What’s New in GravityZone platform Q4 2023

Bitdefender introduced new functionalities within Bitdefender GravityZone, a comprehensive cybersecurity platform that provides prevention, protection, detection, and response capabilities for organizations of all sizes, GravityZone covers multi-, hybrid-, and cloud servers, workloads, as well as end-user systems, including PCs, laptops, and mobile devices. These new features are part of an ongoing project aimed at enhancing a multi-layered security strategy and extending the resilience of all organizations against advanced attacks before they cause damage.

What’s New for Security Analysts

In a dynamic cybersecurity landscape, security analysts are responsible for uncovering any signs of potential sophisticated attacks to make the invisible visible. This section describes new functionality designed to elevate the capabilities of analysts, offering enhanced tools for threat detection, investigation, and response. These tools are crucial for analysts seeking cybersecurity solutions with precision and efficiency.

Unified Incidents

Unified Incidents consolidates all EDR incidents at the host level with attacks from vectors like cloud workloads, identity service, productivity applications, and networks identified by XDR originating from Sensors. Bitdefender GravityZone empowers security analysts with an integrated platform, enabling them to identify, respond, and enhance their overall ability to proactively stop the spread of potential attacks.

To learn more about how Unified Incidents within GravityZone and how they assist security analysts in responding to system breaches, read our blog post “Introducing Unified Incidents to consolidate EDR and XDR incidents under GravityZone.”

What's New for Administrators

With administrators constantly juggling numerous tasks and responsibilities, tools designed to make their daily tasks easier are highly appreciated. This section describes new functionality designed to facilitate the management of features responsible for prevention, protection, and detection in a defense-in-depth security architecture. Administrators gain enhanced control over existing and new utilities, enabling them to better manage the environment and safeguard against modern cyberattacks.

Managed Network Permissions

With the latest release, network permissions will be changed. Instead of allowing users to access Network and Policies sections under one permission, administrators will have more granularity in configuration to split those permissions between network and security settings.

The latest update brings the possibility to configure management based on Managing Inventory and Endpoint Settings permissions in read-only and read/write mode. It is worth noting that all current user permissions will not be affected, which means all the users with existing Manage Networks permission after an update will have rights to manage Inventory and Endpoint Settings in read/write mode.

Patch Management

The critical importance of robust patch management cannot be overstated for administrators tasked with safeguarding digital assets. By regularly updating systems, administrators close security gaps, reduce attack surfaces, and meet compliance standards. Patch management is a proactive measure to prevent data breaches and enhance system performance.

With the introduction of macOS support starting from version 11, administrators can seamlessly integrate Patch Management into their existing implementation of cloud based GravityZone Control Center. It is worth noting that macOS support will be automatically added to all existing customers with an active Patch Management subscription.

In the latest release, GravityZone Patch Management offers a complete operating system and application patching solution for macOS, Windows, and Linux environments, ensuring comprehensive protection across all devices. A list of the supported OS and applications can be found on the Bitdefender Support page.

GravityZone Patch Management is an add-on component that can be easily installed on systems through the GravityZone console.

Bitdefender GravityZone installation package configuration.

After deploying the Patch Management feature, security teams can manually initiate patch scans on endpoints. These scans cover both operating system updates and available software patches. Through scheduled patch scans, administrators can keep track of updates, ensuring timely updates and enhancing the overall security posture of their network.

Bitdefender GravityZone Patch Inventory

Using the Patch Inventory, security teams can categorize patches based on operating system type, software manufacturer, and patch categories like security and non-security. Patch severity, ranging from none to critical, can also be assigned and tracked within this system. Security teams have the flexibility to select which updates and patches they wish to deploy or opt to skip. Administrators can install patches either immediately or within the designated maintenance window.

Bitdefender GravityZone Network Patch status report.

The GravityZone dashboard provides security teams with a comprehensive overview of the network patch status. This feature offers instant visibility into both successful and unsuccessful patch installations. In the Network Patch Status chart, security teams can easily access a detailed report detailing the patches and updates, including those that were successfully installed, those that failed, and those pending installation.

Firewall for Windows Server

With the new Firewall functionality for Windows servers, administrators gain the capacity to control network traffic. Now they have granular control over the services and applications that can communicate with the server, enhancing security by restricting access to only necessary and trusted sources. Bitdefender is using its own technology instead of managing the existing Windows Firewall. This approach provides us with the additional capability to add scanning functions, such as port scanning, which are not available when using the embedded Windows Firewall.

The redesigned existing Firewall configuration empowers administrators to disable and delete predefined default rules in the policy, offering more detailed control. The firewall module includes one embedded rule responsible for allowing management traffic between GravityZone and the BEST agent. This rule enables endpoint management regardless of any new rules created by an administrator. For example, if they accidentally create a rule to block any incoming or outgoing traffic to the GravityZone management server.

Firewall for Windows Server Implementation

We recommend testing the newly created server firewall policy before implementing it widely on all production servers. For example, after creating the server firewall policy, test servers should be assigned to that policy. After enabling the firewall configuration on these test servers, the administrator must test the new policy. It is worth noting that port scans, or creating a high number of rules, may create additional load on the CPU on the server. Therefore, we recommend avoiding any 'deny default actions' that can lead to the automatic creation of default rules and creating rules based on specific configurations to deny or allow all traffic at the bottom. Administrators must remember that the rules are checked from top to bottom. When all the tests are done with acceptable results, the server firewall policy can be assigned to production servers.

Web Access Control

With the latest release, the capability to define multiple schedules in a single policy has been added to the Web Access Control configuration to enhance Content Control capabilities. This enables administrators to define category decisions during different time intervals, allowing them to configure access to specific categories depending on the time, such as accessing social media or blogs outside of working hours.

The new Web Access Control profile for Windows computers is available under Policies in the Configuration Profiles section, where administrators can define granular schedulers depending on selected categories. With the new improvements, each profile can be linked to a single scheduler, which can include up to 10 sub-schedules, allowing administrators to configure more granular policies.

GravityZone Web Access Control Scheduler with defined categories and policies.

When planning the web access control scheduler, the administrator must remember that the rule order is important. If there is a match for a detected domain it will be executed first; if not, the next schedule will be checked. Additionally, during the assessment of time windows, the local device time is used. Therefore, it is advised not to allow end users to alter their time settings. Once a profile is defined, administrators can assign this profile under the Web Access Control configuration in the selected policy. After this step, existing category settings in the policy on the endpoint are removed, and all current settings are automatically mapped to the new schedulers.

Bitdefender GravityZone Content Control configuration.

What’s new for Users

Users are the most important part of any organization, and each IT system should contribute to their daily tasks without disruptions. To enhance their efficiency, making their daily lives easier becomes more and more important. In this section, we describe functionalities specifically designed to assist users in overcoming security challenges.

Exchange Protection

In the latest update, the restoration from quarantine functionality in the Exchange Protection module was added. In contrast to the existing functionality, which relies on sending a restore email as an attachment to a predefined email address, we now have the additional possibility to deliver the original email to its original recipients as it was sent initially. With this addition, the existing 'Release' option was renamed to 'Release as attachment,' and a new option was added under the name 'Release to intended recipient`. These improvements focus on enhancing users' daily tasks and increasing their efficiency.

The second Exchange Protection improvement focuses on user notification. With the new capabilities, we introduced three new actions that can be executed when emails land in user quarantine. Administrators can configure rules to notify the sender, recipients, or a specific email address when an email is quarantined, rejected, etc.

For example, when a user receives a notification indicating that an email has been sent to quarantine, they can estimate, based on provided information such as the subject and email sender, whether it is a false positive. This notification will be sent each time an incoming email matches the existing rule. In such cases, the user can then contact an administrator to request the release of the email. Upon review, the administrator can deliver it to the end user and modify the filtering rules.

The configuration is available under all subsections in the Exchange Protection Policy.

Defined notifications will be sent only to domains managed by the exchange server protected by Security for Email. It means that if 'Notify the sender' is enabled for an incoming email from another domain not managed by the Exchange server, the outside sender will not receive a notification email, as it would pose a security risk. The 'Notify the sender' notification only works for 'inside to outside' or 'inside to inside' scenarios.

Summary

Bitdefender GravityZone console stands out from the crowd, offering a one-stop solution for all your organization’s security needs. The introduction of new functionalities enhances cybersecurity for organizations of all sizes. As the digital landscape evolves, Bitdefender remains proactive, providing prevention, protection, detection, and response capabilities, ensuring the ongoing safety of organizations worldwide.