My main use case for Bitsight is finding vulnerabilities in the wild, especially in internet-facing web applications and networks.

A specific example of how I have used Bitsight is that we do not know the current ongoing issues day-to-day. There are so many vulnerabilities and zero days that are exploitable and outside. With this platform, we are able to detect vulnerabilities quickly and notify the teams using our communication channel. Along with that, it also helps us to remediate quickly because when issues are identified, they should also be included in the remediation part. That is where we were able to sort it out quickly.

Another use case I would add is that Bitsight builds customer trust because it provides a score based on severities or how the system is currently functioning. If our system is secure and we have strengthened the full security, then we will eventually have a good score. That is going to build customer trust.

The best features Bitsight offers include heavily using external vulnerability scans or network scans, which we have done for a couple of years.

What I appreciate about the external scans feature in Bitsight is that it gives us continuous visibility into our externally exposed assets, which requires finding misconfigurations or any unexpected exposures much earlier than we would have caught through manual review period scans. This essentially allows my team to find issues quickly, and as we get notified, we can validate our attack surface. It helps us to reduce blind spots. We can prioritize remediation faster and validate changes by deploying fixes. Overall, it strengthens our security posture by monitoring and supporting our compliance programs.

Regarding Bitsight's features, they offer different aspects that I agree with, especially in external scans. They also provide a rating based on your externally facing domains, which helps us to rate our scores and aids in building customer trust. They have the capabilities to assess the attack surface, so those are the main areas they focus on.

Bitsight has positively impacted my organization by improving security and customer trust. It is impact-focused with measurable values that show us, for example, it has reduced our mean time to detect external exposure issues before we relied on periodic scans. Plus, it gives us continuous monitoring. Now we find misconfigurations within hours instead of days or weeks, which directly improves our overall security posture. It reduces risk as we catch high-risk exposures early, especially unexpected cloud assets or testing endpoints that accidentally went public. Each early detection helps us reduce the threat exposure time and strengthen the compliance program.

There are areas for improvement; we do notice sometimes finding vulnerabilities which gives us visibility to find them quickly. However, there could be a mechanism they can build on top of that for validation as they identify the issues. What will the real risk be for that identifiable issue? Sometimes it could be open because of the traffic; how they detected it could be seen as vulnerable, but upon testing, it might not be a real issue. It could be a false positive because there could be a honeypot that we built. My thinking is about validation, so if they can build that validation part before they expose the risk to the specific asset, that would help. Additionally, based on their reporting, they could also build risk scores and prioritization, which would also aid us.

I would suggest adding dashboards and custom reporting, which could help us by enabling rich custom reports with filters. That is especially for leadership because they will not look at each technical area, but overall they would be looking at the risk score and what the assets or critical exposure areas are. Customizable reporting based on requirements would be valuable.

I chose 9 out of 10 because the reporting and dashboards would be the first thing I would consider for improvement, and then the second is about the validation part, which could probably improve to 10 out of 10.

I cannot think of too much for additional improvements. Maybe some good automation with the API solutions that could be integrated with the CI/CD pipeline or DevOps tools we are running would also be automated and tested.

I have been using Bitsight in my past job as well as in my current job. I would say it is around eight years.

Bitsight is stable so far.

The scalability of Bitsight is good; it is a cloud solution, so upon usage, it scales out without being a concern at this moment.

We do interact with Bitsight's support team, and we do get a response back from them as defined in the SLAs.

I would rate the customer support from Bitsight as 10 out of 10.

Previously, I used SecurityScorecard, which is a competitor in that space. I think that Scorecard had functional issues, and because of that reason, we switched to Bitsight.

My experience with pricing, setup cost, and licensing for Bitsight is overall good with the current price model.

I feel the current pricing model is fair. The initial setup and licensing process was straightforward. I did not face any challenges in that part.

I do not have a good answer regarding return on investment with Bitsight.

Before choosing Bitsight, I did not evaluate too many options, but I compared between Bitsight and Scorecard, along with one more tool that I lost the name of, but Bitsight won out of those three.

My advice for others looking into using Bitsight is that it is definitely a great tool, especially to identify blind spots. If your applications are internet-facing and you have customers using your products or your cloud-based solutions, whether SaaS or PaaS, this tool is going to build trust between the customer and the provider. As the tool deploys for your application or domains, it continuously scans and finds vulnerabilities and reports them. As you find and report, it is also going to build your domain score, showing how well you are doing with publicly available applications, especially those that are internet-facing. I gave this review a rating of 9 out of 10.