Home >
Enterprise >
Participants >
Bitdefender > Carbanak+FIN7 Configuration
|
Bitdefender Configuration
Product Versions
- The bundle includes Prevention, Detection and Response, Hardening and Endpoint Risk Analytics modules
- Version 6.6.23.323
Product Description
GravityZone Ultra is one solution that unifies Endpoint Prevention, Detection, Response and Risk Analytics to effectively address the threat lifecycle. It consists of 30 plus layers of protection to defend endpoints from cyber-attacks such as malware, fileless threats, exploits, zero-day threats, and targeted attacks. It supports Windows, macOS and Linux platforms.

The solution is delivered via a single SaaS console and a single endpoint agent that combines:
-
World’s most effective Endpoint Protection
- Machine learning based anti-malware
- Exploit mitigation
- Network Attack Defense
- Tunable machine learning (aka HyperDetect)
- Sandbox Analyzer
- Fileless Attack Defense
- Malicious process monitoring
-
Risk analytics & Hardening
- Patch and Vulnerability Management
- Human and Endpoint Risk Analytics
- Device Control
- Web Threat Protection
- Full Disk Encryption
-
Low overhead Detection and Response
- EDR
- Anomaly Defense
- Root Cause Analysis
- MITRE event tagging
- Optional Managed Services
Each layer is designed to address specific types of threats, tools or techniques, covering multiple stages of the attacks. It includes hardening controls that proactively reduce the attack surface, pre-execution detection powered by machine learning, and on-execution detection via behavior engines and anti-exploit capabilities.
Bitdefender patented machine-learning technology uses local as well as cloud machine learning models for detecting malicious files and URLs. More than 50,000 static and dynamic features are extracted using different extraction techniques such as emulator, unpacked routine, and cryptographic filters. The models are trained and tested constantly using extensive data set of fresh samples and varied and representative malware. This ensures malware detection accuracy and efficacy. Process Inspector is a behavioral detection technology that constantly monitors and scores active applications and processes and acts when a threat is detected.
The EDR module collects and analyzes endpoint events to detect suspicious activity. Fast alert triage and incident investigation, using attack timeline and sandbox output, enable incident response teams to react fast and stop ongoing attacks (one-click to respond). Bitdefender has adopted MITRE ATT&CK framework for key EDR usecases. The incident description and visualization in GravityZone Ultra provides references to MITRE ATT&CK techniques enabling security analysts to search for events based on MITRE ATT&CK indicators. GravityZone Ultra includes baselining capabilities modeled on MITRE ATT&CK framework, deviation from the baseline being reported as incidents.
GravityZone Ultra is the solution of choice for organizations looking to understand cyber risk exposure across their environment, benefit of the most effective endpoint protection stack and reduce the time spent on triaging alerts for faster incident response. With its integrated security stack, Bitdefender can help customers to reduce the number of vendors for an improved operational efficiency and higher return on investment.
Product Configuration
Policy Configuration:
-
All prevention engines enabled but in report only mode
Additional settings:- On-Access - Settings / Scan / "Archives" enabled (with default size/depth)
- Hyper Detect - "Aggressive" level for all categories
-
Advanced Anti-Exploit - Disable for every item in "Predefined Applications":
- "Enforce Windows DEP"
- "Enforce Module Relocation (ASLR)"
- Network Protection - General / General Settings / "Scan SSL" enabled
- Sandbox Analyzer - “Automatic sample submission for managed endpoints” enabled
- EDR enabled