Bitdefender: PHASR update at InfoSecurity Europe 2025

At the InfoSecurity Europe 2025 show in June, Richmond Advisory Group met with cybersecurity practitioners, vendors and service providers to learn about their latest products and services and get their views on the cybersecurity market. Note that all published content was reviewed and fact-checked by the profiled company. We are very grateful for the time each company spent with us.

At the show I had the chance to sit down with Martin Zugec, EMEA Director, Technical Marketing and Andra Cazacu, Director of Industry Analyst Relations at Bitdefender. We talked about some new security incident research the firm has just completed and followed up on the launch of the Bitdefender GravityZone Proactive Hardening and Attack Surface Reduction (aka PHASR) platform for unified security, compliance, and risk analytics launched in April this year.

PHASR Update

Zugec shared some initial results from the company's recent survey, including some surprising findings: of the 700,000 security incidents examined, 84% of the identified high-severity attacks used "living off the land" techniques, where legitimate, installed tools and technologies (as opposed to injected malware for example) are highjacked by the attackers. It's a trend that Bitdefender has seen over the last five years or so, and the challenge has been to identify where the potential overlap is. Tools commonly used by attackers are also popular with systems administrators, meaning that in most cases the tools cannot simply be disabled.

PHASR seeks to address this challenge by building profiles for each user and device combination to determine if a user needs to use a specific tool on a specific device. If they do, then one solution is to disable only part of the tool's functionality for that user. An example Zugec gave was that of an application that uses Microsoft PowerShell. Perhaps the application only requires partial functionality of the automation and configuration management capabilities. PHASR can enable the parts of PowerShell that are required for functionality and disable the other parts. The objective for this approach is not to identify every single anomalous behaviour (there would be too many to track), but rather take the known malicious behaviour, and compare it with each individual user's behaviour to determine what action to take.

Bitdefender has been using AI tools for the last 15+ years to develop its capabilities across its portfolio, including their use in adversarial networks, where they say they are building the "good" AI to challenge the "bad". In terms of the effectiveness of threats created by AI - for example malware - Zugec considers such attacks not to be very sophisticated, explaining that they have seen slightly modified, mediocre malware for years. Instead, the investigations that prompt the utilisation of Bitdefender's tools are all too familiar: missing Multi-Factor Authentication (MFA), flat networks, and open appliances that IT teams are unaware of. It tends to validate Zugec's focus on the importance of cybersecurity education and awareness, the reinforcement of security hygiene, and the critical nature of human-to-human triage.

Acquisition of Mesh Security

Bitdefender has just announced its intention to acquire email security specialist Mesh Security. Bitdefender says that the five-year-old company's technologies will be integrated into the GravityZone platform and its managed detection and response (MDR) services offerings. Email remains a critical technology and while Bitdefender does have security offerings in this area, it probably felt that Mesh could strengthen its capabilities. What is different is that Mesh has a dual-layered approach, providing perimeter-based protection but also with mailbox-level defence through API deployments. While this approach is not new, it is still considered to be an effective combination. Integrating Mesh will expand visibility for Bitdefender as well as better telemetry in this area.

Financial details of the planned acquisition were not disclosed, but it appears that the addition of Mesh will be complementary to Bitdefender's portfolio as well as its channel strategy and MSP partnerships. We will monitor progress and provide an update once we know more.

The Gist

Bitdefender offers an extensive range of managed services but also has its own IP. This allows for differentiation in a crowded market as well as a level of solution development that services-only players lack. Bitdefender was recognised as A Customers’ Choice in the 2025 Gartner Peer Insights Voice of the Customer for Endpoint Protection Platforms (EPP) report, alongside rivals CrowdStrike, Fortinet, Palo Alto Networks and Sophos. If the Mesh acquisition is successful, and its products can be quickly integrated, Bitdefender stands to further distinguish itself as a leading endpoint protection services provider, especially with the channel and MSP community.