Bitdefender Launches PHASR to Fight Stealthy Cyber Threats

Bitdefender has launched GravityZone Proactive Hardening and Attack Surface Reduction (PHASR), an endpoint security system designed to respond to users' behaviours and privileges.

GravityZone PHASR is available globally to partners and customers, arriving as the cybersecurity sector faces a significant challenge from living-off-the-land (LOTL) threats—attacks that exploit legitimate tools and processes already present on target systems. According to Bitdefender's investigations, LOTL techniques are now involved in more than 70% of major security incidents.

The system addresses these threats by analysing behaviours such as application usage and resource access at the individual user level. Upon detecting actions or permissions that fall outside normal parameters, PHASR dynamically restricts access to specific tools or privileges, aiming to reduce potential attack surfaces and enforce compliance with internal policies.

"Legitimate tools and Living-Off-the-land (LOTL) techniques are now involved in over 70 per cent of major security incidents, according to our investigations. GravityZone PHASR is the only purpose-built solution designed to combat this growing epidemic by precisely controlling access to tools like PowerShell and WMIC—effectively stopping LOTL-style attacks at their source," Dragos Gavrilut, Vice President of Threat Research at Bitdefender, said.

The solution is offered as an add-on to Bitdefender GravityZone, which is the company's unified security and risk analytics platform.

PHASR uses machine learning developed as part of GravityZone Extended Detection and Response (XDR) to generate behavioural profiles for individuals and groups. These AI-driven profiles enable the system to assess vulnerabilities and identify potential attack vectors across key areas, including data access, application usage, and security permissions.

According to Gartner forecasts, there is a growing shift toward automation in cybersecurity risk reduction. The firm states that by 2030, 60% of exposure management tasks and remediation will use intelligent automation, up from 10% today. Gartner's research also emphasises that attack surface reduction applies to all types of attacks and focuses on technologies designed to reduce an organisation's exposure to compromise without the need for detection.

GravityZone PHASR offers several features designed to reduce organisational risk. The system correlates real-time user behaviours with known threat patterns to determine the best possible security configuration for each user, enabling a reduction of the attack surface without impairing daily business operations.

Another focus is the preemptive blocking of LOTL-style threats, also known as Living-Off-the-Land-Binaries (LOLBins). By restricting access to such tools before they can be exploited, PHASR seeks to reduce the risk of data breaches, decrease alert fatigue for SOC teams, and potentially lower overall security costs by limiting unnecessary permissions.

In environments where attackers have previously succeeded by repeating known techniques across different systems, PHASR aims to introduce variability. The solution applies tailored defences to each endpoint to stop adversaries from efficiently reusing their methods following an initial breach.

"Innovation in cybersecurity must solve real problems—not add complexity. GravityZone PHASR is a true game changer that strengthens endpoint security by tackling today's most pressing challenges—including stealthy LOTL attack techniques. By applying tailored security controls to each user based on behaviour, PHASR minimises unnecessary access, hardens environments, and helps organisations stay ahead as attack surfaces grow," Andrei Florescu, President and General Manager at Bitdefender Business Solutions Group, said.

GravityZone PHASR is currently available as an additional module for GravityZone users, expanding the platform's range of preventative measures against evolving cyber threats based on advanced analytics and automated risk mitigation.