ENDPOINT NETWORK CLOUD HUMAN

END-TO-END BREACH AVOIDANCE

& CYBER RESILIENCE
Channel Marketing Manager
Horatiu BANDOIU
ISO 27001 LA

W W W. B I T D E F E N D E R . C O M
GRAVITYZONE™
THE SECURITY PLATFORM FOR
END-TO-END BREACH AVOIDANCE

1/25/23
 INNOVACIÓN

3
 A GLOBAL CYBER-SECURITY
INNOVATOR
Construimos tecnologias de end-to-end breach avoidance & cyber-reslience
@endpoint @network @cloud @human

38% DE LAS EMPRESAS DE

Fundada en 2001 1,600+ EMPLEADOS CYBER-SECURITY DEL MUNDO 20K+ PARTNERS
800+ EN I+D / ENGINEERING USAN BITDEFENDER 150+ OEM PARTNERS

4 4 ENTERPRISE HQ IN SILICON VALLEY (SANTA CLARA,

CALIFORNIA)
CONFIDENTIAL
 LIDER RECONOCIDO EN LA
INNOVACIÓN
TECNOLOGÍAS PATENTADAS USADAS POR 38% DE LOS FABRICANTES DE
CIBERSEGURIDAD

First machine learning- First automated stream detection First IoT security Tunable machine learning First integrated Prevention,
based detection based on machine learning (Bitdefender Box) (HyperDetect) Detection, Response and
Risk Analytics

2008 2011 2013 2014 2015 2016 2017 2018 2019

First noise reduction First use of deep learning to Only Hypervisor-based First Vendor to deliver
algorithm for finding increase detection rates memory introspection (HVI) tunable machine learning in
misclassified samples agentless

5 PATENT PORTFOLIO: 60 GRANTED, 28 EN MACHINE-LEARNING DESDE EL 2008.

CONFIDENTIAL
 RATIO SIN PRECEDENTE EN ATTACK
PREVENTION
Most #1 rankings in comparatives tests. Cualquier test, cualquier periodo

Bitdefender

Trend Micro McAfee Kaspersky ESET Sophos Microsoft CrowdStrike

75% 25% 17% 17% 17% 8% 0% 0%

6 6
BASED ON ENTERPRISE AV COMPARATIVES RESULTS FROM JAN 2018 UP TO SEP 2019
(REAL-WORLD PROTECTION, PERFORMANCE & MALWARE PROTECTION TESTS).
CONFIDENTIAL
 RECOGNIZED BY
GLOBAL SECURITY ANALYSTS &
REVIEWERS
TRUSTED BY
ENTERPRISES AND LAW
ENFORCEMENT AGENCIES
Leader in the inaugural Forrester® WAVE ™
for Cloud Workload Security PROTECTING KEY ORGANIZATIONS
WORLDWIDE
RELIED ON
in key technology
partnerships

100% detection in the first Advanced

Real-World test by AV-Comparatives

PARTNERING AGAINST CYBER CRIME

“Received a score of 100% for evasions.
No false positives” NSS Labs

1/25/23 FBI Department of Justice

7 1/25/23
 TECHNOLOGY LICENSING (OEM)

MORE THAN 150 OEM PARTNERSHIPS

8 1/25/23
Confidential
 LOS ATAQUES AVANZADOS REQUIEREN UN APPROACH INTEGRADO

Known Threats
HARDER TO EXECUTE
SOPHISTICATION

99% de los Evasive Malware

DAMAGING

ataques
puedes ser
parados con
Ataques usando exploits
herramientas
adecuadas

Fileless attacks

< 1% necesita
más investigación Targeted attacks, Low and slow, Insider Threats
entre varias capas
de ML
9
1/25/23
 LAS HERRAMIENTAS FRAGMENTADAS ATRASAN LA RESPUESTA ADECUADA A
LOS ATAQUES AVANZADOS

SIEM/SOAR/ EPP/EDR/CWP NTA/NGFW

Help Desk System

Están creando
montones de alertas

Conf Mng/Ops Mng/AD/ Requieren trabajo

Threat Intel UEBA/ZT/Priv Mgmt
Orchestration Tools manual de
investigación por
parte de los
analistas
Dejan puntos
ciegos

10
1/25/23
 LA RESPUESTA ADECUADA REQUIERE DE
TECNOLOGÍAS INTEGRADAS
PREVENCIÓN AI & MACHINE
DESTACADA LEARNING
Para parar lo máximo Para detectar
que puedas amenazas
desconocidas y
ataques avanzados

RESPUESTA INVESTIGACIÓN
AUTOMATIZADA AUTOMATIZADA
Efectiva y con Para acelerar la
sugerencias de respuesta
mejora de la postura
11 de seguridad ENDPOINT, NETWORK, CLOUD & HUMAN
1/25/23
 Análisis de la causa raíz,
EL CICLO DE LA SEGURIDAD
INVESTIGAR Análisis histórico
Threat Intelligence
integrado

Análisis comportamental,

DETECTAR Machine Learning, Detección

personalizada, Threat
Hunting Automatizado

La mejor prevención GRAVITYZONE

PREVENIR a nivel del Endpoint,
Network, Cloud y el
ENTERPRISE
Humano SEGURIDAD
INTEGRADA
Reducir la
REFORZAR superficie de
ataque

Respuesta
RESPONDE adecuada y
efectiva
R
12
1/25/23
 Respond to Identify &
Security Incidents Analyze Risks

Cyber
Resilience

Detect Advanced Prevent

Attacks Threats

1313
1/25/23 CONFIDENTIAL
 ENDPOINT SECURITY:
RISK MANAGEMENT, NEXT-GEN EPP, EDR

SINGLE AGENT, SINGLE CONSOLE

Prevención avanzada

Con su arquitectura adaptativa, con más de 30 capas de

prevención, ofrece la mejor prevención frente a las
amenazas sofisticadas sin impactar el rendimiento
Detección & Respuesta

Tecnologías patentadas de Machine Learning

combinadas con la capacidad de monitorizar el
comportamiento y detector las técnicas de ataque le
permiten prevenir, detectar y bloquear las amenazas
avanzadas que pasan tanto de las NextGen AV y de las
Soluciones tradicionales.
Se puede proceder a la contención y remediación
automatizadas, incluido revertir los cambios, para
eliminar las interrupciones en los procesos productivos.

14 1/25/23
 GravityZone Plataforma Integrada

15
 2. DETECCIÓN
Detección rápida e intuitive con
visibilidad 360° a nivel de endpoint , red,
cloud e IOT

SEGURIDAD 1. PREVENCIÓN
INTEGRADA Más de 99% de los ataques
bloqueados antes de llegar a los

en una sola plataforma Endpoints y servidores

- físicos, virtuales y en cloud
3. RESPUESTA
Respuesta automática e información para
actuar, permitiendo la remediación sin
cargarse el rendimiento
• Consolidación de la seguridad para una
gestión eficaz con tecnologías cutting-edge GRAVITYZONE
• Gana una visibilidad 360 acerca de tus
Endpoint, Redes, Cloud, IoTs y Humanos

• Cubre las carencias de tu personal de 5. SERVICIOS

seguridad con Expert Threat Hunting. Servicios gestionados 24x7 de
Threat Hunting e IRaaS

4. HARDENING
& RISK MANAGEMENT
Reducción pro-activa de la superficie de
ataque

16
16
1/25/23
1/25/23
 PREVENCIÓN

EMAIL EXPLOIT
SECURITY DEFENSE

HYPERDETECT™ LOCAL & CLOUD

(TUNABLE MACHINE

TECNOLOGIAS & MACHINE

LEARNING)
HYPERVISOR FILELESS ATTACK
INTROSPECTION DEFENSE
LEARNING

SERVICIOS
INTEGRADOS NETWORK
ATACK
AUTOMATIC
SANDBOX

PARA EVITAR DEFENSE ANALYZER

RISK DETECCIÓN
LAS BRECHAS ANALYTICS
FIREWALL WEB THREAT PATCH
PROTECTION MANAGEMENT GLOBAL
INCIDENT ROOT CAUSE
VISUALIZATION ANALYSIS
ANOMALY
DEFENSE &
THREAT

Bitdefender GravityZone es una

& INTELLIGENCE RESPUESTA
plataforma de seguridad de próxima HARDENING
FULL DISK DEVICE APPLICATION SANDBOX
generación que les permite proteger todos ENCRYPTION CONTROL CONTROL MITRE EVENT NETWORK
INVESTIGATION
TAGGING THREAT
los endpoints de una empresa, incluido ANALYTICS
los que los empleados traen en la red (NTSA)
empresarial, tanto físicos como virtuales, THREAT PROACTIVE
REMEDIATION
en el datacenter o instancias en la nube. ENDPOINT RISK HUNTING
ANALYTICS PROCESS
INSPECTOR

MANAGED
PROFESSIONAL THREAT
DETECTION & PREMIUM
SERVICES INTELIGENCE
RESPONSE SUPPORT
SERVICE
(MDR)

17 1/25/23
SERVICIOS
 Pre-Hardenened
Attacker

EMAIL SECURITY FULL DISK

Network Level Endpoint

DEVICE
ENCRYPTION

CONTROL

ENDPOINT RISK PATCH

NETWORK ATTACK WEB THREAT
FIREWALL ANALYTICS MANAGEMENT
DEFENSE PROTECTION

DEVICE ANTIMALWARE LOCAL & CLOUD

On-Access Level
CONTROL (Signature-Based) MACHINE LEARNING

LAS CAPAS DE
PROTECCIÓN PARA LOCAL & CLOUD HYPERDETECT™
Pre-Execution
UNA EMPRESA
FILELESS ATTACK AUTOMATIC
MACHINE LEARNING (TUNABLE MACHINE DEFENSE SANDBOX ANALYZER
LEARNING)

CIBER-RESILIENTE
Run Malware

LOCAL & CLOUD EXPLOIT PROCESS

On-Execution
MACHINE LEARNING DEFENSE INSPECTOR

Visibility &
18 INCIDENT
VISUALIZATION
MITRE EVENT
TAGGING
ROOT CAUSE
ANALYSIS
SANDBOX
INVESTIGATION Response
1/25/23
 END-TO-END BREACH AVOIDANCE PLATFORM
Arquitectura de referencia

Local Datacenter

Global Threat Network Traffic

GravityZone
Intelligence Security
Physical Servers & VMs
Analytics

Enterprise Endpoints
Firewall Router

Mobile Desktop Laptop

AWS VDIs VMs WiFi Switch
Cloud Resources Enterprise Network

IoT & BYOD

Printer IP Phone BOYD

Work Mobile
from worker
home
Roaming Endpoints IP Camera Access Building
Control Management

19 1/25/23 Bitdefender Endpoint Agent Bitdefender Network Probe

 ENTERPRISE RISK MANAGEMENT
Reducción de la superficie de ataque

20
 Endpoint Risk Management
Como funciona
• Risk Management & Analytics está monitorizando continuadamente los
endpoints para detectar Malas Configuraciones, Vulnerabilidades software y
Riesgos inducidos por los Humanos, haciendo recomendaciones de priorización y
remediación para ayudarle mitigar los riesgos y reducir la superficie de ataques
• Automatic fix disponible para muchos indicadores

• Habilita el refuerzo de la infraestructura con GravityZone

Patch Management, Encryption, Device Control,
Application Control and Firewall

• Nativo y GRATUITO en GravityZone Cloud Products

21 • Potenciado por Bitdefender Labs Global Threat Research

1/25/23
 GravityZone Endpoint Risk Analytics

Puede ver su Company Risk Score y su

evolución durante el tiempo

Identifica y prioriza Misconfigurations,

Application Vulnerabilities y Human
Risks en toda la organización

Consiga una imagen del riesgo de

seguridad para sus endpoints y
servidores, físicos y virtuales,
dispositivos móviles e instancias
en la nube.

22 1/25/23
 GravityZone Endpoint Risk Analytics
Elimina las malas configuraciones, las vulnerabilidades de los
dispositivos o aplica configuraciones alternativas para reducir el riesgo

23 1/25/23
 GravityZone Endpoint Risk Analytics
Elimina las malas configuraciones, las vulnerabilidades de los
dispositivos o aplica configuraciones alternativas para reducir el riesgo

24 1/25/23
 GravityZone Endpoint Risk Analytics
Elimina las malas configuraciones, las vulnerabilidades de los
dispositivos o aplica configuraciones alternativas para reducir el riesgo

25 1/25/23
 GravityZone Endpoint Risk Analytics
Elimina las malas configuraciones, las vulnerabilidades de los
dispositivos o aplica configuraciones alternativas para reducir el riesgo

26 1/25/23
 ERA @ Human Risk
Los errores humanos que pueden tener un impacto en la organización

Analiza las acciones humanas e identifica los comportamientos de los usuarios que
pueden inducir riesgos de seguridad

27 Una vista mejor de la postura real de seguridad de la organización

1/25/23
 ERA @ Human Risk
Identifica los usuarios de más riesgo de la Organización

28 1/25/23
 ERA @ Human Risk
Identifica los usuarios de más riesgo de la Organización

29 1/25/23
 Endpoint Prevention

30
CONFIDENTIAL
 ADVANCED THREAT CONTROL (ATC):
DETECCIÓN DE LAS ANOMALÍAS
COMPORTAMENTALES
Protége contra:
• Obfuscated malware
• Ataques dirigidos
• Malware a medida
• Ataques basados en
scripts
• Exploits
• Malware con inicio
retrasado
• Ataques en la
memoria
• Process Injection
• Privilege escalation
Advanced Threat Control monitors actions of specific processes as they are
• Fileless attacks running in the OS. It looks for behavior specific to malware and assigns a score
• Ransomware for each process based on its actions and the context in which those were
done. When the overall score for a process reaches a given threshold, the
process is reported as harmful and the configured action is applied.
31 1/25/23
 RANSOMWARE MITIGATION : (ON PREMISE)

PROTEGE LOS FICHEROS ANTES DE QUE LOS CIFREN

Ransomware Mitigation
complementa nuestras
tecnologías de prevención
y detección (On-access,
ATC, AAE, Web Traffic
Scan, etc) proporcionando
información adicional del
comportamiento de
ransomware y es una
opción de remediación
Ransomware Mitigation creates a real-time back-up of the files before being modified by
Una tecnología que suspicious processes to mitigate the risk of loosing data during advanced ransomware attacks.

monitoriza y bloquea los Once a remote attack is blocked, the IP of the remote machine is blocked for 2h from
accessing the type of files we monitor in a ransomware attack on that respective share.
ataques ransomware usando
terminal services
Data are Tamper protected, which means no ransomware will be able to delete our backup

32 1/25/23
 ADVANCED ANTI-EXPLOIT:
PROTEGE CONTRA LOS EXPLOITS

Protección contra:

• Ataques que usan el

Phishing
• Malvertizing
• Drive-by Downloads The technology works by zooming in on potentially
• Fileless attacks vulnerable software and running a structural analysis
• Vulnerabilidades a during key execution points. If an anomaly is
detected, admins can choose to automatically block
nivel del SO y the execution or to simply be notified
software
• Privilege escalation
• Process injection

33 1/25/23
 HYPERDETECT – TUNABLE MACHINE LEARNING
Protección avanzada
usando ML contra:
• Zero-days
• APT - advanced Set the detection-aggressiveness level…
persistent threats …to counter relevant threats
• Obfuscated malware
• Fileless attacks
• Ataques dirigidos
• Malware a medida
• Ataques con scripts
• Exploits
Gain full visibility and enable automatic action
• Hacking tools
• Tráfico de red
sospechoso
• PuA
• Ransomware

34 1/25/23
 NETWORK ATTACK DEFENSE

Network Attack Defense

Es una tecnología que se
enfoca en detectar las
técnicas de ataque usando
protocolos de red para
ganar acceso a los
endpoints: ex brute-force
attacks, network exploits,
password stealers, SMB&
Samba exploits
blocks several network
stream-based attacks before
they can execute by
correlating multiple attack
vectors, then using machine
learning to analyze trends
and block sophisticated
attacks before they can
access system resources.

35 1/25/23
 SANDBOX ANALYZER (CLOUD/ON-PREM)

Protege contra los:

• Ataques dirigidos
avanzados
• Malware a medida
• Unknown packers

Usa Machine Learning y

análisis comportamental
para evaluar los ficheros
sospechosos
Runs in blocking or
monitoring  mode

Provides a verdict in near

real-time and takes policy-
based remediation action

36 1/25/23
Delivers in-depth reporting on malware behavior
 Attack Forensics & Visualizations (EPP - ELITE)

Permite una visibilidad extensa acerca de

las amenazas que ya han sido bloqueadas
Permite análisis root-cause para identificar
eventos, ficheros y procesos usados en
los ataques – refuerzo

Endpoint Detection and Response (EDR - ULTRA)

Permite entender los ataques que a lo mejor
no han sido tan evidentes
Correlaciona los eventos aparentemente sin
conexión con las actividades sospechosas
para evidenciar ataques complejos.
Incorpora el MITRE ATT&CK Framework
37 1/25/23
 ATTACK FORENSICS & VISUALIZATIONS

38 1/25/23
 ATTACK FORENSICS & VISUALIZATIONS

39 1/25/23
 Endpoint Detection & Response

40
 ENDPOINT DETECTION & RESPONSE

Command and
Weaponization Exploitation
Control

Actions on
Reconnaissance Delivery Installation
Objectives

EDR: DETECTION &

EPP: PREVENTION RESPONSE
• Event
• Triage
• Report
• Containment
• Remediation

41
1/25/23
 EDR WORKFLOW & VISUALIZATION

Las detecciones avanzadas le

permiten entender como actúa
una amenaza potencial en su
infraestructura.
Las técnicas estandarizadas en
MITRE ATT&CK, los IoC y los IoA
le dan información en tiempo real
acerca de lo que ocurre en su
entorno.
Representaciones visuales fáciles
de entender evidencian los
vectores de ataque y los nodos
afectados, facilitando la
respuesta efectiva.

42 1/25/23
 INCIDENT VISIBILITY, FAST TRIAGE,
INVESTIGATION AND RESPONSE

Los sensores EDR guardan raw data a

nivel de los endpoints, data que se
correlaciona con la información
disponible a las capas de prevención.
Proporciona visibilidad en tiempo real
de las actividades sospechosas,
creando automáticamente registros
de incidencias para el análisis de los
equipos de analistas de seguridad.

43 1/25/23
 CURRENT & HISTORIC DATA SEARCH
FOR THREAT HUNTING

GravityZone Ultra tiene capacidades de

búsqueda avanzada para permitir a los
equipos de Incident Response desarrollar
el Threat Hunting basado en IoC, IoA,
MITRE tags, procesos, ficheros, registry
keys y otros parámetros durante amplios
periodos de tiempo (30 – 90 – 180 días)
para identificar y documentar actividades y
códigos sospechosos usados durante un
ataque.

44 1/25/23
 MITRE ATT&CK FRAMEWORK

45 1/25/23
46 1/25/23
47 1/25/23
48 1/25/23
49 1/25/23
 GravityZone BEST ASR ADD-ONs

50
CONFIDENTIAL
 GravityZone Full Disk Encryption

• Gestión de la encriptación de los discos duros de la

misma consola que gestiona la seguridad
• Usa los mecanismos nativos de encriptación de Windows
(BitLocker) y Mac (FileVault) para evitar sobrecargas de
trabajo, no se necesita ningún agente extra
• Full Disk Encryption es fácil de desplegar en todos los
endpoints y gestionar o restaurar las llaves directamente
desde la consola
• Genera informes de encriptación para permitirles
demostrar la conformidad
• Refuerzo de pre-boot authentication

51 1/25/23
 GravityZone Patch Management
• Escaneo programado para identificar los parches que faltan
Automatic Patching • Escaneo diferencial para parches de seguridad o comunes
• Parcheo automatizado para la mayoría de los fabricantes comunes

On-demand Patching • Tarreas on-demand para descubrir y aplicar parches

• Información detallada acerca de los parches– CVE, BuletinID…

• Despliegue rápido
Patch Inventory
• Patch blacklisting – puede permitir el atraso en aplicar algunos
parches que no se desean aplicar

Reporting • Informes de los parches installed/missing/failed

• Notifica el usuario cuando hay vulnerabilidades y existe el parche

Notifications
disponible

• Los parches se pueden aplicar desde el Relay, reduciendo el trafico

Patch Caching
de red

• Roll-back de los parches instalados para eliminar las

52 1/25/23
Roll-back
consecuencias sin desear – en algunos casos
 Network Traffic Security Analytics (NTSA):
Network Detection & Response

54
CONFIDENTIAL
 LIVE ANALYSIS OF ALL
NETWORK TRAFFIC
With high fidelity alerts

Real-time
RESOLVE YOUR network-level
ENTERPRISE detection
NETWORK
CHALLENGES
Extend the enterprise cyber defense with network-
based security. Protect your IoTs and BYODs

Printer IP Phone BOYD

Complete traffic Automated

visibility triage
IP Camera Building Access
Management Control

LEARNS & TRACKS ALL ENTITIES DETAILED ATTACKER (TTP)

55 Non-intrusive. No complex log or agent integrations. Automation resolve of alerts & IR investigation
IoT-ready
1/25/23
1/25/23
 COMMON ENTERPRISE CHALLENGES RESOLVED

Advanced Threat • Live analysis of all network traffic, including encrypted

Detection • High fidelity alerts using AI/ML & insights from ½ billion nodes

• Automates alerts triage and provide insights into relevant threat

Automated Triage actions
& Response • Reduces response time and effort through automated threat response
Network Security
Traffic Analytics • Learns & tracks all entities in the enterprise network
IOT & BYOD • Non-intrusive. No complex log or agent integrations
Protection

• Helps achieving compliance with PCI, GLBA, NIST, GDPR

and others
Compliance • Use of meta-data eliminates privacy concerns

56 1/25/23
 COMPLETE VISIBILITY ON SECURITY INCIDENTS
Across entire environment, for managed and unmanaged devices

BYOD Smart Devices /

Smart Buildings

Corporate Endpoints Smart Cities

Encrypted and Unencrypted
Network Traffic

On-Prem and Cloud Smart Medical

Servers Devices

57 1/25/23
 NTSA RESOLVES YOUR ENTERPRISE
NETWORK CHALLENGES
EXTEND THE ENTERPRISE CYBER DEFENSE WITH NETWORK-BASED
SECURITY. PROTECT YOUR IOTS AND BYODS

58 1/25/23
 BITDEFENDER NTSA INTELLITRIAGE
From Manual Threat Hunting to Automated Triage

IntelliTriage enables automated smart

triage of network security incidents,
generate alerts that provide detailed
explanations for incident severity scores
and recommends response actions.

IDS/IPS, NTA, NGFW

59
Bitdefender NTSA
1/25/23
 AUTOMATIC RESPONSE TO ADVANCED THREATS
Through the integration with GravityZone ULTRA

NTSA Appliance Bitdefender GravityZone Bitdefender Agents

applies ML and Behavioral Analytics
with insights from Bitdefender Threat
Intelligence to detect advanced
threats in real-time
receives the trigger from NTSA scan the affected
appliance and initiates a scan on the corporate endpoints and
affected endpoints contains the emerging
threats through automatic
clean-up

60 1/25/23
 GravityZone Security for Storage

61
CONFIDENTIAL
 What kind of storage
are we protecting?

Shared (network-based) file-sharing and storage systems

compliant with the Internet Content Adaptation Protocol (ICAP) protocol

62 1/25/23
 HOW SECURITY FOR STORAGE WORKS

1 User device requests access to files 2 Storage system (ICAP client) submits the files for
scanning

File 1 File 2 ? ?

SVA
File 2 x 
User device Nutanix® AFS GravityZone® ICAP server
Citrix® ShareFile
Any ICAP-compliant NAS

4 Storage system only grants access to safe 3 SVA (the ICAP server) shares scan results
files

63 1/25/23
 HOW SECURITY FOR STORAGE WORKS

1 User device requests access to files 2 Storage system (ICAP client) submits the files for
scanning

File 1 File 2 ? ?

SVA
File 2 x 
User device Nutanix® AFS GravityZone® ICAP server
Citrix® ShareFile
Any ICAP-compliant NAS

4 Storage system only grants access to safe 3 SVA (the ICAP server) shares scan results
files

64 1/25/23
 GravityZone EMAIL Security

65
CONFIDENTIAL
 EMAIL SECURITY
Protects from Multi-Channel Threats
• Attacks initiated via email quickly move to Web
and/or Cloud channels

• Driving integration between Email and Web/Cloud Security

• Malicious links placed inside documents in legitimate cloud storage

EMAIL Security apps (Dropbox, OneDrive etc)
• not in the email message body or file attachments

• Malware in attachments reaches out to cloud applications for 2C /

CnC coordinates

66 1/25/23
• Integration provides end-to-end attack protection
 HOW ESG PROTECTS YOUR MAIL FLOWS

Unparalleled • Complete technology stack for accurate protection from known,

Threat Protection unknown and emerging email security threats

Protection against • Detects threats that don’t involve malware,

CEO Fraud/Email such as credential phishing and impostor email.
Compromise
EMAIL Security
Gateway • Traditional signature-based and behavioral AV engines combined
Multiple Scanning to
Engines automatically safeguard against new malware packaging
techniques.

• Works with any OnPrem and/or Cloud SMTP based EMAIL

system,
Fits to any including O365 & GSuite
Organization
67 1/25/23
 GRAVITYZONE EMAIL SECURITY ARCHITECTURE
What is ESG?
Email Security Gateway
Is a Standard SMTP based System
empowered by our Technology and
Threat Intelligence to protect any
Mail Flow against any Threats.

It can be used to protect ANY Email

System (Cloud and/or On-Prem)

Some examples:

On-Prem Cloud

Microsoft Exchange, Microsoft Office 365,

IBM Lotus Domino, Google suite,
Postfix, etc.
Dovecot,
etc.

68 1/25/23
 GRAVITYZONE EMAIL SECURITY ARCHITECTURE
How ESG Works?

69 1/25/23
 EMAIL SECURITY GATEWAY FEATURES
Multi-layer Approach
Comprehensive visibility, data protection and compliance Outbound Filtering
Charts deliver visibility over mail flow, rules triggered and actions taken. Admins can use standard reports or Filters and controls content
create custom reports and alerts based on specific triggers. A detailed audit is available including the actions
and triggers and logs can be achieved automatically after 90 days. The solution helps protect confidential
in outbound messages
information and simplify compliance with functionality such as Advanced Mail Routing Engine
Data Loss Prevention and the ability to enforce TLS encryption Offers complete control over mail flow, and supports
10.000+ Algorithms multiple email providers all in a single domain
Behavioural analysis alone includes over 10,000
Executive Tracking
algorithms analyzing more than 130 variables
Detection of real names in external messages
extracted from each email message
Complete Control over Mail Flow Threat Intelligence
A powerful policy engine enables control over email delivery and Domain and IP based risk scoring
message filtering based on a set of attributes, including size, Machine Checks
source, destination, keywords, and more Sender, Sending Server, Authentication Checks
Content Analysis (inc. SPF)
Lexical analysis of subject and message body (inc. attachments)
AV
Multiple signature and behaviour based AV engines (inc. static analysis)

70 1/25/23
GravityZone Email Security is available with the
GravityZone Cloud console
 EMAIL SECURITY GATEWAY FEATURES
Time-of-click protection

Rewrites links in messages and protects users at time-of-click, whether that’s seconds or days after a message has
been received, with flexible policies and block and warn (continue with caution) notification pages. Multiple reputation
services are combined with real-time page content analysis to accurately determine if a target page is malicious at the
point in time that the user clicks the link.

Time-of-click protection from email

links to malicious web pages

Uses multiple reputation services:

Google
Brightcloud
Spamhaus

71 1/25/23
 EMAIL SECURITY GATEWAY FEATURES
Time-of-click protection

Follows redirects and scans

links within documents
(using headless browser
technology)

72 1/25/23
 Managed Detection & Response

73
CONFIDENTIAL
 END-TO-END BREACH AVOIDANCE

• Managed Detection & Response – Capabilities

• MDR is a fully-managed service delivered by our new 24x7 security operations center

World class, award Proactive cyber-security Comprehensive network Pre-approved actions

winning protection operation with visibility for more to stop attackers, not
platforms advanced threat hunting effective detections just notify customers

Bitdefender’s award-winning technology platforms backed by decades of

cybersecurity expertise from the US Air Force, National Security Agency and others
 END-TO-END BREACH AVOIDANCE

• Managed Detection & Response – Benefits

• MDR closes key customer gaps: Visibility Gap, Alerts Gap, Skills Gap, Outcomes Gap

Focus on strategic Realize the full value Secure the business Support decision
initiatives rather than from your security with a state-of-the-art making with real-time
on mundane alerts investments security operation actionable security
context
MDR lets your team focus on strategic priorities rather than chasing down alerts,
while delivering situational awareness and strategic insights about your business
 END-TO-END BREACH AVOIDANCE

• Managed Detection and Response – At a Glance

• Reliable Security Outcomes from Cybersecurity Experts with 24x7x365 Visibility

DETER
• Endpoint Detection / Prevention • Technical Account Management
• Endpoint Risk Analytics • Pre-Approved Actions
DETECT
• Network Traffic Analytics REPORT • Real-Time Dashboards

• Targeted Attack Analysis • Guaranteed Response

• Cyber Threat Intelligence RESPOND • Live Campaign Updates

MDR delivers continuous capabilities improvement with predictable costs

 END-TO-END BREACH AVOIDANCE

Aligning Capabilities with Security Maturity

Is your security program running in place or driving ahead?

Can you execute upon your defined security goals and priorities? MDR can accelerate
your movement up the security maturity curve. Are you ready to take the next step?
 Advanced Threat Intelligence

78
CONFIDENTIAL
 Bitdefender at a glance
Cyber-security leader in over 150 countries

Global Innovative Trusted

 +1800 staff globally  +18 years of continuous  +150 Technology Partners

innovation worldwide
 +800 engineers and
researchers   +100 patents issued for core  24/7 strategic resources and
technologies including technical support
 9 international offices
machine learning , in the past
 Global Network Operation
 HQs in Bucharest, Romania 3 years alone
Centers
and Santa Clara, US

79 1/25/23 CONFIDENTIAL PRESENTATION

 More than anti-malware
Innovating to stay ahead of the game

 +10 years of Machine Learning capabilities

 +16 years of Behavioral Analysis technologies
 Generic Exploit & Vulnerability detection (GEMMA)
 Hypervisor-based memory introspection (HVI)
 The industry’s first smart home security solution for all connected
devices (Bitdefender Box)
 Advanced Threat Intelligence for complex, sophisticated threats

80 1/25/23 CONFIDENTIAL PRESENTATION

 Sophisticated cyber-threats
By 2020, there will be over 5 billion personal data
Industry Challenges records stolen and $8 trillion lost to cybercrime.
Sophisticated threats remain one of the main
concerns in enterprises today. As environments
grow in complexity, malware actors find innovative
ways to infiltrate and compromise networks.
81 1/25/23 CONFIDENTIAL PRESENTATION
 Global Scale. Complex Threats
Addressing the entire threat lifecycle

 Cybersecurity skill shortage

 Lack of evidence-based knowledge and context
 Compliance and regulatory issues
 Manual forensic and investigation processes
 Limited expertise with using threat intelligence data
 Understanding and assessing URL, domain, IP reputation and
information on sophisticated threats

82 1/25/23 CONFIDENTIAL PRESENTATION

• Contextual, real-time data into the global threat landscape
• From unique, evasive malware, to advanced
Strategic security insights persistent threats, zero-days, and Command
& Control servers that are hard to catch, to
the reputation of files, URLs, domains and
IPs, this living database of
knowledge eliminates a long-standing blind
spot for security analysts.
1/25/23 CONFIDENTIAL PRESENTATION 83
• Top-rated threat intelligence. Millions of sensors worldwide
• Our unique, platform-agnostic
Benefits & Capabilities approach, compatible with any SIEM familiar
with consuming a REST API and TAXII/STIX
format lets other security professionals integrate
our cyber-threat intelligence in minutes on any
platform or infrastructure.

1/25/23 84
Threat Intelligence Benefits
The backbone on any successful cyber-security strategy

• Threat Intelligence Reputation Services: File Reputation, IP Reputation, Certificate

reputation, Domain Reputation 
• Threat Intelligence Feeds: Advanced Persistent Threats (Domains,  IPs & File
hashes), Command & Control Servers, Malware domains, Phishing domains 
• APT– IPs feed – feed of IPs associated with Advanced Persistent Threats
• APT – filehashes feed - feed of file hashes associated with Advanced Persistent Threats
• APT – domain feed - feed of domains associated with Advanced Persistent Threats
• CNC – IPs feed – feed of IPs associated with command-and-control servers
• Phishing domains – feed of domain addresses associated with phishing attacks
• Malware domains – feed of domain addresses associated with malware

If a more focused data set is needed, a separate category of feeds exists which returns only the data observed
in the last 7 days

1/25/23 CONFIDENTIAL PRESENTATION 85

Threat Intelligence Capabilities
• End-to-end visibility into the latest Indicators of Compromise

File Certificate IP URL/Domain APT IP APT C&C Phishing Malware

Reputation Reputation Reputation Reputation Feeds Domain Feeds Feeds Feeds
Feeds
Hashes (md5, Hashes (md5, IP addresses DNS domains APT IPs APT Domains C&C Server Phishing Malware
sha) sha) and URLs IPs domains domains

Files that are Certificates Known to Known to spread IPs behind Domains Command Domains Domains
known to be known to sign contain some malware, highly hosting & Control associated associated with
part of threats files that are sort of threat, phishing and targeted Advanced server IPs with malicious
or attacks part of attacks such as botnet other threats cyber-attacks Persistent that are hard phishing threats
C&Cs or DoS (APTs) Threats to catch threats
attacks

ATI Services ATI Services ATI Services ATI Services ATI Feeds ATI Feeds ATI Feeds ATI Feeds ATI Feeds

1/25/23 CONFIDENTIAL PRESENTATION 86

Threat Intelligence Sources
• Backed by prolific collaboration with partners and law enforcement

 Award-winning anti-spam, anti-phishing and anti-fraud technologies

 IoCs identified on Bitdefender’s global install base
 Web crawling systems
 Email traps, honeypots and data from monitored botnets
 Advanced heuristics techniques and content analysis
 Internal virtual machine farm that executes prevalent malware and collects
threat information
 Extensive collaboration with other cybersecurity industry players,
international organizations and law enforcement

1/25/23 CONFIDENTIAL PRESENTATION 87

Advanced Threat Intelligence Architecture
Collect: Global Threat Intelligence
Network aggregates and correlates all
threat intelligence sources.

Analyze & Process: Data is processed

with multiple technologies including
machine learning and advanced
heuristics.

Enrich: Data is updated in real-time with

new malicious URLs, files hashes,
domains, APTs, and C&Cs.

1/25/23 CONFIDENTIAL PRESENTATION 88

Cyber-Threat Intelligence Labs
• Get the instant backing of the largest and most respected R&D centers

 800+ researchers and engineers producing top-rated threat intelligence

 A proven knack for spotting new threat indicators early
 A wealth of awards and 100 patents for core technologies in the past
three years alone
 Catching threats others miss, while keeping false positives at one of the
lowest rates in industry
 Non-stop data leveraging Bitdefender’s massive install base
and unconventional sources such as the dark web

1/25/23 CONFIDENTIAL PRESENTATION 89

Consuming Threat Intelligence
How to leverage insights into sophisticated threats

• With an easy-to-use API, our feeds provide advanced threat intelligence on the
latest APTs (IPs, file hashes, domains), Command & Control server IPs, Phishing
and Malware Domains as a CSV file.
• Example: https://feeds.ti.bitdefender.com/feeds?feed_name=<APT-IPs-feed I
APT-filehashes-feed | CNC-IPs-feed >

• Output
• ip,threat_name,threat_family,updated_at
• 10.32.13.23,gen:variant.koobface.1|
trojan.generic.10421639,generic,1544629037
• 74.208.120.97,gen:variant.koobface.1,generic,1542629037
• 188.166.12.93,trojan.generic.10214255,generic,1542627037

1/25/23 CONFIDENTIAL PRESENTATION 90

 Consuming Threat Intelligence
In addition to the information provided in the dedicated feeds, in terms of data
context, the following will be provided:
• The industry vertical where the attack has been observed
• The regions where the IOC has been observed (note: in case of multiple
regions, a number indicating the weight will be attached to each region)
• Associated indicators and relationships
• Timeline activity (when it seen for the first time, when it was added in the TI
database, when it was updated and when it was last seen)
• Whether the indicator is known as clean (indicated by the status attribute)

1/25/23 CONFIDENTIAL PRESENTATION 91

 Security for Virtual Environments

92
 UNIVERSAL
MAXIMIZES VISIBILITY AND
COVERAGE
MANAGEABILITY

Control
Bitdefender Center
Global Protective
Network

VM 1 VM 2 VM 3 SVA

VM 1 VM 2 VM 3

Any hypervisor
Public cloud IaaS
Physical endpoints On-premises infrastructure
(AWS, Azure)

93 1/25/23
 HOW SVE
WORKS?
GravityZone
Control Center

BEST with Central Scan

Security Server
VM VM VM VM

 Featherweight agent

Offloaded scanning, threat database

 Any hypervisor

VMware ESXi, Citrix Xen, Microsoft Hyper-V,

Red Hat KVM, Oracle VM

 SVA not required on each host

 SVA redundancy

94 1/25/23
 SVE CACHING ARCHITECTURE

Security Virtual Appliance

Central Cache

Two-level caching on both the virtual machine (VM)

Update Central
TCP/IP
Cache and the security virtual appliance (SVA) enables high
antimalware efficiency
Local Cache Local Cache
The SVA inspects each file only once even if it appears
Update
Local on multiple VMs
Cache

This helps avoid redundant scanning, significantly

1 2 3 1 3 5 reducing CPU, RAM, IO, and network load

VM1 VM2

95 1/25/23
 EFFICIENT THREAT-DETECTION TECHNIQUE

GravityZone only scans the

elements of the file that can
contain threats (AKA segments HEADER SEGMENTS CAPABLE OF EXECUTION FILE.EXTENSION
capable of execution) rather than
the whole file

Focused inspection significantly

reduces CPU, RAM, IO, and
network load

FILE.EXTENSION

• Full file size 25 MB

• Size of segments capable of execution
• (i.e., file areas subject to inspection) 2.5 MB
• Saved resource expenditure 22.5 MB

96 1/25/23
 Security-Automation
Across the Virtual Infrastructures

97
 Easier manageability
WITH INFRASTRUCTURE-AWARE SECURITY

• Integration with infrastructure-management tools gives GravityZone real-time awareness of the operating
environment, automating and simplifying security deployment and administration

Up-to-date VM inventory, hierarchy and tags Simplified, automated security administration

VM instantiation, termination and movement Automatic VM discovery/termination/movement info

Remote platform deployment & configuration Automatic security-license recovery & reuse

Automatic security-server & agent deployment Latency-reducing security HA & load distribution

VMware® vCenterTM Server

Nutanix® Prism
Citrix® XenServer Automatic assignment of granular security policies based
AWS EC2 on hierarchical inheritance or VM tagging
Infrastructure-aware reporting
Microsoft® Azure

GravityZone Customer
98 1/25/23
 Lower Performance Footprint

99
 GravityZone™ CLOUD-SECURITY

LOWER INFRASTRUCTURE COSTS

Via Higher Virtualization Density
Maximum Attainable Number of Concurrent VDI Sessions per Host

No Antimalware
248
Bitdefender GravityZone
SVE Multi-Platform
228
Bitdefender GravityZone
Up to 55% Higher SVE (Agentless with NSX) 209
Virtualization Density TrendMicro Deep Security
206
McAfee MOVE
(Agentless with NSX) 204
TrendMicro Deep Security
(Agentless with NSX) 196
Kaspersky
167
Symantec
Endpoint Protection 147

100 VIRTUALIZATION DENSITY

1/25/23
 BETTER END-USER EXPERIENCE
Via Faster Application Performance
Response Time of an Unstressed System (Milliseconds)

No Antimalware
807
Bitdefender GravityZone
SVE Multi-Platform 866
Up to 36% Faster
Kaspersky
874
Application Response TrendMicro Deep Security
(Agentless with NSX) 875
TrendMicro Deep Security
931
Bitdefender GravityZone SVE
(Agentless with NSX) 934
Symantec Endpoint Protection
955
1,357
McAfee MOVE
(Agentless with NSX)

101 LATENCY
 GravityZone Security for Storage

102
 What kind of storage
are we protecting?

Shared (network-based) file-sharing and storage systems

compliant with the Internet Content Adaptation Protocol (ICAP) protocol

103 1/25/23
 HOW SECURITY FOR STORAGE WORKS

1 User device requests access to files 2 Storage system (ICAP client) submits the files for
scanning

File 1 File 2 ? ?

SVA
File 2 x 
User device Nutanix® AFS GravityZone® ICAP server
Citrix® ShareFile
Any ICAP-compliant NAS

4 Storage system only grants access to safe 3 SVA (the ICAP server) shares scan results
files

104 1/25/23
 HOW SECURITY FOR STORAGE WORKS

1 User device requests access to files 2 Storage system (ICAP client) submits the files for
scanning

File 1 File 2 ? ?

SVA
File 2 x 
User device Nutanix® AFS GravityZone® ICAP server
Citrix® ShareFile
Any ICAP-compliant NAS

4 Storage system only grants access to safe 3 SVA (the ICAP server) shares scan results
files

105 1/25/23
 Hypervisor Introspection
Memory Access Protection for Citrix HV & KVM

106
 HVI: THE APT SLAYER SEES WHAT OTHERS DON’T

Detects and stops advanced targeted attacks in real-time

Tested effective
Correlates memory changes with exploit techniques
against the
following:

Is isolated from VMs and impossible to compromise - EternalBlue

- APT28
Is truly agentless and takes up no VM resources - Energetic Bear
- Epic Turla
Deploys in minutes from the GravityZone Console
- Zeus
- Darkhotel
- Dyreza
Complements any endpoint protection platform

107 1/25/23
 HVI: THE APT SLAYER SEES WHAT OTHERS DON’T

Guest Guest Guest Guest Guest

XenServer HVI Security

Control Domain
(dom0)
Virtual
Appliance
Strong Isolation
Critical
Memory
Critical
Memory
Critical
Memory
Critical
Memory
Critical
Memory • Hypervisor controlled
Memory
Introspection
Access Access Access Access Access
• Hardware enforced
Engine

Revolutionary Security Layer

• Detects 0-day threats
Citrix Direct
• Raw memory introspection
XenServer 7 Hypervisor
Inspect API • Isolated and impossible to
compromise (even by kernel-
level malware)
• Complements any pre-existing
security solutions
Compute Networking Storage

108 1/25/23
 GravityZone Sandbox Analyzer
On Premises

109
 WHAT IS SANDBOX ANALYZER
Sandbox Analyzer provides controlled environment for dynamic analysis
• Baseline measurements of environment
• Suspicious code execution
• Evaluate changes and provide forensics report

Records and analyze all changes of system during execution:

• File system changes: create, modify, delete, change
• Registry key changes
• Process operations: create, terminate, inject
• API instructions execution
• Network connections

Post-analysis, Sandbox Analyzer provides forensics report:

• Sample info: file type, size, hash etc.
• Identified malicious behaviors and system changes:
filesystem, registry, process tree, network activity etc.
• Behavior timeline
• Indicators of Compromise (IoCs)
110 1/25/23
 BENEFITS

Delivered as Virtual Appliance

Customers can use existing hardware

Detonation in custom VM images

Can replicate customer production environment

Integrated submission sensors

Endpoint and Network sensors available

Data privacy
Samples are executed in customer environment

111 1/25/23
 SOLUTION ARCHITECTURE

GravityZone
Control
• Sandbox Manager – the sandbox Center Internet
orchestrator.
• This component connects to the
ESXi hypervisor via APIs and is
using the hardware resources to
build and operate the malware
analysis environment.
Sandbox
Manager VM VM VM
• Detonation VMs – virtual machines (VA) Detonation Detonation Detonation

• Used to detonate suspicious VM VM VM

files and analyze behavior.

Sandbox Manager is
WAN Net (Internet)
orchestrating the detonation Detonation network (NAT)
LAN Net (Internal) ESXi Hypervisor
VMs based on a customer
provided VM image.
112 1/25/23
Compute Networking Storage
 SOLUTION ARCHITECTURE

• Endpoint Sensor
 Implemented in Bitdefender Sandbox
Endpoint Security Tools (BEST) Manager
client (VA)
 Provides pre-filtering functionality –
doesn’t submit known bad files
 Leverages advanced machine
learning and neural networks
algorithms to determine suspicious
content that needs to be further
analyzed by Sandbox Analyzer.
 Automatic submission
Sensor
Sensor Sensor

113 1/25/23
 SOLUTION ARCHITECTURE

• Network Sensor – NSVA

 Virtual appliance deployable in a Sandbox
virtualized environment (ESXi) that Manager
(VA)
scans, extracts and sends content
for detonation to a Sandbox
Analyzer
 Network capture NIC is connected
to switch SPAN port
 Extracts files from network traffic
streams and automatically submits
to Sandbox Analyzer
 Supports HTTP, FTP, SMTP, SMB
Sensor

114 1/25/23
 SUPPORTED FILE TYPES

PE files, 32 bit, 64 bit

Archives: zip, rar, tar, gz, 7-zip etc.

Support for URL detonation using pre-installed browsers

MS Office file-types: doc, docx, pptx, xps, rtf etc. ; Adobe Reader pdf etc.

Scripts with support for command line switches

115 1/25/23
 Security for MSP
Managed Security Providers

116
 GRAVITYZONE SECURITY FOR MSPs
• Automation through APIs and integration with RMM/PSA, AWS, SIEM, and other systems

• Monthly-Based licensing

• Opportunity to grow security & revenues with optional add-on layers

• Used by 20K+ Cloud and MSP Providers

117 1/25/23
 MSP Benefits Partner 1 - 500 Seats

• Aligns with the MSP billing cycle

• No server count limitations

• Distributor /RMM/ Partners owns the monthly license

Core Features (No extra cost)
• No license for MSP /End user
Antivirus / Antimalware - Machine Learning /Artificial Intelligence
• 1 License for all modules (no add-on licenses) Network Attack Defense
Anti-Exploit
• Licenses is auto renewed every month
Process Inspector
• Single multitenant console Content Control
Device Control
• Simple usage-based monthly licensing
Risk Analytics
Web Filtering

118 1/25/23
 Endpoint Security (BEST)
Bitdefender Endpoint Security Tools

119
 BEST
Client Software

Bitdefender
Security Security
Cloud Server

Bitdefender Endpoint Security Tools

manages protection on the local endpoint
(physical or virtual)
 Bitdefender Endpoint Security Tools (BEST)
Protects any number of Windows, Linux and Mac OS X systems. Includes the following modules and roles:
WINDOWS LINUX macOS
Layer
Workstations Servers Servers Workstations
PROTECTION
Antimalware Yes Yes Yes Yes
     Local Scan Yes Yes Yes Yes
     Central Scan Yes Yes Yes No
     Hybrid Scan Yes Yes Yes No
Advanced Threat Control Yes Yes No Yes
Fileless Attack Protection Yes Yes No No
HyperDetect Yes Yes Yes No
Advanced Anti-Exploit Yes No No No
Firewall Yes No No No
Content Control Yes No No Yes
Network Attack Defense Yes No No No
Device Control Yes Yes No Yes

Application Control (Whitelisting) Yes Yes No No

(Only GravityZone On-premises)

Full Disk Encryption Yes Yes No Yes

Patch Management Yes Yes No No
     Patch Scan Server Yes Yes Yes No
Endpoint Detection and Response (EDR) Yes Yes Yes Yes
Endpoint Risk Analytics (ERA)
(Only GravityZone Cloud) Yes Yes No No

Security for Exchange No Yes No No

Sandbox Analyzer Yes Yes No No
     Automatic Submission Yes Yes No No
     Manual Submission Yes Yes No No
Tamper Protection Yes Yes No Yes

121 1/25/23
 BEST WITH RELAY ROLE

Special role of Bitdefender

Endpoint Security Tools
which installs an Update
Server on the target machine
along with BEST client
Relay Role can be added to any
endpoint With Relay
Role

Provides the following additional functionalities:

• Communication Proxy for the BEST clients installed in
a remote office
• BEST installation package for remote deployments
• Network Discovery The Relay can be configured to
use dedicated network/internet
• Local Update Server connections to serve isolated
network segments

122 1/25/23
Delivers in-depth reporting on malware behavior
 GravityZone On Premise Architecture

123
 GRAVITYZONE CONTROL CENTER (ON PREMISE)

GravityZone Control Center is delivered as a virtual appliance, available in Additional GravityZone appliance
several different formats compatible with the main virtualization platforms. roles:

 preconfigured virtual machine running a hardened Linux Server - Role Balancer allows to install
distribution (Ubuntu 16.04) multiple instances of the Communication
Server role or Web Server role. It ensure High
The GravityZone appliance can run one, several or all of the following Availability and scalability.
roles: The built-in Role Balancer role cannot be installed together with
other roles on the same GravityZone appliance.
GravityZone Appliance Roles Nr. of deployments
At least 1, otherwise 3, 5, 7 for 3rd party software or hardware Role Balancers can also be used.
Database Replica Set
Update Server No more than 1 - Report Builder allows to create and manage queries and
GravityZone Web Server At least 1 detailed query-based reports in GravityZone.
Control Center Communication Server At least 1
You have to install 2 Report Builder server roles on 2 different
Incidents Server At least 1
instances of the Report Builder Appliance:
Load Balancer Optional Deployment 1. Report Builder Database
2. Report Builder Processors

A GravityZone deployment requires running at least one instance of each

role.

Depending on GravityZone roles distribution, you will run one to multiple

GravityZone appliances

124 1/25/23
 CONTROL CENTER HIGH AVAILABILITY (DATABASE)

Database Replica SET

 ensure high-availability in the case of a database instance failure

This mechanism allows installing multiple database instances across a distributed GravityZone environment.

125 1/25/23
 CONTROL CENTER HIGH AVAILABILITY (DEPLOYMENT SCENARIOS)

All-In-One Deployment Control Center Deployment across multiple hosts

Cluster Deployment Control Center deployment with Database REPLICA SET

LOAD BALANCED Cluster Deployment Control Center with Report Builder

126 1/25/23
 THANK YOU!
GRAVITYZONE™
THE SECURITY PLATFORM FOR
end-to-end breach avoidance

127
1/25/23