We tried the GravityZone suite available both in the cloud and on premises and ready for MSPs and resellers seeking for a complete and strong tool to keep under control the computers fleet of their clients.
The number of IT attacks is ever growing and the target in most cases are professionals and companies. The goal of these attacks has changed too: not just causing damages but also committing a scam, asking for ransoms, stealing information, passwords and money. In such a scenario an antivirus is always important even though it’s often taken for granted.
The real added value in a business environment, or for a consultant, a sysadmin or an MSP is not the simple protection with whichever engine based on signature, rather the use of a complete suite that can monitor all the client computer and servers protected, also visualizing immediately any problem and risk.
Bitdefender has gained an excellent reputation thanks in particular to a sophisticated antivirus engine, always in the first places in the tests of the most prestigious labs. Its engine is also sold to several third parties that use and resell it with different brands.
The GravityZone suite by Bitdefender is, in our opinion, still quite unknown, although it’s been for a while on the market and offers many advanced capabilities that can fulfill the needs of small and Enterprise companies. So we’ve tried it -just after the restyling that ended last month- to understand the main features and to evaluate its behaviour.
Three products in one
The first important distinction is naturally between licensing and the different packages that fall under the same hat of GravityZone. Two of them are specifically dedicated to the SMB market, although there are no significant upward limits. We are talking about the Business Security and Advanced Business Security packages. The third is Enterprise Security, dedicated - and it’s easy to guess - to the enterprise market exclusively.
BitDefender GravityZone Business Security Advanced Business Security Enterprise Security Physical workstation yes yes yes Physical server yes yes yes Virtual desktop yes yes yes Virtual server yes yes yes Relay server forantivirus definitions yes yes yes Firewall on endpoint (Windows only) yes yes yes Advanced Threat Control yes yes yes Device control on endpoint yes yes yes Microsoft Exchange no yes yes Mobile devices no yes yes Licensing per datacenter/host no no sì Smart Central Scan no yes yes Browse hypervisor no no yes vShield agentless protection (up to vSphere 5.5) no yes yes Console options Cloud or On premises Cloud or On premises On premises Licence 1 per client 1 per client 1 per type of device Maximum server percentage 30% 35% -
Business Security and Advanced Security differ in some specific features: the Advanced version only can protect also Exchange and mobile devices and use the Smart Central Scanning feature, which we’ll cover later. Apart from that, the two solutions are the same and both based on the number of devices regardless of the type, be it a physical workstation, a physical server or a virtual desktop or server.
Bitdefender imposes a small rule to avoid that its solution is used for server protection only: the ratio ofthe number of clients to the number of servers (in terms of licenses) must be at least 70% for the Business Security license and 65% for the Advanced Business Security. These percentage limits are not found in the Enterprise solution. The side note is that the minimum number of licences is 3 (5 for the Enterprise), with discounts already starting with 15 units and growing with the growing of the duration of the license (12, 24 or 36 months).
The Business Security and Advanced Security solutions can be managed from the cloud console (which naturally includes the role of Partners that belong to the channel and multi-company management) or on premises (inside the walls) with the console provided as virtual appliance.
The Enterprise version however requires an on premises implementation, on the other hand it offers also a datacenter and single virtual host (regardless of the number of virtual machines used) licensing model as additional options.
An exclusive feature of the Enterprise versions is the possibility of purchasing difference licenses with prices (slightly) different for each device, for instance a physical workstation, a virtual desktop (VDI), a mobile terminal and so forth.
Customized packets for deployment
Like the vast majority of the managed solutions, GravityZone too allows the creation of a dedicated installer for the deployment on servers, clients, and so forth. Packages can be created from the cloud interface or from the on premises interface, they are essentially the same. When preparing a package, you can select the desired functions. The only one that is predefined and can’t be removed is Antimalware. The available options are Advanced Threat Control, Firewall, Content Control, Device Control, Power User, Relay and Exchange Protection. The package thus created is then adapted to the device onto which is to be installed: for instance the Exchange Protection feature is installed only if the machine has Exchange on board.
There are 4 different scan modes, the default one is the automated mode which performs a local scansion on recent machines and, for virtual machines or older physical machines, the Central Scan system is configured with Hybrid scan fallback. The use of the Central Scan feature offloads to the Security Server the scanning activities thus requiring an on premises Security Server implementation: it is distributed as an Ova virtual machine. Hybrid Scan, on the other hand, lightens a bit the scanning process using part of the resources provided by the cloud console.
Obviously when creating an installation package we can force one of the available scanning mode, optimizing this way the installation according to the situation. Amongst the features that can be activated during this phase, we’d like to signal scan before installation, password for software uninstall, customized installation paths and connection to the cloud console or to a local Relay Server.
A Local Relay server in GravityZone is a Windows machine (server or client) that acts as a repository for the definitions of other machines. Activating it doesn’t require any ad hoc software but instead it’s enough to create an installation package with the ‘Relay’ voice checked. Such machine will then ben localized by clients using, for instance, a static IP on the network.
Endpoint support goes well beyond Windows: supported operating systems include Mac from version 10.7.x (Lion) onwards, all Microsoft desktop OS from XP SP3 to 10 TH2, the Embedded and Tablet Windows version from XP onwards, Windows Server from 2003 to 2012R2. As far as Linux is concerned, supported OS include Red Hat and CentOS from version 5.6, Ubuntu from 10.04, SUSE Linux Enterprise Server and OpenSUSE from 11, Fedora from 15 and Debian from 15. Support to scan in Linux is performed by means of the DazukoFS kernel module on the more obsolete systems, and with the fanotify kernel option on the more recent ones.
The supported versions of Exchange for the integrated module span from 2007 to 2016.
Policies, or how to take control
A key element to define the host behaviour in Bitdefender GravityZone is policies; policies can be applied to all the computers of a company or to part of them. Inside policies we can find all the options that are commonly available on a single antivirus: the end users won’t have to worry about it, the overall management is done from the cloud or on premises console
Each module is available inside the policy ready to be configured with granular details. For instance, the Antimalware protection can be configured with the aggressive, normal, permissive or Custom modes. The Advanced Threat Control technology can be activated thus analyzing suspicious behaviours of the applications and protection from this kind of attacks and then deciding, for instance, whether to eliminate threats or simply block them.
With policies it’s also possible to set planned scansions (quick or full) defining the frequency and interval of repetition, and then define the quarantine options and the optional exclusion of those programs that have been recognized as false positives. Inside policies, Security Servers inside the network can be defined too.
Modules of the suite
The GravityZone suite includes several modules that offer a more or less advanced protection. Some, like Exchange protection, require a dedicated license, while others (like Firewall, Content and Device Control, Relay) are available for all the endpoints: sysadmins will then decide whether to implement them or not.
The Firewall module can be configured for the installation when creating a package and in its function with policies. It includes an Intrusion Detection (IDS) feature and actively blocks port scans that happen inside the network. It can also directly monitor Wifi networks to guarantee a better protection, and trusted networks can be defined as well, for instance by inserting the MAC address of the gateway of the business network. If needed, it’s possible to define rules to open ports or applications that aren’t already known on all the devices of the company.
The Content Control module allows to block contents marked as inappropriate inside the company. In addition to blocking phishing and possibly controlling that traffic travels on an SSL connection, GravityZone also provide a list of websites to filter and on which hours activate such limits (whether it’s necessary). The module also contain a Data Protection feature, by means of which you can define some rules to avoid that reserved data get sniffed and stolen through email or some Web module. It’s also possible to control applications, forbidding to use software that allows to download pirate content.
An interesting news of the latest release of GravityZone is the device control feature which improves the security on those endpoints that contain data that must not go out of the company: risks can be sensibly lowered by blocking, for instance, external storage units (such as USB pendrives and disks) and wireless networks.
Situation under control
GravityZone includes an handy customizable dashboard that allows to visualize immediately the problems of all the company or all the companies managed by a partner. The cloud console permits to define, naturally, an administrator for each company managed by the partner, giving therefore, -where necessary- the internal IT a visibility of the situation. In addition to this dashboard, there’s a section directly dedicated to the creation of reports: you can define the activities to visualize (for instance, blocked Web sites, applications blocked by the firewall, identified malwares, etc..) and visualize such report inside the console or send it via email with periodic cadence (daily, weekly, monthly).
It’s worthy to note that the suite can be integrated with API to third-party products: from the console the only product already available is ConnectWise, but who would like to integrate it with the company’s Cms or other tools can do it directly.
Virtual platforms management
GravityZone also supports direct connection to virtual platforms, with a level of support that is particularly extended, including -naturally- vSphere from version 4.1 onwards, but also VMware View, Citrix XenServer, XenDesktop, VDI-in-a-Box, Microsoft Hyper-V, Red Hat Enterprise Virtualization (including KVM) and even Oracle VM 3.0.
The suite also supports the VMware vShield technology, available starting with vSphere 5.5 but then abandoned by VMware itself. This technology allows to perform scansions of virtual machines in Agentless mode, that is, without any software installed inside VMs, but instead leveraging VMware Tools. For the most recent versions of vSphere, the Bitdefender agent must be used.
In the Enterprise version only the dedicated console to be installed on premises allows to browse the content of the hypervisors and activate protection on single machines. All the versions of GravityZone allows the deployment of a Security Server inside the walls to alleviate the scanning activities of single endpoints.
Security Server is an Ubuntu Server 12.04 LTS virtual machine that can be easily installed in VMware vSphere, View, Workstation, Player, Citrix XenServer, Xen Desktop and VDI-in-a-box, Microsoft Hyper-V, Red Hat Enterprise Virtualization 3.0 and Oracle VM 3.0. Protecting up to 50 VMs requires just 2Gbyte of RAM and 2 vCPU, and when the number of VMs grows, it may need up to 4Gbyte and 6vCPU.
In a scenario with several hosts, Bitdefender recommends the deployment of a Security Server for each physical host.
GravityZone’s Business Security version doesn’t include mobile endpoints management, but the Advanced Business Security and the Enterprise Security versions do. Unfortunately in the case of the Advanced Business Security version too, the implementation of the on premises console, thus making the cloud version not available, is required if administering mobile devices. It’s rather important to respect the precise requirements, which include the configuration of the Communication Server role to appliance and a dedicated network port dedicated to this role. Support is limited to Android (from version 2.2) and iOS (from version 5.1). Naturally the protection is fully activated on Android, activating the capabilities of a true antivirus, whereas GravityZone on iOS just manages in a centralized way the application of MDM policies (provide by Apple itself) and to block or find devices that got stolen or lost.
Bitdefender’s GravityZone suite had a good behaviour in our tests, guaranteeing the complete control on the protected terminals. It’s easy to install and manage and you just need to toy around a couple of hours in the policy management panel to understand all the features, even the more advanced. The deployment mechanism is simple and Relay management is comfortable and easy to implement on the networks that suffer from limited connectivity or whose number of clients is high. Compatibility on an Endpoint perspective is almost complete thanks to the coverage to all the Windows, Windows Server, Mac and Linux versions currently in use and to an excellent support for the main Hypervisors.
The management interface is well designed and requires a few time to understand how it works. The integration with Partners and businesses management is easy and immediate. The software distribution function is flexible and -thanks to the mechanism of sending via email- makes life easier for network administrators that have to handle several installations in a few time.
The part that is perhaps more complex is understanding the licensing system: however most small and medium businesses in Italy can adopt the Business Security and Advanced Business Security solutions with cloud console to protect their clients.
In this case license management is easier and comprehensible. The Enterprise solution adds complexity, but it’s addressed to those companies where IT is not demanded to third parties and a skilled IT manager can face the problem with the required expertise.
A side note is the price: despite the elevated number of features, GravityZone can be implemented in tiny architectures with just 3 endpoints and the cost is really low, almost close to the one of several consumer products. For instance, the price for 3 endpoints on a 3-year time span is less than 23€ (VAT excluded, price for clients) for the Business Security solution.
This price naturally lowers as the number of the licenses bought grows.
There are no more excuses not to switch to a managed solution!
Bitdefender is distributed by Avantgate in Italy.