On the 27th of November, Bitdefender rolled out new functionality in Bitdefender GravityZone, a comprehensive cybersecurity platform that provides prevention, protection, detection, and response capabilities for organizations of all sizes. These features, consistent with our multi-layered security strategy, are intended to ease the workload of security analysts, administrators, and users.

What’s new for Security Analysts

In a dynamic cybersecurity landscape, security analysts are responsible for uncovering any signs of potential sophisticated attacks to make the invisible visible. This section describes new functionality designed to elevate the capabilities of analysts, offering enhanced tools for threat detection, investigation, and response.

MDR Breach Warranty

We are excited to share great news. Starting November 21st, Bitdefender's will be adding a Cybersecurity Breach Warranty as additional coverage built into our MDR and MDR PLUS licensing packages. This warranty will be included at no additional cost for all new and existing customers. Coverage will be dependent on the MDR license package you have purchased, see below table for details:

Customers will see a new Breach Warranty section in the left column under Service Management. It will provide details around the Breach Warranty, such as a list of security incidents covered, a link to the Terms and Conditions for review, and a link to Prerequisites that must be met in order for a claim to be approved. For more information on the warranty, please check out the FAQ page.

To learn more about our MDR service, check our official website here.

GravityZone XDR integration for Atlassian Cloud Applications

Sensors in Bitdefender GravityZone actively monitor your IT infrastructure – devices, networks, cloud, identities, and productivity applications – for potential threats, including ransomware attacks. This gives you complete visibility into your network activity, empowering you to stop attacks before they cause damage.

Atlassian Cloud simplifies the way teams collaborate and manage projects throughout the entire development lifecycle. With the latest release, Bitdefender enhanced the security of Atlassian Cloud applications, including Confluence, Jira, and Bitbucket, by integrating them with GravityZone via XDR Sensor.

This integration is available as a new add-on: Business Applications, as part of the existing GravityZone XDR offering. It offers not only centralized monitoring, detection, and correlation of security threats in real-time, all managed from the GravityZone Console, but also enables you to respond directly to these threats through the sensors in the GravityZone console.

For detailed information about the GravityZone XDR Atlassian Cloud integration, read our "Introducing GravityZone XDR integration for Atlassian Cloud Applications" article.

XDR Custom Exclusions

XDR goes beyond EDR by extending detection and response capabilities by collecting data from a wider range of sensors. These sensors add significant complexity and often a lot of noise to the final incident that a Security Analyst must review in order to respond effectively to an attack.

With the latest release, you can create exclusion rules through GravityZone Console or API on XDR parameters to prevent specific interactions between entities and resources in your organization from generating incidents. You can choose between parameters such as application, policy, or user group. Additionally, the EDR functionality has been enhanced with additional exclusion parameters, allowing you to exclude events and behaviors related to user connections and email activity on your endpoints.

GravityZone Compliance EAP

Regulatory compliance goes beyond legal obligations; it is a strategic approach to managing cyber risks and demonstrating the value of cybersecurity investments. By leveraging compliance reports and frameworks, you can proactively identify and mitigate security risks, reducing the likelihood of data breaches.

Compliance functionality is now available for the Early Access Program (EAP) to all customers and partners with an active Risk Analytics license. With the latest release, for all your endpoints you will have access from GravityZone console to the following compliance standards:

Critical Security Controls (CIS) v8.0

GDPR

NIS 2 Directive

SOC2

ISO27001

You will have immediate visibility on findings (misconfigurations) and user behavior risks information gathered by the Risk Management module and mapped to compliance standards. No further action is required from your side.

For detailed information about the GravityZone Compliance, read our "Introducing GravityZone Compliance," article.

You can find instructions on how to join the Early Access program and initiate the configuration in the GravityZone Support Center here. New customers, before joining EAP, will need to request the trial license for Bitdefender GravityZone here.

New Public API Methods

Bitdefender Control Center APIs allows you to automate business workflows. With the latest release, you can use two new methods. The first, createResponseAction, will streamline your incident response actions. By using this method, you have access to the following response actions:

Disable the user

Force reset the user credentials

Mark the user as compromised

Delete the user's email

You can take response action based on the XDR incident ID or based on user data specified in the node.

The second method, getResponseActionStatus, will help you check the status of a requested response action on an XDR incident.

Additionally, we added a filters parameter to the createCustomRule method. It can be used to add exclusions for XDR incidents.

The full list of the Incidents API, which allows you to manage Endpoint Detection and Response (EDR) features is available on our BItdefender Support Center here.

Bitdefender IntelliZone Enhancements

Bitdefender IntelliZone is our Threat Intelligence Portal, exposing the capabilities of our Threat Intelligence solution. It provides UX-optimized, human-readable visualizations of Threats and Indicators of Compromise (IoC). IntelliZone integrates search and navigation functionalities, offers AI-powered user support, and includes other valuable features, all optimized for security analysts.

In the latest release, we launched the Operational Dashboard that provides a real-time view of the cybersecurity landscape. This dashboard includes information about threats and vulnerabilities specific to your country or industry. You can use it to monitor activities and risks associated with specific threat actors, countries of origin, or target industries, providing critical context for proactive threat management.

GravityZone SIEMs integration

SIEM (Security Information and Event Management) collects, analyzes, and correlates security data from various sources to detect security threats in real-time. With the last release, we added to our existing SIEM list three new integration possibilities. Using GravityZone APIs, you can send events to FortiSIEM, Elastic, and LogRhythm. These integrations will allow you to search across SIEM platforms based on events coming from GravityZone, providing a centralized view of security events.

But that is not all. Thanks to our createResponseAction API (described in one of the articles above), you can create playbooks and automated responses for security incidents.

Detailed information about configurations can be found at our Bitdefender Support Center here.

YARA rules General Availability

With the existing release, YARA rules have become Generally Available (GA) for all customers. By adding YARA rules to the GravityZone platform, security teams are empowered to create finely tuned, organization-specific detection patterns. This not only strengthens your organization's ability to detect known threats but also increases its resilience against emerging risks such as zero-day vulnerabilities and sophisticated malware variants.

For detailed information about YARA rules, read our "Introducing YARA rules to enhance threat-hunting capabilities" article.

What’s new for Administrators

With administrators constantly juggling numerous tasks and responsibilities, tools designed to make their daily tasks easier are highly appreciated. This section describes new functionality designed to facilitate the management of features responsible for prevention, protection, and detection in a defense-in-depth security architecture.

Malware Protection Enhancements

Malware protection is a multi-layered approach that includes behavioral analysis, machine learning algorithms, and real-time threat intelligence, allowing you to customize security profiles based on your system needs and balance performance with protection.

With the latest release, on-demand scheduled scan tasks were enhanced with two additional options. Now you can Pause scan when computer is in Battery mode to prioritize user experience. The second option, available for Linux and macOS operating systems, is to Enable CPU usage control, which means you can adjust the CPU usage allocated for the scanning process to three levels:

Low - the On-Demand Scan will stop when the Idle CPU is Less than 75% on macOS and will not use more than 25% of the total CPU on Linux.

Medium - the On-Demand Scan will stop when the Idle CPU is Less than 50% on macOS and will not use more than 50% of the total CPU on Linux.

High - the On-Demand Scan will stop when the Idle CPU is Less than 25% on macOS and will not have a CPU usage limit on Linux.

Additionally, if you want to bypass protection alarms when trusted systems perform necessary registry changes, you can create exclusions for Sensitive Registry Protection using specific IP addresses or a subnet mask.

Power User Enhancements

The Power User module grants you administrator rights at the endpoint level, enabling you to access and modify specific security settings through a local CLI console.

With the latest release, the Power User CLI module for Windows systems has been enhanced with new functionalities, such as the ability to enable and disable all modules with a single command. You can also set the number of minutes after which any changes made with Power User are reverted. Additionally, you can add and remove exclusions for modules like Antimalware On-access scanning, Advanced Threat Control, Ransomware Mitigation, and Network Protection.

GravityZone Platform Actions

In the latest release, to standardize naming across the GravityZone platform, we've modified scan actions. Ignore and Take no action have been renamed to Report only. Delete has been included in the Remediate action which is the same naming for former Disinfect action. Additionally, all actions for suspicious files have been removed. This action allowed us to create a more intuitive interface, ensuring consistency across the GravityZone platform.

Enhanced EAP Network Capabilities

The new Network section, introduced in the August 2024 edition of our EAP program, has been enhanced with additional actions in this release. We continuously improve this section with each release to provide you with the best possible experience. You now have access to the following actions: Install patches, Assign tags, Unassign tags, Mark as Golden Image, Unmark as Golden Image, Isolate endpoint, Remove from isolation, Uninstall agent, Restart endpoint, Repair agent, Resume integrity monitoring, Suspend integrity monitoring, Update agent, Patch scan and Delete.

New Status Page for GravityZone

If you are wondering about the latest updates, incidents, or issues affecting Bitdefender's GravityZone platform, look no further. The newly launched Status Page is your go-to source for real-time information. Stay informed about ongoing incidents, track outstanding product issues, and get notified about both scheduled and unscheduled product updates. The Status Page is available here.

Summary

Bitdefender GravityZone platform stands out from the crowd, offering a one-stop solution for all your organization's security needs. As the digital landscape evolves, Bitdefender remains proactive, providing prevention, protection, detection, and response capabilities, ensuring the ongoing safety of organizations of all sizes worldwide.

To learn more about the Bitdefender GravityZone platform, contact us or a Bitdefender partner for more information. You can also start a free trial by requesting a demo here.