My major interest is in getting signal intelligence, risk vectors, and detailed information that BitSight collects around the attack surface of a company. We integrate this information with our overall cyber detection and counter-response strategy.
External reviews
76 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Comprehensive risk vectors and detailed anomaly insights enhance cyber hygiene
What is our primary use case?
How has it helped my organization?
All our employees benefit from the information, not directly through BitSight, but through our own security analytics platform. As CISO, one of our objectives was cyber hygiene, and the major provider of metrics for cyber hygiene was BitSight.
What is most valuable?
The best thing about BitSight is the comprehensive list of risk vectors, covering compromised systems, diligence failures, and behavioral anomalies. The ability to drill down from a score to very detailed factual information about anomalies is valuable. They have a good web portal for users to access, a good API for system integration, and a comprehensive pricing structure.
What needs improvement?
BitSight could improve the classes and lower-level detections of anomalies that compound the information used to compute the rating. They could evolve to be a more powerful scanner of cyber hygiene for a company's exposed attack surface, allowing them to compete with companies like Qualys and CyCognito. It's important to ensure a correlation between the score and detailed information to avoid confusion.
For how long have I used the solution?
We have been using this solution since 2016, about eight years.
What do I think about the stability of the solution?
BitSight is completely stable. As with any platform, when they update or fine-tune the rating algorithm, there may be changes in rating. That said, this is normal.
What do I think about the scalability of the solution?
BitSight is scalable, and there are no issues surrounding its scalability.
How are customer service and support?
The technical support from BitSight was very good. I was a privileged customer as BitSight's technical office was based in Lisbon, allowing personal connections. It was perfect for me, but other customers might not have the same experience.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup is straightforward for a normal company. For telcos, there is some additional work required to clean up the attack surface, however, it's still pretty easy. You can start almost plug-and-play and then make necessary adjustments through their portal.
Which other solutions did I evaluate?
I am currently evaluating the possibility of also using SecurityScorecard in a similar manner.
What other advice do I have?
BitSight is still better than SecurityScorecard, and those two are completely separated from the rest of the market. For us, BitSight is better.
I'd rate the solution nine out of ten.
Exploiting Efficiency: Full Tool Evaluation Bitsighttech
What do you like best about the product?
Score evaluation and vulnerability detail points.
What do you dislike about the product?
Few details in the trace on the public ip, so it could bring more information. But we have a tool that adds Bitsighttech
What problems is the product solving and how is that benefiting you?
Vulnerability assessment of service providers.
Bitsight for Vendor Risk and Continuous Monitoring
What do you like best about the product?
Bitsight was helpful with reviewing new vendors and getting a snapshot of their cybersecurity risks and practices. The reports would also help us present concerns to our stakeholders.
What do you dislike about the product?
Some of the features in Bitsight were difficult to implement.
What problems is the product solving and how is that benefiting you?
Bitsight was our continuous monitoring solution for our contracted vendors.
Provides comprehensive insights into security posture
What is our primary use case?
Bitsight provides comprehensive insights into security posture, enabling us to effectively reduce risks. it increases the security of writing and reduces the risks.
How has it helped my organization?
We work directly on their website to define all the assets that we need to scan. We have some meetings with the manager. For example, we set objectives to evaluate cyber risk periodically in our organization. One of these objectives is to assess the rating for our internal enterprise. We maintain a comprehensive database to ensure compatibility with our objectives. We aim to prevent a decrease in our security rating and maintain its value over time.
What is most valuable?
The solution is user-friendly. The features are to conduct scans, identify findings, and provide a rating. This rating serves as a measure of our security risk.
What needs improvement?
We face difficulties in acquiring designs and findings. There may be room for improvement in the methodology for identifying findings, as occasional errors occur on the technical side of BitSight.
For how long have I used the solution?
I have been using Bitsight Third-Party Risk Management for more than six years.
What do I think about the stability of the solution?
The product is very stable.
I rate the solution’s stability an eight out of ten.
What do I think about the scalability of the solution?
The solution is scalable. We have 100 users. We cater to a very large and international group. This extends to our presence not only in the US but also in other regions.
I rate the solution’s scalability a nine out of ten.
How was the initial setup?
The initial setup is easy and takes two or three days to complete.
I rate the initial setup a nine out of ten, where one is difficult, and ten is easy.
What's my experience with pricing, setup cost, and licensing?
The product is a little expensive and very oriented to large companies.
What other advice do I have?
My recommendation depends on the size of the company. You need to have some people to see our platform and distribute all the work.
Overall, I rate the solution a nine out of ten.
User-friendly solution with robust patch management capabilities
What is our primary use case?
How has it helped my organization?
BitSight is good for us because we require third-party monitoring of vendors as per our new regulations. Since we are a financial company, we need to monitor our suppliers, software design houses, and others to ensure their information security labels.
What is most valuable?
The Score is a valuable feature, especially the diverse evaluation points. However, since I don't have access to trial licenses, I'm unsure about the kind of report I will get.
A trial license or login account would allow me to understand, and maybe I would think differently. We are a local company, and our vendors are local. BitSight caters to companies like ours and gives a general return score. It's pretty important to us. Also, the tool has been easy to use.
What needs improvement?
The solution’s benchmarking should be improved. The weakness was that they could only benchmark five companies simultaneously. I'm unsure whether this was due to the trial or another reason.
For how long have I used the solution?
We have been testing the solution for the past two months.
How are customer service and support?
I have contacted the customer support through e-mail and their response rate is fast.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We are also using Black Kite. I prefer BitSight over Black Kite due to its patch management capabilities. BitSight provides a view of patch management. I also found that Black Kite tends to generate false alarms.
What's my experience with pricing, setup cost, and licensing?
I’m unaware about this.
Which other solutions did I evaluate?
We are also looking at another tool called SecurityScorecard. We will choose between BitSight and SecurityScorecard.
What other advice do I have?
Overall, I rate the solution a nine out of ten.
Stable product with efficient features for listing vulnerabilities
What is our primary use case?
We use BitSight to check security scores for my organization, subsidiaries, and providers.
How has it helped my organization?
The product helps us identify the vulnerabilities of internet-facing applications.
What is most valuable?
BitSight's most valuable feature is its ability to list the vulnerabilities.
What needs improvement?
There could be an ability to adapt the score faster. At the moment, when the vulnerability score decreases, it remains the same for quite a while, even though issues are resolved in 24 hours. It reduces faster and increases very slowly. This particular area needs improvement.
For how long have I used the solution?
I have been using BitSight for three years now.
What do I think about the stability of the solution?
It is a stable product. I rate its stability a ten out of ten.
What do I think about the scalability of the solution?
We have 20 BitSight users in our organization. I rate its scalability a nine out of ten.
How was the initial setup?
You require prior experience to implement the product. I rate the process an eight out of ten. It allows you to set the requirements manually and purchase the subscription accordingly. It takes a day to complete.
What's my experience with pricing, setup cost, and licensing?
The product has a reasonable price.
Which other solutions did I evaluate?
I have evaluated SecurityScorecard before.
What other advice do I have?
I recommend BitSight because it is very convenient to use. It has become a standard tool used in many companies. It is easy to share a few components of an algorithm for users. It is not ideal as it only reflects some of the reality of Internet-facing applications. However, it is the best solution at the moment.
I rate it an eight out of ten.
Provide a very good detail for Risk scanning platform
What do you like best about the product?
- Provide a very good detail in risk scanning compared with other vendor
- Good documentation and actionable for suggestion to reduce the risk
- Excellent support from BitSight people
- Good documentation and actionable for suggestion to reduce the risk
- Excellent support from BitSight people
What do you dislike about the product?
- Price may higher compared with other vendor
What problems is the product solving and how is that benefiting you?
- Risk scanning to improve our external (Internet) security posture
Reliable source of external monitoring
What do you like best about the product?
Consistent numerical representation of the security posture of my most important third parties
What do you dislike about the product?
Challenges getting third parties to address issues and score deficiencies from BitSight
What problems is the product solving and how is that benefiting you?
Problem of limited information on the security posture of third parties - BitSight provides insights into this posture and can be a starting point for assessments
Using a proactive method to deal with incidents rather than a reactive one
What do you like best about the product?
I like several aspects of BitSight, a few of which are highlighted below.
* User-friendliness; all features are easily accessible in the portal.
* Risk overview of a company
* Option to enable vendor access
* Risk Remediation Plan
* Quick service by the support team
* User-friendliness; all features are easily accessible in the portal.
* Risk overview of a company
* Option to enable vendor access
* Risk Remediation Plan
* Quick service by the support team
What do you dislike about the product?
The only area where BitSight could be improved is in updating zero-day vulnerabilities, which occasionally takes time to update the CVE in the vulnerability catalog.
What problems is the product solving and how is that benefiting you?
Easy due diligence while onboarding a vendor.
Periodic vendor evaluation is now made easy by validating what vendor claims during a review.
Taking a risk-based approach while working with vendors.
Periodic vendor evaluation is now made easy by validating what vendor claims during a review.
Taking a risk-based approach while working with vendors.
An important tool help understand my enterprise security posture
What do you like best about the product?
The ability to monitor my public facing assets and provide the security ratings of these assets.
What do you dislike about the product?
The user interface for exporting out data. The data filtering can be further improve.
What problems is the product solving and how is that benefiting you?
Able to understand my corporate enterprise asset security risk
showing 11 - 20