Bitdefender updated its GravityZone cloud console with new features that you may not be taking full advantage of. Here at Blue Solutions we are happy to guide you through these changes and how they will affect you and your customers.
The big news is that Bitdefender has now incorporated Anti-Ransomware vaccine for all its cloud customers, that immunises end-users against both existing and emerging ransomware attacks – at no additional cost! This module is activated through the policy section Antimalware --> On Access settings
By activating this module, machines will be protected from all currently known forms of Ransomware. The Vaccine works independently, does not need any other modules to be installed, and is switched on simply by ticking the box in the customer’s policy.
Other New Features in GravityZone
Update Rings- this feature allows Administrators of the program to choose when in the validation cycle an update is received.
Anti-Exploit Techniques- a new set of powerful techniques which further enhances existing technologies to fight targeted attacks. These are integrated into the existing Advanced Threat Control module.
Web Access Control Rules- The categories list has been updated with multiple new categories added.
Exchange Protection- This can now be enabled/disabled when editing a customer with a monthly license subscription.
For more details on the above features and a look at the other features included please click here
More than ever, then, security partners need to offer sound, confident advice to end-users on both the nature of ransomware, and how to defend against it.
So look no further!
Ransomware: how it works
Ultimately, the aim of ransomware is to paralyse companies’ operations, usually by encrypting data, then demanding money to decrypt it and render it usable again.
For security partners and their customers, one of the challenges with ransomware is that it can enter the network through many different routes – malicious links or infected file attachments in emails, drive-by attacks triggered by a visit to an infected website or ad, botnets, USB drives, Yahoo Messenger images… the penetration potential is extremely high.
But to rub salt into it, ransomware also dodges many of the traditional anti-virus defences.
It disguises filenames and attributes and hides behind legitimate file extensions. And it often uses secure communications protocols like https and Tor, and encrypts its communications as it goes, obscuring the tell-tale server calls that would ordinarily betray its presence.
What this means is that most anti-virus protection is none the wiser to the threat – and so the latter finds its target, which is usually the most critical data the business holds. (Indeed, the notorious Cryptolocker ransomware, as this blog, from Bitdefender, explains, hunted out 70 different specific file extensions, precisely for this reason).
Ransomware: how to stop it
A threat that can infect via so many different channels, and hide its tracks whilst it’s doing it, clearly can’t be stopped by a single “silver bullet.”
It can only be stopped by layered protection that detects and blocks at all the levels at which ransomware can penetrate and spread.
Research carried out by Trend Micro has found that 99% of over 99 million ransomware attacks were found in malicious email or web links, so robust defence at the email and web gateway level, as well as at the endpoint and network levels, are a must.
Protecting email and web traffic from ransomware
Analysis is the key here; in the absence of the normal malware “cues” that signal a threat, security solutions have to look harder, deeper and wider for signs of the miscreants.
This means not just analysing links in the body of an email, for example, but also the links in the attachments that that email contains – as well as the attachments themselves.
It means scanning for zero-day and browser exploits, and other favoured ransomware entry points that are buried in applications (such as within Office 365 – 2 million threats discovered to date, according to Trend Micro!), rather than just in links or attachments.
And it means both being able to instantly compare links with a global database of known malicious URLs, and automatically rewrite links (as we discussed in this post) to divert them into a sandbox and analysis environment.
There, they can be triggered and inspected at no risk - even if they are not “known suspects.”
Protecting endpoints from ransomware
But what if the threat enters the network from an endpoint, like a PC – triggered, perhaps, by an infected document on a USB stick?
Actually, it’s at this level that some of the most useful indicators of ransomware behaviours – rapid encryption of multiple files, for example, or exploit kits that look for unpatched software vulnerabilities, as a prelude to sending ransomware through them – can be detected.
A security solution that can isolate the endpoint can stop the ransomware from spreading further via the network. And on that point…
Protecting networks from ransomware
The network itself must of course be protected.
But network traffic flows across myriad nodes, ports and protocols, so security must be capable of identifying ransomware and attacker behaviour in and across each of these sub-layers.
Here, too the sandbox analysis that we mentioned above is a powerful resource, mirroring the actual network environment so that the presence of typical ransomware behaviours can be accurately tracked and their effect (and therefore likely objective) revealed.
Ransomware immunisation: using the threat against itself
But one of the slickest anti-ransomware developments we’ve seen recently is a “vaccine”, which literally uses the ransomware’s own programming against it.
Ransomware typically prevents a machine it has already infected from playing host to any other infection that could interfere with the ransomware’s own endgame.
But this same feature, deployed on uninfected machines, effectively blocks the ransomware itself, as we have previously described in this post. So, does this mean ransomware is finally hoist by its own petard?
I wouldn’t bet on it. But by sharing knowledge about how ransomware works, how we can defeat it, and where businesses and security partners can go for more advice, we make every hostage that bit more difficult to take.
Bitdefender’s GravityZone solutions are chock-full of benefits that make them easy, slick, and profitable for security partners to use. Read more.
GravityZone killer benefits, (1): Overarching ease of use
The first thing to note is that GravityZone’s whole management workflow, across all customers and products, is driven from a single console with a single login.
Everything – policies, licensing, reporting - is controlled from one space, not two or three different dashboards, as is the case with some vendors.
An exceptionally fluent interface all but dispenses with annoyances like multiple popups that can confuse users and provoke error, whilst a neat hierarchical tree structure enables users to see all their customers in one view (grouped by site or office where necessary), and to simply click to drill down into the detail of their licensing, usage, reporting, etc.
No more firing up multiple tabs and screens, and managing multiple logins!
Extensive and instant reporting
But Bitdefender has dragged the process of actually generating and delivering the reports into the 21st century, too.
Not only can security partners (MSPs and resellers alike) pull down accurate usage and other reports on demand, independently of the wholly automatic invoicing process, but the sheer array of possible reports and delivery mechanisms is impressive.
From Amazon AWS usage, to device control, to licence status, to Top 10 malware statistics, and much more, the reports can be fired up ad hoc or scheduled automatically, run on the dashboard, sent as alerts or emails, and basically tailored to whatever form the partner finds easiest and most useful to deal with.
Looking cloudward, GravityZone’s integration with AWS also delivers enviable simplicity; the MSP can spin up an AWS virtual server and that server will immediately be protected by GravityZone.
It’s a strong reminder of the fact that GravityZone is built from the ground up for virtual environments, in contrast to many other vendors’ solutions, which feature virtual refinements built around an essentially physical-heritage core (as we explore in this recent white paper).
For customers that don’t want to be out of the security loop entirely, end-users can have their own logins, giving them role-based access to services and features within the GravityZone security products their business uses.
This is particularly useful for customers who have invested in some degree of security expertise in-house and want to realise the value locked up in that investment.
But of course it can also reduce the management workload for the partner, putting a keener edge on their margins!
GravityZone killer benefits, (3): Integrations - and automations - that matter
Every security partner wants to sell market-leading solutions, but not if managing them on a day-to-day basis will send their operational expenditure through the roof.
GravityZone has addressed this concern head-on, by developing an integration to ConnectWise Manage (the PSA solution used by some 70% of the top technology solutions and service providers).
The integration with ConnectWise Manage supports the delivery of automated, end-to-end helpdesk, contract management, time tracking, account management, sales and marketing enablement and potentially much more, reducing the MSP’s workload, whilst delivering improved customer satisfaction levels.
Automatic policy assignation also slices a significant chunk out of the MSP workflow, as it enables them to effortlessly trigger and roll out security policies based on existing variables like IP address, network type, server address type, and so on.
GravityZone killer benefits, (4): Anti-malware with common sense
An office full of software developers needs more freedom to build, run, and test code and applications than a team of salespeople.
So, GravityZone enables the techies’ anti-malware parameters to be set less sensitively, whilst the business development crew can benefit from somewhat more stringent protection!
Naturally, though, this kind of adjustment just won’t work if it is complex or risky to use, and on both fronts GravityZone scores highly.
Sensitivity is controlled by simple tick-boxes, but users are also protected by GravityZone’s N-Tier structure, which means certain security settings and policies are automatically “inherited” based on past and present operation. Plus, security is also enforced by the distributor (us!).
Basically, it’s possible to fine-tune security, but it’s never possible to leave users unprotected.
GravityZone killer benefits, (5): Playing ransomware at its own game!
Ransomware’s ability to terrorise businesses has an Achilles’ heel.
It prevents a machine it has already infected playing host to any other infection that could interfere with its planned endgame – and this same defence, used on uninfected machines, effectively blocks the ransomware itself!
Enter the GravityZone Anti-Ransomware Vaccine, which uses exactly this technique to enable partners to “immunise” users against ransomware attacks, simply by enabling it as a policy within existing anti-malware protection.
GravityZone: where to learn more
As ever, there isn’t the space here to explore the benefits of GravityZone’s innovative features in ultimate detail.
But there’s some more detail on recent feature updates in this post, and more on the various GravityZone products, and their benefits for both MSPs and resellers, on the Web here.