Skip to main content

HyperDetect

BitdefenderHyperDetect is an additional layer of security specifically designed to detect advanced attacks and suspicious activities in the pre-execution stage.

HyperDetect enhances the security measures by incorporating an additional layer of protection to the current scanning technologies such as On-Access, On-Demand, and Traffic Scan. This added layer is specifically designed to combat the latest forms of cyber-attacks, including advanced persistent threats. HyperDetect significantly improves the effectiveness of the Antimalware and Content Control protection modules by incorporating advanced heuristics that are based on artificial intelligence and machine learning techniques.

HyperDetect is a powerful tool that can accurately anticipate and identify specific attacks, as well as effectively identify advanced malware before it is executed. This advanced technology enables HyperDetect to swiftly identify threats, surpassing the capabilities of traditional signature-based or behavioural scanning methods.

Note

This module is an add-on available with a separate license key or as a part of specific bundles.

Components

HyperDetect uses the following components:

  • GravityZone Virtual Appliance

  • Security agent (Bitdefender Endpoint Security Tools installed on Windows, Linux, & Mac endpoints)

  • Security Server Multi-Platform

  • Security Server for NSX-T

  • Security Server for NSX-V

Install and configure HyperDetect

To start using this feature, follow the steps below:

Note

This feature functions through the Antimalware module, which is included by default in all installation packages. If you already have the BEST agent installed on your endpoints, no further deployment is required.

Testing out the feature

Test out the Suspicious files and network traffic protection

  1. Log in to GravityZone Control Center.

  2. Go to the Policies page from the left side menu.

  3. Select one of the policies you are using and click Clone Policy.

  4. Go to the Antimalware > Hyper Detect page.

  5. Make sure the feature is enabled and that Suspicious files and network traffic option is set to Permissive.

  6. Save the policy.

  7. Apply the policy to one of your endpoint where you want to test the feature.

  8. Download this file on the same endpoint.

  9. Open the .zip file using the bdinfected password.

The module will detect the file, will trigger an event, and move the file to quarantine.

onboarding_hyperdetect_test_157054_en.png
Test out the Grayware protection on an execution scenario

  1. Log in to GravityZone Control Center.

  2. Go to the Policies page from the left side menu.

  3. Select one of the policies you are using and click Clone Policy.

  4. Go to the Antimalware > Hyper Detect page.

  5. Make sure the feature is enabled and that Grayware option is set to Aggressive.

  6. Save the policy.

  7. Apply the policy to one of your endpoint where you want to test the feature.

  8. Download this file on the same endpoint.

  9. Open the .zip file using the bdinfected password.

  10. Extract the paranoia.4.3.exe file.

  11. Execute the file.

The module will detect the file, and will trigger an event.

onboarding_hyperdetect_test_2_157054_en.png

Important

Once done testing, re-apply the original policy to the endpoint you used for testing.

View Hyperdetect activity

Depending on how you configured your policy, the module will take one of the following actions when a suspicious file or process is discovered:

  • For files: deny access, disinfect, delete, quarantine, or just report the file.

  • For network traffic: block or just report the suspicious traffic.

In this section: