- Why BitSight?
Over 1,000 organizations are using BitSight Security Ratings to continuously monitor cyber risk in their business ecosystem. Using an approach similar to credit ratings for financial risk, BitSight customers are able to gain insight into the security posture of third parties as well as their own organization. BitSight Security Ratings are calculated on a scale of 250-900 with a higher rating indicating better security performance.
Great! BitSight grants you complimentary portal access to understand your BitSight Security Rating and investigate details behind it. If you have any questions about your rating details or would like a walkthrough of the
See how BitSight’s Enable Vendor Access feature allows customers to have data-driven, evidence-based conversations, making vendor risk management a more collaborative process.
You may have received a BitSight report from a company you work with. Your BitSight report includes your rating and details behind each risk vector in our platform. However, to get detail into specific security issues occurring within your organization’s digital footprint including IP addresses, you must access the BitSight platform.
All organizations have the right to access to BitSight platform to receive these details free of charge. To inquire about gaining access to the BitSight Security Rating Platform, please email EVA@bitsighttech.com.
BitSight uses externally observable data on compromised systems, security diligence, user behavior, and public disclosures to compute a company’s security rating. All companies—regardless if they are a customer or not—are rated on the same criteria. For more details, see “How BitSight Calculates Ratings.”
All BitSight customers can subscribe to view the rating of any other company within their portfolio. However, forensics information, such as IP addresses affected, server name, and observed behavior are only disclosed to the organization itself, never anyone else, unless with express authorization from the organization.
BitSight collects data through proprietary methods and partners with reputable and diverse organizations to obtain breadth, depth, and coverage on an organization’s security posture. Only data that is actionable and correlated to actual security risks are factored into rating calculations. For more information, visit our Data page.
Any organization has the ability to tag portions of their networks and specify which of their IP addresses are reserved for guests, security research and testing, or other purposes. Tagging these portions of the network provides the relevant context should a security event occur. BitSight also enables organizations to create self-published ratings that reflect the security posture of particular parts of their networks.If you’d like to do this, please reach out to firstname.lastname@example.org.
Yes, all the information we gather is from the public Internet; our product is non-intrusive and requires no agents or software to be deployed. The information is available to anyone who chooses to collect it. Moody’s, Dun & Bradstreet and others have set a market precedent for collecting data and presenting a score. Similar to these companies that have established industry standards, our ratings algorithm is based only on fully objective, verifiable and actionable data.
Absolutely, BitSight firmly believes in the transparency of its ratings for all organizations. In the event you believe there is a discrepancy with your rating, you can reach out to our customer support team. BitSight’s customer success team will review any records within your rating that you believe are incorrect. If ultimately necessary, rating disputes can be brought to the Office of the Ombudsman to ensure an unbiased and accurate resolution.
Security Ratings are a measurement of security performance based on historical data—over years—meaning they won’t necessarily change dramatically overnight.
A company’s rating includes a Remediation Strategy which highlights risk vectors that have had a high rating impact in the last 60 days. Organizations should start with items that have affected their rating the most. For context, organizations with ratings in BitSight’s advanced category (740-900) tend to: ensure security configurations are up to industry standards, continuously monitor their networks for compromised systems, and remediate issues as soon as they are discovered.