Bitdefender has announced Internal Attack Surface Assessment, a free evaluation designed to help organizations identify internal risk exposure stemming from unnecessary access to operating system applications, tools, and utilities that are often exploited in modern attacks. The company frames this launch as a 45-day program available to organizations with 250 or more employees, focusing on measuring, prioritizing, and reducing attack surface without disrupting daily operations.
The initiative comes at a time when attacks abusing legitimate system tools, known as Living-Off-the-Land (LOTL) techniques, continue to gain prominence over traditional malware. Bitdefender states that, after analyzing more than 700,000 security incidents, it detected that 84% of serious attacks involved the use of legitimate binaries and utilities already present in the environment, such as PowerShell, WMIC, or similar administrative tools. This data is from the company’s own research and has become a core element of its prevention messaging.
Bitdefender’s approach is not a traditional external audit, but a guided assessment supported by its GravityZone PHASR technology, an acronym for Proactive Hardening and Attack Surface Reduction. According to the company, this solution combines dynamic behavior-based hardening with real-time threat intelligence to identify excessive access and restrict unnecessary tools before they can be exploited in an attack. Bitdefender describes it as an endpoint security innovation focused on reducing attack surface without disrupting normal business operations.
Practically, the program promises three main benefits. First, it quantifies internal risk at a user level — understanding which individuals have access to sensitive binaries, applications, or utilities, and how this aligns with their normal behavior. Second, it detects shadow IT and unauthorized tools, including unapproved binaries, unusual network activity, or software accessing corporate resources outside of the expected inventory. Third, it provides actionable recommendations to start hardening the environment and reducing exposure. Bitdefender claims that with this approach, organizations can reduce their attack surface by up to 95%, although this figure should be seen as a marketing estimate based on their technology, not a guaranteed universal outcome.
This movement aligns with a broader cybersecurity trend. Increasingly, vendors are shifting focus from detection and response towards active prevention. This approach emphasizes reducing, in advance, the number of tools, permissions, and lateral movement paths that an attacker can leverage in the environment. Bitdefender has been promoting this idea with PHASR for months, emphasizing that traditional defense methods are losing efficacy against stealthy, fileless attacks that exploit legitimate system components.
In this context, the free assessment also serves as a commercial showcase for PHASR. Bitdefender notes that this technology can reduce unnecessary risk by over 30% in 30 days and lessen investigation and response efforts by eliminating irrelevant alerts tied to legitimate tools. With this new program, the company aims to provide an easier way for businesses to measure that risk before deciding whether to adopt permanent controls.
The message to the market is clear. Bitdefender wants to draw attention to a often overlooked area: inherited permissions, system binaries accessible to nearly any user, and utilities that, while not malware, can become allies for attackers. In a landscape where abusing legitimate tools has become a dominant tactic, any initiative that helps uncover this invisible layer of risk can be attractive — especially for mid-sized and large companies that have deployed EDR, XDR, or other defenses but still face internal exposure issues.
Frequently Asked Questions
What exactly did Bitdefender launch?
They launched Bitdefender Internal Attack Surface Assessment, a free 45-day evaluation designed to help organizations identify internal risks related to unnecessary access to tools, applications, and utilities often exploited in modern attacks.
Is it available to any company?
No. According to Bitdefender, the program is available for organizations with 250 or more employees.
What technology does this assessment use?
The assessment leverages GravityZone PHASR, Bitdefender’s solution for proactive hardening and attack surface reduction.
What are LOTL attacks and why do they matter?
They are attacks that use legitimate system tools like PowerShell or WMIC to move laterally, escalate privileges, or evade detection. Bitdefender asserts that 84% of serious attacks analyzed internally involved these techniques.
Does Bitdefender claim how much the attack surface can be reduced?
Yes. The company states that organizations can reduce their attack surface by up to 95% through the controls and recommendations derived from this assessment, although this number is based on their marketing positioning.
via: bitdefender