Bitdefender’s GravityZone Ultra is a full-feature, single agent console, SaaS endpoint protection solution. With more than 30 protection technologies, it effectively enables enterprises to protect their assets and respond to threats even with limited resources and technical skills.

GravityZone was built from the ground up as a unified solution, meaning Bitdefender built protection, detection and response into a single agent that can be managed from a single console. Next-gen prevention layers successfully limit the number of incidents requiring attention.Advanced Threat Control constantly monitors processes, recognizing a change in process as malwre, then taking action to remediate. GravityZone is fine-tuned to monitor more than 300 behaviors, greatly minimizing false positives.

Hyper Detect is a tunable machine learning technology that can enhance pre-execution and execution technologies, particularly important in addressing advanced or targeted attacks. It will look at certain binaries more aggressively using the predictive nature of machine learning to determine whether something is malicious. We recommend leaving this feature in report-only mode for a few weeks to determine that it is accurately flagging problems. Once desired outcomes are reached, a shift from report-only to deny or block mode will reduce false-positives.

If pre-execution layers can’t determine that a binary is malicious with absolute confidence, it will be sent to a cloud-based sandbox where a verdict on its maliciousness will be rendered. The file is inaccessible until this determination has been made. Security teams can disable and run this feature in monitor mode so objects will still be accessible to the user.

Numerous types of pre-defined, highly developed reporting capabilities can be exported as a PDF and CSV. A template included for security audit purposes displays all blocked items in a single-pane dashboard.

The installers are created from the portal, and once we figured out how to create a deployment package, we were able to download the installation package onto test nodes. But we ran into trouble with the actual installation process. Some of the machines claimed they were installed, but didn’t show up on the dashboard, even after running the installer several times and initiating multiple restarts. Following testing, however, detected files were listed in the dashboard which has a clean look, customizable widgets and easy to group assets.

We attempted to restore a file from the porttal’s quarantine section and got stuck at “Pending Restore.” Drilling deeper into quarantined files felt clunky, and we couldn’t figure out how to conduct an investigation based on a quarantined file. This process could be more intuitive.

Tested by Tom Weil