Sold by: Bitsight
Deployed on AWS
Vendor Insights
Drive accountability and transparency across the organization based on a uniform security performance target. With this governance framework in place, measure the effectiveness of security controls, analyze the attack surface, prioritize findings and track remediation activities. Annual subscription.
4.5
Overview
Bitsight pioneered the security ratings industry in 2011, creating our cybersecurity ratings platform. Today, the Bitsight rating is known around the world as a trusted analytic to help organizations understand and manage cyber risk.
Leveraging the Bitsight Security Rating, the only rating independently correlated to the likelihood of a breach and a company's stock performance, over 2,400 companies build trust in their cybersecurity and third-party risk management program. Bitsight helps organizations drive market decisions, like credit analysis, financial ratings, pricing, ESG frameworks, and Mergers and Acquisitions activity. This gives confidence to vendors and the extended organization, enabling a safe and more secure world by empowering better cyber risk decisions.
Bitsight helps organizations identify, quantify, and reduce cyber risk
Bitsight Security Performance Management (SPM) measures an organization's cybersecurity performance over time. With continuous visibility of the organization's extended digital footprint and a differentiated view of the organizations unique hierarchical structure, SPM facilitates organizational cyber risk oversight. Security leaders and their teams rely on BitSight SPM for:
For custom pricing offers, please contact: bitsightawsmp-customoffer@bitsight.com
Highlights
- 44+ trillion raw events collected & 100 billion new events collected each day
- 40 million rated organizations worldwide with 12+ months of historical data included
- For custom pricing offers, please contact: bitsightawsmp-customoffer@bitsight.com
Details
Sold by
Delivery method
Deployed on AWS
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Skip the manual risk assessment. Get verified and regularly updated security info on this product with Vendor Insights.
Security credentials achieved
(1)
SOC2
Buyer guide
Gain valuable insights from real users who purchased this product, powered by PeerSpot.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
SPM Enterprise Combined | per license (includes 20 benchmarking subscriptions) | $138,550.00 |
Vendor refund policy
No refunds
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Bitsight
By SecurityScorecard
By Safe Security
Top
50
In Device Security
Top
10
In Procurement & Supply Chain, Legal & Compliance
Top
10
In Centralized Risk Management
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Security Rating Platform
Independently correlated cybersecurity ratings platform that measures organizational security performance and likelihood of breach correlation.
Event Data Collection and Analysis
Processes 44+ trillion raw events with 100 billion new events collected daily for threat intelligence and risk assessment.
Historical Data and Benchmarking
Provides 12+ months of historical security performance data across 40 million rated organizations for trend analysis and comparative assessment.
Attack Surface Analysis
Analyzes and provides visibility of extended digital footprint and organizational hierarchical structure for cyber risk oversight.
Remediation Tracking and Prioritization
Enables prioritization of security findings and tracking of remediation activities with accountability framework across the organization.
Continuous Security Monitoring
Monitors 10 risk factor groups continuously across more than 12 million companies using non-intrusive and proprietary data collection methods combined with trusted commercial and open-source threat feeds.
Quantitative Risk Assessment
Delivers quantitative evaluation of cybersecurity posture with an easy-to-understand A to F rating system for rapid vulnerability identification and remediation.
Third-Party Risk Management
Enables objective 360-degree assessment of vendor cybersecurity risks by combining inside-out questionnaire validation with outside-in security ratings to cut through questionnaire noise.
Automated Questionnaire Validation
Supports sending, completing, and auto-validating questionnaires at scale with automatic insight generation into the validity of responses leveraging security ratings data.
Multi-Use Risk Management Framework
Supports enterprise risk management, board reporting, due diligence, cyber insurance underwriting, and regulatory oversight use cases through a single platform.
Data-Driven Risk Quantification
Utilizes the FAIR™ Model to quantify and measure cyber risk with defensible, trustworthy data that meets regulatory requirements.
Unified Risk Management Platform
Consolidates first-party and third-party cyber risk visibility into a single platform with real-time monitoring and assessment capabilities.
Automated Telemetry Ingestion
Automatically ingests diverse telemetry signals from enterprise-wide controls to dynamically represent business exposure to cyber risks.
Risk Scenario Modeling
Provides a library of built-in cyber risk scenarios and enables creation of custom scenarios to visualize business risk exposure and map against known breaches.
Real-Time Risk Tracking
Delivers real-time, measurable tracking of cyber risk posture over time with continuous updates to industry breach data contextualized against organizational controls.
Validated by AWS Marketplace
FedRAMP
GDPR
HIPAA
ISO/IEC 27001
PCI DSS
SOC 2 Type 2
-
-
-
-
-
No security profile
No security profile
Standard contract
No
No
No
Customer reviews
Aditya Vikram Raj
Monitoring external exposure has improved risk scores and supports stronger cyber insurance outcomes
Reviewed on Apr 04, 2026
Review provided by PeerSpot
What is our primary use case?
I was primarily using Bitsight for attack surface monitoring and external attack surface monitoring use case.
I was monitoring all the alerts and the risk score that Bitsight provides. We mainly focused on improving the risk score for a particular organization for which we were using this in an MSSP setup. We were monitoring different scenarios and different alerts that Bitsight was throwing in, such as open ports cases, missing web application headers, and missing web application security headers. We then communicated this to our customer to get those particular things remediated so the risk score could improve over the portal.
What is most valuable?
The user interface and the area that Bitsight covers for attack surface monitoring use cases are excellent features. Bitsight's coverage ranges from open ports to web application security headers and web application headers, which in my opinion are the best features Bitsight offers. Bitsight also covers multiple other scenarios, including email headers, DMARC, and DKIM. Additionally, Bitsight scans for vulnerabilities across the system.
We were able to remediate a lot of positive alerts and our risk score improved on their platform, which further helped us to drive better results in terms of cyber insurance. Cyber insurance providers look for attack surface monitored scores quite seriously, and if your score is good, you are very well covered from an insurance point of view.
What needs improvement?
There was one case scenario where a lot of parked domains were observed for a particular organization that we were monitoring via Bitsight. Bitsight flagged a missing web application header although no exact web applications or web application had been hosted on that particular domain, and it had been in a parked state. We had a discussion with Bitsight team, and their concern was that although no web application was being hosted on that particular domain, it could still be exploited by threat groups. They provided examples in which those domains had already been leveraged by threat groups to emulate ransomware attacks.
From their point of view, Bitsight continues to flag those particular domains in their platform under the missing web application headers criteria. Since if the number of findings increases for a particular month, your overall risk score decreases, which can become a challenge for a team working on this particular issue. Bitsight could work on this use case scenario where they could either exclude or include findings, or create a separate criteria which would not affect the score. When delivering reports to a CISO, CTO, or CIO level, the score is one of the things that gets focused on first. My suggestion is that Bitsight might consider whether findings from parked domains where no web application is being hosted really need to be included in the mainstream findings. Bitsight could create a separate tab or criteria where they could inform customers about these findings without directly including them in the total number of findings. If the total number of findings increases for a particular month, that will impact the overall score, which becomes a challenge for a team working on this field and they have to explain why the score has dropped and whether remediations were not completed the previous month. This is an area that could be improved.
For how long have I used the solution?
I used this particular platform for more than one year in my last role at PwC.
What do I think about the stability of the solution?
Bitsight is quite stable in my experience without any downtime or reliability issues.
What do I think about the scalability of the solution?
Bitsight handles growth and increased workload well when it comes to scalability.
How are customer service and support?
Customer support seems fine to me, and I have interacted with them.
Which solution did I use previously and why did I switch?
Bitsight was my first external attack surface monitoring tool that I used, as I did not previously use a different solution before Bitsight.
What other advice do I have?
If you are exactly looking for external attack surface monitoring, and you are exploring options, then Bitsight is a very good option that you can explore. I have not worked upon any other solutions, but as far as Bitsight is concerned, it gives flexibility in choosing third-party vendor risk agreements and licenses, or a first-party point of view. You can publish your own score as well in case you have any concerns. That flexibility particularly depends upon the license and agreement that you have, whether you are using it from a first-party perspective or a third-party perspective. Bitsight provides this flexibility. I would rate this review an overall rating of eight.
Transportation/Trucking/Railroad
High Cost, Low Signal: More Noise Than Intelligence
Reviewed on Feb 10, 2026
Review provided by G2
What do you like best about the product?
The marketing and positioning are polished. On the surface, Bitsight Threat Intelligence (formerly Cybersixgill) appears to offer broad dark web coverage and an impressive volume of data sources. The promise of automated threat discovery across forums, marketplaces, and paste sites is appealing, especially for teams that lack in-house collection capabilities.
Unfortunately, that promise rarely translates into day-to-day value.
Unfortunately, that promise rarely translates into day-to-day value.
What do you dislike about the product?
The biggest issue is signal-to-noise ratio. The platform generates a high volume of alerts and findings, but a significant portion are low-quality, redundant, or irrelevant. Analysts spend far too much time filtering noise instead of responding to actionable threats.
Performance is another major drawback. Searches and dashboards are often slow, which is frustrating for a tool that claims near real-time intelligence. The UI feels dated and clunky, and workflows are not intuitive.
Support and documentation also fall short of expectations for a product at this price point. Documentation is thin, and support responses are not too helpful.
Performance is another major drawback. Searches and dashboards are often slow, which is frustrating for a tool that claims near real-time intelligence. The UI feels dated and clunky, and workflows are not intuitive.
Support and documentation also fall short of expectations for a product at this price point. Documentation is thin, and support responses are not too helpful.
What problems is the product solving and how is that benefiting you?
In theory, it is meant to solve early detection of credential leaks, brand abuse, and underground chatter before issues escalate. In practice, the benefit is limited because the data requires extensive manual triage to determine what actually matters.
Instead of accelerating response, it often adds operational overhead. The tool identifies “things that exist on the internet,” but stops short of consistently answering the more important question: what requires action right now?
Instead of accelerating response, it often adds operational overhead. The tool identifies “things that exist on the internet,” but stops short of consistently answering the more important question: what requires action right now?
Information Technology and Services
Good Attack Surface Monitoring and Risk management
Reviewed on Jan 07, 2026
Review provided by G2
What do you like best about the product?
Attack surface monitoring, security ratings and descriptive analysis.
What do you dislike about the product?
Mitigating the risks in time to improve the score.
What problems is the product solving and how is that benefiting you?
It is helping to identify the risks with open ports, risk vendors and thus helps us to mitigate the risks and improve security rating.
Matthew P.
Effortless Cyber Risk Scoring for Proactive Security
Reviewed on Jan 06, 2026
Review provided by G2
What do you like best about the product?
What I like best about BitSight is that it gives companies a simple daily "security score" like a credit score for cyber risk.
It watches your own systems and your vendors from the outside without bothering anyone, spotting problems early.
This makes it super easy to fix the biggest risks first and keep everyone safer. It is easy to use.
It watches your own systems and your vendors from the outside without bothering anyone, spotting problems early.
This makes it super easy to fix the biggest risks first and keep everyone safer. It is easy to use.
What do you dislike about the product?
Bitsight can be laggy sometimes, also the scoring mechanism is not transparent
What problems is the product solving and how is that benefiting you?
I think the biggest problem is security at the company
Computer & Network Security
Enhancing Security Posture Through BitSight’s Detailed Analysis
Reviewed on Dec 16, 2025
Review provided by G2
What do you like best about the product?
What I appreciate most about BitSight is its ability to provide findings across all domains based on WHOIS records. It also delivers detailed insights on web application headers, DMARC, DKIM, SSL configurations, and SSL certificates.
What do you dislike about the product?
Occasionally, BitSight reports incorrect findings for domains that do not have DNS records.
What problems is the product solving and how is that benefiting you?
BitSight addresses numerous domain and IP-based findings, making it highly beneficial for us. By providing detailed insights such as web application headers, DMARC configurations, and more, it simplifies the process of mitigating issues for the identified domains.