Skip to main content

Network Attack Defense

The Network Attack Defense module relies on a Bitdefender technology that focuses on detecting network attacks designed to gain access on endpoints through specific techniques, such as: brute-force attacks, network exploits, password stealers, drive-by-download infection vectors, bots, and Trojans.


The Network Attack Defense module is available for:

  • Windows for workstations

  • Windows for servers

    On Windows servers, Network Attack Defense detects and prevents RDP brute-force attacks by scanning incoming connections on the RDP ports to identify authentication anomalies. Network Attack Defense also scans web traffic when used with Content Control.

  • Windows

  • macOS

  • Linux

Learn how to configure Network Attack Defense in GravityZoneControl Center.

Learn how to deploy Network Attack Defense on Windows servers.


Network Attack Defense uses the following components:

  • GravityZone Virtual Appliance

  • Security agent (Bitdefender Endpoint Security Tools installed on Windows, Linux, & Mac endpoints)

  • Network Security Virtual Appliance (for Sandbox Analyzer)

Known issues / limitations

  • Since all connections are routed trough the NAD module, stopping and restarting the module will reset all active connections.

Install and configure Network Attack Defense

To start using this feature, follow the steps below:


If your endpoints already have the BEST agent deployed, but the Network Attack Defense module is not installed, you can use a Reconfigure agent task to add the module to the endpoint.

If no agent is installed, you will need to use an installation package to deploy BEST on your endpoints along with all required modules.

Below we have included both procedures.

View Network Attack Defense activity

You can use this feature to protect your network against specific network attack techniques, such as Initial Access, Block Credential Access, Block Discovery, Block Lateral Movement, or Block Crimeware.

You can configure the feature to take one of two actions once such an attack is detected:

  • Block - Network Attack Defense stops the attack attempt once detected.

  • Report Only - Network Attack Defense informs you about the detected attack attempt, but it will not try to stop it.