PCMag is among the first to review the most recent build of Software-as-a-Service (SaaS) managed endpoint protection software solution Bitdefender GravityZone Business Security (which begins at $19.95 per device per year). Bitdefender’s latest release adds enhanced reporting and notifications and additional filters to make protecting network endpoints easier, along with an enhanced public application programming interface (API) that improves automation and makes scripting easier.
Bitdefender GravityZone Business Security provides anti-malware, firewall, anti-phishing, web access control, application control, and device control for Windows desktops and servers, Mac desktops, and Linux via a hosted web-based management console. Microsoft Exchange servers and Android devices (on-premises only) can be protected by upgrading to the Advanced version. Overall, Bitdefender GravityZone Business Security is a capable endpoint protection product with a highly customizable management console and flexible deployment scenarios, though it can’t quite match the lightweight client, graphical policy management, and perfect malware blocking score of Editors’ Choice Webroot SecureAnywhere Business Endpoint Protection.
When I first logged into the Bitdefender GravityZone Business Security Web-based management console, I was greeted by an Essential Steps pop-up informing me of everything I needed to know to get up and running quickly. I could easily email a link for installation through Essential Steps, and read about building policies, creating a management account, and reporting.
I installed the endpoint client agent by clicking the link in the email I sent from Essential Steps. First this downloaded a small (3.26MB) downloader, which then downloaded and launched the installer. When the installer completed, the agent downloaded a new definition file and executed a scan. The entire installation process took a little over 10 minutes. The newly installed client instantly appeared in the management console.
The client interface is very easy to work with. When you open the client, you see a big green “You Are Protected” message with a list of recent events including blocked and discovered threats. End-users can’t change settings, although they can run scans and check for definition updates. One helpful feature is the ability for an administrator to temporarily upgrade a user to a Power User and allow that user to make changes to local policy. While the majority of endpoint security solutions I tested target management policies toward devices, the Power User feature in Bitdefender is similar to the user-focused policies found in Sophos Cloud Endpoint Protection.
Working With Bitdefender GravityZone Business Security
The Bitdefender GravityZone Business Security management console’s Web pages present in a stripped-down and straightforward manner. Graphics are kept to a minimum and pages load very quickly. Along the top left hand side of the page are the main sections of the console: Dashboard, Network, Policies, Reports, Quarantine, and Accounts. Below that are options for help and feedback. Clicking on a section brings it up in the massive center panel where an administrator will do most of his or her work. Notifications run down the right hand side of the page. I found the combination of the Dashboard’s big picture view and the detailed Notifications extremely helpful, because it let me see the overview of my environment and each individual event at the same time.
The main screen of Bitdefender GravityZone Business Security is the Dashboard, which is composed of portlets showing big picture security status like Daily Malware Activity and Top 10 Detected Malware. I like the flexibility of portlets very much: there are 21 different portlets and they can be configured to include a specific group or time period. Clicking on a portlet opens up a deeper report where I could take action, for example to force a scan or change a policy. Bitdefender’s dashboard customization and its portlets are far better than that offered by Avast Premium Business Security, F-Secure Protection Service for Business, Kaspersky Small Office Security, and Panda Security Endpoint Protection.
Bitdefender GravityZone Business Security can be easily deployed and administered using default settings. Settings are pretty straightforward and self-explanatory. I found it very easy to work with policies, copy policies, change policy settings, and apply policies to groups. In addition to antimalware, firewall, and device control, Bitdefender allows for content control involving scanning incoming and outgoing email and Web traffic for threats and data. Data protection rules are pretty basic (this isn’t a full-on Data Loss Prevention (DLP) solution) and they worked very well in my testing. I could easily set up rules to block strings like credit card numbers or social security numbers, and then set exclusions to the policy.
The product has a lot of flexibility and customization, which makes it very powerful and adaptable, yet also makes it overly complex. For example, I could build custom deployment packages to include only the modules (antimalware, advanced threat control, firewall, content control, device control, power user), set custom scan modes, and configure proxy servers. These are great features for the environments that require them, for example, if you have a bunch of old slow PCs, you could build a package and select the scan types with the lowest performance impact. For everyone else, this makes the process of deploying client agents needlessly confusing.
I very much like Bitdefender’s approach to administrator accounts, though, which can be configured with specific privileges and limited to certain groups. For example, Jill could be given the ability to manage policy over all of the devices in her department, while Jack could see reports for the entire company. A detailed audit report is available for each user, as in Editors’ Choice Webroot SecureAnywhere Business Endpoint Protection, as well as McAfee Endpoint Protection Essential for SMBs and Trend Micro Worry-Free Business Security Services.
Reporting and Notifications
I could easily create a variety of reports based on the 21 Bitdefender-provided templates, choosing groups of devices to include and a reporting interval. I could also choose to show all endpoints or only endpoints with error conditions. Finally, I could run the report on demand or schedule it to run at regular intervals. Reports can be saved in PDF or CSV format.
Notifications play a big part in Bitdefender GravityZone Business Security. Notifications create a live journal of everything that takes place in the system, ranging from malware detections to firewall events and configuration changes. There are 15-20 notification types that can each be configured to appear in the console and/or be sent via email. The only drawback to notifications here, as in Avast Software Premium Business Security
Bitdefender also provides top-notch help throughout the management console. The vast majority of settings have a small grey “i” next to it. Mousing over the “i” pops up a sentence about that setting. If that’s not enough, a single click turns on Help Mode, which places Blue “+” symbols across the page; mousing over these displays even more help. Finally, clicking on Help & Support provides access to a big PDF manual, links to the support center, and a link to submit an email help request.
To test Bitdefender GravityZone Business Security’s ability to block Web-based attacks, I used a feed of newly-discovered malicious URLs supplied by efficacy assessment service MRG-Effitas. These links come and go extremely quickly; many of them are gone within hours.
For each still-functioning URL, I recorded whether Bitdefender blocked access in the browser, wiped out the download, or failed to identify and block the download at all. I tested 80 valid URLs. Bitdefender’s performance was excellent, blocking 75 percent of the malicious URLs and the malware they attempted to download. This is comparable to Panda Security Endpoint Protection, Avast Software Premium Business Security, and F-Secure Protection Service for Businesses, and slightly better than
To measure Bitdefender’s ability to protect against fraudulent websites, I used a set of recently reported phishing URLs. I fed the same set of URLs simultaneously to four test systems, each with a different form of protection. The first was my Bitdefender test machine. The remaining three used the protection built into Google Chrome, Internet Explorer (IE), and Mozilla Firefox.
Bitdefender’s anti-phishing performance was outstanding, among the best I’ve ever tested, outperforming the built-in protections of Chrome by 38 percent, Internet Explorer by 19 percent, and Firefox by 52 percent. Bitdefender’s anti-phishing protections exceed those of F-Secure Protection Service for Businesses, Avast Premium Business Security, and Panda Security Endpoint Protection, while lagging slightly behind Kaspersky Small Office Security.
To assess Bitdefender’s active protections, in particular the ability of the active protections to avoid blocking legitimate applications, I installed a group of 20 PCMag.com utilities. No surprises here, Bitdefender allowed me to install and execute them all with no false positives.
To test the firewall, I attacked my test systems using 30 exploits generated by the Core Impact Pro penetration testing tool and none of them breached security. Bitdefender actively detected and blocked the attacks, correctly identifying about 40 percent of them. This is consistent with results from other products tested in this manner, such as Kaspersky Small Office Security and Avast Software Premium Business Security.
GravityZone in 2017
In the latest version of GravityZone Business Security, released in mid-January, Bitdefender has focused changes on keeping users informed about what is happening in the war against malware. In both the endpoint security window and the cloud-based management console, a graphical interface presents key information in simple images and few words. The result is a management console that is still customizable, with defaults that emphasize rapid understanding of the organization’s security status.
If your criteria for superb security is software that stops all malware at the perimeter, then GravityZone Business Security may still come up short, though that’s by design. Bitdefender describes their approach as adaptive and layered endpoint security. In this case, it means that GravityZone Business Security now uses its remediation functions as a backstop and will let certain malware begin operation before shutting it down—all in an effort to minimize the false positives that can slow performance and overwhelm security staffers watching log files roll past.
One of the major changes in the latest iteration of GravityZone Business Security is in the management API. The Bitdefender Control Center API now includes methods for managing user accounts, configuring notifications, deleting company folders, customizing groups and endpoints from Network Inventory, and deleting company accounts. As a result, it’s much easier for managed service providers to include the Bitdefender security service as part of their managed offering, or to manage GravityZone Business Security using an existing system administration console.
The latest version of the security agent, released on January 30, 2017, also includes an important limitation. Because older operating systems (OSes) don’t provide support for the methods and technologies used for many of the advanced security functions in GravityZone Business Security, Bitdefender will limit its features to anti-malware and Advanced Threat Control for a number of legacy Windows OSes, including Windows XP, Windows Server 2003, and Windows XP Embedded.