What’s New in GravityZone September 2025 (v 6.66)

Bitdefender recently introduced new functionality in Bitdefender GravityZone, a comprehensive cybersecurity platform that provides prevention, protection, detection, and response capabilities for organizations of all sizes. These new features, consistent with our multi-layered security strategy, are intended to ease the workload of security analysts, administrators, and users.  

What’s new for Security Analysts

In a dynamic cybersecurity landscape, security analysts are responsible for uncovering any signs of potentially sophisticated attacks to make the invisible visible. This section describes new functionality designed to elevate the capabilities of analysts, offering enhanced tools for threat detection, investigation, and response.  

Remote Shell Connection Update 

Remote Shell enables you to connect remotely to an endpoint involved in an incident. You can run shell commands directly on the endpoint's operating system to either mitigate threats instantly or collect forensic data for further analysis.  

With a recent update, the Remote Shell Connection page includes: 

• Last refresh date: Specifies when the details were last updated.
• State: Displays the endpoint’s current Online or Offline status. 

You can also refresh endpoint details manually. 

For comprehensive insights into remote shell and effective incident investigation, we invite you to watch our masterclasses here.   

Enhanced Incident Management Across EDR & XDR 

The Incidents functionality in GravityZone is designed to help you filter, investigate, and act on all security events detected and generated for your managed company.  

The incident History panel has been updated to display the new Severity Score for all events, allowing your security analysts to quickly spot increases in incident severity that could indicate a higher organizational risk. To support more comprehensive investigations, analyst notes for incidents now support up to 50,000 characters.

For comprehensive insights into effective incident investigation, we invite you to watch our masterclasses here.   

PHASR Enhancements 

Proactive Hardening and Attack Surface Reduction (PHASR) proactively hardens your systems by analyzing user behavior to prevent Living Off the Land (LotL) attacks and targeted threats. It utilizes anomaly detection to enable tailored, application-level action blocking, to rapidly reduce your attack surface without disrupting operations.  

With this release, the PHASR module can be installed directly from the Installation Packages. You can also add or remove it using the modules list in the Reconfigure Client task, which gives you more granular control over package installation. Previously, the PHASR module was installed automatically when enabled within the Policy Configuration. 

The Attack Surface Exposure widget has been updated to show residual exposure on a scale of 0 to 100, providing a clear breakdown of mitigation applied through both Autopilot and Direct Control modes. 

Additionally, an interactive right-side panel has been added to the PHASR dashboard to provide a more detailed view of behavioral profiles. The panel shows user and endpoint combinations for profiles that use such tools/commands, profiles that don't use them, and restricted profiles. It also features search functionality that enables you to quickly find specific profiles by typing any part of the user or endpoint name. 

For comprehensive insights into PHASR, we invite you to watch our masterclasses here.   

EASM Updates 

External Attack Surface Management (EASM) helps you continuously discover and analyze internet-facing assets and their vulnerabilities, providing an attacker-centric view to proactively reduce your attack surface. 

With this release, notes can now include up to 50,000 characters. This allows security analysts to record more detailed findings and supports both creating and editing notes. 

Additionally, the data privacy message within the EASM scan configuration window has been updated. It now explicitly states that scans may use service identification tools to improve transparency and clarity for users. 

For comprehensive insights into EASM, we invite you to watch our last masterclasses here.   

Container Image Scanner Monthly Subscription 

Bitdefender Container Image Scanner scans container images and container registries to identify vulnerabilities during development and provide continuous monitoring for images in registries. 

The last update has added support for monthly subscriptions with Container Protection. 

For comprehensive insights into EASM, we invite you to watch our last masterclasses here.   

API Enhancements 

Bitdefender Control Center APIs enable developers to automate business workflows. These APIs are exposed via the JSON-RPC 2.0 protocol, and you can find usage examples and documentation in our Support Center, here.    

The operatingSystems parameter is now available for connection type in Blocklist rules. The following methods under the Incidents API have been updated to support this: 

The addToBlocklist method now allows you to include the operatingSystems parameter in your request. 

The getBlocklistItems method now returns the operatingSystems parameter in the response. 

What’s new for Administrators

With administrators constantly juggling numerous tasks and responsibilities, tools designed to make their daily tasks easier are highly appreciated. This section describes new functionality designed to facilitate the management of features responsible for prevention, protection, and detection in a defense-in-depth security architecture. 

Risk Management Redesign   

Risk Management provides a comprehensive overview of your organization's attack surface, enabling you to identify and mitigate risks across endpoints, applications, user behavior, and cloud environments. 

With this update, the Risk Management dashboard has been moved to the ASM dashboard section, alongside PHASR and EASM, enabling the creation of custom smart views by combining widgets across all three areas. 

The Endpoint Risk Analytics (ERA) dashboard under Risk Management has been redesigned to provide a more intuitive view of risks. Key improvements include: 

• Company Vulnerabilities Widgets: Gain a deeper understanding of vulnerabilities by breaking them down by CVEs, severity, resource types, affected applications, and vulnerability age.
• Resource Widgets: Easily track local resources by their operating system and identify those involved in incidents.
• Top Rankings Widgets: Prioritize your response to the most critical issues with new rankings for findings, vulnerabilities, and identity risks. These now include separate breakdowns for severity and impact.
• Unified Company State Widget: Get a comprehensive view of your organization's risk with a single widget that combines your overall risk score, score breakdown, and risk distribution.
• Enhanced Score Over Time Widget: Better analyze risk trends with a 7/30/90-day selector and detailed explanations for score changes when you hover over the data. 

The dashboard provides improved clarity and interactivity across findings, vulnerabilities, and identity risks, with better explanations and new pivot options. You can create a customizable layout with resizable and rearrangeable widgets for a tailored experience. When you resize a widget vertically, it will display up to 20 items for improved visibility. Additionally, an integrated feedback form allows you to submit input directly from the dashboard. 

For better data analysis, the "Last scanned on" field is now included in CSV exports from the Resources grid. Additionally, you can now view when a vulnerability was first identified on a resource, and this "First seen" timestamp can be downloaded as part of a CSV export from the Vulnerabilities grid. Finally, the "Resource type" field is also included in the same CSV export.

Drill-Down Navigation for Health Dashboard

Health Dashboard, available under the Bitdefender Early Access Program (EAP), provides a comprehensive overview of endpoint issues and status within your network. It offers insights into the health and performance of endpoints and highlights critical concerns that require your attention. 

With this update, the Health Dashboard has been enhanced with drill-down navigation. You can now navigate from any widget and statistical level directly to detailed views to analyze critical concerns that require your attention. The drill-down primarily focuses on the Network section with predefined filters also extends to other areas of Control Center, depending on the widget.

Compliance Manager Supports New Kubernetes Standards 

Compliance Manager streamlines regulatory adherence by mapping IT controls to standards like GDPR, ISO 27001, and NIS2, offering real-time endpoint evaluations, actionable remediation steps and recommendations, and audit-ready reports. 

With this update, Compliance Manager now includes support for Kubernetes Security Posture Management (KSPM) standards, such as CIS Kubernetes. 

For comprehensive insights into Compliance Manager, we invite you to watch our last masterclasses Introducing GravityZone Compliance Manager and KSPM in Practice - Securing Kubernetes Environments with GravityZone. 

Network Section Updates 

The Network section provides functionalities for managing all entities available in your network. Entities are defined as physical computers, virtual machines, Security Servers, containers, and folders available in your network. 

With the latest release, AD Integration was moved from the Role filter to the Entity type filter. Golden Image was also moved from the Entity type filter to the Role filter to align with managed endpoint properties. Additionally, if your filter selections are incompatible, a clear message is now displayed. 

For customers participating in the Bitdefender Early Access Program (EAP) and using the Health Dashboard, additional filter criteria are now available in the Network section: 

• Product Update Status
• Security Content Update Status
• Endpoint Issues
• Security Server Status
• Permission Issues on macOS 

Blocklist Updates 

The Blocklist functionality allows you to create a set of rules to prevent specific files, applications, or network connections from executing on or reaching your systems. 

With this release, connection rule creation in Blocklist now allows selecting the target platform (Windows, macOS, or both). If the rule targets macOS, unsupported options are automatically disabled. Additionally, a macOS icon with an info tooltip has been added to the Firewall section of both the installation package and the reconfigure agent task to indicate partial support until full macOS functionality is available. 

Policy Enhancements 

Policies are the foundation of a strong security posture, serving as the core framework for consistent and reliable protection within your organization. A policy is a set of rules and configurations that define how Bitdefender GravityZone protects and manages different groups of endpoints. 

With this update, minimum complexity requirements are now enforced for both the Uninstall password and the Power User password in the Installation packages and in the Agent > Settings section of the policy. 

For comprehensive insights into Policy, we invite you to register for our upcoming masterclasses: Mastering GravityZone Policies - Configuration & Dynamic Assignation Explained.   

Summary 

Bitdefender GravityZone platform stands out from the crowd, offering a one-stop solution for all your organization's security needs. As the digital landscape evolves, Bitdefender remains proactive, providing prevention, protection, detection, and response capabilities to ensure the ongoing safety of organizations of all sizes worldwide.  

To learn more about the Bitdefender GravityZone platform, contact us or a Bitdefender partner for more information. You can also start a free trial by requesting a demo here.