GravityZone (Cloud-based) Release Notes for November 2020 Update
- Security agents: 22.214.171.1241 (Windows); 126.96.36.199 (Linux); 188.8.131.52096 (macOS)
Proper analysis of your network security requires data accessibility and correlation. Having centralized security information allows you to monitor and ensure compliance with the organization security policies, quickly identify issues, threats and vulnerabilities, provide executive management with easy-to-interpret data.
Bitdefender introduces Executive Summary, a feature specially designed to facilitate these aspects.
As part of the Control Center Dashboard, Executive Summary presents a concise security overview of all protected endpoints in your network. Composed mostly of widgets, it provides details about endpoint modules, detections and taken actions, threat types and techniques, your company risk score and many others.
Vaccines give you immunity, but what happens when they come too late? Powered by proactive and award-winning detection technologies, Ransomware Mitigation offers an early solution to ransomware attacks. It detects the attack as it happens, blocks it regardless it was run locally or from a remote endpoint, and then recovers the files encrypted so far.
Find the Ransomware Mitigation settings under the Antimalware > On-execute policy section.
After applying protection on endpoints:
- You will receive notifications whenever an attack takes place.
- You can view details about the ransomware attacks and recover encrypted files in the Ransomware Activity page.
- You will view such events in the Security Audit report.
Available with GravityZone Business Security, GravityZone Advanced Business Security, GravityZone Elite, GravityZone Ultra, Cloud Security for MSP
A lightweight Endpoint Detection and Response (EDR) solution for Windows-based systems, powered by top-notch machine learning and cloud scan technologies, with low resource footprint, easy deployment and maintenance, which can run alongside any third-party endpoint protection platform.
This lightweight solution includes technologies from state of the art GravityZone features such as:
- Endpoint Detection and Response (EDR)
- Fileless Attack Protection
- Network Attack Defense
- Advanced Threat Control (ATC)
- Sandbox Analyzer
- Endpoint Risk Analytics (ERA)
Available as Bitdefender EDR, a standalone solution.
The new Custom Detection Rules functionality enables you to create rules to detect common events and generate incidents specific to your environment, which otherwise GravityZone may not flag as suspicious through its prevention and threat intelligence technologies. This enhances EDR's capabilities of raising alerts and triggering incidents to stop possible breaches in the early stages of an attack.
You can now:
- Create your own detection rule
- View and filter by alerts and incidents generated by a custom rule
- View details of any rule in the dedicated side panel
- Perform multiple actions, including edit, delete, duplicate or ignore a custom rule
- Import list of rules
- Receive notifications each time a new incident is triggered by a custom rule
- Add and filter tags easily maintain your created custom rules
Relabeled the tabs inside the Incidents page as Endpoint Incidents and Detected Threats.
Tabs availability may differ in your product, according to your license.
XDR successfully stops attacks and increases the cyber resilience of your organization. It combines the most advanced prevention capabilities, low overhead EDR (Endpoint Detection and Response) and Network Traffic Analytics. GravityZone extends the endpoint-based threat detection capabilities of a traditional EDR by incorporating network incidents (XDR) to successfully counter advanced threats no matter where they emerge in the infrastructure: on endpoints, network or in the cloud.
In this new light, the Incidents page has been enriched with the Extended Incidents tab to display all organization-wide incidents which require further investigation. The new graphic representation of extended incidents makes it easy to view and investigate the evolution of a complex attack within your network:
- It includes a detailed timeline of events, displaying the network point of entry, evolution over time, lateral movement and communication with outside agents
- It correlates events gathered by Endpoint Detection and Response and Network Traffic Analysis technologies
- It associates extended incidents with any detected endpoint incidents that make a potential staged attack
Available with GravityZone Ultra Plus
- The new Industry Health Modifier, an adjustment mechanism that increases the accuracy in calculating your overall company risk score by taking into account known CVEs discovered in your environment, which have already been exploited in your line of business.
- The new widgets displaying the number of scanned users and total devices that are being monitored.
- The Top Human Risks widget has been relabeled as Top User Behavior Risks.
- The Top Vulnerable Users widget has been relabeled as Top Users by Behavior Risk.
As a Bitdefender partner, you can now assign a certain product type for companies with monthly subscription. The following product types are available:
- Endpoint Security, the fully-featured security solution, with all modules available for deployment on endpoints.
- Bitdefender EDR, the lightweight EDR solution, which can run along any third-party endpoint protection platform. Learn more.
A company, either Partner or Customer, may use in its network only one of the above-mentioned product types.
You can create installation packages, apply security policies, and generate reports based on the product type.
The name of License Usage Limit Has Been Reached or Exceeded notification has been changed to Deployments have reached or exceeded license limit to better reflect its content.
Following the deprecation of macOS kernel extensions, Bitdefender added support for the new EndpointSecurity and NetworkExtension APIs. These ensure the compatibility between Endpoint Security for Mac, GravityZone Control Center, and endpoints running macOS Big Sur (11.0). For more information and for the list of compatible features, refer to this knowledge base article.
- Added API support for handling product types in the following methods:
- Companies API: createCompany
- Licensing API: setMonthlySubscription, getMonthlyUsagePerProductType, getLicenseInfo
Note that getMonthlyUsage is to be used only for the Endpoint Security product type.
- Packages API: createPackage, getPackageDetails
- Network API: getNetworkInventoryItems
- Companies API: Added the industryModifier indicator at riskScore in the getCompanyDetails method.
- Network API: Added endpointName as filtering option for the getEndpointsList method.
Find the details in the API documentation:
In some cases, clients were missing Exchange credentials from Control Center.
Control Center in Korean displayed an improper string of characters in the PDF reports.
Starting with this release, in keeping with industry standards and best practices, Bitdefender will disable obsolete communication protocols and ciphers (TLS 1.0 and 1.1) between agents and Control Center. For more information refer to this article.
The following issues may arise when using Control Center with TLS 1.2 and an outdated BEST Linux agent:
- Download issues, when trying to install BEST either manually or remotely:
- The kit generates some errors when downloading installation files
- Install task does not show any status in Control Center
- Modify issues, when trying to download the package from the Update Server:
- Reconfigure Client task status is not reported
- Removal issues:
- No status is shown for the Uninstall task
- After a successful uninstall, Control Center still shows the endpoint as being installed