Professional Documents
Culture Documents
W W W. B I T D E F E N D E R . C O M
GRAVITYZONE™
THE SECURITY PLATFORM FOR
END-TO-END BREACH AVOIDANCE
1/25/23
INNOVACIÓN
3
A GLOBAL CYBER-SECURITY
INNOVATOR
Construimos tecnologias de end-to-end breach avoidance & cyber-reslience
@endpoint @network @cloud @human
First machine learning- First automated stream detection First IoT security Tunable machine learning First integrated Prevention,
based detection based on machine learning (Bitdefender Box) (HyperDetect) Detection, Response and
Risk Analytics
First noise reduction First use of deep learning to Only Hypervisor-based First Vendor to deliver
algorithm for finding increase detection rates memory introspection (HVI) tunable machine learning in
misclassified samples agentless
Bitdefender
6 6
BASED ON ENTERPRISE AV COMPARATIVES RESULTS FROM JAN 2018 UP TO SEP 2019
(REAL-WORLD PROTECTION, PERFORMANCE & MALWARE PROTECTION TESTS).
CONFIDENTIAL
RECOGNIZED BY
GLOBAL SECURITY ANALYSTS &
REVIEWERS
TRUSTED BY
ENTERPRISES AND LAW
ENFORCEMENT AGENCIES
Leader in the inaugural Forrester® WAVE ™
for Cloud Workload Security PROTECTING KEY ORGANIZATIONS
WORLDWIDE
RELIED ON
in key technology
partnerships
7 1/25/23
TECHNOLOGY LICENSING (OEM)
Known Threats
HARDER TO EXECUTE
SOPHISTICATION
ataques
puedes ser
parados con
Ataques usando exploits
herramientas
adecuadas
Fileless attacks
< 1% necesita
más investigación Targeted attacks, Low and slow, Insider Threats
entre varias capas
de ML
9
1/25/23
LAS HERRAMIENTAS FRAGMENTADAS ATRASAN LA RESPUESTA ADECUADA A
LOS ATAQUES AVANZADOS
Están creando
montones de alertas
10
1/25/23
LA RESPUESTA ADECUADA REQUIERE DE
TECNOLOGÍAS INTEGRADAS
PREVENCIÓN AI & MACHINE
DESTACADA LEARNING
Para parar lo máximo Para detectar
que puedas amenazas
desconocidas y
ataques avanzados
RESPUESTA INVESTIGACIÓN
AUTOMATIZADA AUTOMATIZADA
Efectiva y con Para acelerar la
sugerencias de respuesta
mejora de la postura
11 de seguridad ENDPOINT, NETWORK, CLOUD & HUMAN
1/25/23
Análisis de la causa raíz,
EL CICLO DE LA SEGURIDAD
INVESTIGAR Análisis histórico
Threat Intelligence
integrado
Análisis comportamental,
Respuesta
RESPONDE adecuada y
efectiva
R
12
1/25/23
Respond to Identify &
Security Incidents Analyze Risks
Cyber
Resilience
1313
1/25/23 CONFIDENTIAL
ENDPOINT SECURITY:
RISK MANAGEMENT, NEXT-GEN EPP, EDR
Prevención avanzada
14 1/25/23
GravityZone Plataforma Integrada
15
2. DETECCIÓN
Detección rápida e intuitive con
visibilidad 360° a nivel de endpoint , red,
cloud e IOT
SEGURIDAD 1. PREVENCIÓN
INTEGRADA Más de 99% de los ataques
bloqueados antes de llegar a los
4. HARDENING
& RISK MANAGEMENT
Reducción pro-activa de la superficie de
ataque
16
16
1/25/23
1/25/23
PREVENCIÓN
EMAIL EXPLOIT
SECURITY DEFENSE
SERVICIOS
INTEGRADOS NETWORK
ATACK
AUTOMATIC
SANDBOX
RISK DETECCIÓN
LAS BRECHAS ANALYTICS
FIREWALL WEB THREAT PATCH
PROTECTION MANAGEMENT GLOBAL
INCIDENT ROOT CAUSE
VISUALIZATION ANALYSIS
ANOMALY
DEFENSE &
THREAT
MANAGED
PROFESSIONAL THREAT
DETECTION & PREMIUM
SERVICES INTELIGENCE
RESPONSE SUPPORT
SERVICE
(MDR)
17 1/25/23
SERVICIOS
Pre-Hardenened
Attacker
CONTROL
LAS CAPAS DE
PROTECCIÓN PARA LOCAL & CLOUD HYPERDETECT™
Pre-Execution
UNA EMPRESA
FILELESS ATTACK AUTOMATIC
MACHINE LEARNING (TUNABLE MACHINE DEFENSE SANDBOX ANALYZER
LEARNING)
CIBER-RESILIENTE
Run Malware
Visibility &
18 INCIDENT
VISUALIZATION
MITRE EVENT
TAGGING
ROOT CAUSE
ANALYSIS
SANDBOX
INVESTIGATION Response
1/25/23
END-TO-END BREACH AVOIDANCE PLATFORM
Arquitectura de referencia
Local Datacenter
Enterprise Endpoints
Firewall Router
20
Endpoint Risk Management
Como funciona
• Risk Management & Analytics está monitorizando continuadamente los
endpoints para detectar Malas Configuraciones, Vulnerabilidades software y
Riesgos inducidos por los Humanos, haciendo recomendaciones de priorización y
remediación para ayudarle mitigar los riesgos y reducir la superficie de ataques
• Automatic fix disponible para muchos indicadores
22 1/25/23
GravityZone Endpoint Risk Analytics
Elimina las malas configuraciones, las vulnerabilidades de los
dispositivos o aplica configuraciones alternativas para reducir el riesgo
23 1/25/23
GravityZone Endpoint Risk Analytics
Elimina las malas configuraciones, las vulnerabilidades de los
dispositivos o aplica configuraciones alternativas para reducir el riesgo
24 1/25/23
GravityZone Endpoint Risk Analytics
Elimina las malas configuraciones, las vulnerabilidades de los
dispositivos o aplica configuraciones alternativas para reducir el riesgo
25 1/25/23
GravityZone Endpoint Risk Analytics
Elimina las malas configuraciones, las vulnerabilidades de los
dispositivos o aplica configuraciones alternativas para reducir el riesgo
26 1/25/23
ERA @ Human Risk
Los errores humanos que pueden tener un impacto en la organización
Analiza las acciones humanas e identifica los comportamientos de los usuarios que
pueden inducir riesgos de seguridad
28 1/25/23
ERA @ Human Risk
Identifica los usuarios de más riesgo de la Organización
29 1/25/23
Endpoint Prevention
30
CONFIDENTIAL
ADVANCED THREAT CONTROL (ATC):
DETECCIÓN DE LAS ANOMALÍAS
COMPORTAMENTALES
Protége contra:
• Obfuscated malware
• Ataques dirigidos
• Malware a medida
• Ataques basados en
scripts
• Exploits
• Malware con inicio
retrasado
• Ataques en la
memoria
• Process Injection
• Privilege escalation
Advanced Threat Control monitors actions of specific processes as they are
• Fileless attacks running in the OS. It looks for behavior specific to malware and assigns a score
• Ransomware for each process based on its actions and the context in which those were
done. When the overall score for a process reaches a given threshold, the
process is reported as harmful and the configured action is applied.
31 1/25/23
RANSOMWARE MITIGATION : (ON PREMISE)
monitoriza y bloquea los Once a remote attack is blocked, the IP of the remote machine is blocked for 2h from
accessing the type of files we monitor in a ransomware attack on that respective share.
ataques ransomware usando
terminal services
Data are Tamper protected, which means no ransomware will be able to delete our backup
32 1/25/23
ADVANCED ANTI-EXPLOIT:
PROTEGE CONTRA LOS EXPLOITS
Protección contra:
33 1/25/23
HYPERDETECT – TUNABLE MACHINE LEARNING
Protección avanzada
usando ML contra:
• Zero-days
• APT - advanced Set the detection-aggressiveness level…
persistent threats …to counter relevant threats
• Obfuscated malware
• Fileless attacks
• Ataques dirigidos
• Malware a medida
• Ataques con scripts
• Exploits
Gain full visibility and enable automatic action
• Hacking tools
• Tráfico de red
sospechoso
• PuA
• Ransomware
34 1/25/23
NETWORK ATTACK DEFENSE
35 1/25/23
SANDBOX ANALYZER (CLOUD/ON-PREM)
36 1/25/23
Delivers in-depth reporting on malware behavior
Attack Forensics & Visualizations (EPP - ELITE)
38 1/25/23
ATTACK FORENSICS & VISUALIZATIONS
39 1/25/23
Endpoint Detection & Response
40
ENDPOINT DETECTION & RESPONSE
Command and
Weaponization Exploitation
Control
Actions on
Reconnaissance Delivery Installation
Objectives
41
1/25/23
EDR WORKFLOW & VISUALIZATION
42 1/25/23
INCIDENT VISIBILITY, FAST TRIAGE,
INVESTIGATION AND RESPONSE
43 1/25/23
CURRENT & HISTORIC DATA SEARCH
FOR THREAT HUNTING
44 1/25/23
MITRE ATT&CK FRAMEWORK
45 1/25/23
46 1/25/23
47 1/25/23
48 1/25/23
49 1/25/23
GravityZone BEST ASR ADD-ONs
50
CONFIDENTIAL
GravityZone Full Disk Encryption
51 1/25/23
GravityZone Patch Management
• Escaneo programado para identificar los parches que faltan
Automatic Patching • Escaneo diferencial para parches de seguridad o comunes
• Parcheo automatizado para la mayoría de los fabricantes comunes
54
CONFIDENTIAL
LIVE ANALYSIS OF ALL
NETWORK TRAFFIC
With high fidelity alerts
Real-time
RESOLVE YOUR network-level
ENTERPRISE detection
NETWORK
CHALLENGES
Extend the enterprise cyber defense with network-
based security. Protect your IoTs and BYODs
56 1/25/23
COMPLETE VISIBILITY ON SECURITY INCIDENTS
Across entire environment, for managed and unmanaged devices
57 1/25/23
NTSA RESOLVES YOUR ENTERPRISE
NETWORK CHALLENGES
EXTEND THE ENTERPRISE CYBER DEFENSE WITH NETWORK-BASED
SECURITY. PROTECT YOUR IOTS AND BYODS
58 1/25/23
BITDEFENDER NTSA INTELLITRIAGE
From Manual Threat Hunting to Automated Triage
59
Bitdefender NTSA
1/25/23
AUTOMATIC RESPONSE TO ADVANCED THREATS
Through the integration with GravityZone ULTRA
60 1/25/23
GravityZone Security for Storage
61
CONFIDENTIAL
What kind of storage
are we protecting?
62 1/25/23
HOW SECURITY FOR STORAGE WORKS
1 User device requests access to files 2 Storage system (ICAP client) submits the files for
scanning
File 1 File 2 ? ?
SVA
File 2 x
User device Nutanix® AFS GravityZone® ICAP server
Citrix® ShareFile
Any ICAP-compliant NAS
4 Storage system only grants access to safe 3 SVA (the ICAP server) shares scan results
files
63 1/25/23
HOW SECURITY FOR STORAGE WORKS
1 User device requests access to files 2 Storage system (ICAP client) submits the files for
scanning
File 1 File 2 ? ?
SVA
File 2 x
User device Nutanix® AFS GravityZone® ICAP server
Citrix® ShareFile
Any ICAP-compliant NAS
4 Storage system only grants access to safe 3 SVA (the ICAP server) shares scan results
files
64 1/25/23
GravityZone EMAIL Security
65
CONFIDENTIAL
EMAIL SECURITY
Protects from Multi-Channel Threats
• Attacks initiated via email quickly move to Web
and/or Cloud channels
66 1/25/23
• Integration provides end-to-end attack protection
HOW ESG PROTECTS YOUR MAIL FLOWS
Some examples:
On-Prem Cloud
68 1/25/23
GRAVITYZONE EMAIL SECURITY ARCHITECTURE
How ESG Works?
69 1/25/23
EMAIL SECURITY GATEWAY FEATURES
Multi-layer Approach
Comprehensive visibility, data protection and compliance Outbound Filtering
Charts deliver visibility over mail flow, rules triggered and actions taken. Admins can use standard reports or Filters and controls content
create custom reports and alerts based on specific triggers. A detailed audit is available including the actions
and triggers and logs can be achieved automatically after 90 days. The solution helps protect confidential
in outbound messages
information and simplify compliance with functionality such as Advanced Mail Routing Engine
Data Loss Prevention and the ability to enforce TLS encryption Offers complete control over mail flow, and supports
10.000+ Algorithms multiple email providers all in a single domain
Behavioural analysis alone includes over 10,000
Executive Tracking
algorithms analyzing more than 130 variables
Detection of real names in external messages
extracted from each email message
Complete Control over Mail Flow Threat Intelligence
A powerful policy engine enables control over email delivery and Domain and IP based risk scoring
message filtering based on a set of attributes, including size, Machine Checks
source, destination, keywords, and more Sender, Sending Server, Authentication Checks
Content Analysis (inc. SPF)
Lexical analysis of subject and message body (inc. attachments)
AV
Multiple signature and behaviour based AV engines (inc. static analysis)
70 1/25/23
GravityZone Email Security is available with the
GravityZone Cloud console
EMAIL SECURITY GATEWAY FEATURES
Time-of-click protection
Rewrites links in messages and protects users at time-of-click, whether that’s seconds or days after a message has
been received, with flexible policies and block and warn (continue with caution) notification pages. Multiple reputation
services are combined with real-time page content analysis to accurately determine if a target page is malicious at the
point in time that the user clicks the link.
71 1/25/23
EMAIL SECURITY GATEWAY FEATURES
Time-of-click protection
72 1/25/23
Managed Detection & Response
73
CONFIDENTIAL
END-TO-END BREACH AVOIDANCE
Focus on strategic Realize the full value Secure the business Support decision
initiatives rather than from your security with a state-of-the-art making with real-time
on mundane alerts investments security operation actionable security
context
MDR lets your team focus on strategic priorities rather than chasing down alerts,
while delivering situational awareness and strategic insights about your business
END-TO-END BREACH AVOIDANCE
DETER
• Endpoint Detection / Prevention • Technical Account Management
• Endpoint Risk Analytics • Pre-Approved Actions
DETECT
• Network Traffic Analytics REPORT • Real-Time Dashboards
Can you execute upon your defined security goals and priorities? MDR can accelerate
your movement up the security maturity curve. Are you ready to take the next step?
Advanced Threat Intelligence
78
CONFIDENTIAL
Bitdefender at a glance
Cyber-security leader in over 150 countries
1/25/23 84
Threat Intelligence Benefits
The backbone on any successful cyber-security strategy
If a more focused data set is needed, a separate category of feeds exists which returns only the data observed
in the last 7 days
Files that are Certificates Known to Known to spread IPs behind Domains Command Domains Domains
known to be known to sign contain some malware, highly hosting & Control associated associated with
part of threats files that are sort of threat, phishing and targeted Advanced server IPs with malicious
or attacks part of attacks such as botnet other threats cyber-attacks Persistent that are hard phishing threats
C&Cs or DoS (APTs) Threats to catch threats
attacks
ATI Services ATI Services ATI Services ATI Services ATI Feeds ATI Feeds ATI Feeds ATI Feeds ATI Feeds
• With an easy-to-use API, our feeds provide advanced threat intelligence on the
latest APTs (IPs, file hashes, domains), Command & Control server IPs, Phishing
and Malware Domains as a CSV file.
• Example: https://feeds.ti.bitdefender.com/feeds?feed_name=<APT-IPs-feed I
APT-filehashes-feed | CNC-IPs-feed >
• Output
• ip,threat_name,threat_family,updated_at
• 10.32.13.23,gen:variant.koobface.1|
trojan.generic.10421639,generic,1544629037
• 74.208.120.97,gen:variant.koobface.1,generic,1542629037
• 188.166.12.93,trojan.generic.10214255,generic,1542627037
92
UNIVERSAL
MAXIMIZES VISIBILITY AND
COVERAGE
MANAGEABILITY
Control
Bitdefender Center
Global Protective
Network
VM 1 VM 2 VM 3 SVA
VM 1 VM 2 VM 3
Any hypervisor
Public cloud IaaS
Physical endpoints On-premises infrastructure
(AWS, Azure)
93 1/25/23
HOW SVE
WORKS?
GravityZone
Control Center
Security Server
VM VM VM VM
Featherweight agent
Any hypervisor
SVA redundancy
94 1/25/23
SVE CACHING ARCHITECTURE
Central Cache
VM1 VM2
95 1/25/23
EFFICIENT THREAT-DETECTION TECHNIQUE
FILE.EXTENSION
96 1/25/23
Security-Automation
Across the Virtual Infrastructures
97
Easier manageability
WITH INFRASTRUCTURE-AWARE SECURITY
• Integration with infrastructure-management tools gives GravityZone real-time awareness of the operating
environment, automating and simplifying security deployment and administration
Remote platform deployment & configuration Automatic security-license recovery & reuse
Automatic security-server & agent deployment Latency-reducing security HA & load distribution
GravityZone Customer
98 1/25/23
Lower Performance Footprint
99
GravityZone™ CLOUD-SECURITY
No Antimalware
248
Bitdefender GravityZone
SVE Multi-Platform
228
Bitdefender GravityZone
Up to 55% Higher SVE (Agentless with NSX) 209
Virtualization Density TrendMicro Deep Security
206
McAfee MOVE
(Agentless with NSX) 204
TrendMicro Deep Security
(Agentless with NSX) 196
Kaspersky
167
Symantec
Endpoint Protection 147
1/25/23
BETTER END-USER EXPERIENCE
Via Faster Application Performance
Response Time of an Unstressed System (Milliseconds)
No Antimalware
807
Bitdefender GravityZone
SVE Multi-Platform 866
Up to 36% Faster
Kaspersky
874
Application Response TrendMicro Deep Security
(Agentless with NSX) 875
TrendMicro Deep Security
931
Bitdefender GravityZone SVE
(Agentless with NSX) 934
Symantec Endpoint Protection
955
1,357
McAfee MOVE
(Agentless with NSX)
101 LATENCY
GravityZone Security for Storage
102
What kind of storage
are we protecting?
103 1/25/23
HOW SECURITY FOR STORAGE WORKS
1 User device requests access to files 2 Storage system (ICAP client) submits the files for
scanning
File 1 File 2 ? ?
SVA
File 2 x
User device Nutanix® AFS GravityZone® ICAP server
Citrix® ShareFile
Any ICAP-compliant NAS
4 Storage system only grants access to safe 3 SVA (the ICAP server) shares scan results
files
104 1/25/23
HOW SECURITY FOR STORAGE WORKS
1 User device requests access to files 2 Storage system (ICAP client) submits the files for
scanning
File 1 File 2 ? ?
SVA
File 2 x
User device Nutanix® AFS GravityZone® ICAP server
Citrix® ShareFile
Any ICAP-compliant NAS
4 Storage system only grants access to safe 3 SVA (the ICAP server) shares scan results
files
105 1/25/23
Hypervisor Introspection
Memory Access Protection for Citrix HV & KVM
106
HVI: THE APT SLAYER SEES WHAT OTHERS DON’T
107 1/25/23
HVI: THE APT SLAYER SEES WHAT OTHERS DON’T
108 1/25/23
GravityZone Sandbox Analyzer
On Premises
109
WHAT IS SANDBOX ANALYZER
Sandbox Analyzer provides controlled environment for dynamic analysis
• Baseline measurements of environment
• Suspicious code execution
• Evaluate changes and provide forensics report
Data privacy
Samples are executed in customer environment
111 1/25/23
SOLUTION ARCHITECTURE
GravityZone
Control
• Sandbox Manager – the sandbox Center Internet
orchestrator.
• This component connects to the
ESXi hypervisor via APIs and is
using the hardware resources to
build and operate the malware
analysis environment.
Sandbox
Manager VM VM VM
• Detonation VMs – virtual machines (VA) Detonation Detonation Detonation
• Endpoint Sensor
Implemented in Bitdefender Sandbox
Endpoint Security Tools (BEST) Manager
client (VA)
Provides pre-filtering functionality –
doesn’t submit known bad files
Leverages advanced machine
learning and neural networks
algorithms to determine suspicious
content that needs to be further
analyzed by Sandbox Analyzer.
Automatic submission
Sensor
Sensor Sensor
113 1/25/23
SOLUTION ARCHITECTURE
114 1/25/23
SUPPORTED FILE TYPES
MS Office file-types: doc, docx, pptx, xps, rtf etc. ; Adobe Reader pdf etc.
115 1/25/23
Security for MSP
Managed Security Providers
116
GRAVITYZONE SECURITY FOR MSPs
• Automation through APIs and integration with RMM/PSA, AWS, SIEM, and other systems
• Monthly-Based licensing
117 1/25/23
MSP Benefits Partner 1 - 500 Seats
118 1/25/23
Endpoint Security (BEST)
Bitdefender Endpoint Security Tools
119
BEST
Client Software
Bitdefender
Security Security
Cloud Server
121 1/25/23
BEST WITH RELAY ROLE
122 1/25/23
Delivers in-depth reporting on malware behavior
GravityZone On Premise Architecture
123
GRAVITYZONE CONTROL CENTER (ON PREMISE)
GravityZone Control Center is delivered as a virtual appliance, available in Additional GravityZone appliance
several different formats compatible with the main virtualization platforms. roles:
preconfigured virtual machine running a hardened Linux Server - Role Balancer allows to install
distribution (Ubuntu 16.04) multiple instances of the Communication
Server role or Web Server role. It ensure High
The GravityZone appliance can run one, several or all of the following Availability and scalability.
roles: The built-in Role Balancer role cannot be installed together with
other roles on the same GravityZone appliance.
GravityZone Appliance Roles Nr. of deployments
At least 1, otherwise 3, 5, 7 for 3rd party software or hardware Role Balancers can also be used.
Database Replica Set
Update Server No more than 1 - Report Builder allows to create and manage queries and
GravityZone Web Server At least 1 detailed query-based reports in GravityZone.
Control Center Communication Server At least 1
You have to install 2 Report Builder server roles on 2 different
Incidents Server At least 1
instances of the Report Builder Appliance:
Load Balancer Optional Deployment 1. Report Builder Database
2. Report Builder Processors
124 1/25/23
CONTROL CENTER HIGH AVAILABILITY (DATABASE)
This mechanism allows installing multiple database instances across a distributed GravityZone environment.
125 1/25/23
CONTROL CENTER HIGH AVAILABILITY (DEPLOYMENT SCENARIOS)
126 1/25/23
THANK YOU!
GRAVITYZONE™
THE SECURITY PLATFORM FOR
end-to-end breach avoidance
127
1/25/23