Bitdefender rolled out new functionality in Bitdefender GravityZone, a unified cybersecurity platform that provides prevention, protection, detection, and response capabilities for organizations of all sizes. These features, consistent with our multi-layered security strategy, are intended to ease the workload of security analysts, administrators, and users.
In a dynamic cybersecurity landscape, security analysts are responsible for uncovering any signs of potential sophisticated attacks to make the invisible visible. This section describes new functionality designed to elevate analysts' capabilities, offering enhanced tools for threat detection, investigation, and response.
Proactive Hardening and Attack Surface Reduction (PHASR) dynamically hardens your systems by analyzing user behavior to prevent Living Off the Land (LotL) attacks and targeted threats. It utilizes anomaly detection to enable tailored application-level action blocking, rapidly reducing your attack surface without disrupting operations.
With the latest update, we are significantly expanding our PHASR technology by adding support for Linux and macOS to its existing Windows capabilities in GravityZone. PHASR is available as a BEST component, providing consistent, granular protection across Windows, macOS, and Linux environments. The standalone version is currently available for Windows and macOS.
Beyond the OS expansion, we are introducing a new level of architectural flexibility for MSP partners. PHASR can now be deployed via a monthly subscription as a standalone agent, adding hardening capabilities to an existing security architecture without replacing current endpoint security. MSP partners can now assign PHASR as a dedicated service to their own organization, as well as to managed partners and customer companies.
We have redesigned the Allow Access request details panel to provide more comprehensive forensic data. Administrators can now instantly view the parent process, the blocked process, and the specific command line involved. We have also refined the Rule name filter in the PHASR-monitored rules section. Previously, identical rules appeared multiple times, complicating the search process. These are now consolidated into a single suggestion in the dropdown. Selecting a rule will automatically return all corresponding instances across Windows, Linux, and macOS.
For comprehensive insights into PHASR, we invite you to watch our masterclasses here.
Ready to see where your organization stands? Bitdefender offers a free Internal Attack Surface Assessment to help you identify which LotL binaries and administrative tools are currently creating risk in your environment.
When the new activity is detected option is enabled in the Settings tab, a new incident is generated whenever new activity occurs on a previously closed incident. This newly created incident remains open and is continuously updated with related activity until it is closed. If further activity is detected after that incident is closed, another new incident is created. All related incidents created through this process form an Incident evolution chain. This field is handled differently depending on the incident type:
For XDR Incidents: The Incident evolution field is displayed in the Summary section of the incident overview, in the incident details panel, and is included in the PDF incident report.
For EDR Incidents: This field is available exclusively in the incident details panel.
Incident status labels have also been refined to improve clarity regarding incident outcomes: False Positive has been renamed to Closed: False positive and Closed is now Closed: Confirmed incident.
External Attack Surface Management (EASM) helps you continuously discover and analyze internet-facing assets and their vulnerabilities, providing an attacker-centric view to proactively reduce your attack surface.
In this update, EASM artifacts now support A and AAAA DNS records and include a new option to export a CVE-centric report for more efficient vulnerability analysis across services. You can access these DNS records via Risk Management > EASM Artifacts > DNS Records or through the DNS records widgets on the EASM Dashboard. Additionally, this release introduces support for adding IP blocks (CIDR ranges) to the Scan list.
For comprehensive insights into EASM, we invite you to watch our masterclasses here.
The Network Sensor (NSVA) monitors network traffic to identify suspicious activities that may indicate malicious intent or an active attack, such as brute-force attempts, port scanning, and unauthorized data exfiltration. It also supports a Vulnerability Assessment Scanner that runs scheduled vulnerability scans on configured subnets within the monitored network.
With the latest update, scan subnets must adhere to specific validation rules: the CIDR prefix length must be /11 or longer (supporting up to 2 million hosts), and private subnets must use IANA IP ranges. To improve visibility into these requirements, a new Invalid Scan Targets field has been added to the Network Sensor Details panel. This field displays any subnets that could not be scanned due to configuration constraints, allowing for easier troubleshooting without changing the scanner’s core functionality.
Additionally, the system now supports up to 160 scan targets to ensure broader visibility across your monitored network; if more than 160 targets are defined, only the first 160 will be scanned.
With administrators constantly juggling numerous tasks and responsibilities, tools designed to make their daily tasks easier are highly appreciated. This section describes new functionality designed to facilitate the management of features responsible for prevention, protection, and detection in a defense-in-depth security architecture.
Bitdefender Extended Email Security (EES) offers flexible deployment models—Gateway, API-based, and Unified—to provide a comprehensive defense against sophisticated spear-phishing, brand impersonation, and supply chain fraud. It combines deep mailbox visibility with automated post-delivery remediation to identify and neutralize evasive threats that bypass traditional perimeters.
Following the acquisition of the Mesh Security email security platform, EES was initially available as an independent management console. With the latest update, administrators can access the Extended Email Security console directly from the GravityZone Control Center using the GravityZone Identity Provider (IdP). This centralizes authentication and ensures a seamless, secure transition for teams managing their security stack.
Extended Email Security is now available as an add-on for companies with a yearly license or a monthly subscription. This new module officially replaces the legacy Email Security add-on, offering a more robust detection engine and deeper integration.
To support diverse infrastructure requirements, EES offers a modular architecture that allows organizations to choose the model that best aligns with their specific risk profile:
Gateway Email Security: A platform-agnostic solution at the network edge. By changing MX records, all inbound emails are routed to the gateway for filtering before reaching the mailbox server.
API-Based Email Security: Designed exclusively for Microsoft 365, this model requires no changes to MX records and uses a secure API to inspect messages directly in the user's mailbox.
Unified Email Security: For organizations requiring the highest level of security, the unified model combines both Gateway and API capabilities for comprehensive perimeter protection and automated post-delivery remediation.
Beyond deployment flexibility, EES empowers security teams with the Live Email Tracker, providing real-time telemetry and forensic visibility across all email traffic.
EES allows for granular searches based on metadata and authentication results, coupled with powerful automated and manual remediation capabilities to neutralize threats even after they reach the inbox.
For comprehensive insights into Extended Email Security, we invite you to watch our masterclasses here.
Compliance Manager streamlines regulatory adherence by mapping IT controls to standards like GDPR, ISO 27001, and NIS2, offering real-time endpoint evaluations, actionable remediation steps and recommendations, and audit-ready reports.
With this update, Risk Management and Compliance Manager now include the NIST CSF 2.0 standard. NIST CSF 2.0 is a globally recognized framework designed to help organizations manage and reduce cybersecurity risk. Version 2.0 introduces a core focus on Governance and provides a structured approach across six key functions—Govern, Identify, Protect, Detect, Respond, and Recover.
Findings related to this standard are available on the Findings, Account Risks, and Compliance Manager pages.
For comprehensive insights into Compliance Manager, we invite you to watch our masterclasses here.
Risk Management provides a comprehensive overview of your organization's attack surface, enabling you to identify and mitigate risks across endpoints, applications, user behavior, and cloud environments.
With this update, a new CSV export option, Breakdown by CVE, is available in the vulnerabilities grid. This enhancement allows security analysts to export vulnerability data for more efficient cross-resource analysis. Unlike existing resource-focused exports, this new type of export groups vulnerabilities by CVE and includes data such as descriptions, affected resources, risk scores, and exploitability.
For comprehensive insights into Risk Management, we invite you to watch our masterclasses here.
The Network section provides functionalities for managing all entities available in your network. Entities are defined as physical computers, virtual machines, Security Servers, containers, and folders available in your network.
With the latest release, you can now share smart views and grant other users in your company permission to edit them. Shared smart views are displayed in a distinct section within the left-side panel of the Network page. This streamlines collaboration by enabling standardized workflows and consistent visibility.
Additionally, the Network page now offers enhanced support for the Network Sensor Virtual Appliance (NSVA). The Role filter now includes Network Sensor, and the Network Sensor information page displays specific details such as password information and sensor status.
In the Network section, several actions applicable to both Network Sensor and Security Server virtual appliances have been renamed for better clarity:
Update Security Server has been renamed to Update security appliance.
The "Change Security Server password" option has been renamed to "Change password".
"Restart endpoint" has been renamed to "Restart machine, this action is available for Network Sensor, Security Server, and endpoints with security agents.
The Integrations hub page lets you manage both active (configured) and available integrations compatible with GravityZone.
With the latest update, the ConnectWise entry in the Integrations user menu has been removed, as has the Import from ConnectWise option in the More actions menu on the Companies page. You can now launch ConnectWise PSA directly from the Integrations Hub. The Mappings section allows you to link an existing ConnectWise PSA company to a new GravityZone company, enabling customer provisioning directly within the integration.
Bitdefender Control Center APIs enable developers to automate business workflows. These APIs are exposed via the JSON-RPC 2.0 protocol. You can find usage examples and documentation in our Support Center, located here.
This update introduces several new API parameters and methods to support Extended Email Security, PHASR expansion, and refined Incident Management workflows.
To support the expansion of PHASR to Linux and macOS, and its availability as a standalone agent, the following updates have been made:
To align with the new company-level settings for handling closed incidents, new parameters have been added to control whether updates to closed incidents trigger a reopening or a new incident creation:
For general usage data consolidation, the getMonthlyUsage method has been extended with the productType parameter (0 for Endpoint Security, 3 for EDR, 5 for PHASR). This allows retrieval of comprehensive usage data for all product types in a single call, without needing to use getMonthlyUsagePerProductType separately.
For comprehensive insights into automating workflows with the Control Center API, we invite you to watch our masterclasses here.
The Bitdefender GravityZone security platform stands out from competitors, offering a one-stop solution for all your organization's security needs. As the digital landscape evolves, Bitdefender remains proactive, providing prevention, protection, detection, and response capabilities to ensure the ongoing safety of organizations of all sizes worldwide.
To learn more about the Bitdefender GravityZone platform, contact us or a Bitdefender partner for more information. You can also start a free trial by requesting a demo here.