Sold by: BitsightÂ
Deployed on AWS
Vendor Insights
Drive accountability and transparency across the organization based on a uniform security performance target. With this governance framework in place, measure the effectiveness of security controls, analyze the attack surface, prioritize findings and track remediation activities. Annual subscription.
Overview
Bitsight pioneered the security ratings industry in 2011, creating our cybersecurity ratings platform. Today, the Bitsight rating is known around the world as a trusted analytic to help organizations understand and manage cyber risk.
Leveraging the Bitsight Security Rating, the only rating independently correlated to the likelihood of a breach and a company's stock performance, over 2,400 companies build trust in their cybersecurity and third-party risk management program. Bitsight helps organizations drive market decisions, like credit analysis, financial ratings, pricing, ESG frameworks, and Mergers and Acquisitions activity. This gives confidence to vendors and the extended organization, enabling a safe and more secure world by empowering better cyber risk decisions.
Bitsight helps organizations identify, quantify, and reduce cyber risk
Bitsight Security Performance Management (SPM) measures an organization's cybersecurity performance over time. With continuous visibility of the organization's extended digital footprint and a differentiated view of the organizations unique hierarchical structure, SPM facilitates organizational cyber risk oversight. Security leaders and their teams rely on BitSight SPM for:
For custom pricing offers, please contact: bitsightawsmp-customoffer@bitsight.comÂ
Highlights
- 44+ trillion raw events collected & 100 billion new events collected each day
- 40 million rated organizations worldwide with 12+ months of historical data included
- For custom pricing offers, please contact: bitsightawsmp-customoffer@bitsight.com
Details
Sold by
Delivery method
Deployed on AWS
Unlock automation with AI agent solutions
Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
Features and programs
Skip the manual risk assessment. Get verified and regularly updated security info on this product with Vendor Insights.
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
SPM Enterprise Combined | per license (includes 20 benchmarking subscriptions) | $138,550.00 |
Vendor refund policy
No refunds
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA)Â .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Updated weekly
By Bitsight
By SecurityScorecard
By Safe Security
Top
50
In Device Security
Top
10
In Procurement & Supply Chain, Legal & Compliance
Top
10
In Centralized Risk Management
Sentiment is AI generated from actual customer reviews on AWS and G2
Functionality
Ease of use
Customer service
Cost effectiveness
Positive reviews
Mixed reviews
Negative reviews
AI generated from product descriptions
Cyber Risk Analytics
Advanced platform utilizing 44+ trillion raw events and 100 billion new events daily for comprehensive cybersecurity risk assessment
Security Performance Measurement
Continuous visibility and monitoring of an organization's extended digital footprint with performance tracking over time
Breach Likelihood Correlation
Security rating independently correlated to potential breach probability and organizational stock performance
Third-Party Risk Management
Capability to analyze and evaluate cybersecurity risks across vendor ecosystems and extended organizational networks
Global Organizational Rating
Comprehensive rating system covering 40 million organizations with 12+ months of historical cybersecurity performance data
Threat Intelligence Monitoring
Continuously monitors 10 risk factor groups using non-intrusive data collection methods and commercial and open-source threat feeds
Cybersecurity Risk Rating
Provides quantitative cybersecurity posture evaluation using an easy-to-understand A to F rating system
Vendor Risk Assessment
Enables automated questionnaire completion and validation with integrated inside-out and outside-in risk perspective
Data Collection Methodology
Utilizes proprietary and trusted data collection techniques for comprehensive cybersecurity assessment
Continuous Monitoring Technology
Performs real-time cybersecurity posture tracking across multiple organizations and risk domains
Risk Quantification Model
Utilizes FAIR™ Model for quantifying and analyzing cybersecurity risks with defensible methodology
Risk Signal Aggregation
Automatically ingests diverse telemetry signals from enterprise-wide controls to dynamically represent business risk exposure
Risk Scenario Management
Provides library of built-in cyber risk scenarios with capability to create custom scenarios for comprehensive risk assessment
Multi-Party Risk Visibility
Enables unified cyber risk visibility across first-party and third-party environments in a single integrated platform
Real-Time Risk Tracking
Delivers real-time, dynamic representation of cyber risk posture with continuous monitoring and assessment capabilities
Validated by AWS Marketplace
FedRAMP
GDPR
HIPAA
ISO/IEC 27001
PCI DSS
SOC 2 Type 2
No security profile
-
-
-
-
-
No security profile
Standard contract
No
No
No
Customer reviews
0 ratings
0 AWS reviews
|
75 external reviews
Star ratings include only reviews from verified AWS customers. External reviews can also include a star rating, but star ratings from external reviews are not averaged in with the AWS customer star ratings.
Insurance
Great for Risk Monitoring, But Alert Email Config Needs Improvement
Reviewed on Nov 05, 2025
Review provided by G2
What do you like best about the product?
There are two main features that assist us. The first to be able to monitor our risk posture from an external perspective and compare ourselves with other like businesses. The other which is currently very important is the ability to monitor our Thirds Parties and be able to make risk based decisions on whether we do business with them. This is important due to APRA 230 requirements
What do you dislike about the product?
At the moment there are some limitations in how we can configure alert emails.
What problems is the product solving and how is that benefiting you?
It is allowing us to achieve compliance with APRA 230 in terms of meeting TPRM obligations. It also allows our GRC team to do risk assessment of Third Parties as well as assisting in assessing compliance to ISO 27001 or SOC standards
Hospital & Health Care
Resourceful and Reliable, with Occasional Glitches
Reviewed on Nov 04, 2025
Review provided by G2
What do you like best about the product?
how resourceful it is! very reliable and user friendly.
What do you dislike about the product?
sometimes it glitches out, but all systems have a tendency to do that from time to time.
What problems is the product solving and how is that benefiting you?
being collaborative in unique ways.
reviewer2774376
Have improved external security monitoring and vendor oversight but still face accuracy challenges in scan results
Reviewed on Nov 03, 2025
Review provided by PeerSpot
What is our primary use case?
My main use case for Bitsight when I was at Virtusa was to monitor the external security posture for Virtusa, as Bitsight rates your company based on findings on external assets.
I was part of the internal security team and Bitsight used to report findings, such as open ports on specific IP addresses or web applications owned by Virtusa, and based on that it used to give a rating on the severity based on how severe the vulnerability is or the possibility of any vulnerability. I used to take that information and then fix that problem internally. That is how we used to use Bitsight. Our main aim was to use Bitsight to enhance the security of the company so that our score is good on Bitsight, which really matters.
What is most valuable?
The best features Bitsight offers, in my experience, are the ratings that it gives to vulnerabilities and how frequently they conduct scans for a particular company. Bitsight also used to manage our third-party providers regarding how their security is, so it is better for us to manage the vendors we are currently engaged with and the third-party vendors so that we are aware of their security posture as well, instead of us monitoring their security. That is the most useful use case from Bitsight.
Bitsight gives me a holistic view of my entire security posture, which is something any organization would want to have after getting a tool such as Bitsight. It was sufficient in that way, serving the purpose that we took Bitsight for, and there is something that we continued our relationship. We had annual contracts and then we renewed it every year based on the performance of Bitsight.
We had internal KPIs based on the number of findings that we finalized from Bitsight and then tracked it internally to work on that. The more vulnerabilities that we close, the rating would subsequently reflect on Bitsight because they work independently; they do not work as we do inside the company. As long as we are fixing the vulnerabilities, we used to see the score getting improved, and that is something that the board of directors and the internal community were looking for.
What needs improvement?
Bitsight's scan could be more rigorous and then more accurate.
I think it would be good to try to see each and everything of the company in a more accurate way.
Their scan scheduling could be improved and they could take more inputs from the companies they are working with. If they can speed up that process, they would obviously increase that score. We found that some of the findings are clear false positives, but they still report that, and based on that, the rating goes down until we rectify them. So that is something they need to work towards; the number of false positives they are rating should focus on producing more accurate results to get a higher rating.
How are customer service and support?
Bitsight had a professional support service where whenever there are any ratings which we know to be a false positive and a wrong finding, we used to get on a call with support from Bitsight to submit our review as to what we found and what the evidence is for it being a false positive, and they used to consider that and then try to revise that internally and adjust the rating accordingly.
Bitsight is a useful tool to monitor your external posture and it is backed by a good professional support service. The respective other teams such as pre-sales, support service, and customer success team are very good in terms of dealing with customers, so there is something to look for in such products.
How would you rate customer service and support?
Neutral
Which other solutions did I evaluate?
There is nothing particularly unique about Bitsight because we were also using another product along with Bitsight, and we used to compare the results of Bitsight with that tool and then try to see what the unique proposition or the unique findings are that we can evaluate and then work internally.
What other advice do I have?
If the ratings were very poor, low, or below the benchmark that we expected for Virtusa, we used to have a meeting with them, and then try to negotiate if they can improve their security, or else we would discontinue the business with them. So to that extent, we took actions based on the findings that we got from Bitsight. I give Bitsight a six out of ten for this review.
Computer Software
Excellent Support
Reviewed on Oct 22, 2025
Review provided by G2
What do you like best about the product?
I really appreciate how available and responsive the Bitsight team is when I have questions. They’re always willing to discuss details and help clarify how to get the most out of the platform.
What do you dislike about the product?
I’d like the lifetime expiration to be shorter once an asset is removed, to avoid ongoing impact on the overall score — though I understand that’s part of the observation process.
What problems is the product solving and how is that benefiting you?
Bitsight supports us in managing our external attack surface and improving our overall security posture. With Priority Scanning, we now get faster, more accurate insights through daily scans, which helps us prioritize remediation efforts and understand their impact on our score more quickly.
Emre U.
Easy Integration and Excellent Support—A Must-Have Security Tool
Reviewed on Oct 20, 2025
Review provided by G2
What do you like best about the product?
Useful security tool, good customer relations, easy to implement and manage. Integration is simple. features are well designed.
What do you dislike about the product?
No dislikes yet. Everything looks fine so far.
What problems is the product solving and how is that benefiting you?
It keeps security up tp date and alerts for threats.