Bitdefender impressed us again this year in the hosted endpoint protection category with the latest version of its high-end GravityZone Ultra product. We previously reviewed the less-comprehensive Bitdefender GravityZone Elite service, which is still available and still offers excellent security on Windows, macOS, Linux, iOS, and Android. But since that test, we’ve turned our attention to the more advanced GravityZone Ultra tier of the company’s portfolio.
Where Ultra really stands apart is that it offers highly sophisticated security add-ons that you won’t find in most of the other contenders, including a sandbox, content control, device control, and Microsoft Exchange protection. It also has highly sophisticated endpoint detection and response (EDR) capabilities, which are becoming an increasingly sought-after feature in this category. All this makes it an easy pick for our Editors’ Choice designation along with F-Secure Elements and Sophos Intercept X.
Bitdefender Pricing and Plans
Unfortunately, for all of Bitdefender’s compelling features, cost is not one of them. Pricing for Bitdefender GravityZone Ultra was the most opaque of all the products we tested in this roundup. Not only is the product only available through Bitdefender’s partner channel, but the company has taken to describing GravityZone as a tiered “platform.” As such, it refuses to discuss pricing for the Ultra tier, offering only that the Elite tier starts at $286.99 per year for five devices, or $57.40 per device per year.
That Elite pricing is already on the higher end of the price range, for example as compared to Microsoft 365 Defender at $60 per device per year. The advanced features of the Ultra tier, including EDR, all add to the cost. Additional potential add-ons include email security, patch management, and full-disk encryption. Depending on which advanced features you need, you’re likely to find GravityZone Ultra is the most expensive of all of the products in our roundup.
Those who want to evaluate it can access a free 30 day trial from Bitdefender’s website.
Getting Started with GravityZone Ultra
In this latest version of the product, the default dashboard is lightyears ahead of where it was when last we tested it, especially in terms of visual appeal. Much like in previous iterations, you can access portlets showing various forms of threat activity, including drill-down capabilities within each portlet. You can choose from a veritable army of useful portlets, and you can customize their layout in whichever way you find most applicable to your organization. What we found most impressive was the ability to take actions from within portlets, such as launching a scan directly from some of the portlets.
Another handy feature is the ability to build custom installer packages to distribute to client machines. Because not all modules will be applicable in all situations, you roll your own combinations of Advanced Threat Control, Firewall, Content Control, and an optional Power User module to include in the installer. In addition, some installation settings are configurable here, such as an uninstall password, scanning before installation, and installing to a custom path are also available.
Beyond this, a new Executive Summary page shows a colorful rundown of the endpoints you are managing, what the latest blocked threats were, what the overall company vulnerability is, and other items of interest. In particular, I felt the Executive Summary was similar to how Vipre Endpoint Security handles its dashboard. It provides just the right amount of information for the person who doesn’t want to spend hours customizing a dashboard.
Policies still remain a strength of GravityZone Ultra, though other products such as F-Secure Elements and Sophos Intercept X also excel in this regard. Policies control the aggressiveness and enablement of different Bitdefender modules. For instance, you can specify if the firewall is enabled, what kind of web traffic is allowed, and what kinds of devices can be plugged into the system. This is somewhat reminiscent of how F-Secure Elements works.
Besides adding and managing policies, you can have the system apply policies automatically, depending on the type of network a device is on. While the rules can get a bit complicated, it’s powerful enough to let you create one policy for coffee shops and another for the office, for example. Most notable is the improvement to the ability to tweak network defense parameters. Because you can elect to scan SSL traffic, you don’t require a browser plugin anymore.
Advanced Features and Reporting
GravityZone Ultra offers many reports to choose from. None of them seemed out of place or useless, as can sometimes be the case. You can choose to run each report against all devices, a single device, or multiple groups of computers and devices. You select the reporting interval via a pulldown, and it can be today only or a period as long as a year. You can view reports immediately or convert them to PDF, CSV, or archive files to send via email.
One of the more interesting features is the Sandbox analyzer. If you’re unsure about a file, you can submit it to the Sandbox to be detonated and analyzed. Since the analysis happens in a safe environment, you can determine whether or not a file is safe before you decide to run it in the real world. While this feature does get launched automatically if a file looks suspicious, Bitdefender is usually good enough to spot malware without needing it.
GravityZone Ultra’s endpoint detection and response (EDR) capabilities have received a number of significant improvements in this version. The attack chain view now flows from top to bottom instead of left to right, and the color scheme is more visually appealing. The most significant change is that even if you aren’t on the Ultra tier, you can still get the attack chain. You just won’t get it across the entire network; it is limited to specific machines. The Ultra tier’s extended EDR capabilities, on the other hand—what Bitdefender calls XEDR—can detect sophisticated attacks that span multiple endpoints of different types.
The Risk analytics feature allows you to detect and automatically fix security misconfigurations with a few clicks. Doing so was a fairly easy process and required virtually no knowledge of the nature of the fix to apply it. Under the Risk Management section, any misconfigured Windows devices affect the risk score. This requires that you proactively set up a task to scan your Windows endpoints, but resolving any issues involves merely clicking the issue and asking GravityZone to resolve it.
Testing Performance
As with the other entrants in our roundup, we ran GravityZone Ultra through our standard endpoint protection testing process. The first test we performed was designed to see how GravityZone performs against phishing attacks. No browser plugin is required for this, but we did have to enable SSL scanning in the policy to successfully complete the test. We selected ten known phishing pages from PhishTank, a collection of suspected and verified phishing websites. GravityZone Ultra detected and blocked all ten.
Next, we used a Metasploit feature called AutoPwn 2 to launch a browser-based attack against the system using a known vulnerable version of Chrome with the Java 1.7 runtime installed. These attacks were designed to gain a remote shell, yet similar to the previous test, none succeeded.
We then tried to execute a version of Windows Calculator that had been appended with a malicious Meterpreter binary, simulating another typical remote shell exploit. The executable was stopped on launch and it was removed from the desktop and swiftly quarantined, based on its behavior. We tried the same thing with a set of Veil 3.0 encoded meterpreter executables that included PowerShell, Auto-IT, Python, and Ruby, and the result was the same for all of them. We were unable to perform any further access tests.
Lastly, we extracted a set of known malware executables called TheZoo and tried to run them. GravityZone Ultra immediately quarantined each of them before it could run, confirming that F-Secure’s signature-based detection was working well. Overall, the service passed these tests with flying colors.
Third-party testing corroborates these findings. AV-Comparatives included Gravityzone in its March 2021 Malware Protection Test, where it demonstrated a 100% online protection rate. In addition, it was rated at a 96.8% online and offline detection rate. Only four false alarms were noted.
Still a Winner
We’ve said before that we think Bitdefender is a great piece of software, and this year’s test convinced us that it has only improved with age. It still provides the highest level of detail about detected threats of any of the players we tested, and its greatly improved EDR capabilities and enhanced user interface clinch our decision to name Bitdefender GravityZone Elite as an Editor’s Choice winner, once again.
If we have one knock against Bitdefender, it’s that the company seems to have left the door wide open for GravityZone Ultra pricing, because it will depend upon which advanced features you need and which partner reseller you choose to buy it from. While the pricing for the GravityZone Elite tier gives us some idea of what you can expect to pay, Bitdefender’s unwillingness to discuss even example pricing for the Ultra tier must give us pause.
If Bitdefender wants us to think of GravityZone as a platform, however, then at least it is one that continues to offer excellent testing results, loads of advanced features, and a well-thought-out policy management system. It also has a powerful ability to detect even non-standard attacks, such as our wide variety of Veil 3.1-encoded exploits, which aren’t easy for antivirus engines to catch. All this combined with a very nice price means Bitdefender once again easily garners our Editors’ Choice award, although price-conscious customers may want to consider our two other award-winners, F-Secure Elements and Sophos Intercept X Endpoint Protection.