During our Bitdefender webinar, you guys had a chance to learn from our own Customer Success Manager, Isaac Elyahou, plus Cloud and MSP Security Architect Michael Reeves from Bitdefender, as they discussed all the ways you can use Bitdefender to keep your user devices safe and sound. Here are the highlights of what was discussed!
A Bitdefender Walkthrough
We started our webinar from the Atera dashboard, where you can easily start your own Bitdefender subscription. On the left-hand side, you’ll see all the Atera add-ons, and you can register for Bitdefender by searching under Antivirus. If you start your free trial, you will get sent an email with credentials that allow you to access GravityZone.
If you’re already a user of Bitdefender, when you log into GravityZone, you’ll be able to see your deployments, and an overview of all your information, which will look something like this.
New to Bitdefender? Here Are Some Set-up Ideas
One of Michael’s first suggestions was that you tweak the session timeout, which is set as a default to 15 minutes. You don’t want to have to log in again every time you go grab a cup of coffee! If you’re in and out of GravityZone all day, you might want to set it to 8 hours, just like Michael! Otherwise, 30 minutes or an hour could work fine. Don’t forget to hit the save button whenever you make changes.
Michael often gets the question, “How do I integrate GravityZone?” The answer is that it’s totally API-driven, so you can create an API key to enable various functionality, and you can allow access to pieces of GravityZone by selecting the APIs that work for you. The access URL will allow whatever platform you choose to integrate with GravityZone. You can find the documentation for that in the help section, too.
The other question Michael gets a lot, is “What if I have an existing GravityZone environment? How can I associate that with another partner?” Simply ask for the Company ID of the partner that you want to associate with, for example, Atera’s Company ID, and then you can change your partner in a couple of clicks. This is called ‘change of channel’ and is really simple to perform. Check out this awesome knowledge base article for more information on getting set up with Bitdefender.
Tips for Setting up Bitdefender as an MSP
Your next step is going to be to create a company or a series of companies. For MSPs or IT professionals who are managing a security service on behalf of their customers, Michael recommends you create a company for internal use, too. The interface will ask for the country, the state, or province, and then you can also control the type of licensing for your customer, which gives you really granular control. If you want to give access to any specific user at this company, in a co-managed situation for example, you can provide those permissions here.
For MSPs, It’s encouraged that you create multiple companies because this will help you manage billing in the best possible way. You can also assign policies by the company to specific groups, segmenting your rules in a granular way.
Pro tip: if you haven’t set this up at the start, you can go to Multi-license subscription, and you’ll be able to drag and drop customers into different groups at any time, even if you didn’t originally set them up that way.
The second thing you’re going to want to do is to navigate to packages. A package is a deployment that you will send and install onto various endpoints. Create a package, and then associate it with a company, and then you can select the different security modules that you want to activate in this particular package.
Bitdefender’s CloudSecurity is the base service pack and includes many feature sets such as Content Control, Web filtering, Firewall services, Device Control, Anti-Exploit, and Advanced Threat Control. Add-ons include Endpoint Detection and Response, Advanced Threat Security (which consists of HyperDetect and Sandbox), Email Security, Full Disk Encryption, and Security for Exchange. Check out this article for more information on Bitdefender’s Add-ons.
Once you’ve created packages, you can select a package via a specific kit, such as Linux or Windows.
Pro knowledge! Interested in the package sizing? Here you go! Windows Downloader is 584 MB, the Linux Downloader is 780 MB, and Mac comes in at 330MB. While specific agents are available, Michael suggests using the standard agent as it will auto-discover the relevant operating system specs for you!
When it comes to deploying Bitdefender, there are so many options at your disposal! You can download it directly, send download links, or share any of these kits via the cloud. You can also use an Active Directory integration, so that you can set a system as an Active Directory integrator, automatically pulling the machines and allowing you to install directly. You can also use a Relay role to auto-discover all the systems on a workgroup, acting as a proxy to remotely deploy Bitdefender. It’s also really easy to add or remove any specific functionality to endpoints and reconfigure as necessary. For example, if you deploy the base package to a customer and then 6 months down the line you want to add EDR. You can click add EDR and save directly from the add-ons, and you’re done.
Talking about Policies
Policies control everything within Bitdefender. All security controls are enabled or disabled by policy, and all of the settings for security controls are also defined by policies. Bitdefender has a set policy out of the box, and Michael recommended you clone that and save it as your own.
Pro tip: If you’re regularly asking, “One of my users created a policy and I can’t seem to modify it!” – mystery solved. That’s because when they created the policy, they forgot to check the “allow other users to modify this policy” box. This should be part of your user education when you show them how to use Bitdefender and set up policies.
Notifications in the policy is where you configure what the end-user is going to see. You can use this to help decide how chatty and communicative you want Bitdefender to be with your customers. If you want it to be quiet, uncheck the boxes, and only choose the essential notifications.
Understanding BitDefender Add-Ons
Beyond the basic CloudSecurity feature set, you can also check out the video to hear about the various add-ons Bitdefender offers. Here are three of the main examples:
- ATS is Advanced Threat Security. This includes Hyper-detect and Sandbox Analyzer. If you don’t want to use ATS, you need to make sure that those two options are unchecked. If either service is checked off for use, you will be enrolled in the ATS service.
- Encryption, integrated with Bitlocker file vault to enforce the encryption policy, with keys stored within GravityZone. This is great for companies with tight compliance mandates to keep to, for example.
- Endpoint Detection and Response. If you do use EDR, when you select Incident Sensor, Bitdefender can show you all the incidents in relation to one another, and add exceptions to rules to streamline what you see. No more repetitive false positives!
Quick-fire Tips and Tricks from the Expert
Enable Network Printing
Under the Bitdefender default policy, on line six, you’ll see Network Printing. The default policy is to deny. But especially in a workgroup environment, it’s important to select allow and let Bitdefender print over the network.
Consider Content Control and Network Protection
Start by using ‘Scan SSL’ which will cover about 80% or more of the internet, and then turn on content filtering, too. This is found in the web access control settings, under categories and then web rules. You can have a fully functioning URL-filtering engine deployed on any endpoint covered by Bitdefender. This means you can allow or deny any website, and white list or blacklist as you choose.
Use Location Rules
Let’s say you don’t want content filtering in the office but you do want that at home. Head to policies and go to content rules. You can then add a location rule, whether that’s by IP address range, DNS gateway, or otherwise, to designate a particular network. You can even apply policies by users!
Enable Ingress/Egress Traffic Monitoring
This can be done on each endpoint, which prevents lateral movement, brute force password stealers, and more. You can also use device control to enforce USB policies or Bluetooth device connections. Choose what you feel is safe to allow, and what you want Bitdefender to block.
Michael called this “One of the Best, Unknown Features of Bitdefender Globally…” and we can see why!
Just check the Risk Management box, and Bitdefender will characterize your attack surface, help you to prioritize, and even suggest changes for your environment or for your client’s. You can do this from a network, browser, OS, application, and even user perspective. One example could be password management, highlighting users who utilize the same password on 60 websites, or weak passwords, drawing your attention to this user, without ever showing you the password itself.
Security Audit report: Whether you’re reporting to your IT manager or reporting to your client. Use this report to demonstrate all security actions taken. Show what’s been mitigated, what’s been addressed, and what’s been implemented.
Monthly Usage Report: Be in the know! Use this report to measure usage of all Bitdefender services and add-on.
Both of these reports can be received on a regular schedule, whether to your inbox, your clients, or your managers!
Still, Have Questions? We Have Answers!
If you still need some additional support, head to the Bitdefender help and support section, where you’ll find the Partners or the Administrator guide, and the Installation guide, which can walk you through everything you need to know. You can also open a support ticket directly from the help and support section. Atera also offers additional knowledge base articles to assist further with Bitdefender services and Add-ons – just search Bitdefender in the help center! You can also find all the information you need on Pricing, right here.
To access the full conversation, including tips and tricks on the best time to run a scan, a visual walkthrough of everything we’ve discussed, and Michael’s own recommendations about which add-ons should be top of your list, watch the complete webinar – here!