|What It Does||How It Works||Platform Support||Use Cases||FAQs|
New security stack removes kernel dependence, allowing the upgrade of Linux kernels without fear of business interruption from security incompatibility, protecting server workloads and containerized applications/services during updates.
Join Our Beta Evaluation Program!
Secure your Linux and container workloads/deployments including Docker, Kubernetes:
Robust Linux server and container protection at no charge during the beta evaluation
What It Does
Reduce adversary dwell time and minimize damage.
Uncover and stop attacks on Linux server and container workloads by quickly identifying suspicious and malicious activity mapped to the MITRE ATT&CK Framework kill chain for Linux servers.
High-fidelity incident reporting of suspicious activity within diverse Linux and container workloads is delivered with context-rich alerts that empower SOC analysts to confidently begin investigations.
How It Works
FAQs – Server Security for Linux and Containers
1. What is our Server Security for Linux and Containers beta program all about?
Bitdefender Server Security for Linux and Containers combines low-impact server workload
EDR capabilities with advanced Linux exploit detection, live attack forensics, and detailed threat hunting for in-progress and historical security alerts and events.
2. What are the primary business problems and key use cases we solve with this product?
These business problems and use cases will be tested and refined during the beta program:
|Business Problem Use Case||Use Case|
|SOC analysts are largely blind to suspicious activity
in Linux server, cloud, VM and container workloads
|Advanced exploit detection: Detect attacks early
with industry leading efficacy;
Incident investigation: server workload EDR with
live query threat hunting
|Existing container security is external to traditional
tools—separate, siloed, and lacking efficacy
|MITRE ATT&CK kill-chain mapping: Understand
your risk exposure from a breach, step-by-step
|DevSecOps struggles to deploy and support server
security solutions across diverse Linux distributions
due to solution dependency on Linux Kernel modules
|Protection during OS/app updates: Upgrade Linux
assets anytime without disrupting security
3. How is it different from our current GravityZone Ultra EDR capabilities for Linux?
This beta program represents the next step in EDR security tooling evolution. Server Security for Linux and Containers technology removes the Linux Kernel module dependency from the server workload EDR solution and adds the following core functionality:
4. How is it different from other Linux EDR offerings in the marketplace?
Bitdefender has developed a modern attack detection and response security stack for Linux
servers and containers that is highly differentiated from existing solutions through its security
efficacy, incident fidelity, and multi-distribution workload compatibility. We leverage our proven
mastery of detection, response, and the kill chain—perfected in GravityZone for endpoints—into
server workload EDR. Our design is platform independent with no reliance on Linux Kernel
modules, allowing a single agent to support multiple Linux OS and container distributions, and DevSecOps teams to confidently upgrade Linux workloads without breaking security.
5. Is Linux Server Security integrated with GravityZone today?
No. The Linux server and container security functionality is standalone for the technology beta
evaluation period, with near-term plans to integrate the capabilities fully into GravityZone upon
successful completion of the beta program. This important next step would provide all of the
familiar configuration, policy settings, asset management, search, reporting, and SIEM/SOAR
integration for Linux server EDR as we have for other GravityZone products.
6. Do Linux Server Security EDR alerts map to the MITRE ATT&CK Framework for Linux?
Yes. Our Linux server and container EDR alerts map precisely to the kill-chain for Linux matrix.
ATT&CK Framework coverage will continue to increase throughout the beta program and
7. Can security analysts perform true Linux server threat hunting using the beta product?
Yes. The Linux EDR alerts generated are platform- and context-aware, providing real-time
attack forensics correlated to the attack kill-chain. These content-rich alerts can be further mined using live-query threat hunting tools that provide skilled analysts with unmatched flexibility.
8. Is API programmatic control available during the Linux server security beta program?
Yes. The beta product includes native APIs for the retrieval and examination of server security
events. Customers can utilize the Linux Server and Container Security beta product via its WebUI. Features may not be 1:1 equivalent during the beta, however additional API functionality is planned following beta completion
9. How is the Server Security for Linux and Containers solution architected?
Bitdefender has designed a specialized Server Security Agent (SSA) for Linux and Containers
that runs within the guest operating system on bare metal or as a virtual machine, either cloudbased or on premises. The universal agent sits above the Linux Kernel and continuously watches both native and container workloads for suspicious and malicious activity from within user space.