Bitdefender unveils GravityZone tool for easier compliance
The company has introduced GravityZone Compliance Manager, which aims to assist businesses in reducing the costs and operational obstacles associated with compliance while streamlining the process of achieving audit readiness.
The solution comes at a time when regulations such as GDPR, PCI DSS, NIS2, and DORA are enforcing stricter penalties for non-compliance, including fines up to EUR €20 million or 4% of global annual turnover under GDPR, and USD $100,000 per month under PCI DSS. These penalties are in addition to reputational harm that can result from regulatory breaches.
GravityZone Compliance Manager provides real-time visibility into an organisation's compliance posture, automates remediation tasks, generates audit-ready reports, and allows for one-click compliance documentation.
The solution is fully integrated with Bitdefender's existing endpoint security and risk analytics platform.
Andrei Florescu, President and General Manager of Bitdefender Business Solutions Group, commented on the release: "The consequences of non-compliance, including financial loss, operational disruption, and reputational damage, rival those of a data breach or ransomware attack, yet most businesses lack the resources or specialised talent needed to manage compliance with confidence."
"GravityZone Compliance Manager is a game-changer that consolidates compliance, risk management, and endpoint security on a single platform, enabling businesses to meet regulatory demands effortlessly and reduce complexity to strengthen cyber resilience."
Patria Bank has served as an early access client for GravityZone Compliance Manager.
Alin Paunescu, Chief Information Security Officer at Patria Bank, shared insights on the tool's impact: "GravityZone Compliance Manager performed well for us during early access. The continuous monitoring and assessment feature reduced our reliance on manual scans, saving valuable time. Because it's integrated into our existing security stack, we've avoided the additional cost and complexity of using external tools. It has simplified our operations by eliminating the need for multiple point solutions."
Recent guidance from Gartner has underscored the importance of integrating compliance and risk management via automated, continuous monitoring and impact-based assessments.
According to research cited by Bitdefender, organisations increasingly risk severe consequences for fragmented or manual approaches to regulatory compliance.
Despite escalating regulatory demands globally, many organisations continue to rely on siloed tools and manual processes that may be insufficient to address comprehensive compliance requirements. GravityZone Compliance Manager is designed as an add-on to the company's core GravityZone platform to provide a unified approach, bringing together compliance, risk, and security operations in one system. This integration includes real-time compliance scoring, automated reporting, and guided remediation without requiring specialised in-house compliance expertise.
The solution's features include automated audit-ready reports that can be generated in seconds, using information already collected by Bitdefender tools.
These reports are structured to meet auditor standards and include an executive summary, an analysis of compliant versus non-compliant checks, and a risk overview with a severity breakdown.
Additionally, the platform integrates compliance management with security and risk analytics alongside tools like Bitdefender Proactive Hardening and Attack Surface Reduction (PHASR).
This combination allows organisations to reduce system vulnerabilities and maintain ongoing alignment with compliance requirements. Whenever risks are mitigated, the platform automatically updates compliance status, enhancing operational efficiency and cybersecurity posture.
GravityZone Compliance Manager supports immediate alignment with a broad range of industry and geography-specific frameworks, such as GDPR, HIPAA, DORA, NIS 2 Directive, PCI DSS, SOC 2, ISO 27001, CISv8, and CMMC 2.0. Organisations can identify and address compliance gaps with a single click and access detailed information on risks and affected assets per standard.
The solution's full feature set is available to new and existing GravityZone customers.
Organisations using the platform's risk management functions gain immediate access to a standard set of compliance tools, while a full Compliance Manager add-on licence provides support for advanced frameworks, comprehensive scoring, enhanced visibility, and exportable reports.
Bitdefender has indicated that while GravityZone Compliance Manager is intended to assist organisations with compliance-related activities, it does not replace internal compliance efforts or guarantee the outcome of external audits.
The company recommends that organisations work with approved auditors for formal compliance certification processes.
Hashtags
Try Our AI Features
Explore what Daily8 AI can do for you:
Comments
No comments yet...
Related Articles
Techday NZ
26-06-2025
- Techday NZ
Verax launches Protect to tackle AI data leak risks for firms
Verax AI has announced the global launch of Verax Protect, a solution designed for enterprise use to uncover and mitigate risks associated with Generative AI, with a particular focus on preventing the unintended leakage of sensitive data. The adoption of Generative AI in workplaces is continuing to rise, with many businesses turning to such technology to enhance productivity. However, this rapid integration is exposing us to a number of significant risks, particularly the risk of data leakage. One key concern is that employees might input sensitive data or proprietary information into AI prompts, unintentionally sharing it with external third-party platforms. Recent data shows that over 40% of businesses in the United States now have paid subscriptions to AI models, platforms, and tools, a substantial increase from just 5% in 2023. At the same time, 30% of organisations using AI have already experienced incidents related to AI security. These incidents are also becoming increasingly costly; the global average cost of a data breach reached an all-time high of USD $4.88 million in 2024, a 10% increase from the previous year. Verax Protect is positioned to assist enterprises, including those operating in highly regulated sectors such as finance, healthcare, and defence, in harnessing the advantages of AI while maintaining compliance with data privacy and cybersecurity standards. The solution is designed to support these organisations in avoiding compromises in their stringent data protection regimes as they expand their use of AI. Core features Verax Protect features several core components designed to address key enterprise concerns. The solution aims to prevent proprietary and sensitive data from being inadvertently leaked into third-party AI tools. As AI platforms encourage users to input as much information as possible for optimal results, this has sometimes resulted in employees exposing confidential information to providers that their organisation has not fully vetted. Another key capability is preventing AI tools from disclosing information to staff who are not authorised to access it. The growing use of AI for tasks such as generating reports and summarising company documents increases the risk that internal data could be overshared, placing sensitive material at risk of being viewed by unauthorised personnel. Verax Protect also facilitates the enforcement of organisational AI policies by automating compliance measures. Traditionally, companies have relied on approaches such as employee training sessions and reminder pop-ups to ensure compliance, though these methods have proven largely ineffective. The automated approach aims to reduce the chances of both accidental and deliberate violations of internal policies. In addition to these controls, the solution is designed to help organisations meet security and data protection certification requirements. Many regulatory frameworks, such as the General Data Protection Regulation (GDPR) in Europe or sector-specific laws in the United States, like HIPAA for healthcare and GLBA for financial services, mandate demonstrable efforts to safeguard sensitive data. The adoption of Generative AI presents new challenges around implementing and demonstrating such protections. Verax Protect provides tools to support compliance initiatives and document data safeguarding activities even as AI use increases. Executive insight The launch of Verax Protect is the latest step for the company, which was founded in 2023 by Leo Feinberg, Co-founder and Chief Executive Officer, and Oren Gev, Chief Technology Officer. The two previously founded CloudEndure, a cloud migration and disaster recovery business, was later acquired by Amazon Web Services for USD $250 million. Leo Feinberg, commented: "Generative AI is a double-edged sword. It promises unprecedented gains in productivity, but it also introduces unprecedented risks. With Verax Protect, we're enabling enterprises to stay competitive by leveraging the power of AI without compromising the security, privacy, and compliance of their most sensitive data." Verax AI also offers other products designed to govern AI usage, including Verax Explore and Verax Control. These tools are intended to help organisations monitor and manage both their internal and external use of AI technologies. According to the company, Verax Protect operates as a real-time oversight and risk mitigation tool tailored to the requirements of modern enterprises. The system integrates with internal business systems and provides adjustable controls that reflect both technical and organisational policy requirements. The increasing prevalence of AI adoption in regulated industries underlines the need for effective risk management and oversight. Verax Protect is designed with these requirements in mind, aiming to help businesses benefit from the productivity enhancements of AI while continuing to meet regulatory and security expectations.
Techday NZ
26-06-2025
- Techday NZ
Milestone & Genoa launch EU-compliant AI for smart cities
Milestone has commenced work on Project Hafnia in Europe, collaborating with the city of Genoa, Italy, to develop AI-driven solutions for traffic management and urban infrastructure using NVIDIA technology. The project's primary objective is to use artificial intelligence to enhance city operations by leveraging regulation-compliant video data, ensuring alignment with European legal frameworks, including GDPR and the EU's AI Act. Project Hafnia, after its launch in the United States, will provide high-quality video data that have been processed using NVIDIA NeMo Curator on the NVIDIA DGX Cloud platform. Milestone is adopting the NVIDIA Omniverse Blueprint for Smart City AI, which is a reference framework designed to optimise city operations through digital twins and AI agents. In addition to this, Milestone is expanding its proprietary data platform using NVIDIA Cosmos. This approach enables the generation of synthetic video data based on real-world inputs, combining both real and synthetic datasets to build and train vision language models (VLMs) responsibly. The company has engaged Nebius, a European-based cloud provider, to supply the GPU compute required for the training of these models. This partnership is intended to ensure that all data processing and storage remain fully compliant with European data protection regulations, while supporting digital sovereignty objectives and keeping sensitive public sector data strictly within EU jurisdiction. Urban AI applications Project Hafnia seeks to harness the potential of VLMs, which are AI models capable of mapping relationships between visual data—such as images or videos—and corresponding text. This enables the models to generate summaries and insights from visual sources, which can be applied across multiple domains including transportation, safety, and security within city environments. Emphasising the importance of regulatory compliance and ethical data sourcing, the project aims to support cities throughout Europe in building and refining computer vision and AI applications that align with the region's standards for privacy, transparency, and fairness. "I'm proud that with Project Hafnia we are introducing the world's first platform to meet the EU's regulatory standards, powered by NVIDIA technology. With Nebius as our European cloud provider, we can now enable compliant, high-quality video data for training vision AI models — fully anchored in Europe. This marks an important step forward in supporting the EU's commitment to transparency, fairness, and regulatory oversight in AI and technology — the foundation for responsible AI innovation," says Thomas Jensen, CEO of Milestone. The company states that the compliant and ethically sourced data library enabled by Project Hafnia provides the necessary foundation for developing advanced video analytics models and vision language models. The models are configured for optimal performance on NVIDIA GPUs and are compatible with NVIDIA AI Blueprint frameworks focused on video search and summarisation (VSS). Application in Genoa The first practical implementation from Project Hafnia is a European Visual Language Model purpose-built for transportation management. This VLM is developed using transportation data sourced directly from Genoa, Italy, ensuring that only compliant and responsibly gathered data are used. "AI is achieving extraordinary results, unthinkable until recently, and the research in the area is in constant development. We enthusiastically joined forces with Project Hafnia to allow developers to access fundamental video data for training new Vision AI models. This data-driven approach is a key principle in the Three-Year Plan for Information Technology, aiming to promote digital transformation in Italy and particularly within the Italian Public Administration," says Andrea Sinisi, Information Systems Officer, City of Genoa. The framework developed through Project Hafnia is designed for scalability, allowing it to extend across multiple domains and accommodate future technological developments. The resulting compliant data set and the fine-tuned VLM will be made available to participating cities under a controlled access licence model, facilitating broader AI adoption across Europe whilst upholding ethical standards. Nebius as cloud partner Nebius will provide the cloud infrastructure underpinning Project Hafnia in Genoa, ensuring that all processing power and data handling are carried out within the jurisdiction of the EU. This guarantees adherence to European data handling regulations and digital sovereignty imperatives. "Project Hafnia is exactly the kind of real-world, AI-at-scale challenge Nebius was built for," says Roman Chernin, Chief Business Officer of Nebius. "Supporting AI development today requires infrastructure engineered for high-throughput, high-resilience workloads, with precise control over where data lives and how it's handled. From our EU-based data centres to our deep integration with NVIDIA's AI stack, we've built a platform that meets the highest standards for performance, privacy and transparency." Milestone's approach with Project Hafnia positions it as an early adopter within the sector of European AI development, focusing on regulatory-compliant, ethically sourced, and technologically advanced infrastructure solutions for urban environments. Through partnerships with city administrations such as Genoa and technology providers including NVIDIA and Nebius, Milestone aims to facilitate responsible deployment of AI for urban improvement initiatives across Europe.
Techday NZ
26-06-2025
- Techday NZ
Bitdefender unveils EASM for proactive attack surface security
Bitdefender has launched a solution designed to provide managed service providers, businesses, and their customers with comprehensive oversight of internet-facing assets and related vulnerabilities. The release of GravityZone External Attack Surface Management (EASM) comes amid growing focus on attack surface reduction, a strategic priority identified by cybersecurity experts and highlighted in recent industry research. Gartner forecasts suggest that, through 2029, over 60% of security incidents will be linked to misconfigured technical security controls. A recent survey of 1,200 cybersecurity professionals also places attack surface reduction at the forefront of their operational concerns. The evolving digital landscape, fuelled by ongoing digital transformation, widespread cloud adoption, remote work trends, and increased integration with third-party infrastructure, is expanding the range of potential entry points that adversaries could exploit. Bitdefender pointed out that, without effective oversight, assets such as abandoned domains, improperly configured cloud resources, and expired digital certificates may go unnoticed, potentially leaving organisations exposed to attackers who habitually probe the internet for vulnerabilities. The EASM module is designed to work without requiring deployment on endpoints, providing a proactive mechanism for identifying and assessing external risks while aiming to minimise the scope of possible attack vectors. By continually discovering, mapping, and analysing internet-exposed assets from the same perspective as potential attackers, organisations are positioned to assess risk, identify vulnerabilities, and take remedial actions before any potential exploitation. GravityZone EASM is provided as an add-on to Bitdefender GravityZone, which is the company's platform for endpoint protection, endpoint detection and response, extended detection and response, and cloud-native security. The system scans a wide range of asset categories, such as IPv4 and IPv6 addresses, IP blocks, email addresses, and domains. Comprehensive asset discovery is achieved by identifying public IPs, alerting to expiring or expired certificates, highlighting vulnerable public services, and recognising open network ports. This asset review process is intended to ensure that all relevant systems are accounted for in centralised monitoring and management. Features Bitdefender highlighted that GravityZone EASM delivers rapid discovery and visibility by scanning and mapping all internet-facing assets—including devices, domains, subdomains, applications, certificates, connections to third parties, and instances of shadow IT—within as little as 30 minutes. Organisations are provided with a full view of their attack surface, extending even to assets that are unmanaged or no longer in regular use. The solution incorporates continuous vulnerability monitoring and alerting. It detects vulnerabilities and misconfigurations across both internal and external systems, including assets managed by external partners, customers, and entities within the supply chain. Immediate, context-rich alerts for exposed systems, expired certificates, and high-risk threats are generated. Alerting is prioritised according to severity, such as CVE scores, to optimise the response processes and remediation actions. GravityZone EASM forms part of a unified approach for security, risk management, and compliance within the GravityZone platform. By integrating these functionalities, both security analysts and administrators can leverage the solution for use cases such as threat analysis, vulnerability prioritisation, policy enforcement, and configuration of access controls. All operations are managed within a single platform. "Security teams across businesses and MSPs face increasing pressure to keep pace with expanding attack surfaces, driven by digital transformation and complex third-party ecosystems," said Andrei Florescu, President and General Manager at Bitdefender Business Solutions Group. "Effective defence-in-depth security starts by reducing the attack surface as much as possible before threats reach the detection and response layers. GravityZone EASM is a critical part of our vision for unified security, risk management, and compliance, enabling proactive discovery and control of internet-facing assets that could serve as potential entry points for attackers." Bitdefender GravityZone EASM is available as an option to select license tiers of GravityZone and for use in conjunction with the company's managed detection and response services.
