BitSight could improve the classes and lower-level detections of anomalies that compound the information used to compute the rating. They could evolve to be a more powerful scanner of cyber hygiene for a company's exposed attack surface, allowing them to compete with companies like Qualys and CyCognito. It's important to ensure a correlation between the score and detailed information to avoid confusion.
We face difficulties in acquiring designs and findings. There may be room for improvement in the methodology for identifying findings, as occasional errors occur on the technical side of BitSight.
The solution’s benchmarking should be improved. The weakness was that they could only benchmark five companies simultaneously. I'm unsure whether this was due to the trial or another reason.
There could be an ability to adapt the score faster. At the moment, when the vulnerability score decreases, it remains the same for quite a while, even though issues are resolved in 24 hours. It reduces faster and increases very slowly. This particular area needs improvement.
There has been quite a bit of data discrepancy in BitSight. When we observe a particular event or alert and check it three to four days a month, the alert seems to be gone, but the vulnerability still exists. In addition, certain assets are becoming repetitive for the same vulnerability. We have reported these couple of instances to BitSight, but we haven't received any updates from them yet. So we are unsure if the issue is from the access end or the BitSight end when it fails to detect that particular asset. We would like to see better data enrichment to give more information about the particular asset. For example, if BitSight scouts a specific website, it tells you that the website is using TLS Version 1.1 or that the web server is accessible using this server. It will be good if it can give a screenshot of what version BitSight scouts and allow us to validate whether it is aligned. Also, I think the alert system can also be fixed. Still, data enrichment is the major issue because we only see some information that is provided by the data and specific fixes about particular vulnerabilities. If we check for remediation tips for certain vulnerabilities, it only gives generic information.
IT Vendor Risk Management solutions help organizations manage, assess, and mitigate risks associated with third-party IT vendors. They ensure compliance and security while reducing potential threats from external partners.
These solutions provide tools for continuous monitoring and evaluation of vendor performance and risk profiles. Organizations can gain insights into vendor reliability, data security, and regulatory compliance. Robust IT Vendor Risk Management platforms offer...
BitSight could improve the classes and lower-level detections of anomalies that compound the information used to compute the rating. They could evolve to be a more powerful scanner of cyber hygiene for a company's exposed attack surface, allowing them to compete with companies like Qualys and CyCognito. It's important to ensure a correlation between the score and detailed information to avoid confusion.
We face difficulties in acquiring designs and findings. There may be room for improvement in the methodology for identifying findings, as occasional errors occur on the technical side of BitSight.
The solution’s benchmarking should be improved. The weakness was that they could only benchmark five companies simultaneously. I'm unsure whether this was due to the trial or another reason.
There could be an ability to adapt the score faster. At the moment, when the vulnerability score decreases, it remains the same for quite a while, even though issues are resolved in 24 hours. It reduces faster and increases very slowly. This particular area needs improvement.
The solution's factor analysis feature could be better.
There has been quite a bit of data discrepancy in BitSight. When we observe a particular event or alert and check it three to four days a month, the alert seems to be gone, but the vulnerability still exists. In addition, certain assets are becoming repetitive for the same vulnerability. We have reported these couple of instances to BitSight, but we haven't received any updates from them yet. So we are unsure if the issue is from the access end or the BitSight end when it fails to detect that particular asset. We would like to see better data enrichment to give more information about the particular asset. For example, if BitSight scouts a specific website, it tells you that the website is using TLS Version 1.1 or that the web server is accessible using this server. It will be good if it can give a screenshot of what version BitSight scouts and allow us to validate whether it is aligned. Also, I think the alert system can also be fixed. Still, data enrichment is the major issue because we only see some information that is provided by the data and specific fixes about particular vulnerabilities. If we check for remediation tips for certain vulnerabilities, it only gives generic information.