Release Notes for GravityZone (Cloud-Based) October 2019 Update
Release date: October 2019
New email security service with complete email flow control and protection against spam, targeted phishing and impersonation attacks. Email administration incorporates management and analytics tools.
Email Security management provides the following:
- Deployment through domain MX record redirect.
- Customizable policy engine to control email delivery and filter messages through a comprehensive rule builder.
- Company-wide quarantine.
- Connection rule configuration to monitor connection attempts to or from your mailboxes.
- Safe and Deny lists configuration for companies or individual users.
- Mailbox synchronization through Azure Active Directory and manual import.
- DNS record configuration with support for SPF, DKIM and DMARC.
The Analytics section delivers:
- Real-time visibility through email flow charts, rules triggered, and actions taken.
- Customizable reports for specific events.
- Scheduled reports and alerts for specific rules, actions or content
Network Attack Defense
A brand-new powerful technology focused on detecting network attack techniques designed to gain access on specific endpoints, such as brute-force attacks, network exploits, password stealers.
The Network Attack Defense settings are available under the new Network Protection policy section. A specific notification informs you about incidents in your network, while the Network Incidents report will provide more insight about these detections.
To use the Network Attack Defense module, you need to install it on endpoints. For existing installations, run a Reconfigure Client task with Network Attack Defense selected. For new deployments, edit the installation package to include this module.
The endpoint Information window includes a new Troubleshooting tab, from where you can collect basic and advanced logs remotely. You can start a debug session, so that GravityZone collects the logs while the issue is reproducing
This will help our technical support specialists to perform an in-depth analysis of the issue and provide a resolution faster.
You can save the collected data on a network share, on the target endpoint or on both.
From now on we speak Chinese!
Seriously now, you can switch the GravityZone interface to Simplified Chinese, if you please.
The Incidents page went through a major visual and functional makeover, now providing enhanced investigation capabilities.
The Graph tab displays the critical path and all side elements in a fit-to-screen vertical tree. Plus:
- An interactive incident graph behavior with highlight of node and alternate path to endpoint on mouse-over, and same type elements grouped in expandable clusters.
- The Filters and Navigator floating menus that allow easy customization and navigation of the incident map.
- New Node Details, Incident Info and Remediation side panels with collapsible sections that provide information for each element, actions and recommendations to mitigate an attack.
- Suspicious and malicious nodes now display alerts in their details panel, describing what was detected and how it might be exploited, in accordance with MITRE tactics and techniques.
The Events tab displays filterable system events and alerts, with corresponding event descriptions.
The Remote Connection tab is now available as an action button on the endpoint node's details panel.
EDR now also includes new detection sources:
- Anomaly Detection - a baselining module that spots anomalies in how the system is functioning
- Network Attack Defense - a new security layer that identifies network-specific breaches
- Advanced Anti-Exploit - a recently released security layer that detects the most evasive exploits
- AMSI - detections made by the Windows Antimalware Scan Interface (AMSI)
Two-factor Authentication (2FA)
With this update, two-factor authentication is enabled by default when creating a company. When disabling 2FA, you will be prompted with a confirmation message before the changes come into effect.
MSP partners now have the option to add up to five custom fields in their Monthly License Usage report for storing third party or other custom data and facilitating billing automation.
A new page is now available under Companies > Custom Fields, with two sections where you can manage and import data for these fields. You can view the custom fields also when creating or editing a company.
- Integrating new modules to deployed agents is like playing with modeling clay. We have made the reconfiguring process more flexible.
You can choose to install Bitdefender security agents without removing the security software from other vendors. This means zero protection gap and faster deployment.
Just remember, you’re doing this at your own risk. Some security solutions may affect the Bitdefender installation. Once you are protected by Bitdefender, you can manually remove any previously installed security solution.
- Goodbye to unused virtual machines from your network inventory. The new Configuration page offers you the option to schedule automatic cleanup tasks.
- The new Antimalware > On-Execute section covers Advanced Threat Control and Fileless Attack Protection.
- Network Protection, another new policy section, exposes the new Network Attack Defense technology and shields the Content Control features.
- Content Control went through a big transformation as well:
- The old Traffic, Web, Data Protection, and Applications sections have been re-organized into new General, Content Control, and Web Protection sections.
- The new Network Attacks section exposes the Network Attack Defense technology and its settings.
- The new Global Exclusions option, in the General section, replaces the previous separated Traffic Scan and Antiphishing exclusions. During update, the existing policies will be automatically migrated to the new global exclusions.
- Network Protection replaces the previous Content Control module in the Inheritance Rules settings.
- The GravityZone reports keep tracking the Content Control features, but also include information on Network Attack Defense.
- Location-based policies are now aware of the hostname too. You can to define assignment rules based on endpoint’s hostname.
- The Indicators of Risk (IOR) have been reclassified into new and more meaningful categories for increased efficiency in risk analysis and management.
- Results from detonation analysis are available with new information-rich reports in HTML format. These reports contain details such as: malware classification, process-level view, network activity, timeline view, registry keys and mutex objects accessed, file systems modifications, IOC attributes.
- The Filters area is expanded by default, so it is easier for first-time users to discover all the options available with the submission cards.
- Under the Submission Type filtering category, the Automatic option has been renamed to Endpoint Sensor.
Three new detection techniques are available: VBScript Generic, Shellcode EAF (Export Address Filtering), and Emerging Exploits. These detections will be present from now on in the Security Audit and Blocked Applications reports. Plus, User Activity now includes logs related to Advanced Anti-Exploit.
Added the option to limit reboot postpones at maximum 48 hours from new patches installation. When the set amount of time expires, endpoints will automatically reboot. Endpoint users will receive a notification regarding this action.
The Endpoint Modules Status report now includes information on Sandbox Analyzer and HyperDetect.
- MSP partners can enable Email Security and get the usage report via the public API.
- All GravityZone reports are now available via API as well.
- We have made some improvements here and there:
createReconfigureClientTaskentered the Network API
getManagedEndpointDetailsreturns all installed modules on a managed endpoint
setMonthlySubscriptionallows Bitdefender Partners to revoke seat reservation from companies with monthly licensing
getQuarantineItemsListhas new filtering options
Disabling the Endpoint Issues Visibility option in the Notifications policy section does not disable sub-features as well.
Some partners were receiving daily License Expires email notifications against their notification settings. We added a new option to filter managed companies that may trigger such notifications.