Network Attack Defense
The Network Attack Defense module relies on a Bitdefender technology that focuses on detecting network attacks designed to gain access on endpoints through specific techniques, such as: brute-force attacks, network exploits, password stealers, drive-by-download infection vectors, bots, and Trojans.
Note
The Network Attack Defense module is available for:
Windows for workstations
Windows for servers
On Windows servers, Network Attack Defense detects and prevents RDP brute-force attacks by scanning incoming connections on the RDP ports to identify authentication anomalies. Network Attack Defense also scans web traffic when used with Content Control.
Windows
macOS
Linux
Learn how to configure Network Attack Defense in GravityZoneControl Center.
Learn how to deploy Network Attack Defense on Windows servers.
Components
Network Attack Defense uses the following components:
GravityZone Control Center
Security agent (Bitdefender Endpoint Security Tools installed on Windows, Linux, & Mac endpoints)
Network Security Virtual Appliance (for eXtended Detection and Response)
Known issues / limitations
Since all connections are routed trough the NAD module, stopping and restarting the module will reset all active connections.
Install and configure Network Attack Defense
To start using this feature, follow the steps below:
Important
If your endpoints already have the BEST agent deployed, but the Network Attack Defense module is not installed, you can use a Reconfigure agent task to add the module to the endpoint.
If no agent is installed, you will need to use an installation package to deploy BEST on your endpoints along with all required modules.
Below we have included both procedures.
Log in to GravityZone Control Center.
Go to the Installation Packages page from the left side menu.
Click the Create button in the upper-right side of the screen.
Type in the Name and Description for the new installation package.
Select the modules you want to deploy.
Note
Make sure you include the Network Protection > Content Control option.
Click Save.
Select the newly created package from the list of packages and click Send download links.
Enter the email addresses of the recipients and click Send.
Policies are used to enable and configure features both on endpoints and in terms of general functionality.
GravityZone comes with a default set of policy settings, that are custom tailored to meet the most common customer needs.
You can use these default policy settings and leave the configuration of the policy for a later date, but you need to follow the steps below to enable the feature from the policy page:
Log in to GravityZone Control Center.
Go to the Policies page from the left side menu.
You can either:
Under Network Protection > General, enable and configure the module features.
Continue to the Network Attacks page, and configure the settings.
Save your policy.
If you created a new policy, apply it on the endpoints where the feature is deployed.
Go to the Network page from the left side menu.
Select the endpoints you want to apply the policy to.
Click the
Assign Policy button at the upper side of the table.Select the policy you want to apply.
Click Finish.
Note
For more information, refer to Assigning device policies
If you have edited an existing policy, make sure it is applied to all endpoints where the feature is deployed.
This will ensure that the feature is enabled and configured to best suit your company's needs.
View Network Attack Defense activity
You can use this feature to protect your network against specific network attack techniques, such as Initial Access, Block Credential Access, Block Discovery, Block Lateral Movement, or Block Crimeware.
You can configure the feature to take one of two actions once such an attack is detected:
Block - Network Attack Defense stops the attack attempt once detected.
Report Only - Network Attack Defense informs you about the detected attack attempt, but it will not try to stop it.