What’s New in GravityZone Platform April 2024 (v 6.49)

On the 2nd of April 2024, Bitdefender rolled out new functionality in Bitdefender GravityZone, a comprehensive cybersecurity platform that provides prevention, protection, detection, and response capabilities for organizations of all sizes. These features, consistent with our multi-layered security strategy, are intended to ease the workload of security analysts, administrators, and users.  

What’s new for Security Analysts 

In a dynamic cybersecurity landscape, security analysts are responsible for uncovering any signs of potential sophisticated attacks to make the invisible visible. This section describes new functionality designed to elevate the capabilities of analysts, offering enhanced tools for threat detection, investigation, and response.  

YARA rules for macOS 

YARA rules are a pattern-matching mechanism used for identifying and classifying data or files based on specified conditions. These conditions are written in a specialized YARA rule language, allowing for precise and customizable detection rules. When a system scans files or data, it checks them against these rules to identify matches, triggering specific actions or alerts when a match is found. YARA rules are like digital detectives' instructions. They tell an agent on the computer what to look for in files or data. If the agent finds a match, it can sound an alarm. YARA rules can be valuable assets for: 

• Zero-day Detection – you can create rules that detect vulnerable software that was not patched by the manufacturer or malware that tries to exploit it 
• Threat Hunting – YARA rules can be used for proactive threat hunting by searching for specific patterns, and IoC (Indicators of Compromise) to identify threats that may have gone undetected by traditional security tools. 
• Customer Security Policy – YARA rules can be used to enforce specific policies, for example blocking files with specific characteristics. 
• Forensic and Incident Response – YARA rules can be applied to identify files/artifacts associated with known threats to identify and stop security incidents. 
• Signature-based detection – you can create signatures for known malware to scan for specific patterns associated with malicious software. 

Bitdefender's Early Access Program (EAP) now supports macOS devices. This means you can enjoy the advanced protection of GravityZone on your Mac, alongside Windows and Linux machines. 

With a Bitdefender GravityZone EDR subscription, you gain the ability to proactively identify and stop malicious activity across all three operating systems. This gives you a more comprehensive security posture and helps keep your devices safe from emerging threats. 

Bitdefender GravityZone YARA rules configuration.

What’s new for Administrators 

With administrators constantly juggling numerous tasks and responsibilities, tools designed to make their daily tasks easier are highly appreciated. This section describes new functionality designed to facilitate the management of features responsible for prevention, protection, and detection in a defense-in-depth security architecture. 

XDR Sensors: Security for Mobile platform integration 

Devices like iPads, iPhones, Androids, and Chromebooks protected by Security for Mobile now contribute to the visibility of GravityZone XDR. This means you get a more complete picture of your security without lifting a finger. 

 As long as you have both Security for Mobile and XDR subscriptions, everything works automatically. These subscriptions talk to each other seamlessly, allowing you to collect information about events and threats on your mobile devices. This helps you identify potential attacks before they cause any harm. 

For example, it leverages URL filtering techniques to proactively identify attempts to access malicious websites from mobile devices. This mitigates the risk of phishing attacks and malware distribution via web browsing activities. 

Bitdefender GravityZone Incident Advisor view.

Bitdefender GravityZone Extended Root Cause Analysis view. 

Mobile integration also employs a list of known malicious applications to identify and report their presence on managed mobile devices. It actively monitors network traffic on mobile devices to detect reconnaissance scans conducted by potential attackers. These scans may utilize protocols such as IP, TCP, UDP, or ARP and can be indicative of attempts to gather information about the device or exploit vulnerabilities.  

More detection techniques are detailed in the Sensors article on the TechZone portal. 

Enhanced Risk Visibility in the Incident Advisor 

Risk management allows you to identify vulnerabilities and misconfigurations associated with the Windows and Linux Operating Systems and user risky behavior across the organization. 

With the latest release, you will have at your disposal the Associated Risks widget, available in the Incident Advisor view. The new widget summarizes all known threats and misconfigurations related to the entities and assets involved in the incident, offering a chart broken down by threat type and links to the associated risk global overview. For example, when an endpoint is engaged with an incident, Associated Risks will provide you with information about all misconfigurations on this endpoint, such as Insecure Guest Logon, where the SMB client will allow insecure guest logons to an SMB server or Password not required attribute set to True on user account.  

Depending on your license it provides information about the top 5 risks from Risk Management and 5 risks from the Cloud Security Posture Management (CSPM+) platform with the possibility to display all Associated risk. We designed Incident Advisor to minimize the time required for you to investigate and contain threats, and with new functionality, you will have an even more comprehensive toolset to swiftly identify, assess, and mitigate potential security threats. 

Bitdefender GravityZone Incident Advisor view and Associated risks details.

Threats Explorer Enhancement 

Threats Explorer offers you visibility over the detected threats in your network, providing a complete list of detection events. With the latest release, we enhanced the existing Tags functionality in GravityZone by utilizing Tags to review events in the Threats Explorer. This allows you to monitor detection events based on specific groups of endpoints where automatic or custom tags have been assigned. For instance, tagging all members of the Financial Department enables you to analyze and correlate detections using tag filters in Threats Explorer. 

From now on, you can use Tags filters in sections such as Network, Threats Explorer, Health Dashboard, and Live Search. 

Executive Summary Enhancement 

The Executive Summary presents a concise security overview of all protected endpoints in your network. With the latest release, we renamed the Incidents status widget to Incidents breakdown by action taken. For a more granular view, the widget now includes three categories: Reported, Partially Blocked, and Blocked. The Reported category comprises Endpoint and Organization incidents for which no action was taken and require further investigation. The Partially Blocked category includes Organization incidents where automatic actions defined in the policies have been taken only on some entities. Finally, the Blocked category comprises Endpoint incidents detected and blocked by GravityZone prevention modules. 

New Help & Support Page 

With the latest release, the Help & Support page has a new design. The main template provides you with information about the current GravityZone version and links to the official product documentation. Additionally, you can check a list of all Masterclass trainings, assign yourselves to upcoming trainings, and view recordings of past sessions. The new design covers topics displayed on cards organized into two tabs: Basic and Advanced Configuration. 

The Basic view covers general GravityZone usage, including platform and account management, licensing, and basic installation and configuration. 

The Advanced Configuration view provides information on specific GravityZone features. Administrators can access articles describing advanced installation and specific functionalities like Network Protection and Patch Management. Remember that the content depends on the company type and the license you are using. 

Bitdefender GravityZone Help and Support page view.

Summary 

Bitdefender GravityZone platform stands out from the crowd, offering a one-stop solution for all your organization's security needs. As the digital landscape evolves, Bitdefender remains proactive, providing prevention, protection, detection, and response capabilities, ensuring the ongoing safety of organizations of all sizes worldwide.  

To learn more about the Bitdefender GravityZone platform, contact us or a Bitdefender partner for more information. You can also start a free trial by requesting a demo here.