What’s New in GravityZone Platform September 2024 (v 6.55)
September 18, 2024
On the 16th of September, Bitdefender rolled out new functionality in Bitdefender GravityZone, a comprehensive cybersecurity platform that provides prevention, protection, detection, and response capabilities for organizations of all sizes. These features, consistent with our multi-layered security strategy, are intended to ease the workload of security analysts, administrators, and users.
What’s New for Security Analysts
In a dynamic cybersecurity landscape, security analysts are responsible for uncovering any signs of potential sophisticated attacks to make the invisible visible. This section describes new functionality designed to elevate the capabilities of analysts, offering enhanced tools for threat detection, investigation, and response.
New Compliance Report Functionality
Compliance report functionality is now available for the Early Access Program (EAP) in controlled availability for a small number of selected customers and partners.
With the latest release, you will have access to the first available compliance report for endpoints, based on the Critical Security Controls (CIS) v8.0 compliance standard.
The report is generated based on the information gathered by the Risk Management module, such as risk, vulnerability, and misconfiguration. The report doesn't require any additional action from your side and is generated based on mapped information to compliance standards.
The report is available in the Risk Management section and will help you understand your organization's risk, mapped to an industry standard compliance framework.
It’s important to know that the compliance report will be generated only for the endpoints where the Risk scan was executed successfully.
Bitdefender CSPM+ Notification Enhancements
Bitdefender CSPM+ ensures the secure and compliant configuration of cloud resources and services to identify and mitigate potential security risks, misconfigurations, and manage identities within cloud environments such as Amazon Web Services (AWS), Google Cloud Platform (GCP), Microsoft Azure, and Alibaba Cloud.
With the latest release, you can establish granular control over notifications by setting up rules that allow you to receive alerts for specific findings during automatic scans. You can configure notifications through integrated third-party apps like Slack or Webhook, or via email.
The Notification Configuration is accessible in the upper right-hand corner of the Settings section. Here, you can create new notification rules, modify existing ones, or delete them entirely. The latest update empowers you to customize notifications by selecting Recipients, Scan Groups, and desired Severity Levels, ensuring you only receive alerts for issues that match your chosen threshold.
What’s new for Administrators
With administrators constantly juggling numerous tasks and responsibilities, tools designed to make their daily tasks easier are highly appreciated. This section describes new functionality designed to facilitate the management of features responsible for prevention, protection, and detection in a defense-in-depth security architecture.
Update Staging for GravityZone
Staging enables you to test updates in a controlled environment before deploying them in your production environment. We've implemented an additional staging possibility to the process described in our Software Release Strategy article.
With the latest release you can control what version of the product you have in your infrastructure on Windows, Linux and macOS operating systems. You can configure the version between three rings:
- Production ring
- Test ring 1
- Test ring 2
This feature is available if you have one of the listed subscriptions here.
Those three rings come as an addition to existing slow and fast rings described in our Support Center here, that you can configure in the Update section in Policy configuration.
Update Staging configuration is available for you in Configuration profiles section. You can configure the product version to which the BEST agent can be updated. You can configure update rings depending on the operation system independently. You can assign one version to multiple rings but at the same time ring can be assigned only to one version.
When you configure Update Staging rings, you can also choose which version of the BEST agent to use for installation on Windows, Linux, and macOS using new menu. If you don't configure update rings, downloaders won't be active.
Ring selector is also available for packages that can be sent via email in the Send Download Links section.
All configurations are logged and available for review with full details in the User Activity section.
Relay Optimizing
Relay is a communication agent between BEST agents and Bitdefender GravityZone Update servers, used for communications and downloading updates and patches.
With the latest release, Reverse Proxy Relay downloads and caches only the requested files from your BEST endpoints. It's available for BEST Windows and BEST Linux agents when you are using the new Cloud Update Staging for GravityZone. The previous versions of Relay, which works as repository and pre-downloads all new updates, isn't compatible with Cloud Update Staging and will be replaced eventually. For now, both types of Relays will be available.
Suspected Actors Attribution in Incident Advisor
During a security incident, it's essential to stop the attack and identify its source. GravityZone Incident Advisor was designed to minimize the time required to investigate and contain threats. Recently, Incident Advisor was enhanced with the Suspected Actors section. This feature identifies the individuals, groups, or organizations behind a cyber threat or attack.
To request access to Bitdefender IntelliZone Platform and integrate it with GravityZone you have to go through the Product Trials Hub section by clicking the Contact us button for Advanced Threat Intelligence. This integration allows you to open a new tab on the actors page of IntelliZone directly from Incident Advisor, providing a seamless workflow for incident investigation.
Suspected Actors information helps you prevent the attack from spreading by taking appropriate actions or adopting prevention actions tailored to the known Tactics, Techniques and Procedures (TTP) of the suspected group. For example, by creating custom rules to isolate endpoints when certain connections or suspicious file hashes are detected.
Network Sensor Updates
Sensors in Bitdefender GravityZone actively monitors your IT infrastructure like devices, networks, cloud, identities, and productivity applications for potential threats, including ransomware attacks. Network Sensor specifically analyzes network traffic to detect and prevent lateral movement, data exfiltration, port scanning, and brute-force attacks, providing crucial insights into network-based threats.
With the latest update you can download Network Sensor Virtual Appliance (XDR NDVA) packages directly from the Installation Packages section.
Network Protection Enhancements
Bitdefender Network Protection is our deep packet inspection solution that provides comprehensive protection against network-based threats. It leverages threat intelligence, content scanning, and network detection capabilities to detect and identify malicious or suspicious activity. More information about Network Protection you can find here.
With the latest release, you can add additional processes for HTTPS traffic scanning. This allows you to scan not only the predefined list of processes on Windows and macOS computers but also add custom applications or unsupported browsers. Configure these settings in the General tab of the Network Protection section in Policies configuration. The BEST agent can scan HTTPS traffic on both predefined and custom processes.
We also added an additional feature that allows us to intercept malicious domains during the TLS Handshake phase when the connection is made by a process. This Intercept TLS Handshake feature can detect potential threats without decrypting the traffic by checking the domain that the process tries to access. It scans all outbound traffic from processes that are not defined in the Scan HTTPS section. You can decide whether to provide the end user with the standard Access Denied page in response to this connection or reset the connection without communicating with the end user.
What's worth highlighting is that the threat domains are detected by our Bitdefender Global Protective Network and used also in our Threat Intelligence solution.
Risk Management Enhancements
With the latest release, we added additional pivoting options for existing reports in GravityZone.
You can now navigate directly to Risk Management from the Response tab of Endpoint incidents, and Associated Risk widget in Incident advisor.
The External Attack Surface Management (EASM), as announced in the What’s new July edition, now allows you to directly navigate to the Risk Management section for each CVE listed in the side panel of a Service type asset. Additionally, in the Device tab, you can apply a filter for the selected CVE to view all affected devices.
Additionally, the Risk Management dashboard has been redesigned and restructured under separate GravityZone pages such as Misconfigurations, Vulnerability, User behavior risk. All pages have been enhanced with the Smart views feature that you can create your own customized views or use the predefine one.
Bitdefender Control Center API Enhancements
Bitdefender Control Center APIs enable developers to automate business workflows. These APIs are exposed via the JSON-RPC 2.0 protocol, and you can find usage examples and documentation in our Support Center here.
With the latest release, you will have two additional actions at your disposal, such as terminating processes and submitting files to the sandbox for analysis. These additional actions help you streamline the incident process by enabling you to quickly isolate threats and generate comprehensive incident reports.
Policy Configuration Redesign
Following our What’s New July 2024 announcement, we are in the process of redesigning GravityZone Policies. This update comes with a new design and improved interface texts for the Policy sections such as Relay and Live Search.
Enhanced EAP Network Capabilities
The new Network section, introduced in the August 2024 edition of our EAP program, has been enhanced with additional actions in this release. You now have access to actions: Malware scan, IOC scan, Exchange scan, Go to location. This update bridges the gap between the new and existing Network sections.
Summary
Bitdefender GravityZone Platform stands out from the crowd, offering a one-stop solution for all your organization's security needs. As the digital landscape evolves, Bitdefender remains proactive, providing prevention, protection, detection, and response capabilities, ensuring the ongoing safety of organizations of all sizes worldwide.
To learn more about the Bitdefender GravityZone Platform, contact us or a Bitdefender partner for more information. You can also start a free trial by requesting a demo here.
tags
Author
Grzegorz Nocon is a graduate of the Faculty of Physics at the University of Silesia. With over 16 years of experience in the IT industry, he currently works as a Technical Marketing Engineer at Bitdefender. A strong supporter of a holistic approach to security and passionate about solving security problems in a comprehensive and integrated way. Outside of work, an avid CrossFit enthusiast and a lover of fantasy literature.
View all postsRight now Top posts
FOLLOW US ON SOCIAL MEDIA
SUBSCRIBE TO OUR NEWSLETTER
Don’t miss out on exclusive content and exciting announcements!
You might also like
Bookmarks
