Server Security for Linux and Containers

Purpose-Built, Multi-Distribution Security for Linux Server and Container Workloads

Want to Join the Beta Program?

What It Does How It Works Platform Support Use Cases FAQs


New security stack removes kernel dependence, allowing the upgrade of Linux kernels without fear of business interruption from security incompatibility, protecting server workloads and containerized applications/services during updates.


Join Our Beta Evaluation Program!​


Secure your Linux and container workloads/deployments including Docker, Kubernetes​:

  • Receive advanced EDR protection for Linux servers and containers currently unavailable anyplace else​
  • Test and prove innovative Linux server detection and incident investigation workflows in real-world usage​
  • Integrate Linux security using APIs for security automation within your extended defensive infrastructure
  • Quantify performance benchmarks for high detection efficacy and low performance impact/overhead​
  • Validate the risk-limiting and stability advantages of Kernel-independent security for improved compatibility​

Robust Linux server and container protection at no charge during the beta evaluation​


What It Does


Reduce adversary dwell time and minimize damage.

Uncover and stop attacks on Linux server and container workloads by quickly identifying suspicious and malicious activity mapped to the MITRE ATT&CK Framework kill chain for Linux servers.

High-fidelity incident reporting of suspicious activity within diverse Linux and container workloads is delivered with context-rich alerts that empower SOC analysts to confidently begin investigations.




How It Works


  • Security stack purpose-built for diverse Linux server and container workloads
  • Multi-distribution technology runs independent of Linux Kernel modules
  • Superior detection and response efficacy powered by Bitdefender Labs research
  • Context-aware incident reporting spans guest OS and container workloads
  • Attacker TTPs mapped to MITRE ATT&CK Framework kill chain for Linux Servers



Linux_Platform Support



Use Cases



FAQs – Server Security for Linux and Containers

1. What is our Server Security for Linux and Containers beta program all about?
Bitdefender Server Security for Linux and Containers combines low-impact server workload
EDR capabilities with advanced Linux exploit detection, live attack forensics, and detailed threat hunting for in-progress and historical security alerts and events.

2. What are the primary business problems and key use cases we solve with this product?
These business problems and use cases will be tested and refined during the beta program:

Business Problem Use Case Use Case
SOC analysts are largely blind to suspicious activity
in Linux server, cloud, VM and container workloads
Advanced exploit detection: Detect attacks early
with industry leading efficacy;
Incident investigation: server workload EDR with
live query threat hunting
Existing container security is external to traditional
tools—separate, siloed, and lacking efficacy
MITRE ATT&CK kill-chain mapping: Understand
your risk exposure from a breach, step-by-step
DevSecOps struggles to deploy and support server
security solutions across diverse Linux distributions
due to solution dependency on Linux Kernel modules
Protection during OS/app updates: Upgrade Linux
assets anytime without disrupting security


3. How is it different from our current GravityZone Ultra EDR capabilities for Linux?
This beta program represents the next step in EDR security tooling evolution. Server Security for Linux and Containers technology removes the Linux Kernel module dependency from the server workload EDR solution and adds the following core functionality:

  • Native support for Docker containers and Kubernetes deployments across private and
    public cloud
  • Exploit detection technology specifically designed for Linux workloads
  • Enhanced incident analysis and response capabilities via live investigations module

4. How is it different from other Linux EDR offerings in the marketplace?
Bitdefender has developed a modern attack detection and response security stack for Linux
servers and containers that is highly differentiated from existing solutions through its security
efficacy, incident fidelity, and multi-distribution workload compatibility. We leverage our proven
mastery of detection, response, and the kill chain—perfected in GravityZone for endpoints—into
server workload EDR. Our design is platform independent with no reliance on Linux Kernel
modules, allowing a single agent to support multiple Linux OS and container distributions, and DevSecOps teams to confidently upgrade Linux workloads without breaking security.

5. Is Linux Server Security integrated with GravityZone today?
No. The Linux server and container security functionality is standalone for the technology beta
evaluation period, with near-term plans to integrate the capabilities fully into GravityZone upon
successful completion of the beta program. This important next step would provide all of the
familiar configuration, policy settings, asset management, search, reporting, and SIEM/SOAR
integration for Linux server EDR as we have for other GravityZone products.

6. Do Linux Server Security EDR alerts map to the MITRE ATT&CK Framework for Linux?
Yes. Our Linux server and container EDR alerts map precisely to the kill-chain for Linux matrix.
ATT&CK Framework coverage will continue to increase throughout the beta program and

7. Can security analysts perform true Linux server threat hunting using the beta product?
Yes. The Linux EDR alerts generated are platform- and context-aware, providing real-time
attack forensics correlated to the attack kill-chain. These content-rich alerts can be further mined using live-query threat hunting tools that provide skilled analysts with unmatched flexibility.

8. Is API programmatic control available during the Linux server security beta program?
Yes. The beta product includes native APIs for the retrieval and examination of server security
events. Customers can utilize the Linux Server and Container Security beta product via its WebUI. Features may not be 1:1 equivalent during the beta, however additional API functionality is planned following beta completion

9. How is the Server Security for Linux and Containers solution architected?
Bitdefender has designed a specialized Server Security Agent (SSA) for Linux and Containers
that runs within the guest operating system on bare metal or as a virtual machine, either cloudbased or on premises. The universal agent sits above the Linux Kernel and continuously watches both native and container workloads for suspicious and malicious activity from within user space.