BI.ZONE EDR 1.38 boasts AI assistant

New capabilities include vulnerability detection via the Threat Prediction module, operational technology protection via the ICS/OT module, and Linux self‑protection

August 25, 2025

BI.ZONE EDR users can now take advantage of BI.ZONE Cubi, an AI assistant that simplifies querying the telemetry storage. With BI.ZONE Cubi, users can create complex queries in a natural language, without diving deep into query syntax or data structure. This minimizes query errors and enables faster search for incident response information.

Leveraging advanced technologies like AI is fundamental to our product strategy. The AI assistant capabilities for BI.ZONE EDR will be substantially expanded. These include automated false positive detection and exclusion generation, alert summarization, and much more.

Teymur Kheirkhabarov

Head of Cyber Threat Monitoring, Response and Research

In BI.ZONE EDR 1.38, detection rules can be viewed directly in the interface. Users can see currently monitored threats and events, which enhances the transparency and manageability of the security system. The interface offers filtering and sorting by MITRE ATT&CK tactics and techniques, severity, exclusions, and other parameters. This simplifies the search for specific rules and speeds up operations based on these rules.

Users can now manage exclusions in the BI.ZONE EDR interface. Previously, adding an exclusion meant manually editing monitoring policy configurations—a time-consuming task that required expert technical knowledge. Now the process has been simplified with a dedicated exclusion builder tool.

Another important update addresses threat detection. This capability is implemented in the Threat Prediction module which continuously receives latest vulnerability data from BI.ZONE update servers and scans protected devices for vulnerable programs and OS components. The module receives feeds from the BI.ZONE Threat Intelligence portal, including data about the discovered vulnerabilities and associated threat actors. This approach enables quick threat severity assessment and preventive action.

The latest BI.ZONE EDR release features an ICS/OT module enhancing the security of industrial control and operational technology systems. It ensures continuous incident monitoring and response on the OT workstations and servers. The module identifies and analyzes insecure configurations in WinCC and MasterSCADA systems. This helps to promptly detect and fix related vulnerabilities caused by such misconfigurations, reducing the risk of unauthorized access—a major concern for critical infrastructure environments.

Last but not least is the Linux self-protection capability which prevents attempts to disable or tamper with BI.ZONE EDR. Thanks to self-protection, attackers are not able to interfere with monitoring and response processes even if they gain privileged access to the system. The new feature enables BI.ZONE EDR to remain effective even under targeted attacks—a crucial capability for securing corporate Linux environments.