Introducing Bitdefender GravityZone PHASR – Dynamic Attack Surface Reduction

Alexandru_BD

Cybercriminals increasingly rely on Living off the Land (LOTL) tactics — abusing legitimate tools and trusted applications to blend into enterprise environments. These tactics are now involved in 70% of cyberattacks, making conventional controls ineffective.

Bitdefender GravityZone PHASR (Proactive Hardening and Attack Surface Reduction) changes this by dynamically restricting risky apps or risky actions within allowed apps, tailored to each user. It is the first solution to:

• Automatically identify and reduce unnecessary attack surface based on real-world usage
• Apply action-level blocking (e.g., allow PowerShell, but block encrypted scripts unless used normally)
• Continuously adapt to evolving behavior and threats using self-learning AI
• Prevent attack pattern reuse by stopping attackers from relying on the same evasion tactics across your organization

Instead of relying on static, generic policies, PHASR builds behavioral profiles per machine-user pair, then intelligently clusters similar profiles to simplify policy management — minimizing manual overhead.

PHASR autonomously analyzes usage across five key attack vector categories:

• LOTL Binaries (e.g., PowerShell.exe, Certutil.exe, WMIC.exe)
• Tampering Tools (e.g., procexp.exe, LiveKd.exe)
• Piracy Tools (e.g., keygens, cracks)
• Cryptominers (e.g., XMRig, PhoenixMiner)
• Remote Admin Tools (e.g., TeamViewer, AnyDesk)

You can choose Autonomous Risk Mitigation (automated enforcement) or Direct Control (manual review) for each category. PHASR continuously calculates risk scores and offers recommendations with high impact and low disruption — helping you eliminate what attackers abuse without blocking your users.

PHASR’s dashboard (Monitoring → ASM → PHASR) gives security teams clear visibility into:

• Current attack surface exposure
• Risk reduction opportunities
• Active incidents tied to monitored vectors
• Profile-specific tool usage and restrictions

PHASR integrates directly into GravityZone’s security, risk, and compliance platform, reducing complexity and accelerating protection.

For those interested to learn more about how PHASR is configured and how its logic works, we recommend checking out the following resources:

• TechZone article: https://techzone.bitdefender.com/en/security-layers/prevention/risk-management/proactive-hardening-and-attack-surface-reduction--phasr-.html - covers info about the behavioral engine, activity types, dashboard features, and possible use cases.
• Masterclass sessions: – explore how PHASR dynamically adapts policies based on user behavior:
  
  EMEA Masterclass – April 24, 2025 | 2:00 PM CEST / 7:00 AM CDT
  North America Masterclass – April 29, 2025 | 6:30 PM CEST / 11:30 AM CDT
  
• Live Webinar: – gain exclusive insights into employee attack surfaces, why tools that users don’t need are accessible for attackers, and how you can address this challenge using PHASR:
  
  Live Webinar – May 6, 2025 | 4:00 PM CEST / 9:00 AM CDT

For more information on PHASR, click here:

https://www.bitdefender.com/en-us/business/products/gravityzone-phasr