What’s New in GravityZone June 2025 (v 6.63)

Bitdefender rolled out new functionality during June 2025, in Bitdefender GravityZone, a comprehensive cybersecurity platform that provides prevention, protection, detection, and response capabilities for organizations of all sizes. These features, consistent with our multi-layered security strategy, are intended to ease the workload of security analysts, administrators, and users.  

What’s New for Security Analysts 

In a dynamic cybersecurity landscape, security analysts are responsible for uncovering any signs of potential sophisticated attacks to make the invisible visible. This section describes new functionality designed to elevate the capabilities of analysts, offering enhanced tools for threat detection, investigation, and response.  

Compliance Manager 

Regulatory compliance goes beyond legal obligations; it is a strategic approach to managing cyber risks and demonstrating the value of cybersecurity investments. By leveraging compliance reports and frameworks, you can reduce the likelihood of data breaches, stay ahead of evolving regulatory demands, and strengthen your overall security posture.  

Initially introduced in our Early Access Program (EAP) in December 2024, Compliance has evolved to reach its final, generally available state. Now, under its new name, GravityZone Compliance Manager offers continuous visibility into endpoints compliance status based on adopted industry standards such as Bitdefender Cyber Hygiene Baseline for Windows, DORA, GDPR, and NIS2*. 

This comprehensive tool simplifies compliance management through continuous evaluation, moving beyond periodic checks to provide real-time insights into your endpoint compliance posture, enabling you to effectively manage your risk and reduce your attack surface. Furthermore, built-in mappings eliminate the need for manual translation; they directly link general requirements to specific technical controls on your endpoints.

For example, NIS2's encryption requirement (Article 21, Paragraph 2), translates into concrete technical controls, such as verifying the presence of a TPM module on a Windows machine.  

All customers with Risk Management now receive access to new compliance capabilities built directly on top of the Risk Management module. This added functionality includes: 

• A basic compliance standard (Bitdefender Cyber Hygiene) with real-time compliance insights, actionable guidance and an exportable report – at no additional cost.   

• Preview access to advanced standards, such as GDPR, DORA, NIS2, HIPAA, and PCI DSS*. To fully unlock advanced compliance standards, including numerous exportable reports, a Compliance Manager add-on license is now available.  

You can access the Compliance Manager directly from the GravityZone console, located within the Compliance Manager tab of the Risk Management section. 

Compliance Manager provides real-time insights into your endpoint compliance posture. 

Each finding related to compliance standards or frameworks comes with clear, actionable remediation techniques, including manual and automatic options.

While specific threats might require manual intervention, you'll find detailed, step-by-step guidance for fixing the risk in the dedicated Risk Mitigation section. For issues that can be resolved automatically, with a single Fix Risk button you can simply create a task to mitigate them by changing the configuration, ensuring efficient and timely resolution of compliance gaps. 

For all compliance standards and frameworks, you can use audit-ready reports (PDF and XLSX formats) to demonstrate the effectiveness of your risk reduction initiatives. 

Vulnerability Scanning Enhancements for Network Sensor 

Bitdefender GravityZone Sensors provide complete visibility into your IT infrastructure – from devices and networks to cloud environments, identities, and productivity applications. They actively monitor for potential threats, including ransomware attacks, empowering you to stop them before they cause damage.   

With the latest update, the Network Sensor now does more than just monitor network traffic for lateral movement attempts. It also actively scans for open ports, identifies running applications, and detects associated known vulnerabilities (CVEs). 

If you are using the Network Sensor, it will be automatically updated with this vulnerability scanner functionality. To activate this new feature, simply configure the vulnerability scanner directly. You can find more information about configuration steps in our Bitdefender Support Center here. 

The Vulnerability Scanner can scan up to 9 networks directly connected to the Network Sensor. Scans can be configured automatically as a scheduled scan within your Policy under the  Risk Management section, or manually from the Network section. For manual risk scans, remember to select the NSVA checkbox.  

All results are consolidated in the Risk Management section and contribute to your Company Risk Score, providing a clear overview of your organization's overall risk level. This functionality enables proactive risk assessments by providing visibility into network-exposed services and their potential weaknesses across all managed devices. 

Risk Management Dashboard 

Enhanced Cloud Network Visibility with Azure vTAP Support 

Azure Virtual Network Terminal Access Point (vTAP) is a powerful feature in Microsoft Azure that allows you to continuously stream a copy of your virtual machine (VM) network traffic to a network packet collector or analytics tool. 

With the latest update, the XDR Network Sensor Virtual Appliance (NSVA) now also supports Azure vTAP, enhancing its ability to provide comprehensive network visibility. This integration means that your XDR Network Sensor Virtual Appliance can now be configured to ingest network traffic by setting the Security Server monitoring interface as a vTAP destination, extending network visibility into your Azure cloud environments. 

API Enhancements 

Bitdefender Control Center APIs enable developers to automate business workflows. These APIs are exposed via the JSON-RPC 2.0 protocol, and you can find usage examples and documentation in our Support Center, here.  

With the latest release, API calls were updated to support Compliance Manager:  

• The manageComplianceManager and manageComplianceManagerResell parameters are now available for the createCompany method.  

• The manageComplianceManager and manageComplianceManagerResell parameters are now available for the getLicenseInfo and setMonthlySubscription methods.  

• The getMonthlyUsage and getDetailedMonthlyUsage methods now return the complianceMonthlyUsage attribute.  

• The getNetworkInventoryItems method returns the manageComplianceManager and manageComplianceManagerResell attributes. 

What’s New for Administrators 

With administrators constantly juggling numerous tasks and responsibilities, tools designed to make their daily tasks easier are highly appreciated. This section describes new functionality designed to facilitate the management of features responsible for prevention, protection, and detection in a defense-in-depth security architecture. 

Network Protection Enhancements 

Bitdefender Network Protection is our deep packet inspection solution that provides comprehensive protection against network-based threats. It leverages threat intelligence, content scanning, and network detection capabilities to detect and identify malicious or suspicious activity. More information about Network Protection can be found here. 

The latest release enhanced Network Protection by adding an incoming Server Traffic Scan option. You can activate this feature in the GravityZone policies, under the Network Protection section, within Network Attacks. It scans protocols such as SMB, RPC, Kerberos, LDAP, and WinRM when active. Additionally, if the option 'Inspect encrypted domain controller traffic' is enabled, decryption will be activated for SMB, RPC, and Kerberos protocols only on servers with the Domain Controller role. 

Network attack defense leverages streamed mode processing to analyze and process network traffic in real-time. It not only enhances protection by detecting network-based attacks but also increases Bitdefender EDR and XDR visibility. 

Network Section Enhancements

The Network section provides functionalities for managing all entities available in your network. Entities are defined as physical computers, virtual machines, Security Servers, containers, and folders available in your network. 

To enhance user experience, with the latest release, right-click functionality was added to the Network grid. This will allow you to take actions on the selected entities without needing to navigate to the actions button. Additionally, you can filter for devices located in the Deleted folder. 

With the latest release, MSP partners can filter for endpoints that were migrated from one company to another. 

Risk Management Enhancement 

Risk Management provides a comprehensive overview of your organization's attack surface, enabling you to identify and mitigate risks across endpoints, applications, user behavior, and cloud environments. 

With the latest release the CIS compliant smart view has been removed from the Findings and Identity Risks page. You can create and save your own custom views using compliance standards or frameworks available under Compliance Manager functionality. 

Summary

The Bitdefender GravityZone platform stands out from the crowd, offering a one-stop solution for all your organization's security needs. As the digital landscape evolves, Bitdefender remains proactive, providing prevention, protection, detection, and response capabilities, ensuring the ongoing safety of organizations of all sizes worldwide.  

To learn more about the Bitdefender GravityZone platform, contact us or a Bitdefender partner for more information. You can also start a free trial by requesting a demo here. 

 

*The standards, guidelines and baselines that GravityZone Compliance Manager takes into consideration are listed in a limited extent in the Compliance Manager section of your GravityZone console under the Risk Management stand-alone menu.