Improvements

GravityZone platform

• Now you can view the names of all active users logged on endpoints running Windows.
  This feature brings changes in the following sections of Control Center:
  • Network – the Network grid includes a new searchable column named Users and the endpoint details window displays a dedicated tab also named Users.
  • Reports – the Network Protection Status report includes a searchable column named Users.
  • Policies – a new check box in General > Settings > Options allows you to enable data collection. The information sent by endpoints to GravityZone includes usernames, login time and the login method.

This feature can serve you in multiple ways:

• As a GravityZone administrator, you can use the provided information to reach out to the endpoint users in case you need their input.
• As a Security Analyst, you can correlate the information about the username with other events from GravityZone or 3rd party systems.
• As a partner, the user-related information is helpful in situations such as when you create a Monthly License Usage report for audit purposes.

  Minimum version of Bitdefender Endpoint Security Tools: 7.2.1.60

• Renamed a few elements from the following sections:
  • Threats Xplorer: the columns Device name and Device type are now Endpoint name and Endpoint type.
  • Network: the column Machine type is now Endpoint type.
  • Executive Summary: the Threats breakdown by machine type widget is now Threats breakdown by endpoint type.
• User Activity page now informs if a user has logged in GravityZone from a third-party platform with which it is integrated.
• The cleanup rules for offline machines are now more flexible:
  • Name patterns can contain the question mark (?) as wildcard.
  • Name patterns can have any length and no longer require a letter at the beginning. For example, you can use only the asterisk (*) to disregard the machine name.     
  • You can select targets that are offline for less than 24 hours or more than 90 days. The cleanup rules will run hourly for machines offline less than a day, and daily for the other ones.
  • The target selection now covers Active Directory inventory as well.

You can use name patterns of any length.

Improved the offline machines cleanup rules so that you can now use the question mark (?) as wildcard and select targets that are offline for less than 24 hours.

EDR

• GravityZone extends the endpoint-based threat detection capabilities of the traditional EDR by incorporating network incidents, to successfully counter advanced threats no matter where they emerge in the infrastructure: on endpoints, network or in the cloud. This new EDR component combines the most advanced prevention capabilities, low overhead cross-technology correlation capabilities and Network Traffic Analytics to boost the cyber resilience of your organization.
  In this new light, the Incidents page has been enriched with the Extended Incidents tab, to display all organization-wide incidents which require further investigation.
  The new graphic representation of extended incidents makes it easy to view and investigate the evolution of a complex attack within your network:
  • It includes a detailed timeline of events, displaying the network point of entry, evolution over time, lateral movement and communication with outside agents.
  • It correlates events gathered by Endpoint Detection and Response and Network Traffic Analysis technologies.
  • It associates extended incidents with any detected endpoint incident that makes a potential staged attack.
• Concurrently, if you are using a 3-rd party ticketing platform or a PSA solution, you will enjoy an enhanced experience through the new redirect links. Clicking on the embedded links will either:
  • direct you to the Endpoint Details page in GravityZone, when you are working on a security incident
  • direct you to the Incidents section of that specific incident ID in GravityZone

Threats Xplorer

• The available filters now dynamically adjust to your company's license type. This way, you can quickly use search and filtering criteria relevant to your company and obtain better results.

Note: The filters and detection events are available up to 90 days after you change the protection layers. Following this period, the events are deleted and the filters automatically reflect the available features according to your license key.

HyperDetect

• The HyperDetect Activity report now includes the exact name of the detected threat and the file hash.

Deployment

• The Network > Packages section now includes macOS downloader, which will make it easier for you to install the security agent on different Mac architectures, whether they are Intel x86 or ARM. The new downloader automatically detects the processor type and downloads and installs the right kit for that specific architecture.

Localization

• From now on GravityZone is also available in Turkish.

Product documentation

• A unified self-service support experience with the new online help center. All GravityZone help content that was included in PDF guides, knowledge base articles and release notes, is now under one roof, in a more digestible format. Currently it is available only in English, localizations will follow soon.

Public API

• Network API: The result of the GetNetworkInventoryItems method now includes the policyId and moveState fields.

Resolved issues

ERA

• An overflow of records in the CVEs inventory collection downturned the Indicators of Risk query.
• The Risk Management data removal step from the Security Risks > Devices section was skipped when BEST uninstall presented errors. The device still appeared to be present in the devices listed with vulnerabilities.
• Following a Risk Scan, the Risk Management module displayed users as having a high severity score, even if the human risks had been fixed through a previous Risk Scan.

Patch Management

• Previously installed patches were not displayed in GravityZone after manually rebooting a Virtual Machine.

MSP & Partners

• The Reconfigure Task failed when trying to add the Exchange module to endpoints from two different companies - with the same configuration - and displayed the error message "Task could not be created. Some task settings could not be applied to all selected product types".