Bitdefender recently rolled out new functionality in Bitdefender GravityZone, a comprehensive cybersecurity platform that provides prevention, protection, detection, and response capabilities for organizations of all sizes. These features, consistent with our multi-layered security strategy, are intended to ease the workload of security analysts, administrators, and users.
What’s new for Security Analysts
In a dynamic cybersecurity landscape, security analysts are responsible for uncovering any signs of potential sophisticated attacks to make the invisible visible. This section describes new functionality designed to enhance analysts' capabilities, offering enhanced tools for threat detection, investigation, and response.
PHASR Updates and Standalone Agent
Proactive Hardening and Attack Surface Reduction (PHASR) proactively hardens your systems by analyzing user behavior to prevent Living Off the Land (LotL) attacks and targeted threats. It utilizes anomaly detection to enable tailored application-level action blocking to rapidly reduce your attack surface without disrupting operations.
PHASR Standalone Agent
With this update, you can now integrate PHASR as a standalone agent into your existing Windows endpoint security architecture. When using this standalone installation package, it's important to note that the learning period cannot be accelerated using historical data from an EDR module.
The standalone agent provides full access to all PHASR functionalities, including the ability to view PHASR-monitored rules, receive recommendations, and restrict access based on those rules or recommendations, directly in the GravityZone console or through the API.
This provides flexibility, allowing you to deploy PHASR in any environment where you want to leverage its unique hardening and attack surface reduction capabilities, even if other security solutions are installed.
PHASR Dashboard and Management Enhancements
Three new widgets are now on the PHASR dashboard. The Restricted behavioral profiles widget shows profiles limited by Autopilot or Direct control. The PHASR endpoint distribution widget shows how endpoints are distributed across PHASR categories. For each category, you can see endpoints running in Autopilot and in Direct control. A third new widget is the Attack surface exposure history. This widget shows how the organization's overall risk score has changed over time.
To enhance the management capabilities, the dedicated PHASR subsection has been added under Policies > Risk Management. This subsection shows status indicators for PHASR settings and activation state. PHASR settings defined in Policies > Assignment Rules now take precedence over the settings in the device policy. Finally, you can now view the PHASR module's status in the Endpoint modules status report.
For comprehensive insights into PHASR, we invite you to watch our masterclasses here.
Container Image Scanner
Bitdefender Container Image Scanner scans container images and container registries to identify vulnerabilities during development and provides continuous monitoring for images in registries.
With the latest release, the History logs panel now provides a broader set of detailed error messages related to bcst-cli permissions and configuration. This panel is available within the Container Image Scanner card.
Additionally, the token issued for scanner authentication during the initial integration setup in the Integrations hub is now invalidated once the corresponding integration card is deleted. A new token is automatically created when a new integration is set up.
For comprehensive insights into Container, we invite you to watch our masterclasses here. For the masterclass on KSPM in Practice - Securing Kubernetes Environments with GravityZone, click here.
API Enhancements
Bitdefender Control Center APIs enable developers to automate business workflows. These APIs are exposed via the JSON-RPC 2.0 protocol, and you can find usage examples and documentation in our Support Center, here.
With this release, the API has been enhanced in three areas: PHASR API, Push API, and Packages API.
The PHASR API includes the following new methods for managing recommendations and resources:
- getPhasrRecommendations – retrieves recommendations for a company.
- applyRecommendations – applies recommendations by ID and returns success and failure details for each request.
- getRecommendationProfiles – retrieves behavioral profile and endpoint information for a specific recommendation.
- getAllCompanyResources – returns all the detected resources for a company.
The Push API has been updated to provide richer incident data:
- A new event type is now available for event push messages: new-extended-incident. This event is sent every time a new XDR incident is created and updated.
- The new-incident event now distinguishes between new incidents and updates. Incident updates may include an optional nodes object and an alerts_count field.
The Packages API has been extended to support PHASR Standalone:
- The productType attribute returned by the getPackageDetails method now has a new possible value: 5 (PHASR Standalone).
- The modules parameter returned by the createPackage method now has a new possible value: phasr.
- The productType parameter of the createPackage method now has a new possible value: 5 (PHASR Standalone).
- The modules parameter of the updatePackage method now has a new possible value: phasr.
- The productType parameter of the updatePackage method now has a new possible value: 5 (PHASR Standalone).
For comprehensive insights into automating workflows with the Control Center API, we invite you to watch our masterclasses here.
What’s new for Administrators
With administrators constantly juggling numerous tasks and responsibilities, tools designed to make their daily tasks easier are highly appreciated. This section describes new functionality designed to facilitate the management of features responsible for prevention, protection, and detection in a defense-in-depth security architecture.
Health Dashboard
GravityZone Health Dashboard functionality is now generally available (GA). The dashboard provides crucial insights into endpoint health and performance, highlighting critical issues that require your attention. You can use it to check how many endpoints have issues, such as unresolved malware detections or isolated endpoints during an incident.
Every important endpoint parameter, like update status, policy status, or issues, has its own visual representation as a customizable widget. From these widgets, you can drill down to the concerns most relevant to your organization, which streamlines the investigation process.
For example, if you modify the policy settings and want to know if any endpoints didn't apply to the new policy, you can easily find them by drilling down directly from the Endpoints Policy Status widget. This action takes you to the Network section, where predefined filters are automatically applied to show you the specific endpoints with the issue.
If you were using the Health Dashboard during the EAP phase, you will find that the GA release also includes enhancements to its functionality. First, a new export option is available. You can now export events from the Health Dashboard in PDF format. The Active endpoints widget has been renamed to Online endpoints. A guided tour is now available when you access the Health Dashboard page.
Furthermore, the Endpoint issues widget now includes PHASR-related module data, and the Endpoint policy status widget now includes endpoints with temporary policy changes made via Power User under the Warning counter.
Compliance and Risk Management Enhancements
Risk Management provides a comprehensive overview of your organization's attack surface, enabling you to identify and mitigate risks across endpoints, applications, user behavior, and cloud environments.
With this update, Risk Management now includes two new compliance standards:
Cyber Essentials v3.2 (UK): A UK Government-backed cybersecurity certification that defines a baseline of technical controls to protect IT infrastructure from common cyber threats, focusing on secure configuration, access control, patching, malware protection, and firewalls.
Essential Eight v2023.11 (AU): An Australian Cyber Security Centre (ACSC) framework outlining eight prioritized mitigation strategies—such as application control, patching, and multi-factor authentication—to reduce the risk of cyber incidents and improve organizational resilience.
Findings related to both standards are available on the Findings, Identity risks, and Compliance manager pages. Additionally, we've updated the organization of the Policies page. The PHASR policies section has been moved from the Risk management page to its own dedicated subsection.
Integration Hub Enhancements
The Integrations hub page lets you manage both active (configured) and available integrations compatible with GravityZone.
With the latest update, GravityZone has been enhanced with the following integrations:
- Splunk (Security Telemetry) – Forward events directly to Splunk for analysis.
- Syslog (Security Telemetry) – Export events to any syslog-compatible platform.
- 3rd Party Identity Provider – Connect external Identity Providers (IDPs) for unified access.
- Microsoft Active Directory Federation Services (ADFS) – Enable federated authentication with ADFS.
- Azure Active Directory Federation Services – Integrate with Azure AD for secure single sign-on.
- Okta – Use Okta as an identity provider across Bitdefender consoles.
These integrations improve threat visibility by centralizing security data and streamlining access management by enabling secure single sign-on (SSO) across your security ecosystem.
Summary
The unified Bitdefender GravityZone platform is better than ever, offering a one-stop solution for all your organization's security needs. As the digital landscape evolves, Bitdefender remains proactive, providing prevention, protection, detection, and response capabilities to ensure the ongoing safety of organizations of all sizes worldwide.
To learn more about the Bitdefender GravityZone platform, contact us or a Bitdefender partner. You can also start a free trial by requesting a demo here.
