“Legitimate tools and Living-Off-the-land (LOTL) techniques are now involved in over 70% of major security incidents, according to our investigations,” said Dragos Gavrilut, vice president of threat research at Bitdefender. “GravityZone PHASR is the only purpose-built solution designed to combat this growing epidemic by precisely controlling access to tools like PowerShell and WMIC—effectively stopping LOTL-style attacks at their source.”
GravityZone PHASR reduces attack surfaces, mitigates unnecessary risk, and enforces compliance by analyzing individual user behaviors such as application usage and access to resources—and dynamically restricting tools or privileges that fall outside established norms.
Gartner® forecasts, “By 2030, 60% of exposure management tasks and remediation will use intelligent automation, up from 10% today,”¹ which we believe highlights an industry shift toward preventative, automated risk mitigation. According to Gartner, “Attack surface reduction includes all technologies that reduce an organization’s exposure to compromise…The common idea behind these technologies is that there is no detection required. Attack surface reduction applies to all attacks, even the most evasive.”²
GravityZone PHASR delivers a powerful, proactive approach to reducing threat exposure and compliance risk. Offered as an add-on to Bitdefender GravityZone—the company’s flagship unified security and risk analytics platform—PHASR is built on years of advanced machine learning (ML) applied to users, groups, applications, and endpoints within GravityZone Extended Detection and Response (XDR). It leverages proprietary artificial intelligence (AI) to create profiles of behavioral norms across individuals and groups, focusing on key areas such as data access, application usage, and security permissions. This enables a comprehensive assessment of vulnerabilities and potential attack vectors impacting the business.
Key Benefits of GravityZone PHASR include:
· Drastically reduces attack surfaces – GravityZone PHASR correlates user behaviors with active threat vectors and attacks. This determines the optimal attack surface configuration, unique to each user, enabling organizations to minimize the attack surface without compromising operational efficiency.
· Proactively stops LOTL attack techniques – GravityZone PHASR restricts access to Living-Off-the Land-Binaries (LOLBins) before exploitation, reducing data breach risks, alert fatigue and security
costs. It delivers targeted hardening that minimizes access to tools and resources for users who don’t require them for their daily tasks.
· Defeats repeatable attack patterns – GravityZone PHASR tailors defenses to each system, making it harder for attackers to reuse the same techniques across environments. Threat actors often replicate successful methods once they bypass a security tool—PHASR disrupts this by ensuring detections behave differently from system to system.
“Innovation in cybersecurity must solve real problems—not add complexity,” said Andrei Florescu, president and general manager at Bitdefender Business Solutions Group. “GravityZone PHASR is a true game changer that strengthens endpoint security by tackling today’s most pressing challenges—including stealthy LOTL attack techniques. By applying tailored security controls to each user based on behavior, PHASR minimizes unnecessary access, hardens environments, and helps organizations stay ahead as attack surfaces grow.”
