Have improved external security monitoring and vendor oversight but still face accuracy challenges in scan results
What is our primary use case?
My main use case for Bitsight when I was at Virtusa was to monitor the external security posture for Virtusa, as Bitsight rates your company based on findings on external assets.
I was part of the internal security team and Bitsight used to report findings, such as open ports on specific IP addresses or web applications owned by Virtusa, and based on that it used to give a rating on the severity based on how severe the vulnerability is or the possibility of any vulnerability. I used to take that information and then fix that problem internally. That is how we used to use Bitsight. Our main aim was to use Bitsight to enhance the security of the company so that our score is good on Bitsight, which really matters.
What is most valuable?
The best features Bitsight offers, in my experience, are the ratings that it gives to vulnerabilities and how frequently they conduct scans for a particular company. Bitsight also used to manage our third-party providers regarding how their security is, so it is better for us to manage the vendors we are currently engaged with and the third-party vendors so that we are aware of their security posture as well, instead of us monitoring their security. That is the most useful use case from Bitsight.
Bitsight gives me a holistic view of my entire security posture, which is something any organization would want to have after getting a tool such as Bitsight. It was sufficient in that way, serving the purpose that we took Bitsight for, and there is something that we continued our relationship. We had annual contracts and then we renewed it every year based on the performance of Bitsight.
We had internal KPIs based on the number of findings that we finalized from Bitsight and then tracked it internally to work on that. The more vulnerabilities that we close, the rating would subsequently reflect on Bitsight because they work independently; they do not work as we do inside the company. As long as we are fixing the vulnerabilities, we used to see the score getting improved, and that is something that the board of directors and the internal community were looking for.
What needs improvement?
Bitsight's scan could be more rigorous and then more accurate.
I think it would be good to try to see each and everything of the company in a more accurate way.
Their scan scheduling could be improved and they could take more inputs from the companies they are working with. If they can speed up that process, they would obviously increase that score. We found that some of the findings are clear false positives, but they still report that, and based on that, the rating goes down until we rectify them. So that is something they need to work towards; the number of false positives they are rating should focus on producing more accurate results to get a higher rating.
How are customer service and support?
Bitsight had a professional support service where whenever there are any ratings which we know to be a false positive and a wrong finding, we used to get on a call with support from Bitsight to submit our review as to what we found and what the evidence is for it being a false positive, and they used to consider that and then try to revise that internally and adjust the rating accordingly.
Bitsight is a useful tool to monitor your external posture and it is backed by a good professional support service. The respective other teams such as pre-sales, support service, and customer success team are very good in terms of dealing with customers, so there is something to look for in such products.
How would you rate customer service and support?
Which other solutions did I evaluate?
There is nothing particularly unique about Bitsight because we were also using another product along with Bitsight, and we used to compare the results of Bitsight with that tool and then try to see what the unique proposition or the unique findings are that we can evaluate and then work internally.
What other advice do I have?
If the ratings were very poor, low, or below the benchmark that we expected for Virtusa, we used to have a meeting with them, and then try to negotiate if they can improve their security, or else we would discontinue the business with them. So to that extent, we took actions based on the findings that we got from Bitsight. I give Bitsight a six out of ten for this review.
Excellent Support
What do you like best about the product?
I really appreciate how available and responsive the Bitsight team is when I have questions. They’re always willing to discuss details and help clarify how to get the most out of the platform.
What do you dislike about the product?
I’d like the lifetime expiration to be shorter once an asset is removed, to avoid ongoing impact on the overall score — though I understand that’s part of the observation process.
What problems is the product solving and how is that benefiting you?
Bitsight supports us in managing our external attack surface and improving our overall security posture. With Priority Scanning, we now get faster, more accurate insights through daily scans, which helps us prioritize remediation efforts and understand their impact on our score more quickly.
Easy Integration and Excellent Support—A Must-Have Security Tool
What do you like best about the product?
Useful security tool, good customer relations, easy to implement and manage. Integration is simple. features are well designed.
What do you dislike about the product?
No dislikes yet. Everything looks fine so far.
What problems is the product solving and how is that benefiting you?
It keeps security up tp date and alerts for threats.
Best Attack Surface Management
What do you like best about the product?
Coverage of various vectors as well as ease of use. Also adding websites or domains under monitoring is easy. It is used on daily basis.
What do you dislike about the product?
Automatic resolution of finds take time. Also, more training videos
What problems is the product solving and how is that benefiting you?
Giving a holistic approach and visibility for various external attack surfaces many of which we are unaware of.
Easy to use. Actionable data and pinpoints where to focus efforts. Immediate ROI.
What do you like best about the product?
BitSight provides our team an outside-in view of our security posture. The daily security ratings are easy to track and give clear insight into areas like potential compromised systems, risky behavior, and probable past incidents. As part of our multi-layered security strategy, BitSight adds a unique layer of visibility that complements our internal tools, helping us with potential blind spots and external risks that we might otherwise miss. I especially like the Ratings Tree as it breaks down risk across different business units so we can quickly pinpoint where to focus our efforts. It doesn’t replace our internal monitoring or detection tools, but its part of our multi-layered defense where BitSight provides an essential external perspective that strengthens our overall defense and helps us communicate and prioritize cybersecurity with leadership. Further Luisa from the CS team is an amazing contact and so is Ciaran; with both of them we're confident we're getting the services that we need without waiting days for a reply. Its also easy to implement and integrate.
What do you dislike about the product?
It's good for us. So nothing I can think of at the moment.
What problems is the product solving and how is that benefiting you?
BitSight provides our team an outside-in view of our security posture. The daily security ratings are easy to track and give clear insight into areas like potential compromised systems, risky behavior, and probable past incidents. As part of our multi-layered security strategy, BitSight adds a unique layer of visibility that complements our internal tools, helping us with potential blind spots and external risks that we might otherwise miss. I especially like the Ratings Tree as it breaks down risk across different business units so we can quickly pinpoint where to focus our efforts. It doesn’t replace our internal monitoring or detection tools, but its part of our multi-layered defense where BitSight provides an essential external perspective that strengthens our overall defense and helps us communicate and prioritize cybersecurity with leadership. Further Luisa from the CS team is an amazing contact and so is Ciaran; with both of them we're confident we're getting the services that we need without waiting days for a reply. Its also easy to implement and integrate.
Great product for security posture management
What do you like best about the product?
This is a great product for generating a comprehensive security posture for our organization and 3rd/4th party suppliers by using risk vectors to provide a quantifiable score.
What do you dislike about the product?
decay times for vulnerabilities after remediation, a capability BitSight is working to address with dynamic scans.
What problems is the product solving and how is that benefiting you?
BitSight gives us visibility into which suppliers are affected by zero-day vulnerabilities. This allows us to quickly identify and contact only those specific suppliers, streamlining communication and enabling us to track their remediation progress effectively.
Great tool for managing external sourced vulnerabilities
What do you like best about the product?
The organization of vulnerability findings by severity, risk vector, type of vulnerability makes it helpful to organize and report on your vulnerabilities. Many findings have been from areas we either didnt know about, or never knew were vulnerable. While the GUI interface is extremely well organized and easy to use, I found it quite helpful using the Bitsight API structure to pull finding totals by Risk Vector, Grade, etc into a spreadsheet that gets regularly updated every few hours. Bitsight has not only helped our company's security posture, but also helped in my knowledge of website construction on a deeper level than I previously had, and Ive been in this field as a developer and a security analyst for over 30 years. Of all the security tools we employ here, Bitsight is probably my preferred tool to use. I find it challenging and easy at the same time.
I find the customer support team an excellent resource. In my 4 years of working with them now, Im sure Ive aggrivated them to no degree with my relentless questions and requests. But they are always there and willing to help me.
I use Bitsight everyday. Its part of my job. I consider it to be my 3rd arm. The loss of this tool would be a significant change in my career.
What do you dislike about the product?
As helpful as it can be, at times there are areas that can be improved as well. Bitsight isnt as always as thorough as it could be. While it does in depth scanning of many of our external resources. there are several with the same vulnerabilities that seemingly get overlooked. Or its like one group of findings gets found one month.. two months later, another group is found with the same vulnerabilities. Also Id love to see a bit more transparency about the formulas used in calculating grades, and RV scores.
Lately, my use of customer support has been not as frequent as their response time has dropped off a bit. Where I used to get responses to questions within a few hours to a day.. now it seems many questions go several days before they get a first response.
What problems is the product solving and how is that benefiting you?
BItsight helps our company in improving its security posture. In the years that I have been administering Bitsight for us, we have improved our security view and the way we look at ourselves immeasurably. Not only myself, my security team, but other peripheral teams in our IT department take stock of what we do here too.
Great Representatives and Responsive Support
What do you like best about the product?
Bitsight's support representatives are fantastic at showcasing new tools and offering support where needed. They are knowledgeable, friendly, and eager to research topics to provide speedy support.
What do you dislike about the product?
Their platform is great to use and the only hiccups are niche requirements that I, as a user, may have. However, Bitsight has always been eager to create internal enhancement requests for these niche needs.
What problems is the product solving and how is that benefiting you?
Bitsight is providing us with insight into our supply chain's resiliency in terms of cybersecurity.
Cybersecurity Specialist leveraging the application for third-party reveiws
What do you like best about the product?
Automation with providing vendor questionnaire integration along with secure mechanism for attestations
What do you dislike about the product?
Reporting is Bland and lacks more interactive robust functionality.
What problems is the product solving and how is that benefiting you?
End-to-End third-party risk management with vendor monitoring.
BitSight Review 1 Aug 2025
What do you like best about the product?
The BitSight Rating score is an easily understood metric by companies who wish a quick method to assess DuPont's security posture.
What do you dislike about the product?
The Continuous Monitoring module does not offer the full functionality required to manage the remediations in a proactive manner. We often need the support of the BitSight Account Manager.
What problems is the product solving and how is that benefiting you?
BitSight is providing a measure of how safe it is to do business with the company. If the rating is good, it provides confidence that the company is worth doing business with.
