Bitdefender unveils GravityZone tool for easier compliance

Bitdefender has released a new compliance management solution designed to address the growing regulatory and audit requirements faced by organisations across industries.
The company has introduced GravityZone Compliance Manager, which aims to assist businesses in reducing the costs and operational obstacles associated with compliance while streamlining the process of achieving audit readiness.
The solution comes at a time when regulations such as GDPR, PCI DSS, NIS2, and DORA are enforcing stricter penalties for non-compliance, including fines up to EUR €20 million or 4% of global annual turnover under GDPR, and USD $100,000 per month under PCI DSS. These penalties are in addition to reputational harm that can result from regulatory breaches.
GravityZone Compliance Manager provides real-time visibility into an organisation's compliance posture, automates remediation tasks, generates audit-ready reports, and allows for one-click compliance documentation.
The solution is fully integrated with Bitdefender's existing endpoint security and risk analytics platform.
Andrei Florescu, President and General Manager of Bitdefender Business Solutions Group, commented on the release: "The consequences of non-compliance, including financial loss, operational disruption, and reputational damage, rival those of a data breach or ransomware attack, yet most businesses lack the resources or specialised talent needed to manage compliance with confidence."
"GravityZone Compliance Manager is a game-changer that consolidates compliance, risk management, and endpoint security on a single platform, enabling businesses to meet regulatory demands effortlessly and reduce complexity to strengthen cyber resilience."
Patria Bank has served as an early access client for GravityZone Compliance Manager.
Alin Paunescu, Chief Information Security Officer at Patria Bank, shared insights on the tool's impact: "GravityZone Compliance Manager performed well for us during early access. The continuous monitoring and assessment feature reduced our reliance on manual scans, saving valuable time. Because it's integrated into our existing security stack, we've avoided the additional cost and complexity of using external tools. It has simplified our operations by eliminating the need for multiple point solutions."
Recent guidance from Gartner has underscored the importance of integrating compliance and risk management via automated, continuous monitoring and impact-based assessments.
According to research cited by Bitdefender, organisations increasingly risk severe consequences for fragmented or manual approaches to regulatory compliance.
Despite escalating regulatory demands globally, many organisations continue to rely on siloed tools and manual processes that may be insufficient to address comprehensive compliance requirements. GravityZone Compliance Manager is designed as an add-on to the company's core GravityZone platform to provide a unified approach, bringing together compliance, risk, and security operations in one system. This integration includes real-time compliance scoring, automated reporting, and guided remediation without requiring specialised in-house compliance expertise.
The solution's features include automated audit-ready reports that can be generated in seconds, using information already collected by Bitdefender tools.
These reports are structured to meet auditor standards and include an executive summary, an analysis of compliant versus non-compliant checks, and a risk overview with a severity breakdown.
Additionally, the platform integrates compliance management with security and risk analytics alongside tools like Bitdefender Proactive Hardening and Attack Surface Reduction (PHASR).
This combination allows organisations to reduce system vulnerabilities and maintain ongoing alignment with compliance requirements. Whenever risks are mitigated, the platform automatically updates compliance status, enhancing operational efficiency and cybersecurity posture.
GravityZone Compliance Manager supports immediate alignment with a broad range of industry and geography-specific frameworks, such as GDPR, HIPAA, DORA, NIS 2 Directive, PCI DSS, SOC 2, ISO 27001, CISv8, and CMMC 2.0. Organisations can identify and address compliance gaps with a single click and access detailed information on risks and affected assets per standard.
The solution's full feature set is available to new and existing GravityZone customers.
Organisations using the platform's risk management functions gain immediate access to a standard set of compliance tools, while a full Compliance Manager add-on licence provides support for advanced frameworks, comprehensive scoring, enhanced visibility, and exportable reports.
Bitdefender has indicated that while GravityZone Compliance Manager is intended to assist organisations with compliance-related activities, it does not replace internal compliance efforts or guarantee the outcome of external audits.
The company recommends that organisations work with approved auditors for formal compliance certification processes.

Try Our AI Features

Explore what Daily8 AI can do for you:

Learn with AIFact CheckingText to SpeechAI Summary

Related Articles

Techday NZ

3 days ago

• Techday NZ

Commvault & Kyndryl partner to boost cyber recovery services

Commvault and Kyndryl have announced a partnership to deliver incident recovery services for organisations aiming to enhance data security and meet regulatory requirements. The two companies will work in collaboration with Pure Storage to provide services intended to help organisations recover faster from cyber incidents, improve cyber resilience, and address complex regulatory demands. Kyndryl's cyber resiliency services portfolio includes Incident Recovery Services, Managed Backup Services, and Hybrid Platform Recovery. Through this new partnership, it will be supported by Commvault and Pure Storage to assist organisations in adhering to regulations such as the European Union's Digital Operational Resilience Act (DORA), NIS2 Directive, Payment Services Directive 2 (PSD2), New York Department of Financial Services (NYDFS) regulation NYCRR 500, and Australia's Prudential Regulation Authority (APRA) CPS 230 standard. Expanding cyber recovery services Under the collaboration, Commvault and Kyndryl plan to enhance support for enterprise customers facing persistent cyber threats and increasing data management complexity, particularly in multi-cloud environments. "Cyber preparedness is no longer regarded as optional for global organizations; it is mandatory," stated Allen Downs, Vice President of Security and Resiliency Services at Kyndryl. "Through this collaboration with Commvault and Pure Storage, we are further positioned to assist some of the world's most esteemed organizations in completely redefining their data protection strategies." The joint approach leverages Pure Storage technology alongside Commvault's cyber resilience and recovery solutions. This combined offering introduces a four-layer architecture designed to streamline compliance and speed up recovery for hybrid cloud customers. Technology and features The four-layered architecture includes the following components: Cyber Resilient Vault—an isolated, immutable data vault, based on zero-trust, to safeguard backup data from unauthorised access and tampering. Clean Recovery Zone—a controlled setting for forensic review and staged recovery using validated clean backups. Production Rapid Restore—capability for swift, reliable dataset restoration by using Pure Storage FlashBlade, with immutability features such as S3 Object Lock and SafeMode. Immutable Snapshot Recovery—enables quick, application-consistent restoration of key workloads through Commvault IntelliSnap and Pure Storage FlashArray. The services are developed to promote automated and ongoing cyber recovery testing. Support extends to Commvault Cleanroom Recovery within both public cloud and on-premises isolated environments overseen by Kyndryl. Organisations are enabled to validate their recovery processes to comply with DORA Chapter II (Risk Management), Chapter IV (Operational Resilience Testing), and related regulation. Meeting regulatory needs The collaboration is set against a backdrop of increasingly rigorous and complex regulatory landscapes. Organisations are now required to demonstrate not only the protection of their critical data, but also the capability to restore operations swiftly following a digital disruption. "Our partnership with Kyndryl is built to address the biggest challenges facing the enterprise today, such as the persistent threat of cyberattacks, including ransomware, and the increasing complexity of managing massive data growth across multi-cloud environments," said Alan Atkinson, Chief Partner Officer at Commvault. "When combined with the innovative Pure Storage platform, the three companies are together helping organizations stay resilient and prepared to act decisively in the face of disruption." As businesses face mounting pressures from both cyber threats and regulatory scrutiny, integrating compliance with resilience strategies is becoming increasingly necessary. "As regulatory frameworks like DORA set higher standards for operational resilience, organizations are implementing strategies that integrate regulatory compliance with the ability to recover swiftly from cyber disruption," said Maciej Kranz, General Manager, Enterprise at Pure Storage. "Together with Commvault and Kyndryl, we're delivering advanced security features and a scalable foundation of layered resilience that helps organizations meet these mandates and restore critical operations quickly and reliably." The services provided by the three companies are typically available across North America, Europe, and the Asia-Pacific region. Clients and partners will have opportunities to engage through existing partner programmes and access supporting resources aimed at enhancing cyber resilience and compliance capabilities. Follow us on: Share on:

Scoop

4 days ago

• Scoop

Bitdefender To Acquire Mesh Security, Expanding Its Email Security Capabilities

Bitdefender, a global cybersecurity leader, today announced it has agreed to acquire Mesh Security Limited (Mesh), a provider of advanced email security solutions. Through the acquisition, Mesh's email security technology and capabilities will be integrated into Bitdefender's extended detection and response (XDR) platform and managed detection and response (MDR) services. The transaction is subject to customary closing conditions, including regulatory approvals. Email remains the most exploited attack vector and serves as an entry point for ransomware, phishing, and business email compromise (BEC). According to the FBI Internet Crime Report 2024, businesses reported nearly US$2.8 billion in losses due to BEC scams in 2024. Additionally, the 2024 Bitdefender Cybersecurity Assessment Report (based on a global survey of 1,200 cybersecurity professionals) identified phishing and social engineering as the top threats impacting their organisation. The acquisition will incorporate Mesh's email security capabilities into Bitdefender GravityZone, the company's flagship unified security, compliance, and risk analytics platform. Mesh employs a dual-layered approach to email security, combining perimeter-based protection via a secure email gateway (SEG) with mailbox-level defence through API-based deployment. This model expands visibility into threat activity across all vectors and contributes high-quality telemetry to Bitdefender's global threat intelligence network. A cornerstone of Bitdefender's continued growth is through its global network of over 41,000 channel and MSP partners. Mesh enhances this value by offering a centralised platform optimised for MSPs, enabling efficient multi-tenant email security management. Its solution provides 24x7 protection while reducing operational overhead. With automated policy enforcement, real-time threat insights, and seamless integration into existing workflows, Mesh empowers MSPs to deliver effective, scalable protection to customers. 'We are pleased to announce our intent to acquire Mesh, a strategic move that will complement our GravityZone XDR platform and power our MDR service to help businesses combat email-borne threats as they continue to evolve,' said Andrei Florescu, president and general manager of Bitdefender Business Solutions Group. 'Mesh brings leading-edge innovation from a deeply experienced team that shares our commitment to effective, real-world security. Together, we will further strengthen our ability to provide proven and trusted email protection to our global customer base.' Founded in 2020 and backed by investors Elkstone and Enterprise Ireland, Mesh has established itself as a trusted email security provider for hundreds of MSP partners and thousands of end customers globally. Known for its detection efficacy, MSP-centric architecture, and operational simplicity, Mesh has earned recognition for addressing the unique challenges of email-based threats with precision and ease of use. 'This is the beginning of something even bigger,' said Brian Byrne, chief executive officer and co-founder of Mesh. 'We've always focused on building practical, powerful email security that just works – and Bitdefender shares that same mindset. We're excited to join forces and bring stronger protection to even more organisations.' The terms of the transaction were not disclosed.

Techday NZ

12-06-2025

• Techday NZ

Thales launches real-time file activity monitoring with AI help

Thales has introduced a new File Activity Monitoring capability within its CipherTrust Data Security Platform that offers real-time oversight and control of unstructured data across on-premises, hybrid, and multicloud environments. File Activity Monitoring (FAM) is designed to help organisations monitor file activity as it happens, identify risks including unauthorised downloads and sharing, and streamline compliance processes related to standards such as GDPR, HIPAA, and PCI DSS. The capability incorporates a built-in Generative AI assistant to aid audit processes, reduce complexity, and improve response times within a single platform engineered to secure both structured and unstructured data. Unstructured data challenge According to IDC, unstructured data currently accounts for 90% of all worldwide data, making its management and protection a significant concern for businesses. FAM enables security teams to monitor the movement and activity of unstructured data, including files such as emails, chat logs, media files, and application logs, which can all house sensitive information. The platform delivers real-time alerts, analytics, and encryption tracking to support faster threat detection and protection for sensitive data. Thales stated that the new capability addresses a major blind spot in data security by delivering continuous data discovery, classification, and monitoring. This approach provides the necessary foundation for effective Data Security Posture Management, and also aids compliance and the identification of unauthorised activities that might lead to data exposure. The platform's centralised management is intended to streamline audit reporting and improve threat response, reducing operational complexity across the data lifecycle. Industry perspectives Leila Kuntar, Principal Information Security Engineer at Amadeus, commented on the launch: "Thales' innovative approach to File Activity Monitoring tackles key challenges like blind spots in hybrid environments, offering real-time visibility and smart anomaly detection — a potential game-changer for teams overwhelmed by false positives. By striking the right balance of depth and simplicity, FAM shows promise in helping us strengthen the SOC without added complexity. With tighter SIEM integration, it can sharpen response and let teams focus on what matters most. We're excited to see how FAM evolves and enhances our data security." Kuntar's remarks reflect the challenges security teams face in managing complex hybrid data environments, and the need for visibility without an increase in operational burden or false positives. Todd Moore, Vice President of Data Security Products at Thales, said: "As unstructured data grows rapidly across distributed environments, organizations need more integrated ways to track and safeguard their most sensitive information. With File Activity Monitoring, Thales reinforces its leadership in enterprise data security by delivering real-time insight, intelligent automation, and unified visibility through a single, powerful platform." Capability detail File Activity Monitoring strengthens Data Security Posture Management (DSPM) by allowing security teams to discover, classify, observe, and control sensitive data across all infrastructure types. It can pinpoint the location of sensitive data, identify who has access, and determine if it is secured in real time, supporting the detection of suspicious behaviours such as unauthorised copying or sharing. The tool can transform static data classification into dynamic risk intelligence by incorporating behavioural context, and supports remediation techniques including rapid incident reconstruction via audit logs and the application of strong encryption where needed. AI-powered assistance To assist with compliance and security workflows, FAM includes a Generative AI-powered Data Security Assistant. This chatbot provides capabilities to query audit information, generate custom reports, and facilitate compliance processes, lessening the administrative load on IT and security professionals while supporting regulatory obligations. Moore also addressed the need for adaptable security controls, stating: "As technology evolves rapidly, our controls must be flexible enough to keep pace without adding complexity. Automation and intelligence help overwhelmed security teams scale operations and focus on what matters most. With tools like our chatbot, they can ask natural language questions and get instant, actionable answers, accelerating response times and improving operational efficiency." Thales has previously focused on structured database activity protection and is now extending this experience to include unstructured data. The platform aims to offer similar oversight and operational experience for both data types, addressing growing organisational requirements for data control and security as data volumes increase and diversify.