惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
L
Lohrmann on Cybersecurity
aimingoo的专栏
aimingoo的专栏
V
V2EX
S
Security Affairs
T
Threatpost
C
CXSECURITY Database RSS Feed - CXSecurity.com
IT之家
IT之家
J
Java Code Geeks
The Register - Security
The Register - Security
U
Unit 42
C
CERT Recently Published Vulnerability Notes
月光博客
月光博客
A
About on SuperTechFans
H
Hackread – Cybersecurity News, Data Breaches, AI and More
T
The Blog of Author Tim Ferriss
Cisco Talos Blog
Cisco Talos Blog
Project Zero
Project Zero
S
Schneier on Security
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
D
DataBreaches.Net
博客园 - 司徒正美
V
Vulnerabilities – Threatpost
T
Tor Project blog
Security Latest
Security Latest
T
The Exploit Database - CXSecurity.com
T
Threat Research - Cisco Blogs
Scott Helme
Scott Helme
Application and Cybersecurity Blog
Application and Cybersecurity Blog
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
M
MIT News - Artificial intelligence
云风的 BLOG
云风的 BLOG
小众软件
小众软件
L
LangChain Blog
Attack and Defense Labs
Attack and Defense Labs
Recent Commits to openclaw:main
Recent Commits to openclaw:main
P
Palo Alto Networks Blog
A
Arctic Wolf
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
C
Cyber Attacks, Cyber Crime and Cyber Security
博客园 - 叶小钗
D
Darknet – Hacking Tools, Hacker News & Cyber Security
L
LINUX DO - 最新话题
MongoDB | Blog
MongoDB | Blog
Webroot Blog
Webroot Blog
H
Hacker News: Front Page
Know Your Adversary
Know Your Adversary
Spread Privacy
Spread Privacy
AWS News Blog
AWS News Blog
Engineering at Meta
Engineering at Meta

Business Insights Cybersecurity Blog by Bitdefender

Bind Link Abuse: One Windows Feature, Many Ways to Blind Your EDR Bitdefender Threat Debrief | July 2026 Trust Under Attack: How Deepfakes Are Rewriting Cybercrime Your AI SOC Won’t Catch Ransomware by Itself 2026 Cybersecurity Assessment: The Gap Between Knowing and Doing Your Last Red Team Tested the Wrong Attack MSP Strategic Defense: Why MDR Is the New Security Baseline for MSPs Technical Advisory: FortiBleed Credential Exposure Campaign Targeting Internet-Facing Fortinet Devices Bitdefender Recognized in the 2026 Gartner® Europe Context: Magic Quadrant™ for Endpoint Protection CISA Mandates Change for Structured, Prioritized Updates and Vulnerability Management Claimed Twice: Five Reasons the Same Ransomware Victim Shows Up Under Two Flags What’s New in GravityZone June 2026 (v 6.74) Bitdefender Threat Intelligence: Built for How Security Teams Work Bitdefender Threat Debrief | June 2026 Cut Complexity in Half While Reducing Risk Across Your Endpoint Environment Bitdefender Named a Visionary in the 2026 Gartner® Magic Quadrant™ for Endpoint Protection How Leading Organizations Turn EDR Into Operational Resilience Bitdefender Supports Ferrari Through Cybersecurity Built on Trust Bitdefender at Infosecurity Europe 2026: Staying Ahead of Faster Threats Endpoint Detection & Response Is Table Stakes Security MSP Strategic Defense: Why Dual-Layer Email Security (SEG + API) Is Now Essential Bitdefender GravityZone: 100% Telemetry in AV-Comparatives 2026 EDR Test Bitdefender Threat Debrief | May 2026 Bitdefender Named an Omdia Champion: What It Means for MSPs Ready to Lead Technical Advisory: ShinyHunters Breach of Instructure Canvas LMS What’s New in GravityZone May 2026 (v 6.73) Endpoint Protection in Practice: How Customers Use Bitdefender to Reduce Risk Introducing Proactive Hardening and Attack Surface Reduction (PHASR) for Linux and macOS A Cybersecurity Lifeline for Lean IT Teams: Introducing C.R.E.W. Bitdefender at Black Hat Asia 2026: Disrupt Attacker Playbooks Introducing Extended Email Security What’s New in GravityZone April 2026 (v 6.72) What Mythos Reveals About Zero Trust’s Scope Problem Shut the Front Door on Email Attacks: How to Scale Security Services Without Increasing Workload Technical Advisory: Axios npm Supply Chain Attack - Cross-Platform RAT Deployed via Compromised Maintainer Account Your Biggest Cyber Risk Could Be What You Already Trust RSAC 2026: What to Expect from Bitdefender A Cyber Resilience Agenda: Inside the European Central Bank’s 2026–2028 Priorities AI in Cybersecurity: Is It Worth the Effort for Lean Security Teams? MSP Strategic Defense: Building Compliance on Dynamic Attack Surface Reduction Master XDR Investigations: A Deep Dive into the GravityZone XDR Demo Incident IDC Market Note: Surging Demand for EU Data Sovereignty Drives New Cybersecurity-Cloud Partnership
What’s New in GravityZone July 2026 (v 6.75)
Grzegorz Nocoń · 2026-07-17 · via Business Insights Cybersecurity Blog by Bitdefender

Bitdefender rolled out new functionality in Bitdefender GravityZone, a unified cybersecurity platform that provides prevention, protection, detection, and response capabilities for organizations of all sizes. These features, consistent with our multi-layered security strategy, are intended to ease the workload of security analysts, administrators, and users.

What’s new for Security Analysts

In a dynamic cybersecurity landscape, security analysts are responsible for uncovering any signs of potential sophisticated attacks to make the invisible visible. This section describes new functionality designed to elevate analysts' capabilities, offering enhanced tools for threat detection, investigation, and response.

EDR Enhancements

GravityZone Endpoint Detection and Response (EDR) gives security analysts the tools to detect, investigate, and respond to threats across managed endpoints, with raw event telemetry that supports historical querying and incident investigation.

With this release, four new Windows raw events are available in the Configuration > Raw Events page. The Device category adds Hardware mount and Hardware unmount; the Other category adds Initiate agent uninstall and Driver module load.

new-gz1-july26-image

Additionally, the Modify group policy raw event has been renamed to Modify Windows Group Policy for consistency across all related views.

With these additions, analysts can trace hardware mounting and unmounting activity, agent uninstall attempts, and driver module loads alongside existing raw event telemetry during historical queries and incident investigations.

For comprehensive insights into detection and response with GravityZone EDR and XDR, we invite you to watch our masterclasses here.

What’s new for Administrators

With administrators constantly juggling numerous responsibilities, tools that make their daily work easier are highly appreciated. This section describes new functionality designed to facilitate the management of features responsible for prevention, protection, and detection in a defense-in-depth security architecture.

PHASR Enhancements

Proactive Hardening and Attack Surface Reduction (PHASR) proactively hardens systems by analyzing user behavior to prevent Living off the Land (LotL) attacks and targeted threats. It applies anomaly detection to enforce tailored, application-level action blocking that narrows the attack surface without disrupting operations. This update adds contextual navigation from recommendation details, expands policy output options, and aligns PHASR terminology across the platform.

From the PHASR recommendation details panel, administrators can now navigate directly to Risk Management > Resources or Risk Management > Accounts. Selecting either option opens the corresponding page with the relevant search pre-applied — scoped to the resource name or identities associated with the recommendation — reducing the steps needed to investigate a specific finding in context.

new-gz1-july26-image-image2

New PHASR policy options add configuration of whether restricted behavioral profiles generate alerts, incidents, or both. Existing behavior is preserved by default; administrators can adjust the output for their environment after the update. The term monitored rules has been replaced with attack vectors across all PHASR pages, filters, grids, details panels, MITRE grouping views, and User activity entries.

For comprehensive insights into PHASR, we invite you to watch our masterclasses here.

Compliance Manager Enhancements

The Compliance Manager in GravityZone maps endpoint findings to regulatory and industry compliance standards, providing administrators with a structured view of their organization's compliance posture across managed assets.

A new Indonesian regulatory compliance standard, POJK No. 4/POJK.05/2021 (ID), is now available across the Findings, Identity risks, and Compliance Manager pages. Issued by Indonesia's Financial Services Authority (Otoritas Jasa Keuangan — OJK), this regulation governs the application of IT risk management by non-bank financial institutions, covering IT governance, risk assessment, and oversight of outsourced IT activities.

new-gz1-july26-image-image3

Organizations operating under OJK oversight can now track IT risk management posture against POJK No. 4/POJK.05/2021 (ID) alongside existing standards, using the same Findings, Account risks, and Compliance Manager views already in place for other regulatory frameworks.

For comprehensive insights into Compliance Manager, we invite you to watch our masterclasses here.

MDR Automatic Policy Provisioning

Managed Detection and Response (MDR) in GravityZone provides 24/7 threat monitoring and response by Bitdefender's SOC team, operating on top of endpoint protection deployed across customer companies. This update introduces automatic provisioning of MDR-recommended policies during company onboarding.

For newly created Customer companies with an active MDR license or subscription, GravityZone automatically generates two MDR-recommended policies — one for workstations and one for servers — along with two endpoint tags and two assignment rules that apply the appropriate policy based on endpoint type. If no primary account is added during company creation, all generated objects are owned by an MDR Service account.

For Partners newly enrolled in MDR and existing Customers transitioning to the service, GravityZone automatically creates the MDR-recommended workstation and server policies; in this case, policy assignment is not performed automatically, and ownership is assigned to an existing company account.

Companies onboarded to MDR before this update will receive the MDR-recommended policies shortly after the update rolls out; policy assignment is not performed automatically in this case. All policy, endpoint tag, and assignment rule creation events are recorded in the User activity section. Policy provisioning that previously required manual setup now occurs automatically during onboarding. Until policies become available, administrators can configure them manually by following the MDR recommended policy documentation at Bitdefender Support Center.

For a comprehensive overview of the MDR onboarding process, we invite you to watch our masterclass here.

Network Enhancements

The GravityZone Network inventory gives administrators a consolidated view of all managed endpoints, containers, and network assets across their environment. This update adds two capabilities to the Network page: container host folder deletion and CSV data export.

Administrators can now remove container host folders from Containers > Custom Container Groups — available only for hosts that have been offline for more than 24 hours. If the deleted folder is the last container host in Custom Container Groups, the Containers hierarchy is removed from the view entirely. Individual containers within a host cannot be deleted.

new-gz1-july26-image4

The Network page now includes CSV export, capturing all available columns with filters and sorting order applied and capped at 500,000 rows per export. This gives administrators a way to pull filtered, sorted network inventory data into external reporting or audit workflows without manual reconstruction.

GravityZone IdP Proxy Enhancements

GravityZone Identity Provider (IdP) is an authentication service that supports single sign-on (SSO) for Bitdefender service providers, using SAML 2.0 and System for Cross-domain Identity Management (SCIM) to manage and verify digital identities across the GravityZone ecosystem. This update extends SSO to the MDR portal, with support for Okta, Microsoft Entra ID, and Active Directory Federation Services (ADFS) as identity providers.

The Authentication page in company settings now separates SSO configuration into two sections:

  • GravityZone Control Center single sign-on, which retains the existing GravityZone SAML metadata URL and Identity provider metadata URL fields for console login.
  • Bitdefender services single sign-on, which adds a read-only GravityZone Proxy SAML metadata URL and a configurable Identity provider metadata URL (IdP Proxy) field for registering third-party providers.

For users to sign in to the MDR portal with a third-party identity provider, the Login with your Identity Provider option must be enabled in their GravityZone account settings by an administrator. This removes the need for separate credential sets across GravityZone Control Center and the MDR portal; authentication is consolidated under the organization's existing identity infrastructure.

MSP Enhancements

Managed Service Providers (MSPs) operating in GravityZone manage security for multiple customer companies under a single partner account, provisioning each with its own licensing, policies, and configuration. This release updates onboarding template management, add-on availability, licensing visibility, and product trials for MSPs.

The MSP Simplified Customer Onboarding Early Access program, introduced in May 2026, continues to evolve with new template management capabilities and an updated Companies table view. A new dedicated Onboarding templates page now lists all templates owned by the current Partner company in a table view, giving administrators a consolidated location to manage saved configurations. For partners enrolled in the Early Access program, the Companies table now includes an Onboarding template column, showing which template was used to provision each company.

The Cloud Security Posture Management Plus (CSPM+) add-on is now available as a yearly add-on for MSP monthly subscriptions, extending coverage options for partners operating under a monthly billing model.

The External Attack Surface Management (EASM) add-on is now available for companies on a monthly subscription that use the Bitdefender PHASR product type. The EASM toggle is now present in the create and edit company flows for both own use and reselling. A new EASM Usage column has been added to the Monthly License Usage report and the Simplified Monthly License Usage report, and EASM-related company events and partner change notifications are recorded in the User activity section.

Partners can now start Extended Email Security trials directly from the Products hub page for qualifying managed companies with a monthly subscription. There is no minimum or maximum seat or mailbox count required to qualify for the trial.

For comprehensive insights into MSP management in GravityZone, we invite you to watch our masterclasses here.

API Enhancements

Bitdefender Control Center APIs enable developers to automate business workflows. These APIs are exposed via the JSON-RPC 2.0 protocol. You can find usage examples and documentation in our Support Center, located, here.

This update introduces new and extended methods across Companies, Incidents, Licensing, and Network areas, and applies rate limiting to HTTP-based endpoints.

API rate limits for HTTP endpoints:

API rate limits now apply to HTTP-based Public API endpoints exposed under GET /api/v1.0/http/<handler>. The rate limit is 5 requests per minute per API key, with no burst or delay mechanism available. Separate rate limit counters are used for JSON-RPC and HTTP methods; requests to a JSON-RPC endpoint are not counted against the rate limit for HTTP endpoints, and vice versa. The following endpoints are affected:

  • downloadReportZip
  • downloadPackageFullKit
  • downloadSandboxReport
  • downloadScanLogsZip

Companies:

  • The createCompany method now supports the manageEASM and manageEASMResell parameters (under ownUse and resell respectively) for companies using the EASM add-on with the Bitdefender PHASR product type.

Incidents:

  • The targets parameter of the createCustomRule and updateCustomRule methods now supports endpoint tags, allowing custom rules to be applied to endpoints based on their assigned tags. The parameter can still be used to specify companies, but only one targeting method can be used per rule.
  • The getCustomRulesList method now returns endpoint tags in the targets parameter for rules configured with tag-based targeting. For rules configured with company-based targeting, the parameter continues to return companies.

Licensing:

  • The setMonthlySubscription method now supports the manageEASM and manageEASMResell parameters for companies using the EASM add-on with the Bitdefender PHASR product type.
  • The getLicenseInfo method now returns the manageEASM and manageEASMResell parameters when the EASM add-on is enabled for companies with the Bitdefender PHASR product type.
  • The getMonthlyUsage method now returns the easmMonthlyUsage parameter when the EASM add-on is enabled for companies with the Bitdefender PHASR product type.
  • The getMonthlyUsagePerProductType method now returns the easmMonthlyUsage parameter when the EASM add-on is enabled for companies with the Bitdefender PHASR product type.

Network:

  • The getEndpointTags method now returns an ID for each endpoint tag in the response.
  • The getNetworkInventoryItems method now returns the manageEASM (under ownUse) and manageEASMResell (under resell) parameters for companies using the EASM add-on with the Bitdefender PHASR product type.

For comprehensive insights into automating workflows with the Control Center API, we invite you to watch our masterclasses here.

Learn More About GravityZone

The Bitdefender GravityZone security platform offers a one-stop solution for all your organization's security needs. As the digital landscape evolves, Bitdefender remains proactive, providing prevention, protection, detection, and response capabilities to ensure the ongoing safety of organizations of all sizes worldwide.

To learn more about the Bitdefender GravityZone platform, contact us or a Bitdefender partner for more information. You can also start a free trial by requesting a demo here.