Network Protection
The Network Protection section allows you to set your preferences for content filtering, safeguard user activity across web browsing, email, and software applications, as well as identify network attack techniques aimed at gaining access to specific endpoints. It is possible to manage web access and application usage by implementing restrictions or allowances, as well as configuring traffic scanning, antiphishing measures, and data protection protocols.
Note
Availability and functioning of this feature may differ depending on the license included in your current plan.
Component
Network Protection is dependent on the following components:
GravityZoneControl Center
Security agent (Bitdefender Endpoint Security Tools installed on Windows, Linux, & Mac endpoints)
Install and configure Network Protection
To start using this feature, follow the steps below:
Log in to GravityZone Control Center.
Go to the Installation Packages page from the left side menu.
Click the Create button in the upper-right side of the screen.
Type in the Name and Description for the new installation package.
Select the modules you want to deploy.
Note
Make sure you include the Network Protection option.
Click Save.
Select the newly created package from the list of packages and click Send download links.
Enter the email addresses of the recipients and click Send.
Policies are used to enable and configure features both on endpoints and in terms of general functionality.
GravityZone comes with a default set of policy settings, that are custom tailored to meet the most common customer needs.
You can use these default policy settings and leave the configuration of the policy for a later date, but you need to follow the steps below to enable the feature from the policy page:
Log in to GravityZone Control Center.
Go to the Policies page from the left side menu.
You can either:
Under Network Protection > General, enable and configure the module features.
Under Content Control, enable and configure the module features.
Under Web Protection, enable and configure the module features.
Under Network Attacks, enable and configure the module features.
Save your policy.
If you created a new policy, apply it on the endpoints where the feature is deployed.
Go to the Network page from the left side menu.
Select the endpoints you want to apply the policy to.
Click the
Assign Policy button at the upper side of the table.Select the policy you want to apply.
Click Finish.
Note
For more information, refer to Assigning device policies
If you have edited an existing policy, make sure it is applied to all endpoints where the feature is deployed.
This will ensure that the feature is enabled and configured to best suit your company's needs.
Test out the Network Protection features
Test out the Content Control feature
Content control has three main components:
Web Access Control - This feature allows you to block access to specific types of websites on your devices either between certain hours or permanently.
Application Blacklisting - You can use this feature to completely block or restrict users' access to applications on all endpoints where the policy is assigned. You can block games, media and messaging software, as well as other categories of software and malware.
Data Protection - Data Protection allows you to set up filters for web pages and outgoing emails that search for specific sensitive information: names, card numbers, addresses, and more.
Log in to GravityZone Control Center.
In the Configuration Profiles page from the left side menu, go to Web Access Control Scheduler.
Click Add Schedule.
Add a suggestive Schedule Name.
If any other users should be able to edit the schedule set the toggle to the Allow other users to change this schedule position.
In the Category Scheduler field add a new category scheduler and set it up.
Add a name for your scheduler in the Scheduler name field.
In the Categories section choose the categories.
In the Action section choose the action you want taken.
Select the timeframe for the selected action from the Starting with and Between.
Note
Make sure the start time occurs before the end time.
Add the new schedulers to the schedule by using the Add new scheduler button.
Note
The scheduling sequence is essential since the first match rule will determine whether or not a web page is permitted. The rules will be executed sequentially. Access to web pages will be determined by the action specified in the first match.
Save the schedule.
Test out the Web Protection feature
For this scenario we will configure the Network Protection feature to exclude specific traffic from malware scanning.
We recommend duplicating your main policy, making these modifications, and applying it to a single endpoint for the purpose of testing the feature:
Go to the Policies page from the left side menu.
Select the policy you want to use to test, duplicate it, and start editing it.
Go to the Network Protection > Web Protection page.
Enable the Web Traffic Scan option.
Apply the policy to one of your endpoints where you want to test the feature
Note
If you created a new policy, apply it on the endpoints where the feature is deployed.
Go to the Network page from the left side menu.
Select the endpoints you want to apply the policy to.
Click the
Assign Policy button at the upper side of the table.Select the policy you want to apply.
Click Finish.
Open the browser on one of the selected endpoints and type in the following:
https://secure.eicar.org/eicar.com.txt.
The selected URL's will be scanned and a error message will appear on the screen.
View Network Attack Defense activity
You can use this feature to protect your network against specific network attack techniques, such as Initial Access, Block Credential Access, Block Discovery, Block Lateral Movement, or Block Crimeware.
You can configure the feature to take one of two actions once such an attack is detected:
Block - Network Attack Defense stops the attack attempt once detected.
Report Only - Network Attack Defense informs you about the detected attack attempt, but it will not try to stop it.