ON PREMISES SOLUTIONS

VMware Tanzu

This section describes how to install, configure and manage Bitdefender Endpoint Security Tools for VMware Tanzu.

Introduction

Overview

Bitdefender Endpoint Security Tools for VMware Tanzu allows you to easily deploy Bitdefender GravityZone security agents to the VMs managed by your VMware Tanzu deployment.

Bitdefender Endpoint Security Tools for VMware Tanzu provides an automated way to incorporate award-winning endpoint security into BOSH-built VM instances upon their creation. With secured VMs, customers can achieve the following:

  • Protect datacenters and cloud VMs from advanced cyber-attacks with layered next-generation security from Bitdefender, a Forrester® Wave Leader in Endpoint Security Suites and the AV Comparatives® Outstanding Security Product Award winner.

  • Streamline compliance with PCI DSS, HIPAA, Gramm-Leach-Bliley Act (GLBA), GDPR, and other regulatory standards calling for an anti-malware solution.

  • Eliminate the time and effort required to manually deploy the agent and apply security policies after the fact.

Key features
Management
  • Automatic deployment of Bitdefender Endpoint Security Tools by BOSH at the time of VM instantiation.

  • Single-console, single-pane-of-glass security management, and consistent policy enforcement across heterogeneous datacenter and cloud infrastructure.

  • Automatic application of security policies at scale and security-license recovery from decommissioned VMs in VMware® vSphere, AWS EC2, and Microsoft Azure environments.

  • Compatibility with Splunk and other SIEM platforms (via Syslog) for security-event analysis.

Security

Layered next-generation endpoint security delivering, among others, the following advanced capabilities:

  • Dynamic Machine Learning (Local and Cloud-Based)

    Leverages proprietary models trained in URL filtering and file analysis on 500M endpoint-sensors and trillions of samples to maximize efficacy and minimize false positives.

  • HyperDetect Tunable Machine Learning

    Allows administrators to adjust threat-detection aggressiveness levels to suit the context and risk profile of their organization to detect high-probability, high-impact attacks while minimizing false positives on lower-risk threats.

  • Process Inspector

    Continuously monitors and scores running processes and system events and tags suspicious activities to provide proactive, dynamic detection, and remediation of unknown threats.

  • Anti-Exploit

    Detects exploitation methods and protects the memory space of browsers, document viewers, media players, and office applications.

  • Sandbox Analyzer

    Automatically submits suspicious files from VMs to a cloud or on-premises-based network sandbox for detonation and behavioral analysis.

  • Application Control

    Provides both whitelisting ("default deny") and blacklisting capabilities to restrict the range of applications allowed to run in a VM.

  • Integrated Patch Management Add-On

    Provides automatic discovery and characterization of vulnerabilities and the widest range of patches for OSs, applications, and golden images.