IT Brief Canada - Technology news for CIOs & IT decision-makers
Canada

Guides

#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things

Search

Digital shield protecting interconnected servers cloud icons cybersecurity defense
#
Endpoint Protection
#
Digital Transformation
#
Cloud Security

Bitdefender unveils EASM for proactive attack surface security

Yesterday
Author image
By Melvin Hipolito, Editor

Bitdefender has launched a solution designed to provide managed service providers, businesses, and their customers with comprehensive oversight of internet-facing assets and related vulnerabilities.

The release of GravityZone External Attack Surface Management (EASM) comes amid growing focus on attack surface reduction, a strategic priority identified by cybersecurity experts and highlighted in recent industry research. Gartner forecasts suggest that, through 2029, over 60% of security incidents will be linked to misconfigured technical security controls. A recent survey of 1,200 cybersecurity professionals also places attack surface reduction at the forefront of their operational concerns.

The evolving digital landscape, fuelled by ongoing digital transformation, widespread cloud adoption, remote work trends, and increased integration with third-party infrastructure, is expanding the range of potential entry points that adversaries could exploit. Bitdefender pointed out that, without effective oversight, assets such as abandoned domains, improperly configured cloud resources, and expired digital certificates may go unnoticed, potentially leaving organisations exposed to attackers who habitually probe the internet for vulnerabilities.

The EASM module is designed to work without requiring deployment on endpoints, providing a proactive mechanism for identifying and assessing external risks while aiming to minimise the scope of possible attack vectors. By continually discovering, mapping, and analysing internet-exposed assets from the same perspective as potential attackers, organisations are positioned to assess risk, identify vulnerabilities, and take remedial actions before any potential exploitation.

GravityZone EASM is provided as an add-on to Bitdefender GravityZone, which is the company's platform for endpoint protection, endpoint detection and response, extended detection and response, and cloud-native security.

The system scans a wide range of asset categories, such as IPv4 and IPv6 addresses, IP blocks, email addresses, and domains. Comprehensive asset discovery is achieved by identifying public IPs, alerting to expiring or expired certificates, highlighting vulnerable public services, and recognising open network ports. This asset review process is intended to ensure that all relevant systems are accounted for in centralised monitoring and management.

Features

Bitdefender highlighted that GravityZone EASM delivers rapid discovery and visibility by scanning and mapping all internet-facing assets—including devices, domains, subdomains, applications, certificates, connections to third parties, and instances of shadow IT—within as little as 30 minutes. Organisations are provided with a full view of their attack surface, extending even to assets that are unmanaged or no longer in regular use.

The solution incorporates continuous vulnerability monitoring and alerting. It detects vulnerabilities and misconfigurations across both internal and external systems, including assets managed by external partners, customers, and entities within the supply chain. Immediate, context-rich alerts for exposed systems, expired certificates, and high-risk threats are generated. Alerting is prioritised according to severity, such as CVE scores, to optimise the response processes and remediation actions.

GravityZone EASM forms part of a unified approach for security, risk management, and compliance within the GravityZone platform. By integrating these functionalities, both security analysts and administrators can leverage the solution for use cases such as threat analysis, vulnerability prioritisation, policy enforcement, and configuration of access controls. All operations are managed within a single platform.

"Security teams across businesses and MSPs face increasing pressure to keep pace with expanding attack surfaces, driven by digital transformation and complex third-party ecosystems," said Andrei Florescu, President and General Manager at Bitdefender Business Solutions Group. "Effective defence-in-depth security starts by reducing the attack surface as much as possible before threats reach the detection and response layers. GravityZone EASM is a critical part of our vision for unified security, risk management, and compliance, enabling proactive discovery and control of internet-facing assets that could serve as potential entry points for attackers."

Bitdefender GravityZone EASM is available as an option to select license tiers of GravityZone and for use in conjunction with the company's managed detection and response services.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Veeam & HPE deepen partnership to boost enterprise data resilience
Josys launches AI SaaS risk tool & boosts identity automation
Gigamon set to lead deep observability with 52 percent share by 2025
Agentic AI and Saas - The next chapter in CX
Most firms unprepared for rising supply chain cyber threats

Top stories

KnowBe4, Microsoft partner to enhance email security with AI
Milestone & Genoa launch EU-compliant AI for smart cities
UiPath modernises ERP with Deloitte using agentic automation
Blackline Safety wins 2025 Calgary Award for social impact
Snyk acquires Invariant Labs to boost AI-native app security