GravityZone Business Security Enterprise
GravityZone Business Security Enterprise combines an effective endpoint protection platform with Endpoint Detection and Response (EDR) capabilities to help you defend endpoint infrastructure.
The GravityZone Business Security Enterprise product trial grants you access to the following features:
Endpoint Detection and Response (EDR) - gives you a comprehensive event correlation component that is able to identify advanced threats or in-progress attacks, by bringing together device intelligence across your enterprise network.
HyperDetect - contains machine learning models and stealth attack detection technology against threats such as: zero-day attacks, advanced persistent threats (APT), obfuscated malware, fileless attacks (misuse of PowerShell, Windows Management Instrumentation etc.), credential stealing, targeted attacks, custom malware, script-based attacks, exploits, hacking tools, suspicious network traffic, potentially unwanted applications (PUA), ransomware.
Fileless Attack Protection - is designed to detect and block fileless malware at pre-execution, that works by scanning the content at a deeper level by employing the AMSI integration.
Incidents - offers you a centralized view of security events and provides context and detailed information to help you investigate and respond to potential incidents quickly.
Endpoint tags - helps you easily identify and take actions on managed endpoints, such as assigning policies based on specific rules or filtering items in the Network page.
Live Search - enables you to retrieve information about events and system statistics directly from online endpoints using OSquery, an operating system instrumentation framework that uses the SQLite query language.
Cross-endpoint correlation - detects advanced attacks across multiple endpoints in hybrid infrastructures (workstations, servers or containers, running various OS) and brings together device intelligence across your enterprise network.
Note
Separate licenses are required for adding sensors related to network, identity providers, cloud workloads and productivity apps.
Autonomous response recommendations - combines automated response actions with guided recommendations for fast incident response across endpoints.
Custom Rules for EDR - provides you the framework to create and manage custom rules to include or exclude specific behaviors from triggering incidents.
Start the trial
To start the trial, follow the steps below:
Log in to GravityZone with your administrator account.
Click the button on the upper right side of the console to access the Products hub page.
Select Learn more under the GravityZone Business Security Enterprise section.
Select Start free trial.
Your company's licensing status will be updated to match your new product. You will be redirected the home page where you will see the new sections in GravityZone available to you.
Note
To revert to your previous license key, you can use the Stop Trial button. Learn more.
Configure and install the new features
Important
We recommend trying out the new features on a limited set of endpoints. This is most easily done by creating a new policy and applying it to the endpoints selected for testing.
To start using these new features, follow the steps below:
Log in to GravityZone Control Center.
Go to the Policies page from the left side menu.
You can either:
Under Antimalware > Hyperdetect, enable and configure the module.
Under Sandbox Analyzer, configure the module.
Under Antimalware > On-Execute, enable and configure the Fileless Attack Protection module.
Under Incident Sensor, enable the module.
Save your policy.
If you created a new policy, apply it to the endpoints you want to test it on.
If you edited an existing policy, the changes will take place on all endpoints it was applied to.
This will allow you to enable the newly available features on all selected endpoints.
Log in to GravityZone Control Center.
Go to the Network page from the left side menu and select the endpoints you wish to deploy the module on.
Click the Tasks button and select Reconfigure client.
Under Modules select Add and enable EDR Sensor.
Note
For more information on using the Reconfigure client task refer to Reconfigure agent.
Click Save.
The task will now deploy the EDR sensor on all selected endpoints.
Test out the new features
Submitting a file to Sandbox Analyzer
You can manually submit a specific file or URL to be scanned by the Sandbox analyzer engines by following these steps.
Note
You can download several samples to test out using this link.
You can check the results of the scan on the bottom of the Sandbox Analyzer page. Learn more
Viewing and interpreting detections
You can view the detected threats and more information about them in one of these two sections:
Threats Xplorer - this feature is specially designed to offer you highly increased visibility over the detected threats in your network. The feature centralizes detection events from multiple GravityZone technologies and classifies them by category, threat type, remediation actions, and many others. Learn more
Incidents - this page helps you filter, investigate and take actions on all security events detected by Incidents Sensor over a specific time interval. Learn more
Using endpoint tags
Tags are pieces of information that help you easily identify and take actions on managed endpoints, such as assigning policies based on specific rules or filtering items in the Network page. Endpoint tags do not apply to unmanaged endpoints and to Security Server instances. The assigned tags are displayed on the General tab of the endpoint details window. Learn more
Using Advanced Search
The Search page allows you to browse for past security events by using complex search criteria. Learn more
Stop the trial
To stop the trial, follow the steps below:
Log in to GravityZone with your administrator account.
Click the button on the upper right side of the console to access the Products hub page.
Select Learn more under the GravityZone Business Security Enterprise section.
Select Stop trial.
Your company's licensing will revert to the previous state and all additional features will be disabled.