My major interest is in getting signal intelligence, risk vectors, and detailed information that BitSight collects around the attack surface of a company. We integrate this information with our overall cyber detection and counter-response strategy.
Reviews from AWS customer
0 AWS reviews
-
5 star0
-
4 star0
-
3 star0
-
2 star0
-
1 star0
External reviews
53 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Comprehensive risk vectors and detailed anomaly insights enhance cyber hygiene
What is our primary use case?
How has it helped my organization?
All our employees benefit from the information, not directly through BitSight, but through our own security analytics platform. As CISO, one of our objectives was cyber hygiene, and the major provider of metrics for cyber hygiene was BitSight.
What is most valuable?
The best thing about BitSight is the comprehensive list of risk vectors, covering compromised systems, diligence failures, and behavioral anomalies. The ability to drill down from a score to very detailed factual information about anomalies is valuable. They have a good web portal for users to access, a good API for system integration, and a comprehensive pricing structure.
What needs improvement?
BitSight could improve the classes and lower-level detections of anomalies that compound the information used to compute the rating. They could evolve to be a more powerful scanner of cyber hygiene for a company's exposed attack surface, allowing them to compete with companies like Qualys and CyCognito. It's important to ensure a correlation between the score and detailed information to avoid confusion.
For how long have I used the solution?
We have been using this solution since 2016, about eight years.
What do I think about the stability of the solution?
BitSight is completely stable. As with any platform, when they update or fine-tune the rating algorithm, there may be changes in rating. That said, this is normal.
What do I think about the scalability of the solution?
BitSight is scalable, and there are no issues surrounding its scalability.
How are customer service and support?
The technical support from BitSight was very good. I was a privileged customer as BitSight's technical office was based in Lisbon, allowing personal connections. It was perfect for me, but other customers might not have the same experience.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial setup is straightforward for a normal company. For telcos, there is some additional work required to clean up the attack surface, however, it's still pretty easy. You can start almost plug-and-play and then make necessary adjustments through their portal.
Which other solutions did I evaluate?
I am currently evaluating the possibility of also using SecurityScorecard in a similar manner.
What other advice do I have?
BitSight is still better than SecurityScorecard, and those two are completely separated from the rest of the market. For us, BitSight is better.
I'd rate the solution nine out of ten.
Great product to get risk information, and peer comparisons.
What do you like best about the product?
It pairs well with a Vendor Relationship Manager tool as evidence of risk decisions.
What do you dislike about the product?
I can't really think of any glaring downsides. Honestly, I wish it did not timeout so quickly when you click away from the window...But that is pretty minor.
What problems is the product solving and how is that benefiting you?
We use Bitsight to satisfy Federal requirements around Vendor Risk Management in a Critical Infrastructure area.
Exploiting Efficiency: Full Tool Evaluation Bitsighttech
What do you like best about the product?
Score evaluation and vulnerability detail points.
What do you dislike about the product?
Few details in the trace on the public ip, so it could bring more information. But we have a tool that adds Bitsighttech
What problems is the product solving and how is that benefiting you?
Vulnerability assessment of service providers.
Bitsight for Vendor Risk and Continuous Monitoring
What do you like best about the product?
Bitsight was helpful with reviewing new vendors and getting a snapshot of their cybersecurity risks and practices. The reports would also help us present concerns to our stakeholders.
What do you dislike about the product?
Some of the features in Bitsight were difficult to implement.
What problems is the product solving and how is that benefiting you?
Bitsight was our continuous monitoring solution for our contracted vendors.
Provides comprehensive insights into security posture
What is our primary use case?
Bitsight provides comprehensive insights into security posture, enabling us to effectively reduce risks. it increases the security of writing and reduces the risks.
How has it helped my organization?
We work directly on their website to define all the assets that we need to scan. We have some meetings with the manager. For example, we set objectives to evaluate cyber risk periodically in our organization. One of these objectives is to assess the rating for our internal enterprise. We maintain a comprehensive database to ensure compatibility with our objectives. We aim to prevent a decrease in our security rating and maintain its value over time.
What is most valuable?
The solution is user-friendly. The features are to conduct scans, identify findings, and provide a rating. This rating serves as a measure of our security risk.
What needs improvement?
We face difficulties in acquiring designs and findings. There may be room for improvement in the methodology for identifying findings, as occasional errors occur on the technical side of BitSight.
For how long have I used the solution?
I have been using Bitsight Third-Party Risk Management for more than six years.
What do I think about the stability of the solution?
The product is very stable.
I rate the solution’s stability an eight out of ten.
What do I think about the scalability of the solution?
The solution is scalable. We have 100 users. We cater to a very large and international group. This extends to our presence not only in the US but also in other regions.
I rate the solution’s scalability a nine out of ten.
How was the initial setup?
The initial setup is easy and takes two or three days to complete.
I rate the initial setup a nine out of ten, where one is difficult, and ten is easy.
What's my experience with pricing, setup cost, and licensing?
The product is a little expensive and very oriented to large companies.
What other advice do I have?
My recommendation depends on the size of the company. You need to have some people to see our platform and distribute all the work.
Overall, I rate the solution a nine out of ten.
Which deployment model are you using for this solution?
On-premises
User-friendly solution with robust patch management capabilities
What is our primary use case?
How has it helped my organization?
BitSight is good for us because we require third-party monitoring of vendors as per our new regulations. Since we are a financial company, we need to monitor our suppliers, software design houses, and others to ensure their information security labels.
What is most valuable?
The Score is a valuable feature, especially the diverse evaluation points. However, since I don't have access to trial licenses, I'm unsure about the kind of report I will get.
A trial license or login account would allow me to understand, and maybe I would think differently. We are a local company, and our vendors are local. BitSight caters to companies like ours and gives a general return score. It's pretty important to us. Also, the tool has been easy to use.
What needs improvement?
The solution’s benchmarking should be improved. The weakness was that they could only benchmark five companies simultaneously. I'm unsure whether this was due to the trial or another reason.
For how long have I used the solution?
We have been testing the solution for the past two months.
How are customer service and support?
I have contacted the customer support through e-mail and their response rate is fast.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We are also using Black Kite. I prefer BitSight over Black Kite due to its patch management capabilities. BitSight provides a view of patch management. I also found that Black Kite tends to generate false alarms.
What's my experience with pricing, setup cost, and licensing?
I’m unaware about this.
Which other solutions did I evaluate?
We are also looking at another tool called SecurityScorecard. We will choose between BitSight and SecurityScorecard.
What other advice do I have?
Overall, I rate the solution a nine out of ten.
Excellent Picture of Security Maturity
What do you like best about the product?
BitSight is a fundamental tool in communicating your organizations cybersecurity maturation. The dynamic and near-real-time vulnerability reporting for your public facing assets that BitSight provides is a strong tool in achieving cyber goals.
What do you dislike about the product?
There is honestly nothing I dislike about BitSight.
What problems is the product solving and how is that benefiting you?
Reporting security maturity and informing stakeholders of our public security posture.
Stable product with efficient features for listing vulnerabilities
What is our primary use case?
We use BitSight to check security scores for my organization, subsidiaries, and providers.
How has it helped my organization?
The product helps us identify the vulnerabilities of internet-facing applications.
What is most valuable?
BitSight's most valuable feature is its ability to list the vulnerabilities.
What needs improvement?
There could be an ability to adapt the score faster. At the moment, when the vulnerability score decreases, it remains the same for quite a while, even though issues are resolved in 24 hours. It reduces faster and increases very slowly. This particular area needs improvement.
For how long have I used the solution?
I have been using BitSight for three years now.
What do I think about the stability of the solution?
It is a stable product. I rate its stability a ten out of ten.
What do I think about the scalability of the solution?
We have 20 BitSight users in our organization. I rate its scalability a nine out of ten.
How was the initial setup?
You require prior experience to implement the product. I rate the process an eight out of ten. It allows you to set the requirements manually and purchase the subscription accordingly. It takes a day to complete.
What's my experience with pricing, setup cost, and licensing?
The product has a reasonable price.
Which other solutions did I evaluate?
I have evaluated SecurityScorecard before.
What other advice do I have?
I recommend BitSight because it is very convenient to use. It has become a standard tool used in many companies. It is easy to share a few components of an algorithm for users. It is not ideal as it only reflects some of the reality of Internet-facing applications. However, it is the best solution at the moment.
I rate it an eight out of ten.
Which deployment model are you using for this solution?
Public Cloud
Great intelligence!
What do you like best about the product?
I really like that BitSight is a time saver in consolidating information. The ability to share reports with the 3rd parties you're assessing is key to allow them additional prioritization in their remediation efforts.
What do you dislike about the product?
I wish BitSight would identify if a company had a SOC2, is PCI certified, has ISO 27001 certification, etc. These would go a long way in establishing bonafides in the ratings.
What problems is the product solving and how is that benefiting you?
Bitsight experts gather the security posture of a 3rd party, package it nicely, and allows us to effectively determine if we want to do business with this vendor.
Constant improvement
What do you like best about the product?
I can quickly and easily lookup companies I wish to review for third-party due diligence. I can easily change the license level to get full access for review, then adjust to a lower level for monitoring lower risk companies.
What do you dislike about the product?
Some of the breach alerts are historical, having happened over a month, often more than two months ago. As such, it cannot be depened upon for critical alert monitoring.
What problems is the product solving and how is that benefiting you?
I am able to look at our third-parties for an objective view of what they are telling me about themselves and thier security stances. I am also able to look at our own company to see where our vulnerability lay and highlight those concerns to the right teams in our IT department. We have been able to make significant improvments thanks to Bitsight.
showing 11 - 20