For HomeFor BusinessFor Partners
Enterprise Security Endpoint Protection & Management
12 min read

What’s New in GravityZone Platform July 2024 (v 6.52)

Grzegorz Nocoń

July 11, 2024

What’s New in GravityZone Platform July 2024 (v 6.52)

This month, Bitdefender rolled out new functionality in Bitdefender GravityZone, a comprehensive cybersecurity platform that provides prevention, protection, detection, and response capabilities for organizations of all sizes. These features, consistent with our multi-layered security strategy, are intended to ease the workload of security analysts, administrators, and users.

What’s New For Security Analysts

In a dynamic cybersecurity landscape, security analysts are responsible for uncovering any signs of potential sophisticated attacks to make the invisible visible. This section describes new functionality designed to elevate the capabilities of analysts, offering enhanced tools for threat detection, investigation, and response.

External Attack Surface Management (EASM)

External Attack Surface Management (EASM) is now available for the Early Access Program (EAP). To leverage the benefits of Bitdefender EASM, please contact your Bitdefender sales representative for more information on joining EAP.

EASM helps you gain a comprehensive view of your company's external attack surface. It automatically discovers and organizes all internet-facing assets, services, and potential vulnerabilities. This gives you a clear picture of what needs protection, allowing EASM to identify and prioritize potential security gaps before attackers exploit them. After joining the EAP, you can access the EASM panels view under the Risk Management section.

For detailed information about the EASM solution, read our "Introducing External Attack Surface Management (EASM)" article.

Bitdefender CSPM+ delivers Alibaba Cloud, Webhook integrations and IaC scanning

Bitdefender CSPM+ ensures the secure and compliant configuration of cloud resources and services to identify and mitigate potential security risks, misconfigurations, and manage identities within cloud environments such as Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure.

With the latest release, you can integrate CSPM+ with Alibaba Cloud. Now you can gain continuous visibility across your cloud environments, identify misconfigurations and security risks, ensuring compliance with regulations and best practices. Manual remediation instructions and security best practices empower you to take action and secure your Alibaba Cloud deployments. Additionally, the comprehensive asset inventory provides a detailed overview of your cloud resources and identities.

The latest release also brings Webhook integrations for GravityZone Cloud Security. Webhooks are lightweight HTTP callbacks that allow you to automate notifications and receive real-time updates on security events within GravityZone Cloud Security. This event-driven communication only sends data when a specific event occurs, reducing overall communication volume compared to standard API calls.

Infrastructure as Code (IaC) scanning has been added to CSPM+ as of July 2, 2024. IaC scanning allows organizations to check their IaC files for misconfigurations and secrets before deployment, including Terraform, AWS CloudFormation templates, Azure Resource templates, Helm charts, Kubernetes, and Dockerfiles. Reach out to your Bitdefender representative to learn more

Bitdefender IntelliZone enhancements

Bitdefender IntelliZone is our Threat Intelligence Portal, exposing the capabilities of our Threat Intelligence solution. It provides UX-optimized, human-readable visualizations of Threats and Indicators of Compromise (IoC). IntelliZone integrates search and navigation functionalities, offers AI-powered user support, and includes other valuable features, all optimized for security analysts.

In the latest release, we've integrated a Generative AI feature into IntelliZone. This feature is available on the Threat View page and allows you to generate threat descriptions. If you generate a description, the card displays the last generated threat description and the time of its generation.

The latest release brings another powerful addition to IntelliZone, the Full Actor Page. It provides you with a deep detailed view about a selected actor. Panels include three sections:

  • Industries Section: Lists the industries in which an actor has been active.
  • Geographical Activity Map: World map displaying the locations where the actor has been active.
  • MITRE ATT&CK Tactics and Techniques Table: Map the tactics and techniques used by the actor according to MITRE's TTP framework.

What’s new for Administrators

With administrators constantly juggling numerous tasks and responsibilities, tools designed to make their daily tasks easier are highly appreciated. This section describes new functionality designed to facilitate the management of features responsible for prevention, protection, and detection in a defense-in-depth security architecture.

Proactive Threat Defense on Linux: Leverage Bitdefender ATC

Advanced Threat Control (ATC) actively monitors process behavior in real-time to distinguish malicious from benign activity. It employs over 300 heuristics and machine learning models to analyze process actions and API calls, identifying threats like credential theft, process injection, persistence attempts, and ransomware.

With the latest release, Bitdefender ATC extends to Linux systems, further enhancing existing threat detection capabilities by offering visibility into potential security risks. You'll gain insights into malicious processes the BEST agent identifies, allowing for informed decisions and manual remediation of threats on Linux endpoints.

To leverage this improved functionality, simply reconfigure your agents using the Task in the Network configuration section to include the ATC module.

BEST agent offers UEFI scanning

Unified Extensible Firmware Interface (UEFI) is a modern replacement for the legacy BIOS. It initializes hardware components during startup and loads the operating system on your machine.

With the latest release, we've enhanced the Antimalware module's capabilities giving you the option to enable UEFI scanning. This feature is available for both on-demand scheduled tasks within Policy configuration and for malware scan tasks initiated from the Network page.

UEFI scanning includes the firmware itself and all files located on EFI partitions like applications and drivers. UEFI scanning functionality is independent of the operating system, it relies on supported physical chipsets on hardware machines.

The detection events you can find in the Threats Xplorer section, or by generating a Security Audit report.

Streamlined SVA deployment now on Azure Marketplace

Our virtual environment security solution is designed to improve security and performance. It minimizes resource impact on endpoint security by utilizing multi-level caching and scan offloading on Security Virtual Appliances (SVAs).

SVAs are now available for direct deployment from the Azure Marketplace. This streamlined deployment offers resource efficiency and minimal performance impact, making it ideal for low-footprint deployments.

To leverage these benefits, you'll install a lightweight agent with a built-in Security Server component. This component handles multi-level caching and scan offloading, minimizing CPU, memory, and storage impact on your systems. Security Virtual Appliances themselves provide Antimalware scanning engines and threat intelligence databases. This centralization reduces the number of updates required in non-persistent environments like VDI clients.

For more details, check out our TechZone article here.

GravityZone Patch Management includes Manually Approved Patches

Patch Management helps you prioritize and automate the installation of critical security updates for operating systems and applications, keeping all your systems secure and up-to-date.

With the latest update, we've added a new category called Manually Approved to our existing list alongside Security and Non-Security patches. This category includes all patches that can impact the installed Windows version, such as Microsoft Windows Feature Update patches and other important updates that require human intervention: either they require credentials to download them, or the download link for the patch is not publicly available.

Manually approved patches can be installed by you on demand like any other patch or automatically during a configurable maintenance window defined in Bitdefender GravityZone Configuration Profiles. For the maintenance window, you need to select each manually approved patch and activate them for inclusion.

All reports and statuses will show all three types of patches. It's worth noting that computers missing only manually approved patches will be reported as up to date.

Patch Management for macOS enhancements

With the latest release, you have more control over when running applications are patched. All applications that are not currently running will be patched automatically. The product now requires restarting applications that are running during patching. End user will receive a pop-up with a list of applications that need to be restarted.

After the end user confirms, these applications will be closed and patched successfully. Users can also postpone applications restart for up to 24 hours.

Policy configuration redesign

With this release, we start a series of releases with the main goal to redesign the GravityZone policies section. This first update comes with a new design and improved interface texts for the policy sections such as Integrity Monitoring, Encryption, Incident Sensor, Storage Protection, Patch Management and Risk Management. The new design also includes links to related GravityZone documentation under "Get help from Support Center".

Additionally, Storage Protection was redesigned. The existing ICAP section was renamed to General. The previous ICAP configuration is included in the General configuration.

In Patch Management configuration, you can now create a maintenance window if one hasn't been created yet. When the maintenance window is created, you can see each schedule's maintenance windows details displayed.

Summary

Bitdefender GravityZone platform stands out from the crowd, offering a one-stop solution for all your organization's security needs. As the digital landscape evolves, Bitdefender remains proactive, providing prevention, protection, detection, and response capabilities, ensuring the ongoing safety of organizations of all sizes worldwide.

To learn more about the Bitdefender GravityZone platform, contact us or a Bitdefender partner for more information. You can also start a free trial by requesting a demo here.

tags

Enterprise Security Endpoint Protection & Management

Author

Grzegorz Nocoń

Grzegorz Nocoń

Grzegorz Nocon is a graduate of the Faculty of Physics at the University of Silesia. With over 16 years of experience in the IT industry, he currently works as a Technical Marketing Engineer at Bitdefender. A strong supporter of a holistic approach to security and passionate about solving security problems in a comprehensive and integrated way. Outside of work, an avid CrossFit enthusiast and a lover of fantasy literature.

View all posts

Right now Top posts

Phishing in the C-Suite: Protecting Executives from Targeted Cyber Attacks
Enterprise Security Endpoint Detection and Response

Phishing in the C-Suite: Protecting Executives from Targeted Cyber Attacks

December 12, 2023

The Cybersecurity Challenges Businesses Are Facing in 2023
Threat Research Endpoint Detection and Response Managed Detection and Response

The Cybersecurity Challenges Businesses Are Facing in 2023

April 05, 2023

Technical Advisory: Software Supply Chain Attack Against 3CX Desktop App
Threat Research Cybersecurity Awareness

Technical Advisory: Software Supply Chain Attack Against 3CX Desktop App

March 31, 2023

3 Key Takeaways From the US National Cybersecurity Strategy
Enterprise Security IT Compliance & Regulations

3 Key Takeaways From the US National Cybersecurity Strategy

March 14, 2023

FOLLOW US ON SOCIAL MEDIA

SUBSCRIBE TO OUR NEWSLETTER

Don’t miss out on exclusive content and exciting announcements!

You might also like

Rafel RAT: A Pest Invading Droid Systems
Enterprise Security

Rafel RAT: A Pest Invading Droid Systems
Jade Brown

July 25, 2024

Why Every Organization Should Implement Extended Detection and Response (XDR)
Enterprise Security Endpoint Protection & Management

Why Every Organization Should Implement Extended Detection and Response (XDR)
Our Software Release Strategy
Enterprise Security

Our Software Release Strategy
Martin Zugec

July 19, 2024

Bookmarks

loader