Name: BitDefender Gravity Zone
Description: Centralizes and de-duplicates security tools, such as anti-malware, in a virtual environment.
Price: $1,015 (one year protection for 10 virtual servers).
SC Labs Reviews
Reviews from our expert team
We like a product that actually is a solution. Solution is one of those hype-laden marketing buzzwords that says, “We’re not sure why you need this but it’s a solution.” In the case of BitDefender Gravity Zone, though, calling it a solution is completely appropriate. It solves a very big set of problems in securing the virtual environment.
If we secure the virtual environment the way we secure the physical environment, we put each of our security tools – or their agents – on every server and endpoint we need to cover. Since each of these is an independent computer we usually don’t see any particular impact.
However, in a virtual environment all of the virtual machines are sharing a single stack of physical computers. That means that they are sharing memory and CPU. So, placing our security tools – anti-malware, for example – means that we really are putting multiple copies of the same thing on the same resource stack. And that means a performance hit no matter how you look at it. That architectural issue is exactly the problem for which GravityZone is the solution.
There are two ways to deploy GravityZone: agentless and using BitDefender technology. The agentless approach uses the VMware vShield API. That, of course, means that this approach is not hypervisor agnostic. This approach actually is not completely agentless either. It is embedded in VMware Tools which sits on every virtual machine. Using this approach has pluses and minuses. On the plus side, it’s easy, lightweight and fits directly into the VMware hypervisor.
The down side is that it cannot migrate. So when an ESXi host needs to be migrated out of the cluster for some reason, the protection goes away for those virtual machines that are moved by vMotion to other hosts. Also, since it works through the VMware APIs, it only can do what the API is intended to do. That can mean limitations on functionality.
The BitDefender technology approach does use an agent, albeit a very lightweight one, on each virtual machine. The first and most obvious benefit is that there no longer is any dependence on the hypervisor so the tool can be hypervisor-agnostic. And, in fact, GravityZone used this way works with just about any hypervisor available.
The tool gets away from a heavy-duty agent by using a virtual security server that talks to the VMs through BDTools. GravityZone itself is the management console. An anti-malware tool requires quite a bit of overhead to run. It must keep track of the current – and past – signatures for known malware. It needs to scan through the computer applying each of those signatures. If we do that traditionally – one deployment on each VM – we have a significant performance drain. Also, keeping the individual virtual machines current with the latest signatures poses the same challenges as with a physical data center. By centralizing the process on the security server, all of these down sides are eliminated.
Because the agent sits on each virtual machine and migrates with it, moving from one host to another poses no problem at all. Also, without BDTools, hypervisor-based approaches cannot scan memory or processes. So, the whole process of inspection is controlled by the BitDefender Technology rather than the hypervisor or hypervisor-dependent APIs.
In tests using Login VSI to test a virtual desktop implementation, BDTools with the security server had the smallest impact on latency and the best performance across desktops of all products tested. One other benefit is that this approach does not require a virtual endpoint. If your environment uses physical devices – including mobile devices – there is a version of BDTools that can help manage those devices as well.
Mainly, the BitDefender technology is focused on anti-malware and the company has created its own tool set. Primarily, the scanning engine is on-premises while the updates and threat intelligence come from its cloud. The tool sandboxes suspected malware for behavioral analysis. It also performs the traditional pattern scanning. Finally, there is a layer of active control that monitors all processes in memory for malicious behavior. This much overhead would significantly slow the performance of the VMs on a particular host if not for BitDefender’s architecture.
We found the product’s reporting well above average and policy development is a snap. Administration is straightforward and uses the accepted, familiar paradigms in the UI with which security administrators have come to be comfortable. Overall, we really liked this. It’s simple to manage and deploy, it does what it claims to do, and its architecture is elegant leading to minimal impact on performance.
Price $1,015 (one year protection for 10 virtual servers).
What it does Centralizes and de-duplicates security tools, such as anti-malware, in a virtual environment.
What we liked A clean, easy to deploy and effective solution to the problem of managing security tools across a software data center.