This month, Bitdefender rolled out new functionality in Bitdefender GravityZone, a comprehensive cybersecurity platform that provides prevention, protection, detection, and response capabilities for organizations of all sizes. These features, consistent with our multi-layered security strategy, are intended to ease the workload of security analysts, administrators, and users.
In a dynamic cybersecurity landscape, security analysts are responsible for uncovering any signs of potential sophisticated attacks to make the invisible visible. This section describes new functionality designed to elevate the capabilities of analysts, offering enhanced tools for threat detection, investigation, and response.
External Attack Surface Management (EASM) is now available for the Early Access Program (EAP). To leverage the benefits of Bitdefender EASM, please contact your Bitdefender sales representative for more information on joining EAP.
EASM helps you gain a comprehensive view of your company's external attack surface. It automatically discovers and organizes all internet-facing assets, services, and potential vulnerabilities. This gives you a clear picture of what needs protection, allowing EASM to identify and prioritize potential security gaps before attackers exploit them. After joining the EAP, you can access the EASM panels view under the Risk Management section.
For detailed information about the EASM solution, read our "Introducing External Attack Surface Management (EASM)" article.
Bitdefender CSPM+ ensures the secure and compliant configuration of cloud resources and services to identify and mitigate potential security risks, misconfigurations, and manage identities within cloud environments such as Amazon Web Services (AWS), Google Cloud Platform (GCP), and Microsoft Azure.
With the latest release, you can integrate CSPM+ with Alibaba Cloud. Now you can gain continuous visibility across your cloud environments, identify misconfigurations and security risks, ensuring compliance with regulations and best practices. Manual remediation instructions and security best practices empower you to take action and secure your Alibaba Cloud deployments. Additionally, the comprehensive asset inventory provides a detailed overview of your cloud resources and identities.
The latest release also brings Webhook integrations for GravityZone Cloud Security. Webhooks are lightweight HTTP callbacks that allow you to automate notifications and receive real-time updates on security events within GravityZone Cloud Security. This event-driven communication only sends data when a specific event occurs, reducing overall communication volume compared to standard API calls.
Infrastructure as Code (IaC) scanning has been added to CSPM+ as of July 2, 2024. IaC scanning allows organizations to check their IaC files for misconfigurations and secrets before deployment, including Terraform, AWS CloudFormation templates, Azure Resource templates, Helm charts, Kubernetes, and Dockerfiles. Reach out to your Bitdefender representative to learn more
Bitdefender IntelliZone is our Threat Intelligence Portal, exposing the capabilities of our Threat Intelligence solution. It provides UX-optimized, human-readable visualizations of Threats and Indicators of Compromise (IoC). IntelliZone integrates search and navigation functionalities, offers AI-powered user support, and includes other valuable features, all optimized for security analysts.
In the latest release, we've integrated a Generative AI feature into IntelliZone. This feature is available on the Threat View page and allows you to generate threat descriptions. If you generate a description, the card displays the last generated threat description and the time of its generation.
The latest release brings another powerful addition to IntelliZone, the Full Actor Page. It provides you with a deep detailed view about a selected actor. Panels include three sections:
With administrators constantly juggling numerous tasks and responsibilities, tools designed to make their daily tasks easier are highly appreciated. This section describes new functionality designed to facilitate the management of features responsible for prevention, protection, and detection in a defense-in-depth security architecture.
Advanced Threat Control (ATC) actively monitors process behavior in real-time to distinguish malicious from benign activity. It employs over 300 heuristics and machine learning models to analyze process actions and API calls, identifying threats like credential theft, process injection, persistence attempts, and ransomware.
With the latest release, Bitdefender ATC extends to Linux systems, further enhancing existing threat detection capabilities by offering visibility into potential security risks. You'll gain insights into malicious processes the BEST agent identifies, allowing for informed decisions and manual remediation of threats on Linux endpoints.
To leverage this improved functionality, simply reconfigure your agents using the Task in the Network configuration section to include the ATC module.
Unified Extensible Firmware Interface (UEFI) is a modern replacement for the legacy BIOS. It initializes hardware components during startup and loads the operating system on your machine.
With the latest release, we've enhanced the Antimalware module's capabilities giving you the option to enable UEFI scanning. This feature is available for both on-demand scheduled tasks within Policy configuration and for malware scan tasks initiated from the Network page.
UEFI scanning includes the firmware itself and all files located on EFI partitions like applications and drivers. UEFI scanning functionality is independent of the operating system, it relies on supported physical chipsets on hardware machines.
The detection events you can find in the Threats Xplorer section, or by generating a Security Audit report.
Our virtual environment security solution is designed to improve security and performance. It minimizes resource impact on endpoint security by utilizing multi-level caching and scan offloading on Security Virtual Appliances (SVAs).
SVAs are now available for direct deployment from the Azure Marketplace. This streamlined deployment offers resource efficiency and minimal performance impact, making it ideal for low-footprint deployments.
To leverage these benefits, you'll install a lightweight agent with a built-in Security Server component. This component handles multi-level caching and scan offloading, minimizing CPU, memory, and storage impact on your systems. Security Virtual Appliances themselves provide Antimalware scanning engines and threat intelligence databases. This centralization reduces the number of updates required in non-persistent environments like VDI clients.
For more details, check out our TechZone article here.
Patch Management helps you prioritize and automate the installation of critical security updates for operating systems and applications, keeping all your systems secure and up-to-date.
With the latest update, we've added a new category called Manually Approved to our existing list alongside Security and Non-Security patches. This category includes all patches that can impact the installed Windows version, such as Microsoft Windows Feature Update patches and other important updates that require human intervention: either they require credentials to download them, or the download link for the patch is not publicly available.
Manually approved patches can be installed by you on demand like any other patch or automatically during a configurable maintenance window defined in Bitdefender GravityZone Configuration Profiles. For the maintenance window, you need to select each manually approved patch and activate them for inclusion.
All reports and statuses will show all three types of patches. It's worth noting that computers missing only manually approved patches will be reported as up to date.
With the latest release, you have more control over when running applications are patched. All applications that are not currently running will be patched automatically. The product now requires restarting applications that are running during patching. End user will receive a pop-up with a list of applications that need to be restarted.
After the end user confirms, these applications will be closed and patched successfully. Users can also postpone applications restart for up to 24 hours.
With this release, we start a series of releases with the main goal to redesign the GravityZone policies section. This first update comes with a new design and improved interface texts for the policy sections such as Integrity Monitoring, Encryption, Incident Sensor, Storage Protection, Patch Management and Risk Management. The new design also includes links to related GravityZone documentation under "Get help from Support Center".
Additionally, Storage Protection was redesigned. The existing ICAP section was renamed to General. The previous ICAP configuration is included in the General configuration.
In Patch Management configuration, you can now create a maintenance window if one hasn't been created yet. When the maintenance window is created, you can see each schedule's maintenance windows details displayed.
Bitdefender GravityZone platform stands out from the crowd, offering a one-stop solution for all your organization's security needs. As the digital landscape evolves, Bitdefender remains proactive, providing prevention, protection, detection, and response capabilities, ensuring the ongoing safety of organizations of all sizes worldwide.
To learn more about the Bitdefender GravityZone platform, contact us or a Bitdefender partner for more information. You can also start a free trial by requesting a demo here.
tags
Grzegorz Nocon is a graduate of the Faculty of Physics at the University of Silesia. With over 16 years of experience in the IT industry, he currently works as a Technical Marketing Engineer at Bitdefender. A strong supporter of a holistic approach to security and passionate about solving security problems in a comprehensive and integrated way. Outside of work, an avid CrossFit enthusiast and a lover of fantasy literature.
View all postsDon’t miss out on exclusive content and exciting announcements!