The latest version of Bitdefender’s high-end GravityZone Ultra product wowed us again this year in the hosted endpoint security category. We recently tested Bitdefender GravityZone Elite, a less complete service that is still available and provides good security on Windows, macOS, Linux, iOS, and Android. However, since that time, we’ve been focusing on the GravityZone Ultra tier of the company’s product line.
Ultra really stands out since it has a sandbox, content control, device control, and Microsoft Exchange protection that you won’t find in most of the other finalists. It also includes advanced endpoint detection and response (EDR) capabilities, which are a popular feature in this category. Along with F-Secure Elements and Sophos Intercept X, it’s an easy choice for our Editors’ Choice distinction.
BITDEFENDER GRAVITYZONE ULTRA SPECS
|Manage by Group||Yes|
|Manage by Tag||No|
|Apple macOS Client||Yes|
|Full Audit Log||Yes|
|Mobile Device Management||Yes|
|Mobile Agent for Android||Yes|
|Mobile Agent for iOS||Yes|
|Malicious Website and Anti-Phishing Defense||Yes|
|External Device Control||Yes|
|Native Encryption Management||No|
|Root Cause Analysis||Yes|
|Endpoint Detection and Response (EDR)||Yes|
Bitdefender Plans and Pricing
Unfortunately, affordability is not one of Bitdefender’s appealing characteristics. Bitdefender GravityZone Ultra has the most ambiguous pricing of any of the products we reviewed in this roundup. Not only is the solution only available through Bitdefender’s partner channel, but the business has dubbed GravityZone a “platform” with different levels of protection. As a result, it refuses to discuss Ultra tier pricing, instead stating that the Elite tier starts at $286.99 per year for five devices, or $57.40 per device per year.
When compared to Microsoft 365 Defender, which costs $60 per device per year, Elite pricing is already on the top end of the price range. The Ultra tier’s sophisticated features, such as EDR, all add to the price. Email security, patch management, and full-disk encryption are all possible add-ons. GravityZone Ultra is likely to be the most expensive of all the items in our roundup, depending on which advanced features you require.
Bitdefender offers a free 30-day trial on their website for anybody interested in trying it out.
How to Begin Using GravityZone Ultra
The default dashboard in this latest version of the software is lightyears ahead of where it was when we last examined it, especially in terms of visual appeal. You can access portlets that indicate various types of threat behavior, including drill-down capabilities within each portlet, just as you could in prior incarnations. You can pick and choose from a plethora of helpful portlets, and personalize their arrangement in whatever way you see fit for your company. The ability to conduct actions from within portlets, such as running a scan right from some of the portlets, was very noteworthy.
The ability to create custom installation packages to send to client machines is another useful feature. Because not all modules will be useful in every case, you must create your own custom mix of Advanced Threat Control, Firewall, Content Control, and an optional Power User module to include in the installer. Furthermore, various installation options, such as an uninstall password, scanning before installation, and installing to a custom path, can be customized here.
A new Executive Summary page provides a colorful overview of the endpoints you manage, as well as the most recent prevented threats, the overall corporate vulnerability, and other relevant information. The Executive Summary, in particular, reminded me of how Vipre Endpoint Security (Opens in a new window) manages its dashboard. It contains just the proper amount of data for someone who does not want to spend hours designing a dashboard.
Policy management is still a strength of GravityZone Ultra, while competing programs like F-Secure Elements and Sophos Intercept X excel in this area as well. Different Bitdefender modules’ aggressiveness and enabling are controlled by policies. For example, you can select whether the firewall is active, what types of web traffic are permitted, and what devices can be connected to the system. This is similar to the way F-Secure Elements operates.
You can have the system apply policies automatically based on the type of network a device is on, in addition to setting and modifying policies. While the rules can get complex, they are robust enough to allow you to design separate policies for coffee shops and the office, for example. The ability to alter network defense parameters has been greatly improved. You no longer need a browser plugin because you can choose to scan SSL traffic.
Reporting and Advanced Features
There are numerous reports available in GravityZone Ultra. None of them appeared out of place or ineffective, which isn’t always the case. Each report can be conducted on all devices, a single device, or multiple groups of computers and devices. You can choose the reporting interval from a pulldown menu, and it can be as short as today or as long as a year. You can quickly see reports or convert them to PDF, CSV, or archive files to email.
The Sandbox analyser is one of the more intriguing features. You can send a file to the Sandbox to be detonated and studied if you’re not confident about it. Because the analysis takes place in a secure environment, you may check whether a file is safe before running it in the real world. While this feature is activated automatically if a file appears to be malicious, Bitdefender is typically capable of detecting malware without it.
The endpoint detection and response (EDR) capabilities of GravityZone Ultra have been significantly improved in this version. The assault chain view now flows from top to bottom rather than left to right, and the color palette has been improved. The most notable change is that you can still get the attack chain even if you aren’t on the Ultra tier. It won’t work across the entire network; it’ll only work on certain devices. The expanded EDR capabilities of the Ultra tier, dubbed XEDR by Bitdefender, can detect sophisticated assaults that span numerous endpoints of various sorts.
With a few clicks, the Risk analytics feature can detect and automatically resolve security misconfigurations. It was a rather simple procedure that required little knowledge about the nature of the problem. Any misconfigured Windows devices effect the risk score in the Risk Management section. This necessitates setting up a process to scan your Windows endpoints in advance, but correcting any issues is as simple as clicking the issue and requesting GravityZone to fix it.
We put GravityZone Ultra through our usual endpoint protection testing process, much like the other contenders in our collection. The first test we ran was to see how well GravityZone defends against phishing attempts. Although no browser plugin is necessary, we did need to enable SSL scanning in the policy to complete the test. From PhishTank (Opens in a new window), a database of suspected and validated phishing websites, we chose ten known phishing pages. All ten were recognized and prevented by GravityZone Ultra.
Then, using a Metasploit tool called AutoPwn 2, we used a known vulnerable version of Chrome with the Java 1.7 runtime installed to execute a browser-based attack against the machine. These attempts were intended to gain a remote shell, but none succeeded, as in the prior test.
We then attempted to run a version of Windows Calculator that had been modified to include a malicious Meterpreter binary, emulating yet another common remote shell attack. Based on its behavior, the executable was stopped on launch, removed from the desktop, and quarantined quickly. We tried the same technique with a collection of Veil 3.0 encoded meterpreter executables, including PowerShell, Auto-IT, Python, and Ruby, and got the same result. We were unable to conduct any additional access checks.
Finally, we attempted to run a suite of known malware executables known as TheZoo. Before GravityZone Ultra could operate, it quarantined each of them, indicating that F-signature-based Secure’s detection was effective. Overall, the service acquitted itself admirably in these tests.
These conclusions are supported by third-party testing. Gravityzone was featured in AV-Comparatives’ (Opens in a new window) March 2021 Malware Protection Test, where it demonstrated a 100% online protection rate. Furthermore, it has a detection rate of 96.8% both online and offline. There were just four false alarms.
Still a Champion
We’ve previously stated that Bitdefender is a fantastic piece of software, and this year’s test confirmed that it has only become better with age. It still delivers the most information about detected threats of any of the players we evaluated, and its considerably improved EDR features and improved user interface solidify our choice to call Bitdefender GravityZone Elite an Editor’s Choice winner once more.
If we have one criticism of Bitdefender, it is that the firm appears to have left GravityZone Ultra price open to interpretation, as it will vary depending on which advanced features you require and which partner reseller you choose to purchase it from. While the GravityZone Elite tier pricing provides us a sense of what to expect, Bitdefender’s refusal to discuss even example pricing for the Ultra tier must give us pause.
If Bitdefender wants us to think of GravityZone as a platform, at least it continues to deliver good testing results, a wealth of advanced capabilities, and a well-designed policy management system. It also has a strong ability to detect non-standard assaults, such as our vast range of Veil 3.1-encoded exploits, which antivirus engines struggle to detect. All of this, paired with a very reasonable price, earns Bitdefender our Editors’ Choice award once again, however price-conscious clients may want to try F-Secure Elements and Sophos Intercept X Endpoint Protection.