Get Started
Bitdefender GravityZone Buying Guide: Tiers, Modules & Pricing
field note · Endpoint Security

Bitdefender GravityZone Buying Guide: Tiers, Modules & Pricing

Which GravityZone tier should you actually buy? A practical breakdown of Business Security, Advanced, EDR and XDR for South African SMEs.

Paul Ogier · founder 08 May 2026 9 min read

TL;DR

Most South African SMEs do not need the top-tier GravityZone licence. A 25-seat accounting practice with no Linux and no compliance load is fine on Business Security. A 120-seat law firm with Macs, a Linux file server and a cyber-insurance renewal coming up belongs on GravityZone EDR. XDR is for organisations with an analyst, an MDR partner, or a real SOC. Buy the tier you will actually operate, not the one with the prettiest brochure.

What are the GravityZone tiers?

Bitdefender ships GravityZone in four buying shapes for businesses. The names have shifted twice in the last three years, so quotes from different resellers can read differently for the same product. As of May 2026 the line-up is:

  • Business Security: the entry SKU. Next-gen AV, web filtering, device control, basic risk reporting. No EDR.
  • Business Security Premium (formerly Advanced Business Security): adds Patch Management, Full Disk Encryption, the full Sandbox Analyzer and HyperDetect tuning. Still no EDR.
  • GravityZone Business Security Enterprise / EDR: Premium plus the EDR module (process trees, IOC search, root-cause analysis, response actions).
  • GravityZone XDR: EDR plus cross-source sensors for Microsoft 365, Google Workspace, network appliances, identity providers and cloud workloads.

There is also a separate MDR (Managed Detection and Response) service that sits on top of EDR or XDR. That is a human-staffed SOC subscription, not a software tier, and it is priced separately. If you have no internal analyst, MDR is the conversation to have, not “more software”.

For wider context on what each module actually does, check the Bitdefender page.

What does each tier actually include?

// gravityzone tier matrix · 10 capabilities base → enterprise, left to right
Capability // tier 1 Business Security // tier 2 Business Security Premium // tier 3 GravityZone EDR // tier 4 GravityZone XDR
Next-gen AV (signature, ML, behavioural) Yes Yes Yes Yes
Web filtering & device control Yes Yes Yes Yes
HyperDetect tunable ML Limited Yes Yes Yes
Sandbox Analyzer (cloud detonation) No Yes Yes Yes
Patch Management (OS + 3rd-party) +Add-on Yes Yes Yes
Full Disk Encryption (BitLocker / FileVault keys in console) +Add-on Yes Yes Yes
Mobile (iOS / Android) +Add-on +Add-on +Add-on +Add-on
EDR (process tree, IOC search, response, root-cause) No No Yes Yes
XDR sensors (M365, Google Workspace, network, identity, cloud) No No No Yes
// ✓ included · ◐ limited · + paid add-on · — not available

One note vendors usually leave off the slick: Mobile (the iOS and Android client) is sold as an add-on at every tier. If you want phones in the same console as laptops, budget for it separately. Most clients we work with run mobile through Hexnode or Intune and skip the GravityZone Mobile module entirely.

Which tier fits a small business?

Picture a 15-seat audit firm. All Windows 11. No Macs. No Linux. Microsoft 365 Business Standard. No regulated client data beyond what their clients already classify, no cyber-insurance policy, no SOC 2 ambitions.

That business buys Business Security. It’s roughly the same per-seat price as a decent retail antivirus, the central console removes the “did Janet’s laptop actually update?” problem, and the licence covers the actual risk surface. They don’t need EDR; they wouldn’t operate it if they had it. Spending the EDR delta on a Microsoft 365 Business Premium uplift (Conditional Access, AAD P1, Defender for Office) is a better use of the same rand.

If that same firm grows to 30 seats and adds two Macs for the partners’ kids, it is still on Business Security but we would push for the Patch Management add-on because three-quarters of incidents we triage in this segment come back to an unpatched Acrobat Reader or Chrome.

Which tier fits a mid-market organisation?

Now picture a 120-seat law firm. 90 Windows desktops, 20 Macs (litigation team, MD, marketing), one Linux file server, one Linux web app on AWS hosting their client portal. POPIA is real for them. Cyber-insurance renewal is in November and the underwriter has sent the new questionnaire, the one that asks about EDR, MFA enforcement, patch cadence and dwell time.

That firm buys GravityZone EDR. The EDR module is what the underwriter is asking for. The Linux agent on the file server and the AWS web app closes the single biggest gap in their environment. Most law firms have no security on their Linux web servers; we’ve audited dozens. Patch Management is in the box at this tier, so the third-party CVE problem is solved without a separate Ninite Pro or PDQ subscription. The macOS coverage is real, not the bolt-on afterthought Microsoft Defender for Business ships.

EDR is also what makes incident response possible after the fact. If something goes wrong at 02:00 on a Saturday, an EDR console with three months of process-tree history is the difference between “we know what happened, here’s the contained timeline” and “we’re restoring from backup and hoping for the best.”

Which tier fits a regulated org?

Healthcare, financial services, anything storing biometric or special-personal-information under POPIA. Public-sector contractors. Anyone with HIPAA exposure on US-side data. Anyone preparing for SOC 2 Type II.

Default to GravityZone EDR at minimum. If you have an analyst on staff, an MDR contract, or a SIEM (Sentinel, Elastic, Splunk) that will actually consume the data, step up to XDR. The XDR sensors give you correlated alerts across Microsoft 365 sign-ins, mailbox rules, OneDrive activity, network appliances and the endpoint. That’s the cross-source visibility a SOC analyst needs.

XDR without someone to read it is shelfware. We’ve walked into clients running XDR licences they bought 18 months ago, M365 sensor never enabled, network sensor pointed at nothing. Worst of both worlds: the cost of XDR, the operational value of Business Security.

When should you add EDR or XDR?

The test we use in scoping calls is three questions:

  1. Does your cyber-insurance questionnaire ask about EDR or continuous monitoring? If yes, add EDR.
  2. Do you process special personal information under POPIA, or PHI under HIPAA, or cardholder data under PCI? If yes, add EDR.
  3. Do you have an analyst, an MDR contract, or a SIEM that will actually consume telemetry? If yes, consider XDR. If no, EDR is the ceiling.

Signature-based AV no longer catches the attacks that matter. Living-off-the-land attacks use signed Microsoft binaries (certutil.exe, bitsadmin.exe, mshta.exe, rundll32.exe, wmic.exe) in unusual sequences. Plain AV sees signed binaries doing signed-binary things and shrugs. EDR sees the sequence: Word spawned PowerShell, which decoded a Base64 payload, which reached out to a residential IP in Lagos. That’s the alert you want. Business Security doesn’t produce it.

Microsoft’s option: Defender for Business is fine on a 100% Windows fleet on Microsoft 365 Business Premium. Add macOS, Linux or any compliance load and GravityZone wins.

Sophos Intercept X is the other honest competitor here. It scores well in the same independent tests, has a comparable EDR console, and is priced similarly in ZAR. We standardise on Bitdefender rather than Sophos for operational reasons, not technical ones: the GravityZone API and policy-as-code workflow are cleaner for an MSP managing 40-plus tenants. For a single-tenant in-house IT team, Sophos is a defensible choice.

What about pricing in South Africa?

Bitdefender publishes per-endpoint, per-year list pricing in USD. Local pricing in ZAR moves with the exchange rate, the term length (1 / 2 / 3 years) and the seat count band (the bands typically break at 5, 25, 50, 100, 250 and 1 000 seats).

A few things worth knowing before you read a quote:

  • Term length matters more than seat count for SMEs. A 3-year licence is materially cheaper per year than a 1-year one. If your fleet is stable, lock in three years.
  • The seat-count bands step at unintuitive places. Going from 24 seats to 26 seats can change the per-seat price meaningfully. If you’re at 22 today and growing, quoting at 25 may save you a re-quote in six months.
  • Public-sector and education pricing exists and is usually 20-30% off list. Your reseller has to apply for it; it’s not automatic.
  • Renewal pricing is not the same as new-customer pricing. Bitdefender, like every vendor, prices retention differently to acquisition. If your renewal quote feels high, that’s the conversation to have.
  • Mobile, MDR and Premium Support are line items, not bundled. A quote that doesn’t show them broken out hasn’t asked you the right questions.

We don’t publish live ZAR pricing in articles because it goes stale within a quarter. What we do is quote against your current AV renewal in writing, modules itemised, and tell you which line items you can drop. That’s a 20-minute conversation, not a sales pitch.

What gets you most value per rand?

If we were spending our own money on a 50-seat fleet today:

  1. Business Security Premium (gets you Patch Management and FDE; both stop entire categories of incident).
  2. EDR uplift if any of the three EDR-trigger questions above came back yes.
  3. 3-year term for the discount.
  4. Skip Mobile unless you genuinely need iOS/Android in the GravityZone console rather than in your MDM.
  5. Skip Premium Support until you have lived with default support and identified a specific gap.
  6. Add MDR before adding XDR. A human watching EDR alerts beats software watching XDR alerts that nobody reads.

The single highest-value module per rand, on almost every fleet we audit, is Patch Management. The CVE that took down the business next door was patched six weeks before the attack. The licence cost of Patch Management for a year is less than the IR retainer for one day.

What should you avoid buying?

A few patterns we see go wrong:

Buying XDR without operating it. As above: XDR sensors that nobody enables and nobody reads. If you cannot name the person who will look at the XDR console weekly, do not buy XDR.

Buying Mobile when you already have an MDM. Hexnode, Intune, Jamf and Kandji all do mobile threat defence credibly. Layering GravityZone Mobile on top is duplicate spend.

Buying 1-year terms because of “flexibility”. The flexibility is mostly theoretical; the discount on 3-year is real. Unless you genuinely think you might switch vendors next year, a 3-year licence is the right answer.

Buying Business Security and trying to bolt on EDR later as an upgrade. The upgrade path exists but it is not free, and the operational disruption of switching mid-term is non-trivial. If there is any chance you will need EDR in the next 18 months, buy it now.

Buying from a reseller who only sends you a quote. A licence without a deployment plan, policy baseline and tuning window will sit at default settings forever. Default settings catch the 90%, miss the 10% that matters, and generate enough false positives that the team mutes the alerts within a fortnight.

Get a tier-fit recommendation

Book a free 30-minute tier-fit call. We’ll ask three things: fleet size and OS mix, regulatory or insurance exposure, current AV vendor and renewal date. You get a written recommendation back: which tier, which add-ons, which modules to skip, and a three-year cost projection in ZAR against your current spend. No obligation, no slide deck.

For how OSH deploys and operates GravityZone after the buying decision, the Bitdefender page covers our SOP. Where this fits with the rest of our security and infrastructure work is on the services hub.

Email support@osh.co.za with “tier-fit call” in the subject. We will reply with a calendar link the same business day.

More in this series: Bitdefender

  1. Bitdefender GravityZone Buying Guide: Tiers, Modules & Pricing (Current)
  2. Bitdefender GravityZone vs Microsoft Defender for Business: Which Wins?
  3. GravityZone EDR vs XDR: When Does Each Actually Pay Off?
  4. Deploying Bitdefender GravityZone Across Windows, macOS and Linux
  5. The IT Person Who Left 18 Months Ago Is Still Costing You Money
  6. Bitdefender GravityZone Patch Management: Setup, Limitations, and What Breaks
  7. Full Disk Encryption with Bitdefender GravityZone: When You Need It and How It Works
  8. Bitdefender Housekeeping We Wish Every Client Did
  9. Full Disk Encryption: Should Bitdefender or Intune Manage It?
// filed under endpoint security back to field notes
keep reading

More field notes

all posts →
// endpoint security
// endpoint security 11 min

GravityZone EDR vs XDR: When Does Each Actually Pay Off?

May 2026 Read →
// endpoint security
// endpoint security 10 min

Bitdefender GravityZone Patch Management: Setup, Limitations, and What Breaks

May 2026 Read →
// endpoint security
// endpoint security 10 min

Bitdefender GravityZone vs Microsoft Defender for Business: Which Wins?

May 2026 Read →

Ready to migrate?

Whether you need a full M365 migration plan or a security audit, our team is ready to architect your cloud future.

Email us directly support@osh.co.za