Bitdefender GravityZone provides full visibility into organizations’ overall security posture, global security threats, and control over its security services that protect virtual or physical desktops, servers and mobile devices. All Bitdefender’s Enterprise Security solutions are managed within the GravityZone through a single console, Control Center, that provides control, reporting, and alerting services for various roles within the organization.

This article describes how to install and use Security for Storage in your GravityZone environment.

• Overview
• Security for Storage prerequisites
• Installing and configuring Security for Storage
• Monitoring storage protection

Overview

GravityZone Security for Storage delivers real-time protection for leading file-sharing and network-storage systems. System and threat-detection algorithm upgrades happen automatically — without requiring any efforts from you or creating disruptions for end-users.

When a user requests to open, read, write, or close a file from a laptop, workstation, mobile, or other device, the ICAP client (a NAS or file-sharing system) sends a scan request to Security Server and receives a verdict regarding the file. Depending on the result, Security Server allows access, denies access or deletes the file.

Bitdefender Security Servers are configurable from GravityZone Control Center through security policies.

Security for Storage prerequisites

Security for Storage is delivered as add-on available for certain GravityZone Cloud and on-premises solutions.

To use Security for Storage, you need:

• A GravityZone Cloud account or a GravityZone on-premises deployment configured and ready to use.
• License for the Security for Storage add-on, together with a GravityZone main license.

Security for Storage supports the following storage and file-sharing solutions:

• ICAP-compatible network-attached storage (NAS) and storage-area network (SAN) systems from Dell®, EMC®, IBM®, Hitachi®, HPE®, Oracle®, and others
• Nutanix® Files (formerly, Acropolis File Services or AFS)
• Citrix® ShareFile

Security for Storage is also compatible with ICAP-compliant NAS devices from Dell, EMC, IBM, Hitachi, HPE, Oracle, and others.

Installing and configuring Security for Storage

Depending on whether a GravityZone environment is in place or not, the Security for Storage installation varies for:

• Existing GravityZone users
• New GravityZone users

For existing GravityZone users

If you already use GravityZone, this is how you install Security for Storage:

1. Add the Security for Storage add-on license key in Control Center. The licensing steps are different on GravityZone Cloud and on GravityZone On-premises.

   For details regarding GravityZone Cloud, refer to the Installing Protection > License Management chapter from the GravityZone Installation Guide (Ultra edition).

   For details regarding GravityZone On-premises, refer to the Installing Protection > License Management chapter from the GravityZone Installation Guide (Enterprise edition).

2. Install at least two Bitdefender Security Servers and configure them as ICAP servers on supported NAS devices or file-sharing systems.
3. Enable and configure the Storage Protection module in the GravityZone policy settings.

For new GravityZone users

If you are new to Bitdefender, your first must set up a GravityZone environment, then install Security for Storage, as follows:

1. Prepare the GravityZone environment you want to use:
   • Cloud: activate the license for your GravityZone account and configure the solution according to your needs. For details, refer to the Installing Protection chapter from the GravityZone Installation Guide (Ultra edition).
   • On-premises: install and configure GravityZone on your local infrastructure. Also, you must license your GravityZone solution before adding the Security for Storage license.

     For details, refer to the Installing Protection chapter from the GravityZone Installation Guide (Enterprise edition).

2. Add the Security for Storage add-on license key in Control Center. The licensing steps are different on GravityZone Cloud and on GravityZone On-premises.

   For details regarding GravityZone Cloud, refer to the Installing Protection > License Management chapter from the GravityZone Installation Guide (Ultra edition).

   For details regarding GravityZone On-premises, refer to the Installing Protection > License Management chapter from the GravityZone Installation Guide (Enterprise edition).

3. Install at least two Bitdefender Security Servers and configure them as ICAP servers on the NAS devices or the file-sharing systems of choice.
4. Enable and configure the Storage Protection module in the GravityZone policy settings.

Installing Bitdefender Security Servers

You need to install and configure at least two Bitdefender Security Servers Multi-Platform on the ICAP-compliant platform of choice. Acting as ICAP servers, Bitdefender Security Servers analyze files, send verdicts to storage systems and take appropriate actions if necessary. In case of overloading, the first Security Server redirects the surplus of data to the second one.

For details about the Security Server installation, refer to Installing Protection > Installing Endpoint Protection > Installing Security Server in the GravityZone Installation Guide.

As best practices, you must install Security Servers as close as possible to the NAS server. In case of cloud NAS deployment (for example, in an Amazon Web Services environment), you must install Security Servers there. For details, refer to this article. Also, for deploying Security Servers in Nutanix AHV, refer to this article.

Note: As best practices, install dedicated Security Servers for storage protection, separate from the Security Servers used for other roles, such as antimalware scanning.

For details about configuring and managing ICAP servers on a certain NAS device or file-sharing system, refer to the documentation for that specific platform (such as Nutanix® Files (formerly, Acropolis File Services or AFS) and Citrix® ShareFile).

Enabling and configuring the Storage Protection module

After installing and configuring Bitdefender Security, you must enable the Storage Protection module in the GravityZone policy settings.

1. Log in to GravityZone Control Center.
2. In the left-side menu, go to the Policies page.
3. Select the policy you want to edit, or create a new one by clicking the Add button at the upper side of the table. The policy settings page opens.
4. Go to Storage Protection > ICAP.
5. Select the On-access Scanning check box at the top of the page.
6. Configure the settings according to your needs. For details, refer to ICAP and Exclusions sections in this article.
7. Click the Save button to apply the changes.
8. Assign the policy to the Security Servers you have installed on the ICAP platform. For details about policy assignment, refer to the chapter Security Policies > Assigning Policies in the GravityZone Administator’s Guide.

The settings for ICAP scanning are organized into the following sections:

• ICAP
• Exclusions

ICAP

You can configure the following options for Security Servers:

• Under the On-access Scanning section, keep the default values for these fields:
  • Service name: bdicap
  • Listen port: 1344
• Under Archive Scanning Settings, select the Scan Archive check box to enable archive scanning. Configure the maximum size and the maximum depth of the archives to be scanned.

  Note: If you set the archive maximum size to 0 (zero), Security Server scans archives regardless of their size.

• Under Congestion Control, choose the preferred method of managing the connections on storage devices in case of Security Server overloading:
  • Automatically drop new connections on storage devices if Security Server is overloaded. When one Security Server has reached a maximum number of connections, the storage device will redirect the surplus to a second Security Server.
  • Maximum number of connections on storage devices. The default value is set to 300 connections.
• Under Scan Actions, the following options are available.
  • Deny access. Security Server denies access to infected files.
  • Disinfect. Security Server removes the malware code from infected files.

Exclusions

If you want specific objects to be excluded from scanning, select the Exclusions check box. You can define exclusions:

• By hash – you identify the excluded file by SHA-256 hash.
• By wildcard – you identify the excluded file by path.

Configuring exclusions

To add an exclusion:

1. Select the exclusion type from the menu.
2. Depending on the exclusion type, specify the object to be excluded as follows:
   • Hash – enter SHA-256 hashes separated by comma.
   • Wildcard – specify an absolute or a relative pathname by using wildcard characters. The asterisk symbol (*) matches any file within a directory. A question mark (?) matches exactly one character.
3. Add a description for the exclusion.
4. Click the Add button. The new exclusion will be added to the list.

To remove a rule from the list, click the corresponding Delete button.

Importing and exporting exclusions

If you intend to reuse the exclusions in more policies, you can choose to export and import them.

To export exclusions:

1. Click the Export at the upper side of the exclusions table.
2. Save the CSV file to your computer. Depending on your browser settings, the file may download automatically, or you will be asked to save it to a location.

Each row in the CSV file corresponds to a single exclusion, having the fields in the following order: ,

These are the available values for the CSV fields:

• Exclusion type:

  1, for for SHA-256 hash

  2, for for wildcard

• Object to be excluded:

  A hash value or a pathname

• Description

  A text to help identify the exclusion.

Example of exclusions in the CSV file:

2,*/file.txt,text

2,*/image.jpg,image

1,e4b0c44298fc1c19afbf4c8996fb9227ae41e4649b934ca991b7852b855,hash

To import exclusions:

1. Click Import. A new window opens.
2. Click Add and then select the CSV file.
3. Click Save. The table is populated with the valid exclusions. If the CSV file contains invalid exclusions, a warning informs you of the corresponding row numbers.

Editing exclusions

To edit an exclusion:

1. Click the exclusion name in the Path column or the description.
2. Edit the exclusion.
3. Press Enter when finished.

Monitoring storage protection

GravityZone Control Center allows you to overview Security for Storage status and the Bitdefender Security Servers activity as follows:

• In the Network inventory
• Via Reports
• Via Notifications

In the Network inventory

In the Network page, locate the Security Servers used as ICAP servers and click their names to view computer details.

The Computer Details > Protection window contains information about the Storage Protection module. Details refer to:

• Service status:
  • N/A – Storage Protection is licensed, but the service is not configured yet.
  • Enabled – the service is enabled in the policy and functioning.
  • Disabled – the service is not functioning either because it has been disabled from the policy or the license key has expired.
• List of the storage devices that have been scanned during the past month, with the following details:
  • Storage device name
  • Storage device IP
  • Storage device type
  • The date and time of the last communication between the storage device and Security Server.

Via Reports

Information about Security Storage is available in two GravityZone reports:

1. Security Audit – provides information on security events, with details such as:
   • Security Server name
   • Storage device name and type
   • Malware name and type
   • Detection status
   • Detection time
2. Security Server Status – provides information on the status of ICAP scanning service (whether it is enabled or disabled) and on the connected storage devices.

You can export these reports in PDF (only summary) or CSV (full details), or lyou can send them by email. For details about creating and managing reports, refer to the GravityZone Administrator’s Guide.

Via Notifications

GravityZone informs you through the Storage Antimalware notification when Bitdefender Security Servers detects malware on NAS devices. This notification is created for each malware detection, providing details about the infected storage device (name, IP, type), detected malware and detection time.