During early December, Bitdefender rolled out new functionality in Bitdefender GravityZone, a comprehensive cybersecurity platform that provides prevention, protection, detection, and response capabilities for organizations of all sizes. These features, consistent with our multi-layered security strategy, are intended to ease the workload of security analysts, administrators, and users.
In a dynamic cybersecurity landscape, security analysts are responsible for uncovering any signs of potential sophisticated attacks to make the invisible visible. This section describes new functionality designed to elevate the capabilities of analysts, offering enhanced tools for threat detection, investigation, and response.
Kubernetes is an open-source system for managing and automating container workloads in the cloud and on-prem. It orchestrates containerized applications by automatically handling deployment, scaling, load balancing, and self-healing.
With the latest release, Kubernetes Security Posture Management (KSPM) allows you to identify and remediate misconfigurations within your Kubernetes (K8s) environment. It is included in CSPM+ license and is automatically available for all existing customers who are using this license.
To get started, you will need to onboard your Kubernetes clusters by downloading the Kubernetes Cluster Agent (Helm chart package) from the GravityZone Installation packages section and installing it on your K8s clusters.
Your K8s clusters will be automatically scanned once every 24 hours. The results are presented in the Findings section of Risk Management, and include all details, such as a Risk Score to prioritize issues by severity, a list of Affected Devices, and the 'Manual' Mitigation Type.
This collected risk data is calculated and reflected in the Company state widget in the Risk Management dashboard, which represents the overall risk level your organization faces.
For comprehensive insights into Risk Management, we invite you to watch our masterclasses here.
For comprehensive insights into Securing Kubernetes Environments with GravityZone, we invite you to watch our masterclasses here.
Proactive Hardening and Attack Surface Reduction (PHASR) proactively hardens your systems by analyzing user behavior to prevent Living Off the Land (LotL) attacks and targeted threats. It utilizes anomaly detection to enable tailored application-level action blocking to rapidly reduce your attack surface without disrupting operations.
With the latest update, you can define for each PHASR activity type whether a user can request access to the process (or application) or the action that has been blocked by PHASR.
The Request Access button will be available directly in the end-user BEST agent when the process or the action is blocked.
Before taking an action (allow or deny access) in the GravityZone console, you can view a note that was added by the end user requesting access, saved and displayed in the "Business justification" section for the selected behavioral profile.
This update also brings additional smart views such as Restrict access, Allow access, and Requested access to the PHASR recommendations section.
For comprehensive insights into PHASR, we invite you to watch our masterclasses here.
YARA rules are a pattern-matching mechanism used for identifying and classifying data or files based on specified conditions. This allows you to take customizable detection, making YARA rules valuable assets for zero-day detection, threat hunting, and incident response.
With the current release, you can enable automatic response action for triggered YARA detection rules. The new Automatic Action step allows you to configure the following automatic actions:
YARA rules automatic actions.
This new capability significantly accelerates remediation by allowing your security teams to automatically interrupt threats identified by YARA rules, reducing the window of exposure and minimizing manual intervention during security incidents.
GravityZone processes raw data from sensors and standardizes it, making this information available for you to query using the search option. Historical Search provides you with a complex XDR query language engine (with predefined fields and operators) to locate incidents based on selected criteria and parameters.
With the latest release, The Smart views panel includes additional information:
Four new buttons have been added in the top-right corner of the Historical tab:
Accessing Historical Search now restores the most recently used smart view. The Save As feature now includes table customization, such as column rearrangement, resizing, and visibility settings. You can also rename smart views by clicking the vertical ellipsis next to the desired query and selecting Rename.
With administrators constantly juggling numerous tasks and responsibilities, tools designed to make their daily tasks easier are highly appreciated. This section describes new functionality designed to facilitate the management of features responsible for prevention, protection, and detection in a defense-in-depth security architecture.
Compliance Manager streamlines regulatory adherence by mapping IT controls to standards like GDPR, ISO 27001, and NIS2, offering real-time endpoint evaluations, actionable remediation steps and recommendations, and audit-ready reports.
With this update, the Risk Management and Compliance Manager now includes two new compliance standards:
Findings related to both standards are available on the Findings, Identity risks, and Compliance manager pages.
For comprehensive insights into Compliance Manager, we invite you to watch our masterclasses here.
For comprehensive insights into Risk Management, we invite you to watch our masterclasses here.
We are pleased to introduce the new hybrid licensing mechanism available for all our MSP Partners and customers. This mechanism allows using yearly add-ons together with a monthly subscription. It's available for all companies on a monthly subscription that are using the Endpoint Security product type. Activating a yearly add-on maintains all ongoing monthly subscription functions and can be activated on the company Licensing page using the Yearly add-on usage section.
The first yearly add-on that will be available for the hybrid licensing is the GravityZone Security Data Lake, scheduled for release in January 2026.
The Integrations hub page lets you manage both active (configured) and available integrations compatible with GravityZone.
With the latest update, GravityZone has been enhanced by integration with HaloPSA. MSP Partners can now launch their HaloPSA integration through the HaloPSA Integration App, which significantly streamlines operations by connecting customer management, billing, and incident response. Existing GravityZone companies can be mapped to their corresponding HaloPSA Clients, or new clients can be automatically created.
GravityZone Integrations Hub
The Billing Service automatically transfers GravityZone monthly usage data, including all protection models and add-ons, ensuring accurate and efficient invoicing.
The Ticketing Service supports all major GravityZone alert types, such as Advanced Anti-Exploit, Advanced Threat Control, Ransomware Detection, and Network Attack Defense. To reduce notification overload, related alerts are aggregated into the same ticket.
The Event Service provides full visibility into all integration activities (Mapping, Billing, and Ticketing). This helps administrators monitor synchronization status and quickly identify and resolve any configuration issues.
The Network section provides functionalities for managing all entities available in your network. Entities are defined as physical computers, virtual machines, Security Servers, containers, and folders available in your network.
With the current release, you can use the Change Security Server password action to update passwords for one or more Security Server or Network Sensor Virtual Appliance instances at the same time.
A Policy specifies the security settings to be applied to target network inventory objects (computers, virtual machines, containers, or mobile devices).
With the latest release, you can create policy assignment rules for Active Directory computer groups to help you apply specific security policies across organizational units.
GravityZone is a comprehensive cybersecurity platform that delivers prevention, protection, detection, and response capabilities for organizations of all sizes across multi-, hybrid-cloud servers, workloads, and end-user systems, including PCs, laptops, and mobile devices.
Now you can use passkeys for secure authentication when logging in to GravityZone Control Center through the GravityZone Identity Provider (IdP). GravityZone IdP supports biometrics such as Windows Hello [TPM], Apple Touch ID [T2], or physical hardware keys to store device-bound passkeys. You can also store passkeys in password managers like Bitwarden.
When you switch to logging in with GravityZone IdP, the Manage passkeys option is available on the My account page. Selecting it redirects you to the GravityZone IdP console, where you can add, edit, or remove passkeys.
Detailed information about GravityZone IdP passkey configurations can be found at our Bitdefender Support Center here.
Bitdefender Control Center APIs enable developers to automate business workflows. These APIs are exposed via the JSON-RPC 2.0 protocol, and you can find usage examples and documentation in our Support Center, here
With this release, the Incidents API has been enhanced with the following updates:
Using Licensing API, you can:
Finally, for the Policies API:
For comprehensive insights into automating workflows with the Control Center API, we invite you to watch our masterclasses here.
Users are extremely important part of any organization, and each IT system should contribute to their daily tasks without disruption. In this section, we describe functionalities specifically designed to assist users in overcoming security challenges, while enhancing their efficiency and ease of use.
Bitdefender Endpoint Security Tools (BEST) is an endpoint agent that delivers multi-layered prevention, protection, detection, and response capabilities.
The latest update introduces a new graphical interface for all customers with active PHARS licenses. This is the first step of our rollout plan, and it's dedicated to Windows users with two primary goals: enhancing security and providing a modern, fresh look. This update is rolling out gradually and requires no action from your side.
To ensure a smooth transition, the old and new interfaces are available in parallel. End users can choose their preferred version by right-clicking the BEST icon in the system tray and selecting the "Switch to..." option.
The Bitdefender GravityZone platform stands out from the crowd, offering a one-stop solution for all your organization's security needs. As the digital landscape evolves, Bitdefender remains proactive, providing prevention, protection, detection, and response capabilities, ensuring the ongoing safety of organizations of all sizes worldwide.
To learn more about the Bitdefender GravityZone platform, contact us or a Bitdefender partner for more information. You can also start a free trial by requesting a demo here.