GravityZone (Cloud-based) Release Notes for March 2020 Update
- Security Agents: 184.108.40.206 - Windows, 220.127.116.11 - Linux, 18.104.22.168064 - macOS
- Security Server: 22.214.171.12495 - Multi-Platform
Single Sign-On (SSO)
Added single sign-on (SSO) authentication capability using the SAML 2.0 standard. The SSO options are available as follows:
- In the new Configuration > Authentication Settings page, for your company.
- In the Companies page, for companies that you manage.
- In the Accounts page, for GravityZone users.
The GravityZone Elite Security bundle now includes the Incidents feature, where we provide the Root Cause Analysis of threats detected and blocked by our preventive technologies, with complex incident filtering options and graphic representation of incidents, as well as isolation, blocklisting, and remote connection capabilities.
EDR introduces the Scan for IOC technology, enabling you to scan your environment for known indicators of compromise in real-time and generate detailed reports.
The Incidents page went through a significant visual and functional transformation, enhancing your experience when analyzing threats in your environment, as follows:
- The new Overview bar displays open incidents, top alerts, techniques and affected devices, as well as specific filtering capabilities.
- The incidents list is now a fully customizable filterable grid with add/remove columns, for easier content management.
- The Change Status menu introduces the option to mark incidents as false-positive and leave bulk notes for later consultation.
- The detailed information for each incident, and their graphic representation and timeline, are now available in quick view mode.
- The Graph tab unravels a multi-phase representation of staged attacks, as well as in-graph search capabilities.
- The Node Details panel is now grouping information into more meaningful categories. Above that, the panel is fully expandable, to improve readability.
Endpoint Risk Analytics
- Endpoint Risk Analytics introduces the remediation of Common Vulnerability Exposures of applications currently installed in your environment.
- The Risk Management Dashboard has been completely redesigned to improve visualization and enhance your experience while assessing the overall level of risk your company may be facing.
- The company risk score is now calculated by taking into account a wide list of indicators of risks and known application vulnerabilities, showing you its evolution in time.
- The new score breakdown, and top misconfigurations and vulnerable application widgets make it easier to see where your environment is more vulnerable to attacks and which devices are affected the most.
- The devices by severity widgets show you exactly how impacted by risks and vulnerabilities are the servers and workstations under your management.
- The new Security Risk page provides complex filtering options for indicators of risk, application vulnerabilities and devices. Risks in each category can be easily mitigated through the recommendations and actions provided in their Details Panel.
- The Companies View page is a new feature included in Endpoint Risk Analytics for MSP, providing a comprehensive overview of the overall risk faced by every company under your management, making it easy for you to assess and eliminate risks separately for each of your customers.
You can now configure Security Servers’ cache sharing so that you can enable/disable it or restrict it to Security Servers from the same network. Not to worry about bandwidth consumption between sites anymore. The settings are available in the Configuration > Security Servers Settings page.
Easily remove installed security solutions from your environment when upgrading to a full product license. The feature is ON by default and will remove any existing security software that creates conflicts when installing the BEST protection modules.
Network Inventory (MSP only)
- Partners (Company Administrator and Partner roles) are now able to move endpoints directly between the companies they manage by dragging and dropping endpoints in the Network page.
- More comprehensive error messages when moving companies under other Partners.
We eased firewall configuration with the new option to import and export rules.
You can now set rules to exclude drives from encryption.
- GravityZone introduces Bitdefender Cloud as a new storage option for collected logs.
- Remote troubleshooting is now available for Security Server Multi-Platform.
- You can now restart a troubleshooting session while maintaining its previous settings.
Monthly Subscription Trials
Two new trial options: Monthly License Trial (Partners only) and Monthly Subscription Trial. Trial companies have access to all features and add-ons available with Cloud Security for MSPs. The Monthly License Trial is valid for 45 days and covers 25 endpoints.
The Monthly License Usage report includes significant enhancements to simplify add-ons billing per usage:
- Displays usage and status for all add-ons, including the latest ones, such as Patch Management, SVE VS and VDI, ATS, and EDR.
- Provides more information on each company’s type and monthly subscription and each endpoint installed modules, like Network Attack Defense and Advanced Anti-Exploit.
- Includes the option to generate the report only for direct companies, ignoring their child companies.
- The report has some columns renamed. If you use the CSV file to extract usage information into external systems, please see the details here.
- View portlets in a single scrolling page and update all the information at once using the Refresh Portlets button.
- Added time filtering for the Endpoint Protection Status, Policy Compliance and Update Status portlets.
We moved the 2FA settings of your company in the new Configuration > Authentication Settings page.
Rushing to solve a problem and What’s New stays in the way? No more. We wrapped it gently in a gift box next to the Notifications icon. It will showcase the new features in a compact side panel.
Amazon EC2 Integration
Added hourly billing support for the new EC2 instance types.
Event Push Service API
- New agent-related events for all supported operating systems are now available via JsonRPC, CEF and Splunk. These events refer to agent installation/removal, endpoint move, and hardware ID changes.
- Added detection timestamps to antimalware (av) and Advanced Threat Control (atc) events. The field is named BitdefenderGZDetectionTime.
Removed the Malware Activity report. You can use the Security Audit report instead.
Removed the Malware Activity portlet.
Removed support for scanning Mapped Network drives when On-Demand Device Scanning is used.
Policy inheritance did not work for specific web categories.