<img height="1" width="1" style="display:none;" alt="" src="https://dc.ads.linkedin.com/collect/?pid=26304&amp;fmt=gif">
BitSight

How BitSight Helps Drive Quick Risk Reduction Across Third Party Ecosystems

Noah Simon | March 27, 2018

At a recent BitSight Roadshow, a customer with an advanced third party risk management program declared “assessments are not risk reduction.” The statement was not meant to convey that assessments are useless for third party risk; rather, that assessments themselves don’t inherently drive risk down.

Assessments may lead risk managers to findings that can in turn drive risk reduction, but the path to remediating security issues is not always straightforward. There may be a lot of back and forth between the first and third party on the validity of the finding, the risk it actually presents, or the way in which to remediate the issue.

BitSight customers now have the ability to collaborate with third parties to get to a clear, quick path to risk reduction. Leveraging the Enable Vendor Access feature, which grants third parties access to the BitSight portal and customer success team free of charge, customers can pinpoint and share specific areas of risk that their third parties should look into. This makes feedback provided to third parties about their cybersecurity both manageable and actionable.

For example, customers can be alerted to new infections or malware that appear on a third party’s network, and then reach out to discern whether or not that infection may put their own data at risk.contextual eva.gif

Share specific records of botnet infections with third parties.

contextual eva2.gifShare and dig into certain security controls gaps on a company’s network, such as risk services being run on unsecured ports.

 

Third parties who receive this free access will understand exactly which issues are of concern, and can access the BitSight platform for remediation resources and context needed to resolve issues.

This process takes the path to potential risk reduction down to hours and minutes — a feat that is not possible with more manual, traditional vendor risk management exercises. Moreover, this kind of automation is key for organizations looking to bring scale and greater efficiency to their vendor risk management programs.

Learn more about how BitSight helps bring technology-enabled automation to vendor risk management.

Suggested Posts

Third Party Tiering: The Cornerstone of a Strong Third-Party Risk Management Program

With the number of third parties connected to businesses increasing, risk and security teams need to ensure they are spending the right amount of attention on the right third parties. To do this, organizations need a clearly defined,...

READ MORE »

A Forward-Looking View Into Security Performance

For the last five years, BitSight Security Ratings have been helping companies gain insight into the efficacy of their security programs, as well as the security performance of third and fourth party vendors. Today, the BitSight Security...

READ MORE »

BitSight Offers Valuable Insight Into Breach Trends

Over the last several months, members of our product team have been working to aggregate all of BitSight’s security ratings data and highlight important insights about patterns in data breaches. In fact, BitSight boasts one of the largest...

READ MORE »

Subscribe to get security news and updates in your inbox.