What is our primary use case?
We are using the recent, most current version.
I use it for security purposes of the endpoints and primarily use it for its telemetry and the information it provides, which I utilize for the stock solution I offer. That information is very valuable to the software for detection and response layered security.
How has it helped my organization?
The telemetry is key but, when it comes to this, one must know what he is looking for. Telemetry is just information that comes from the solution, which means that there is much of it that comes up. It is not sufficient to simply do installation and rely on the telemetry. One must know what he is looking for.
This is what most people are interested in. They simply want something to stop an attack, to prevent them from being hacked. But, as someone in the security world, I know this is not accurate. Any security solution can be circumvented. I don't teach and protect, but detect and respond. This is what I focus on. I can use the telemetry and see what is going on, the steps being taken by a bad actor. This information is valuable to a security person such as myself, since it allows me to see what is transpiring and to craft an appropriate response. It would not be sufficient for me to be informed, say... that it stopped a virus or ransomware. I am not looking for what was stopped but for what wasn't, so that I can make an informed decision.
What is most valuable?
I really like the EDR solution, which is a risk management tool that was built into the Bitdefender GravityZone Enterprise Security. It helps one get a snapshot of what's going on with the devices in the network and even of the behavior of one's employees.
I noticed that many IT companies do not work with the assessment side of the tool. They will do scans on their devices, but the solution looks at things on a different level. It is a bit more in-depth and won't just examine, say... which ports are open or being used.
What needs improvement?
The risk management tool does not have reporting, which I feel to be a huge mistake. While I can go into it and run the scan for the all the information, I must enter each thing individually to see what I need.
I can't print or email a report to somebody in a different environment or to any of my clients for the purpose of advising how they must proceed. All I can do is go into and look at it. It would be nice to able to take the report and determine what must be focused on most critically, as opposed to merely being given a tremendous amount of information. This should be addressed.
The solution should also do a better job of informing a person of what happened. The son of one of my clients, who has the solution installed in his house, was blocked from playing a certain game. While the solution only informed the person that it was blocked, it did not state what it had blocked.
With another client who was in the middle of playing a game in his office, the solution blocked this but provided no telemetry whatsoever. I had to search in an attempt to see what was being blocked. Turning the solution off, however, enabled the game to work perfectly. It was blocking it for some reason, but I had no clue why it was doing so.
The solution should be providing reports of everything, not just specific incidents. The solution has many features, but does not inform one of what was actually done, leaving a person in the dark when it comes to things that are not apparent. For specific threats, one need simply login to know what is transpiring.
When there was a need to involve support, I would be instructed to download a certain software for gathering information. But, this is not how things should be. Support should be providing the information it possesses of what transpired.
For how long have I used the solution?
I've been using Bitdefender GravityZone Enterprise Security for the past six months.
What do I think about the stability of the solution?
I don't have any problems with the stability of the solution and really like it. It provides me with all the telemetry I seek.
What do I think about the scalability of the solution?
The solution is very scalable.
How are customer service and technical support?
I don't have any problems with the tech support. I am actually working with someone from their department right now and if I send him an email, I get a response. The only time I won't get a response is if he's not in. I think he's great!
As a matter of fact, he's the one that helped me get through all that. When I was at a loss, he showed me exactly what I must do, on which basis I was able to create my own step-by-step documentation.
Which solution did I use previously and why did I switch?
The initial setup was really easy, which is one of the reasons that I switched from Panda, whose whole system I found a pain to work with.
The solution was sold from Panda to WatchGuard, which owns it. I don't like the partner interaction side of Panda. Their support is fine. While I didn't have a problem with the support personnele when I came across the right individual, I found it hard to extract information from them.
They are not from here in America, something which I don't consider to be an issue. It's just that I don't feel I have adequate access to them. The partner custodian person is not really there. I don't hear back from people with whom I've interacted and, when sending an email, I am informed that the relevant person has already moved on but am given no information with whom I must be in contact. I am left to search for this information amongst my old emails on my own but, when I finally get ahold of somebody, I find him to not be readily available.
I feel the portal to be a teeth-grinding pain to work with.
How was the initial setup?
The initial setup was really easy. The solution is really simple. There is a single log in. The person only need enter it and everything is right there. While I really like it and it makes it easy to create deployment, learning how to do so was difficult. I shouldn't say difficult, but not as straightforward as it could have been. This is not to say that Panda was straightoforward. But, I think that they could have a little better understanding of how to deploy, with a single button on the side that says "deployment."
Even if one is not ready to deploy, the solution should inform him of the steps that must be undertaken towards this end, as there is an initial need to go in and create a package. A person must actually first create a customer or client. A company is what this is called and this must be created first, at which point it must be done with a package, to be followed by an actual policy. But, this is only stated deep within the documentation. It is not simple and took me probably several weeks to go in and figure all this out. This is why I created my own step-by-step documentation.
As such, things may be a bit complex for someone who has never undertaken this. It's not easy, not set in stone, although there is a pop-up that appears with the initial sign up. There should be a pop up which talks about these individual things, but the information of how to proceed is not provided on a step-by-step basis, which I find to be problematic. Packages, policies and a company are discussed, but the person should be informed that he must start by creating a company, from a which a policy, based on this, must then be created, followed by a package and instructed that this is the stage at which one can deploy. It only discusses these things, but not in a step-by-step manner. The information is only referenced vaguely.
There should be a button for deployment which contains a step-by-step approach. This would familiarize people with it and provide them with a better understanding, as it is not simple.
What about the implementation team?
I did not make use of a consultant or integrator, but implemented on my own.
We are not talking about high maintenance, as it concerns a typical EDR solution. As someone who deals with security, I am more in depth. An IT company or MSP will not look at things as I do. They are looking solely to stop attacks.
As it does all of this, there is not much upkeep which must be done. It takes care of its own updates, so there is no need to repeatedly go in and do different things. An alert will be sent out if something occurs. An email will be sent out and the person so that the person can go in and do what needs to be done. If someone seeks simplicity, the solution is good at providing alerts. I don't see this feature as a catch-all, however.
What's my experience with pricing, setup cost, and licensing?
The licensing costs can vary. There are different layers of security that can be used with the solution and things can range from 0.70 cents per device to $3.00 to $4.00 each. Once a person starts getting into this price range, encryption and email security will become part of the equation. This is already at a different level of protection. Personally, I don't make use of the email or encryption features, since there are other ways of going about this. But, I do make use of all the security features, going all the way up to EDR, which roughly comes out to $2.00 to $2.50 per device.
As a partner, when I purchase any NFR or license for my own office, I have to go to a totally different portal to obtain it, for which I must pay upfront for an entire year.
My clients must pay on a monthly basis, but they're a totally different portal, involving three different layers which must be accessed to get the client-based information. I dread going into their portal with Panda.
What other advice do I have?
My advice to others looking into implementing the solution is that they do all the appropriate research and make a proper plan in advance of deployment. There are many things in the solution, which appear on the left-hand side and must be accessed by scrolling down, including going into the setup and deploying policies. It takes time to get everything together and it is not simply a matter of plugging in the solution. Once this is taken care of, a person can create templates, which are critical and can be copied and pasted. I created a baseline template for any client of mine, of which I can copy and create it for the policies of the next one and modify it to the needs of the individual client.
In brief, my advice is that one do his homework to make certain he is ready. It takes time to get everything together.
I rate Bitdefender GravityZone Enterprise Security as an eight out of ten, since I feel they have some updates to do. They should really get more out of their risk analysis and risk management tool. It has a lot of information and is a great tool, but they should do a better job of showcasing and spotlighting it so that more people will use it. I feel it to be critical when it comes to security, of which there are five layers: assess, protect, detect, respond, and recover. While the solution does have a good assessment tool, it is poorly advertised. It's right there, as a button. What comes across in discussions with them is that this a great tool, which it is, but the lack of reports needs to be addressed.
Which deployment model are you using for this solution?