection, and best removal- performance and speed Constantly outperform competition at protection, performance and usability according to AV-Test Corporate: Windows 8 - October 2014 Windows 7 - August 2014 Windows XP - June 2014

GravityZone: Deliver Control GravityZone is hypervisor-agnostic and delivered as a virtual appliance for quick and easy deployment across any combination of virtualization platforms and devices Unlike others, GravityZone provides a unified management console across all security services on physical, virtualized and mobile endpoints. GravityZone is integrated with VMware vCenter, Citrix XenServer and Microsoft Active Directory.

GravityZone: Key Features Built-in redundancy and high availability Duplication of roles for the GravityZone appliance : Database, Update server, Web console (Control Center) and / or Communication server Even distribution of scanning traffic with load balancing Integrated management and control Support for VMware vCenter, Citrix XenServer and Microsoft Active Directory Enforcing security policies on entire inventory objects including hosts, VM folders or resource pools. Intuitive reporting and monitoring Granular access rights for permission-based access to Control Center Detailed, centralized reporting on the security state across the organization: Malware activity, network and update status Instant access through 12 configurable portlets on the Dashboard

GravityZone: Key Benefits Simplicity and ease of use: Straightforward administration from the GravityZone Control Center, with separate views and specific policy sets for each of the three security services. One security platform across multiple regions: Architected to scale globally and protect organizational units across distributed regions. By operating on any or all four appliance roles that can be partially load balanced, GravityZone can be connected to, and managed centrally from, different local deployments, worldwide. Turnkey deployment from a single virtual appliance: Alleviate administrative overhead with root-level initial setup from CLI and one-time configuration of the scanning appliances, without the need to deploy and configure other components. Flexible modular licensing: Every security service is licensed separately and can be activated whenever necessary to accommodate business growth. Licensing per CPU socket provides even greater flexibility to companies with VDI infrastructures

GravityZone licensing and pricing Service License type - Subscription License units count GravityZone Control Center Provided for free with any security service Security for Endpoints 1, 2 or 3 years # of protected desktops, laptops and servers Security for Virtualized Environments # of protected virtual desktops (VDI) and # of virtual servers (VS) - or - # of physical CPUs that powers the protected virtualized environment Security for Mobile Devices # of protected smartphones and tablets Free trial for 60 day of the fully featured product available Technical support for Proof of Concept available

November 2014 updated features Centralized notification area New reports Syslog configuration Status alert customization Offline registration Database role replication

Benefits Features Benefits Centralized notification area New reports Syslog configuration Enhanced support for audits and compliance (HIPAA, PCI,…) Status alert customization Admin friendly Database role replication Scalability and resilience Offline registration Cover a wide range of use cases now including closed networks

New Reports Status Report Modules – shows installed endpoint agent modules and their status; Security for Virtualized Environments VM update status report; SVA status report (including load); Malware reports at file level Full details All events Most requested features: malware event report with files details! DONE

Centralized Notification Area Notification center Unified Easy configuration All channels available: Console Email Syslog Most requested feature: malware detection email notification! DONE

Customizable Status Alert Syslog Configuration Available in the console Select relevant events Customizable Status Alert Policy based and granular configuration Admin choses when the agent turns RED Offline GravityZone Registration Offline environments For “paranoid” industries: Gov …

Database Role Replication MongoDB automated replication Replica set

GravityZone Security Services GravityZone Control Center Unified security for physical, virtualization and mobiles Built in redundancy and auto-scaling Integrated with 3rd parties like VMware, Citrix & Microsoft Security for Virtualized Environments Remote scan protection for ANY hypervisor Increased server consolidation Windows and Linux support Security for Endpoints Windows systems and Mac protection Host-based firewall, IDS, web filtering & control, data protection and application control Security for Mobiles Devices IOS and Android support Device compliance & profile control On-access scanning & encryption

GravityZone Security for Virtualized Environments (SVE)

IT budgets for 2014 of Progressive SMEs Spiceworks report: North America IT spend in 2014

IT budgets for 2014 of Progressive SMEs Spiceworks research: State of SMB IT 1H 2013

Virtualization market drivers and adoption Traditional Antimalware Virtualization penetration has surpassed 50% of all server workloads, and continues to grow.

THREAT OVERVIEW From 32.000 new unique malware every day to +300.000 in just 5 years! Source: AV-Test in Germany.

AV signature update frequency Every 24 hours Every 8 hours Every 8 hours Hourly Even hourly updates present 12,500 possible infections per hour, when AV-Test is Registering +300,000 new threats per day..

Conventional Challenges Boot Latency AV-Storm Storage IO Administration Exclusions vShield Concurrent Updates

TRADITIONAL AGENT BASED PROTECTION Client on every VM Antimalware engines, signatures, cache databases are stored locally and requires constant updates Typically, 750MB – 1GB of disk space and 170-250 MB of memory when loaded, more memory when scanning

TRADITIONAL AGENT BASED PROTECTION Resource contention Clients on virtual machines compete for host resources with production workloads Exacerbated when clients simultaneously start scan processes on several VMs or download and install updates Massive impact on CPU, memory and I/O activity on the storage

TRADITIONAL AGENT BASED PROTECTION Boot latency and boot time security gaps Scanning engines and signatures loading Recovering from older snapshots/backups Check for updates after loading  This time window leaves the system unsecured and vulnerable to malware attacks

TRADITIONAL AGENT BASED PROTECTION CONCLUSION: It’s better than having no protection at all, BUT: Ridiculously high resource consumption (Memory, CPU, Storage, I/O) Unintelligently duplicating AV operations over and over Highly capably of generating bottlenecks More or less impossible with VDI Time consuming to deploy, manage and monitor!

Resource Optimization with GravityZone SVE Security Server VM BD Tools SCAN ENGINE Potentially available resources

Security for Virtualized Environments Hypervisor agnostic; supports VMware, Citrix, Microsoft, AWS, Oracle, and Red Hat virtualization Comprehensive solution for Windows and Linux servers and VDI machines Integrated management VMware, Citrix, Amazon Web Services Increased server consolidation with centralized antimalware: up to 30% more VMs per physical host Small footprint on the VMs: 60 MB of disk and 30 MB of memory in non-VMware environments

Approach to virtualized environments Two GravityZone key components Enforcement point or endpoint agent What is in each VM, what and how it offloads Management of virtualized environment What manages VM security, how it is integrated Architecture Single point of management

Enforcement point: “Agentless” and “Light Agent” Two approaches available in Bitdefender Security for Virtualized Environments… VMware vShield Endpoint Proprietary solution, API for security vendor integration Provides remote introspection from virtual appliance (scanning offload) Bitdefender Tools for vShield adds additional functionality Bitdefender Tools End-to-end provided by Bitdefender

Comparing “Agentless” versus “Light Agent” BD Tools vShield Endpoint Integration Hypervisor agnostic ESXi only Windows and Linux VMs Windows only No external dependency Requires vShield Manager Scanning offload across hosts Scanning offload within host Fail-over between VAs Tied to VA on-host; no fail-over In-VM GUI Not native; in-VM GUI provided by Bitdefender On-demand memory/process scanning Not native; provided by Bitdefender In-VM footprint is BD Tools In-VM footprint is vShield file system driver (in VMware Tools) and optional BD Tools for vShield VMs

Agentless protection with VMware vSphere Tightly integrated with VMware vShield Endpoint EPSEC API VMware vCenter integrated management for unified visibility Bitdefender Tools: Extends coverage to non-Windows environments. Provides deep introspection capabilities: file systems, processes and memory

VSHIELD - AGENTLESS PROTECTION vShield Endpoint SDK Other limitations No monitoring of: Running processes Memory Registry database Max 1 AV engine per host Depends on VMware Tools No cache between hosts No failover possible

VSHIELD - AGENTLESS PROTECTION vShield Endpoint SDK Allow centralized AV introspection as the VM is accessing local disks. Only works for Windows!

Hypervisor-agnostic security for complex datacenters Universal platform coverage - full support for any hypervisor: VMware, Citrix, Microsoft, Red Hat, KVM, Oracle, or any other virtualization. Protects virtualized desktops and servers running on: Windows & Linux Pre-trained, self-learning cache mechanisms Centralized antimalware for improved performance

Load Balancing Deploy as many AV engines per host as you wish Shared cache between all AV engines Endpoints will automatically be serviced by the AV engine with the fastest response time (allowed by policy)

GravityZone SVE Management GravityZone has superior management for virtualized environments because is: Built from the ground-up for environments of today Delivered as a virtual appliance Integrated with vCenter, XenServer, Active Directory, etc. Scales horizontally – to get more horsepower, add more VMs to a deployment Includes MongoDB; non-relational, open-source database; single database instance can be spread across 1000 nodes

GravityZone SVE Management Virtual appliance Each VA can play one or more role (load balancer, database, management console) to distribute across geographies, scale as much as needed Built-in load distribution, fault tolerance vCenter, XenServer Management integration is key to keep-up with hugely dynamic environments Supports ESXi, Xen, Hyper-V, RedHat, Oracle, etc. Extend to public cloud easily (VPC in AWS, for example)

Bitdefender Tools Windows and Linux version Static installation – requires no updating 50 MB disk space inside each VM Three major components: Gateway, allowing centralized engine to access the system Maximum 15MB memory footprint No CPU load Runs as an unstoppable local service Local tools (uncompress, file move, file deletion, etc. Optional UI, including pop-up notification, policy controlled

Optimized scanning technique Myfile.extension = 25 MB on disk Segments capable of execution, which might contain malicious code = 2.5 MB File areas scanned using Bitdefender technology: 2.5 MB

Multi-level caching Unique files and processes are only scanned once, regardless VM or AV engine (SVA) Modified files are rescanned, but only on changed areas Consequence: reduced CPU and I/O activity

Login VSI: “Best-performing virtualization security out there” Server consolidation is key Lowest latency and baseline on virtual desktops

GravityZone: Drive Performance GravityZone showed a 30% increase in VDI density. Customers report lower operational costs and significant savings in time and effort, based on GravityZone management tools and simple deployment. GravityZone is elastic, which allows customers to spin up or scale down virtual appliances, physical machines and devices, on demand.

performance leadership No reboots required – anywhere! SVE engine is pre taught on most commonly known Microsoft recommended exclusions Increases VM density by 30% Proved using Login VSI performance tools.

GravityZone SVE Key benefits Better ROI on virtualization projects. 3rd party tested 30% increase in VM density. Removes all issues of traditional antimalware and helps to attain virtualization objectives. Protect multi-platform virtualized datacenters The only hypervisor agnostic solution – protects VMware, Citrix, Microsoft. Oracle, KVM, Red Hat or any virtualization platform from one console. Improved operational efficiency Automated tasks due to integration with VMware vCenter and Citrix XenServer. Turn-key deployment of Security Server virtual appliance. Best performance in VDI environments Lowest impact on applications running in virtualized environments, when compared to other virtualization security solutions. (VSI Login tests)

GravityZone SVE Common Questions Isn’t vShield “agentless”? Great marketing term; really means “no security vendor footprint in-VM” VMware provides file system driver in VMware tools GUI, memory/process scanning layered on top by security vendor Which has fewer components? BD Tools has BD Tools in-VM, GravityZone management vShield integrated version has vShield Manager, VMware Tools, BD Tools for vShield VMs, GravityZone management Are they mutually exclusive? At the VM level, yes; either BD Tools or vShield + BD Tools for vShield VMs At the management level (deployment level), no

GravityZone Security for Endpoints

Security for Endpoints Multiple protection levels with Bitdefender antivirus engines, B- HAVE and AVC technologies for any number of desktops, laptops and servers Remote deployment and real- time control and monitoring of all systems Productivity module that enables the administrator to control or restrict internet access or access to certain applications Active Directory integration and proprietary endpoint discovery

Security for Endpoints features Protects Windows* laptops, desktops and servers Un-obstructive protection - requires no end-user interaction Two-way firewall, with intrusion detection Web access control and filtering Sensitive data protection Application control Low resource consumption Optimized system scanning

Security for Endpoints - Features & Benefits Protects Windows laptops, desktops, servers and tablets One single AV solution across various corporate terminals Unobtrusive protection Requires no end-user interaction. Comes with a GUI to inform the user on the security status, tasks and events occurring on the protected system Low resource consumption Runs silently in the background without slowing the system. Lightweight, not overloaded with unnecessary features. Two-way firewall with IDS Monitors network packages and blocks intrusion or hijack attempts when connecting to public networks. Web and application control Improves employee productivity by scheduling or restricting access to specific websites and applications that may be considered untrusted or improper in a workplace. Antiphising and sensitive data protection Prevents loss of confidential data and protects against phishing, fraud, or malicious web content. Remote installation Easy to deploy remotely within the network through Microsoft AD or Network Discovery on computers outside AD. The solution can automatically detect and remove other incompatible security solutions at installation time. NEW: Endpoint Security Relay (currently called Super Agent in the Administrator's Guide) This role from Security for Endpoints acts as a single point of exit (relay) for geographically-dispersed organizational units/ branches. It helps to save bandwidth consumption and optimizes the update traffic by leveraging the update server functionality.

GravityZone Security for Mobile Devices

GravityZone Mobile Client delivery Centralized management integrated with Microsoft Active Directory Ease of access via Apple Store and Google Play Simple app activation through QR code scanning Automatic updates via Marketplace

Security for Mobile Devices features Centralized management, integrated with Active Directory Application and updates delivered via marketplace Device compliance detection: allow or deny rooted/ jailbroken devices - NAC Non-compliance actions: Ignore, Deny Access, Lock, Wipe Remote locate, lock/unlock and wipe device Locate device on map Real-time protection with on-access scanning (Android) Removable media encryption (Android) Remote scan tasks (Android) Removable media scanning on mount

Security for Mobile Devices - Features & Benefits Unified Management Centralized administration of mobile, physical and virtualized endpoints through an easy-to-use web-based console Integrated with Active Directory Simple deployment through Active Directory user groups Ensures consistent security policies on all users’ devices Installation and updates via Google Play /App Store Enrollment invites by email Simple app activation through QR code scanning Removes the need of users visiting IT help desk due to easy self setup No end-user intervention Screen locking with password Controls device screen lock and authentication for effective device protection Remote device location, lock, unlock and wipe capabilities (from Control Center network inventory) Finds lost devices by showing them on map Prevents use of lost devices by remote locking Prevents data leakage by wiping data remotely Detection and access control of rooted and jailbroken devices Allows enterprise-wide policies to be applied on rooted/ jailbroken devices Device compliance checking and automatic non-compliance actions (Ignore, Deny Access, Lock, Wipe, Unlink) Prevents non-compliant devices from accessing corporate data and services Profiles: Wi-Fi settings, VPN settings (iOS only), Web Access, Web Access Control for Android (with built-in browser), Safari settings for iOS Adapts the security needs of both professional and personal use of mobile devices Simplifies management of VPN and Wi-Fi access point settings Device inventory management (including hardware, network and OS details) Provides full visibility into the mobile device network Keeps track of devices’ IMEI and serial numbers Admins can use the device Wi-Fi MAC to restrict access to corporate Wi- Fi access points Android security: - Real-time malware protection - On-demand scanning from Control Center - Require Android encryption (Android 3+) Keeps the device safe with real-time scanning of installed applications and SD cards Ensures detection of malware with remote scan Activate encryption in Android OS, keeping sensitive data safe