Preventing attacks with
Bitdefender GravityZone
Given the advancements in malicious technology employed by cyber-criminals, as discussed in our previous blog Modern Cyber Security: The Evolving Threat and the increased difficulty in safeguarding against these threats, ACS IT Services have chosen to partner with Bitdefender, a global leader in cybersecurity.
This article covers GravityZone’s industry-leading technologies for protecting your organisation against threats.
What is GravityZone?
Traditional security solutions typically rely on individual layers of protection, such as a firewall and antimalware. GravityZone is Bitdefender’s multilayered security solution, enhancing attack protection by integrating these layers into a unified system and including innovative technologies designed to keep you one step ahead of attackers. It incorporates advanced security technologies, using an extensive array of systems hardening, threat prevention, and detection methodologies, as well as machine learning and behavioural analysis.
Why GravityZone?
We believe GravityZone is the best-in-class security solution for our customers. Bitdefender stands out due to its innovative and comprehensive approach to protection. The GravityZone platform unifies prevention, protection, detection, and response, streamlining security management across various systems like Windows, Linux, Mac, iOS, Android, and Chromebooks. All GravityZone packages are built on the core ‘Secure’ package, offering more features out-of-the-box compared to others on the market, designed to meet everyday security needs and optimise productivity.
But don’t just take our word for it
Bitdefender has won numerous awards, including six prestigious AV-TEST awards for Best Protection for Windows, Best Advanced Protection for Windows, Best MacOS Security, and Best Android Security. Additionally, Bitdefender has been named a Leader in The Forrester Wave: Endpoint Security and confirmed as a leader in the MITRE ATT&CK Evaluations.
Core features
Endpoint detection & response
Endpoint Detection & Response (EDR) is one of the most crucial lines of defence against a cyber-attack. It extends traditional anti-malware technology by continuously monitoring and analysing activities on user devices and servers (endpoints) — looking for signs of malicious behaviour, anomalies, and potential threats to quickly detect, investigate, and respond to security incidents. GravityZone Secure offers the most essential and cutting-edge EDR technologies including:
Endpoint risk analytics
Designed to identify, assess, and address security vulnerabilities on endpoints. It conducts security scans to detect various risks of exposure, such as misconfigurations, vulnerable applications, and user behaviours. It calculates a security score for all endpoints, providing guidance to your organisation and recommending actions to strengthen protection.
HyperDetect™
Detects sophisticated threats before they execute by identifying high-probability, high-impact attacks such as fileless attacks, targeted attacks, suspicious files, network traffic, exploits, ransomware, and greyware. It can be customised to suit the specific risk profile of your organisation, minimising false positives while enhancing detection accuracy.
Device control
Enables configuration of external devices connected to an endpoint, such as USB drives. It allows you to set up rules to determine which types of devices are allowed, blocked, or have custom permissions, helping to prevent sensitive data leakage and malware.
Application control (Blacklisting)
Identifies all applications and processes running in your environment, allowing you to create policies that block unknown or blacklisted applications and generating notifications when such applications are detected.
Process inspector
Detects and neutralises threats using AI algorithms to monitor and analyse the behaviour of processes in real-time, looking for anomalies and suspicious activities that may indicate a threat, isolating the process and taking remediation actions, such as rolling back changes. Particularly effective against fileless attacks and ransomware.
Anomaly defence
Uses custom AI trained on each customer’s environment to detect unusual patterns of atypical behaviour across the entire environment. It identifies threats at an early stage by detecting abnormalities in correlation with MITRE ATT&CK indicators, even if they do not match known malware signatures.
Sandbox analyser
Detects advanced threats before they can execute by analysing suspicious files in a secure, virtual environment. Files are automatically uploaded to Bitdefender’s cloud sandbox, where their behaviour is closely monitored. This helps identify zero-day threats and sophisticated malware that traditional anti-virus may not detect.
Network security
While endpoint security defends your devices from existing threats, network security plays a vital role in stopping them before they reach your endpoints. It protects your organisation’s data and resources from unauthorised access and cyber threats through a range of technologies and practices designed to ensure integrity, confidentiality, and availability. GravityZone Secure provides robust network security features, including:
Firewall
A fully configurable technology that blocks unauthorised connection to your network. It uses a comprehensive database of known, legitimate applications to automatically whitelist their connections. Also used to protect the system against port scans, restrict ICS, and warn when new devices join your Wi-Fi network.
Network attack defence
Stops threats before they can spread by inspecting network traffic. It uses AI to analyse network activity in real-time, blocking attacks like brute force attempts, port scans, and unauthorised lateral movements. It also prevents credential theft and protects sensitive information.
Web threat protection
Aimed to safeguard your network from various online threats, it includes features such as Anti-Phishing - blocking known phishing websites, Web Traffic Scan - scanning web traffic in real-time to prevent malware from being downloaded, and Email Traffic Scan - preventing malware from being downloaded or spread through email.
Exploit and attack defence
If a cyber threat does infiltrate an endpoint or network, Exploit and Attack Defence is designed to protect your systems from the vulnerabilities and exploits that cybercriminals use to gain unauthorised access. It includes technologies that prevent, detect, and respond to various types of attacks, ensuring your systems remain secure. GravityZone Secure offers comprehensive exploit and attack defence mechanisms, including:
Advanced anti-exploit
Stops zero-day attacks carried out through evasive exploits. It uses AI to catch the latest exploits in real-time and mitigates memory corruption vulnerabilities. It protects commonly used applications like browsers, Microsoft Office, and Adobe Reader.
Fileless attacks defence
Protects against attacks that use legitimate system tools to run malicious code directly in memory. It uses machine learning to analyse command lines, monitor process behaviour, and block fileless malware before it can execute.
Ransomware Mitigation & Rollback
Blocks ransomware attacks by intercepting attempts to encrypt sensitive data. It provides multiple layers of protection, including creating automatic backups of target files that can be restored after the malware is blocked, and provides decryption tools for various encryption algorithms commonly used in ransomware.
Incident Response and Visualisation
While robust security measures are crucial for blocking threats and preventing unauthorised access, no security portfolio is entirely foolproof. Incidents can still occur and understanding them is vital. GravityZone Secure enhances response capabilities by providing tools and insights needed to effectively manage and respond to security incidents. This category includes features that help you understand the lifecycle of an attack, visualise the steps taken by attackers, and take appropriate actions to mitigate the impact. GravityZone Secure enhances your incident response capabilities with:
Automatic Disinfection and Removal
Automatically detects and cleans infected files by removing malicious code and restoring the file to its original state. If disinfection isn’t possible, the file is quarantined or deleted to ensure it can’t harm your system.
Incident Visualisation
Provides complete visibility of the incident lifecycle, allowing you to investigate malware behaviour. It visualises every step the attacker takes in an easy-to-understand dashboard, delivering a comprehensive overview and in-depth behavioural analysis.
MITRE Event Tagging
Uses the MITRE ATT&CK framework to tag and categorise security events. This helps your organisation, MSP, and security analysts understand attack techniques and tactics, and correlate them with known threat behaviours.
Additional Features
Security for mobile
Security for exchange
Patch management
Full disk encryption
Integrity monitoring
Content control
Managed Detection and Response (MDR)
Having discussed the rapidly evolving threat landscape in Modern Cyber Security: The Evolving Threat we learned that traditional security measures alone are no longer sufficient to protect against sophisticated cyber-attacks. The security portfolio offered by GravityZone Secure is a great start to modernise your cyber-security infrastructure to keep up with emerging technologies used by cyber-criminals.
Our next blog '24/7 Security - Bitdefender Managed Detection & Response' will delve deeper into how MDR can provide additional protection and significantly enhance your security posture.
If you would like to discuss your specific security needs, call one of our experts today 01274 508200.
-
ACS LTD. Registered in England & Wales.
-
Registered office: Kismet Buildings, Otley Road, Baildon, BD17 7HB
-
Company No: 06584936
-
© ACS LTD. All Rights Reserved.
