Proactive Threat Defense: Implementing Security Best Practices with Bitdefender XDR & MDR

Today, I’m delighted to be joined by our partners from Bitdefender. Our topic for today is proactive threat defense. We will be talking about how you can implement security best practices with Bitdefender’s XDR and MDR. Housekeeping and Session Overview Just before we get started and I introduce our speaker for today, I want to walk through some basic housekeeping. This webinar is being recorded. Obviously, all of the attendees are muted, but we do invite you to type your questions in the Q&A box. We will be addressing those at the end of today’s session, leaving enough time for questions and answers. We will be sharing a recording of this session with you within the next 24 hours via email. As I said, if you’ve got any questions, feel free to type them in the Q&A box. At the end of the session, in order to help us improve and to bring those trending topics that you’d like to hear about, we do have a short survey. We will invite you to take just a minute of your time to answer that. So, without further ado, I’m very excited to welcome Paul Lupo, a senior product specialist at Bitdefender, and someone who joins us quite often. Paul, I think we’ve done quite a few exciting sessions together, talking about security and security best practices. So, Paul, tell us a little bit about yourself and your focus area. 

Paul: Absolutely. Thank you, Muna. Well, I’ve been with Bitdefender for a long time. I joined in 2012, so it’s been about 12-13 years now. For the past seven years, I’ve had a lot of different roles and titles. Currently, I’m the senior product specialist for the RMM and MSP space. I’ve been involved with helping this team grow, helping MSPs understand what opportunities we have together to bring to their customers. I’m looking forward to one more session to talk about that kind of stuff. 

Muna: Wonderful. So, what’s awaiting us in today’s session? Can you give us a brief overview of what we’re going to cover? Paul: Absolutely. You want me to share my screen now? Muna: Oh, yeah, let’s go ahead and do that. I’m going to stop this share. Just make sure I get the right one. Here we go. All right, we’re sharing now. 

Paul: So, what we’re going to cover today is proactive threat defense. There are a lot of vendors out there that think recovering from certain types of incidents is okay. Bitdefender takes a very different approach to protection, not reaction. That’s why the topic here is proactive threat defense—implementing best security practices, etc. Why do you need to prevent threats instead of reacting to them? The audience is mostly managed service providers, or all managed service providers, I would believe. 

Muna: We do have a mix today. 

Paul: You do have a mix? So this actually goes for both audiences then. It does say Managed IT Services up there, but just consider it for you and what you do in your role. When you’re reacting to things, that turns into downtime. You’re not being proactive, you’re not doing other things for yourself or for your customers. You’re reacting to something that happened, and that costs time, money, and reputation—everything vital to keeping your business moving forward.

Rather than react to things and take yourself out of being productive, we like to say we’re aggressive in prevention here at Bitdefender. Some of the reasons why we are: when you look at things like ransomware in the news, I’ve cited all the sources for those things. It’s not any one specific vertical. You see here I have technology, healthcare, industrial, and manufacturing. 

Everywhere there’s an opportunity for someone to try and exfiltrate your data, they’re going to try and get that data. When you’re looking at the attack, this whole concept of rolling back from a ransomware attack is the wrong approach. It is the last step in the attack; it’s not where they start. Nobody starts a ransomware attack by encrypting your files and saying, “Hey, just send me some money and I’ll give you the files back.” They’re also relying on shadow copies for that rollback. When you look at the largest and most prevalent ransomware out there, it actually tries to corrupt those shadow copies. It tries to delete them or shrink them, make them unusable. So there’s no way to roll back just those files. You have to go in and do a full system recovery. Now you’re talking about more than just protection; you’re talking about backup too. Hopefully, you do have a good backup solution because you should never be without one. But we really want to focus on how you can stop these things from happening in the first place. 

If there’s a successful ransomware attack, you don’t really know how long someone’s been in the environment. You don’t know what access they’ve had to what data. Realistically, when you look at how the ransomware is evolving, there are some ransomware attacks that don’t even encrypt the files anymore. They just send you a note saying, “I have your data. Pay me to get it back or we’re going to publish it.” So recovering from a ransomware attack by using a rollback option is just not really the right way to do things. It’s going to cost you your reputation, your sense of security, and it’s going to cost you money to roll back from a ransomware attack. When you start looking at the way the rest of the market says you should protect yourself against ransomware, they have some anti-exploit capabilities, some machine learning, and they have quarantine so that you can do that rollback. That really again falls back on your VSS shadow copies and stuff like that. They are able to quarantine the ransomware so it can’t go any further. When we talk about how Bitdefender is doing this, there are so many different layers that you put in front of that rollback capability to try and stop it from happening in the first place. 

90% of these attacks are coming through email. They’re getting credentials; they’re on a machine that doesn’t have the right proper security in place. They’re able to get credentials, move around the environment like they belong there, and nobody’s any wiser that that user doesn’t belong in there because there’s not enough information to say that they don’t belong there. Then they proceed with trying to uninstall whatever protections you have in place. That’s why another really good practice is to make sure you have uninstall passwords on all your security solutions. When you are looking at that email, if you don’t have the ability at that moment in time to realize that that email’s a phishing attempt and that there’s something going on in the background that’s trying to maybe get to sensitive data or maybe call out to a command and control server, you really have to wait for the payload before you can react. This is why Bitdefender takes a very different approach to that. In some of our technology, we do have that fileless attack protection, and I’ll talk about that in the next couple of slides. 

When you have Bitdefender’s core product—this is no additional add-ons, this is right out of the box—when you license the Cloud Security for MSPs or the Cloud Security for Endpoints, you’re getting ransomware protection built in. The ransomware mitigation is our way of backing up those files. We don’t use the shadow copies because, again, they’re targets.

Then we tamperproof them so you can’t stop us from doing these things. If you attempt to, we know that’s not what encryption should be doing. It shouldn’t be trying to stop other processes; it shouldn’t be trying to do anything other than encryption. We have, let’s see, there’s zero trust process monitoring here somewhere—one of these. Behavior monitoring, there it is. When we see those things happening, the behavior monitoring says, “Okay, well, that’s not normal,” and it will shut it down. Then we have that ransomware mitigation piece that will allow you to restore those files. 

In the core product, we’re also including things that you might need two, three, four products to do what we do in our core product. For example, if you’re used to using your antivirus for one thing and then you’re licensing something else for web content filtering or device control, we include that at no extra cost. With the risk analytics, we’re giving you a free vulnerability scanner as well. You can log in and look at misconfigured devices, vulnerable applications, and humans that are putting additional risk on the environment. There are a bunch of reports built in too. That’s all part of the core product. If you’re using this right now, anything that you see on this slide is included in what you already have. If you’re not using it, this is a good time to evaluate what you do have in your security stack, even at the core, to say, “Do I need multiple budgets and a lot more resources to do the same things that Bitdefender does with one budget, one resource, and one management console?”

Your core is very reactive. If you get in an accident, what happens? Your airbag deploys, your seat belt tensions, and your car crumples, so you get protection. This is where we talk about reacting to something happening rather than preventing something from happening. 

Now we’re going to talk about some things that we call critical add-ons. The advanced threat security gives you that fileless attack protection. Living off the land, we have that. I’ll take you there in a second. I just want to highlight these things. Advanced threat security is three pieces that are critical to unknown threats. To be able to say, “Okay, well, it doesn’t have a signature, it has some properties to it that look suspicious, what are we going to do with it?” That is a precursor to leading into the endpoint detection and response (EDR) piece, so that you can now do the triage, get the reports, understand the path that it came in, where it went, and all the things along the way that it touched, and all the alerts that it generated. The XDR, we integrate with Microsoft Office 365 and Azure Active Directory with their APIs so that we can take action at the source rather than waiting for it to hit the endpoint. It’s important to understand that if there’s not an “M” in front of your DR, a lot of vendors like to bulk them together into one thing they call EDR/MDR/XDR, and they all call it the same thing. It’s important to understand, though, if you don’t have the “M” for the managed detection response, that’s something that you’re in the console doing yourself. 

Up to this point, this is you in the console looking at these things, saying, “Okay, do I know what that is? If I do, great, I can whitelist it. If I don’t, I should probably start investigating. Maybe I need to quarantine it, maybe I need to kill processes, maybe I need to isolate that host.” The XDR and the EDR pieces from Bitdefender allow you to do those things. Later, in the managed detection response, Bitdefender’s Security Operation Center analysts will be watching your networks for you, so you don’t have to do that yourself. You get a lot of other functions. You’re not going to sit in front of that security dashboard all day. Another reason why people do get attacked or breached is because there are a lot of alerts in there. There was an alert that said, “Hey, we noticed this type of activity,” and it was probably there a few times, but it was in a bunch of alerts, so it was missed. We call it alert fatigue. You offload that to a service whose only purpose is to look at those alerts and do the investigation for you. 

We do have other add-ons. If you’re looking to protect your business emails, we have email security with an MX redirect. It will filter the spam and all that stuff before it lands in your mailbox. We have security for mobile devices as well, and that has an XDR center too, to get that information into the dashboard. That’s important. Your mobile device is basically another endpoint, and it’s accessing sensitive company data. You’re doing your email on it, you’re reading documents, you’re editing documents. That needs to be protected too, the same way your laptop or your desktop does. There are some other things in there that we can talk about in the future, but again, we’re focusing on the XDR and MDR pieces and the advanced threat security pieces.

Let’s talk about advanced threat security. The first thing is that fileless attack defense called “living off the land.” There’s nothing in memory, there’s nothing on the disk, there’s nothing in the registry, but things are going on in the background. That email comes in, you click on it, it starts doing other things. Without fileless attack defense, you have to wait for that to actually hit the machine. Okay, it’s going after credentials. All right, well, I see it’s going after credentials—shut it down. It called out to a command and control server. Okay, I see that it’s calling out to a command and control server—shut it down. With the fileless attack defense, we can catch that as soon as you click on the email. We start seeing that tactic, behavior, and techniques running in the background, so we can shut it down a lot earlier in the attack kill chain. 

With the hybrid attack, we’re giving you tunable machine learning. We don’t know all of your environments. We do understand what’s good and bad, but you might be doing scripting, you might be doing network discovery, you might be doing things that to us look like a threat, but they’re normal production for you. We don’t want to take those things out of production for false positives. This allows you to whitelist and blocklist based on what we see as a threat. We present it to you under normal mode. We have really, really low false positives. When you notch things up to aggressive, this might be a piece of something bigger, but it is still just a piece. We want to show it to you because whatever we saw has an implication of being a bigger threat someday. You look at it, “Oh yeah, we were doing a network scan. Oh yeah, we were doing a pen test. Let me just whitelist this source that says if it’s from this URL, this application, or this endpoint, Bitdefender, that’s trusted.” Or, “No, I don’t know what that is—investigate, blocklist,” etc. That’s how we learn what normal behavior in your environment is. We also have the sandbox analyzer, which will give you a complete forensic report on what something is and what it was capable of. Here you’ll see this is a ransomware note. So we sent this, it was suspicious, we automatically sent it to our cloud and brought you back the forensic report, including the ransomware note: “Log into this website, use this key to pay us to get your data back, your files back.” This is important because it helps understand who launched this attack on you. One of the things that we do—there’s very little known—we just released our 33rd decryptor that we give away for free on our website. So if you have a machine that did not have Bitdefender on it, and it had ransomware, and it started going through the environment, when we get to the machine that has Bitdefender on it, we’re going to have this type of information at your fingertips so you could find that, okay, it was this particular encryption.

Oh, look at that—Bitdefender has a decryptor for that. I can get that from the website, bring it over to that machine, get those files back, and make sure you put Bitdefender on that endpoint. We’re also going to show you everything that was changed, modified, or called out to—DNS requests, if any processes were spun up, if any registry keys were changed—all that and a lot more. There’s TTPs in here, indicators of compromise in there, and we can get into that in another session if you’d like. But right now, we’re going to continue on with what we’re doing here.

So, the endpoint detection response, the advanced threat security, creates all these activities and they have to go somewhere, so they put them into the EDR dashboard. When inside the EDR dashboard, you’re doing things like looking at that attack from its ingress to its egress—getting into the environment and then leaving the environment—and any alerts that it created along the way. You’re also going to see here, it tells me, “Okay, it was on that machine. That machine is a server.” So, you know what type of access they were trying to get and what they were looking for. This is where you start to put that early breach detection in play. That’s one of the things that the EDR brings you. I saw it hit one machine, that machine holds sensitive information—maybe it holds some finance information, some healthcare information, whatever. We can see that they’re starting to transfer documents. Okay, so this could be a breach that’s on its way, so we can identify those things.

We don’t make you sift through our information to look for why we said this was bad. You’ll see on the bottom there, there are yellow circles around a red circle—that’s the indicator, that’s the trigger. When you open our incident, we bring you right to it so you can start your investigation immediately. In this dashboard, you have the ability to isolate that host. It won’t go out to the internet or to the internal network either; it can only communicate with GravityZone. We can remote into that machine using command line too, to kill processes that shouldn’t be running. This gives a long list of commands that we’ll give you there. Here, I can kill processes, I can quarantine, I can go to VirusTotal to look up if anybody else other than Bitdefender is saying that this is a threat, so I can better understand the investigation and what’s going on. Again, this is something that you do when it’s EDR. Our team does it when it’s MDR. So, that takes your core product, which is very reactive, and turns it into something that’s trying to protect you from getting in an accident instead of getting in the accident and then protecting you at that time. XDR—here we talk about getting into Office 365 and Azure Active Directory again. So, we do have two others: productivity and identity providers are the ones we’re going to talk about right now, but there’s a cloud one that integrates with your AWS, for example, and will tell you if those are approved actions by those users and whether or not you need to look at them. Then we have a network sensor and we have the mobile sensor. The network sensor sits on the SPAN port and it watches all the traffic going east-west, left-right, north-south to make sure that there’s nothing anomalous in there that’s malicious. With the XDR and the integration with Azure Active Directory and Office 365, if I see an email that looks like it’s a phishing attack and it’s going around the office, and I want to make sure that nobody’s going to click on this and give away all their information, I can delete that email right from here with the XDR sensor. If I see that a user had that impossible logon from two different locations near simultaneously, I can actually disable the user from here or I can force the user credential reset right from here. I don’t have to leave Bitdefender to do those things because we have that integration with Office 365 and Azure Active Directory. Again, I can isolate the host. We give you a lot of actionable intelligence in our incident dashboard for both the EDR and the XDR. From here, I could collect an investigation package. So, if something happened and we needed to engage our support and we needed to run a log on that machine, we can actually start that right from here. So, there’s a lot of things that we can do right from this location. What that’s doing—you are now the pit crew for your organization or for your customer. Nobody has to know anything that’s going on because you’ve taken care of it already, so they can just keep on doing what they’re doing. Now, remember that X and E are you doing that work. 

Let’s talk about offloading that to someone else. The Bitdefender MDR—this is a team of military-trained security operation specialists. Their job is to look for threats and stop them before they happen. There are hunts when we’re looking for something. We don’t sit around and wait for things to happen; we’re actively in your environment making sure that it is clean. There are investigations—we get a lot of data, we whittle that down to something that is an actual incident, and now that it’s an incident, we need to investigate it. When we investigate, we give you a bunch of different things that we do. Some of it turns into a response where we did something and you get those response actions right there. You can click on them and see what we did.

Triage alerts—okay, we got an alert. When we looked at it, it turns out to be no threat because it’s expected activity. Again, let’s use the network scanning as the example. That’s expected activity—you are looking for other machines on the network, so we see that as an opportunity for someone to be scanning your network that might not be you, so we’ll triage it. There’s also recommendations. If we didn’t do something, we might recommend that you did. There are pre-approved actions that you need to set that we will do on your behalf without contacting you. Here, you will create emergency contacts so we know who to reach out to when there’s an emergency, when an incident happens. There’s a 30-minute window—that’s the SLA. We act immediately, though. We’re not waiting to start looking at stuff until we get in touch with you. We act immediately, then we work on getting in touch with you to tell you what’s going on. Then we give you after-action reports, threat intelligence, TTP reports, and all these things that really help you understand what that current incident was and where the threat was. We also give you information about your vertical that you might be in—maybe education, finance, or whatever. Anything that we see out there, we create TTP reports or vulnerability reports and things like that.

We will warn you and let you know that we’ve already looked in your environment, that there’s a threat out there, and we did not have to worry about it because it was taken care of. What that turns into is the OnStar. These are humans watching over you to make sure that nothing has gone bad. “Mr. Lup, we saw you were in an accident. Do you need us to call the ambulance?” That is what MDR brings to the table—to take that security piece off of your back. Now, that sounds like a lot, so we actually introduced bundles too. The bundles allow you to take a lot of those SKUs—core plus ATS plus EDR plus MDR and some XDR—and knock it down to one license SKU. So, when you need EDR, you no longer have to go core ATS and EDR. We have a bundle called Secure, which allows you to get all three of those with one license, with one SKU. When you want to layer in the managed detection response, that takes it from four SKUs down to one called Secure Plus. The Secure Extra bundle includes two of the XDR sensors—the identity and the productivity XDR sensors. Now, just because you have a bundle doesn’t mean you can’t layer in additional add-ons. So if you want to get the other XDR sensors, security for mobile, or patching (though you’ll be using Atera for patching), or full disk encryption, those are still available options. This reduces the amount of licensing that you need to manage. Hopefully, that makes a lot of sense. 

We could do one of two things now. I can go live into the dashboard and walk you through how some of this stuff works, or I can take questions and answers. You guys let me know what you want to do. 

Muna: While we wait for a couple of questions here, everybody’s welcome to ask. I think it would make sense, Paul, if you don’t mind doing a 10-minute walkthrough. We would absolutely appreciate it. While you get the screen up, I do want to remind the audience again to feel free to add your questions. Bitdefender has been a partner with Atera for at least, I believe, two years now, and we have quite a tight integration. If you are an Atera user today, within our App Center Marketplace, you can go in there and start a free trial of the solution that Paul’s going to show us right now. We have a 45-day free trial that will allow you to benefit. There’s a question about how to add those bundles from the Atera App Center. We’ll talk about this briefly in a minute. Michael will share with you from within the Atera App Center how you can go in and basically just activate Bitdefender. Paul will show us on the Bitdefender side how you then enable the different bundles. Can you compare the Bitdefender products to different threat detection products? I don’t know if we want to take that, Paul, right here at a high level. 

Paul: Perfect. So one of the things that Bitdefender does compared to its competitors is it builds all its own technology. We’re not relying on third-party information or third-party feeds to say, “How do I interpret this?” If we see it as a threat, we already know it’s a threat. When it lands in our incident dashboard, we’ve already decided. We’ve either blocked it, and you can see here, we’ve either blocked it or partially blocked or reported. When we start working on an incident, all I need to do is say, “Okay, well, what was it?” It allows me to quickly identify all the attack techniques that were used. If I need to, I can go into the graph and here I can isolate that system to make sure that it’s not going to spread anything while I’m working on it. Then all the response actions that I have here—if I need to isolate a machine, I can do all that right from here. Again, all this technology is Bitdefender under the hood, so we don’t have to look at something else and say, “Is that a threat?” We’ve already decided it was a threat. In addition to that, again, I’m going based on EDR. That’s reacting to something. Bitdefender has a lot of layers in front of the reaction piece. We want to make sure that we’re doing the prevention in the beginning. If I go back to just one quick slide here—all these things are something that you need before EDR. EDR is an “uh-oh” button, meaning something happens that you’re reacting to. We don’t want you to have to go “uh-oh” and react to anything. So while we do the prevention piece, when we get into the EDR piece, we’re showing you what we prevented and giving you that ability here to say, “Well, what was that exactly? Did I know what that was? Okay, let me add that as an exception because that is expected behavior.” I hope that answered your question. Let’s see. Real quick, I do see your questions. I just wanted to go through how they’re enabled. You will get the licensed technology from Atera. Once it’s licensed for you, you will then license it for your customer. When you’re looking at your customers’ licensing in Bitdefender GravityZone, you’re going to see that as an a la carte option—that’s probably what you’re using right now. 

Muna: You don’t see your screen if you’re showing anything, Paul. 

Paul: What happened? You stopped sharing. I did not stop sharing. 

Muna: I think you want to hit that share screen again. 

Paul: Oh, that was weird. Yep, now we see your screen. 

Muna: Okay, thank you. When did you stop seeing it? 

Paul: Just when you stopped the slides, we were okay. 

Muna: Oh, okay, perfect. So here, I’m going to walk you through that again. In Bitdefender, you’ll see your companies in here. You’ll get your licensing or the additional bundles, whatever, from Atera. When you come into your customer, you’ll see the edit licensing options here. Here’s what you’re probably using right now—it’s a la carte. Then you see all these different pieces here that you can turn on. You’re also going to see whatever bundle you licensed from them. So if they turn them all on, you’ll get the Secure, which includes the EDR. You’ll get the Secure Plus, which includes the MDR, so you won’t see it down the bottom anymore. Or you’ll get the Secure Extra option, which includes those two XDR sensors and MDR. So it’s as easy as that. 

Paul: Another thing to consider is EDR needs to be in place before MDR. When you license your EDR, you will have the EDR options deployed to the endpoints. Once they’re deployed to the endpoint and you come into that company and you turn on the MDR, that will automatically send that to the SOC. You don’t have to install anything else; it’s already sitting there. There’s an API in the background that once you click save here, it makes that connection to the MDR service. When you’re in the MDR service, you’ll see all of your companies in here that you’re managing for the MDR. I mentioned earlier, we need to do a couple of things before this actually takes place. We need to make those emergency contacts. Who am I going to contact when we need to reach out to someone? If you’re going on-site or whatever, you can say, “Alright, someone else will be the first contact.” We will make as many attempts as needed to get in touch with that person. The second thing that we’re doing is we’re asking you to create some pre-approved actions. If you want us to delete a file, if you want us to isolate a host—if we see those types of threats—you pre-approve it for us and we’ll be able to do that. You can also leave a note here, “Do not isolate servers. Contact me first because we might be doing production and it might look a little suspicious to you, Bitdefender, but it is normal for us.”

Once you do all that, we start getting into the activity. Now, what is Bitdefender doing? You’ll see all the information that our analysts are doing—all triage alerts, all investigations—they’re all listed in here as well. So we come in here, we see those security risks. The MDR analyst saw this. When we do something, it’s here in the response actions. I want to make sure that the customer knows that we blocked a file and why. When we think there’s something you need to do, you’ll see here a recommendation. This recommendation happens to be that network scan activity. Why? Because it could be normal in your environment, but we noticed it, so we’re letting you know we saw it. We want you to be able to take action on that because it wasn’t one of the pre-approved actions.

Muna: What services are included in the standard license by Atera? So I think that’s the core product, right? Paul: Yes, I can take that. If you’d like, Muna, I can answer that.

So, if you are an Atera user and you go to the App Center, you do need admin rights in order to activate the trial. Within the trial, you get access to GravityZone Cloud MSP Security, which is the core product. In that, you have access to anti-malware, advanced threat control, advanced anti-exploit, risk management, firewall, device control, web filtering, and ransomware mitigation. That’s part of the basic solution. There was a question about whether you needed to have an account within Bitdefender. The answer is no. Once you activate your account as an admin, you will receive an email from Bitdefender that then requires you to set up an account. If you have it through Atera, you can then sync your users through there. We have a list of additional add-ons, as Paul just described—the EDR, the MDR, and others—which you can then license from Atera on top of the core platform.

Paul: Just one thing—this screen that I have up, with one exception (container protection, which is not selected), everything above “power user” including “power user” is included at no extra cost. That’s what we call core. All those things that Muna had just talked about—the process monitor, the device control, all that stuff—is part of that particular set of features. When we go under “power user,” those are the add-ons. They’re not checked off right now in the installation package because they’re not deployed, but I’ve enabled them for the customer to be able to use them once I decide to deploy those. I hope that answers the question too. 

Muna: Someone says they can’t see your screen, although I can see your screen. Is it just you, Davis, or do others have trouble seeing the screen? 

Paul: I can see your screen perfectly. 

Muna: Screen is okay, so I think, Davis, on your end, there might be a technical issue. You may want to refresh. Sorry for that, Paul. 

Paul: Okay, might have been from earlier. 

Muna: Yeah, could have been from earlier and I missed it. I do want to say though, I think there is a limitation in the trial for only up to 20 endpoints that you can deploy and test. Within Atera, you can mass deploy either to your specific sites if you’re a corporate IT or to specific clients at one go, install everything through the Atera agent. That is a great value. We are working now on seeing all of the alerts within the Atera dashboard as well. That is something that’s in the works as part of the integration. 

Paul: Thank you, Davis, for clarifying that the issue is on your end. I hope you can see it now. All right, so I do have some FAQs that I’ve gone through many, many years of doing this. I get a lot of questions about what the MDR service does versus what you are responsible for, and that comes down to what you’ve pre-approved the team to do. There are some things that you’re going to have to do. Not necessarily—if we see a real threat, we’re going to stop it. We’re not going to say, “Hey, this was an alert that you should go take care of.” That’s why we’re asking you to set up these pre-approved actions so that we can just take that action for you. The recommendations are where you see those things that we think, “Okay, well, it might be normal activity, but it is suspicious, so we would recommend that you take a look at it.” Depending on what you’ve set up for the pre-approved actions, this is what we’ll do. Another question that comes up all the time: do some of our competitors tell you that you have to deploy it everywhere across all your customers, across all your sites? We will let you choose which sites. We will let you—I say sites because of Atera’s internal organization. What I mean by a site, what I mean by a company, is when you have these lists here, you can pick and choose which ones you want to put whatever on. We’re not going to tell you you have to put it on everything. 

Now, alternatively, inside a customer that you put the MDR service on, every endpoint in that customer should have Bitdefender on that endpoint. It allows us to get all the telemetry from all the endpoints. Like I said earlier in the presentation, most of the attacks that we’re seeing are being launched from a machine that doesn’t have Bitdefender on it. Maybe it’s an old legacy machine you forgot about, maybe it’s a guest machine that came into the network, and then they were able to get access through someone’s credentials and look like they belong there. Without Bitdefender on every endpoint, we can only start our investigation from the machine that first detected it with Bitdefender on it. So, when we start going backwards, we’ll realize that it was probably launched from a machine with a different IP address, etc. You realize, “Oh yeah, that machine didn’t have Bitdefender on it.” So, we do suggest that it is on all endpoints inside the customer or site. We have signed up and have a few days question here. 

Muna: Okay, yeah, maybe I can help with that one, Paul. Todd asks about access to this within the Atera trial. So, out of the box, within the Atera trial, we do not provide access to Bitdefender in the App Center. However, Todd, I do recommend if you do want to trial both solutions together, please either click on that “Get Demo” button at the top and I’ll have someone on our team reach out to you, or feel free to contact our support or sales team and they could help set up a trial for you on top of the Atera trial. But obviously, once you convert into a paid account, then the App Center applications, all the different security solutions, will appear and you have the option to trial and then purchase. I don’t like to mention this on the demos and on the webinars, but I will say that it is the holiday season and we are feeling generous. There are some really great promotions in conjunction with Bitdefender. I believe we have close to a 50% discount on a lot of the solutions. So, I encourage you, if you are an Atera user, reach out to your customer success or to sales. It is the holiday season, a great opportunity to leverage some of these great savings. I apologize, I had to put it out there. 

Paul: I saw a question in here from Kevin. He was looking to talk to someone at Bitdefender to get help with configuration. I assume, Muna, you have all their contact information for everybody that’s here so we can follow up after the event? 

Muna: Yes, yes, we do. Todd, we will reach out and help you with whatever information you require. Kevin, same thing. We’ll follow up after to get something set up with someone. Okay, other questions? We have about 15 or so minutes left. Like I said, I do have FAQs. Some of them are not relevant for what we’re talking about today. If you are not using Bitdefender, it’s time to evaluate your security stack and see if all the things that you need are in it. If not, it might be time to have a look at what Bitdefender offers to offset what you have. 

Paul: Wonderful. So, I think, Muna, if you don’t have anything further to show in terms of the demo, then I think we are good for this session. 

Muna: Thank you. I see some thank yous. Thank you all. It’s been my pleasure. I love talking about this stuff. I love answering questions. I love giving knowledge. And the partnership with Muna and the team at Atera—so you all have access to her and her team. When you need questions answered for us, just go that route and we’ll be happy to answer them for you. Is there a way to notify when the installation is complete? 

Paul: How are you installing it? I’m assuming through Atera, right? Does Atera show notifications? 

Muna: Yes, we do show notifications once the installation happens. If it’s successful, we do show a notification. In terms of setting up time with a Bitdefender specialist, Paul, I will forward you the contact information. Again, if you hit that “Get Demo” button, regardless, I’ll take the information here and we’ll be sure to follow up with some assistance on setup and best practices guide and a lot of information that we have in order to put you on track correctly to using Bitdefender at its best.

Paul: Okay, and Tyler, it looks like we need to get you some support help as well. It sounds like you’re having trouble doing the deployments. We’ll follow up with the right contacts and right process there. 

Muna: Perfect. A lot of interaction today. Wonderful. So, Paul, thank you so much for always sharing with us this great knowledge and keeping us safe and keeping our environment secure. Until the next webinar with Bitdefender, I want to thank our audience. Thank you for the engagement. Thank you for the questions. We will follow up with some of the open questions and the interactions. Again, everyone, thank you so much. Happy holidays, and we’ll see you all on our next security series. 

Paul: Thank you, everybody.