Discover how Bitsight’s innovative data collection and analysis can transform your organization's risk management. Learn about the cutting-edge tools and methodologies that enable comprehensive asset discovery and precise risk measurement.
Milestone Progress: Accelerated Rating Rescans
Tags:
Share:
Bitsight customers and their third-party partners are well on their way to gaining faster clarity on how their remediation efforts impact their Bitsight Security Ratings. In an effort to support organizations that use Bitsight to prioritize internal security work, we started a phased rollout of Dynamic Remediation, a new initiative that accelerates the rating refresh process and makes it more responsive to meaningful security remediations.
First announced in December, the initiative was kicked off to provide faster and more risk-responsive updates from both Bitsight’s Security Performance Management (SPM) and Third-Party Risk Management (TPRM) products. This way organizations can gain a more immediate barometer of the success of their remediation measures in driving ratings changes.
Today our team is happy to announce that both platforms have now successfully undergone two key phases of progress to achieve these goals. The first is an update to the user experience during the rescan process. The second is an improvement to how SSL configurations impact scores when assets are taken offline.
Key Takeaways
- Bitsight has rolled out two key improvements under its Dynamic Remediation initiative to help customers and their third parties see faster, more transparent impacts on Security Ratings after remediation efforts
- The new rescan user interface (UI) launched in February now gives users clearer visibility into remediation outcomes, making it easier to understand the direct impact of fixes
- As of March, SSL configurations findings no longer negatively affect ratings if the related asset is taken offline, acknowledging that decommissioning vulnerable assets improves security posture and eliminating unnecessary steps in the remediation workflow
Milestone 1: Improving the user experience during rescans
In February the Dynamic Remediation initiative hit its first milestone with the release of a newly updated user interface (UI) for rescans. This change was directed by feedback from Bitsight customers, who told us that they were struggling to understand results when they requested a refresh or rescan of particular parts of their infrastructure once they made improvements to their systems.
"Did the changes I made fix findings and did they increase my rating score?"
We understand that in most cases when a customer or risk stakeholder requests a rescan, this is the question they’d like to answer. The goal of this first milestone was to design the UI to provide a very clear answer to that question.
The user interface now provides transparency into whether or not the rescan has occurred, and once it has it provides a link between the old and new finding data. Most importantly, it offers issue tracking that shows whether findings from the previous scan were remediated, partially remediated, or still unresolved upon rescan. So far we’ve heard overwhelmingly positive feedback from customers around this change, as it has improved transparency and ease-of-use of Bitsight products.
Milestone 2: Bolstering SSL configuration rating when assets are taken offline
Most recently, in March we delivered on the second milestone of Dynamic Remediation with a change in how SSL configuration findings impact ratings when assets are taken offline. We recognize that whether an organization improves the SSL configuration of an asset or simply takes it offline, the net result is a better security posture. With this update, customers will find an asset’s SSL configurations findings will stop impacting the rating if it is taken offline.
"Will the rating & analytics update if I take assets offline for remediation?"
Bitsight customers had reported to us that when they needed to take obsolete or unneeded assets offline that had previously been scanned and found to have SSL configuration problems, there was no easy way for them to get ‘credit’ for the resulting improvement in security posture. Some customers would have to go as far as remediating an asset first, rescanning the asset, and then taking it offline once they were sure that the platform had logged the remediation. This update helps them simplify this process, eliminating the steps it takes to get credit for risk-positive actions.
Dynamic Remediation: Powered by Bitsight Groma
These two milestones are just the first two phases of the Dynamic Remediation initiatives. Over the course of the next several months, the Bitsight team will work to roll out new updates that will add even more clarity and responsiveness to the rescan process. In May, customers can look forward to a new timeline that offers rescan history tracking, along with instant rescan options that update telemetry for specific remediated findings in certain situations. This phase will focus on providing instant rescan for Open Ports, SSL Configurations, and Server Software. In July, Bitsight products will extend that to Web Application Security findings, and similar to the SSL configurations changes, Web Application Security findings will stop rating impacts when remediated or taken offline. Finally, in July customers can expect the final phase of rollout, which will extend instant rescan and immediate rating impact changes for SSL Certificate findings upon remediation or the asset being taken offline.
All of these changes are made possible through the advances of Bitsight Groma, our next-generation Internet scanning technology. Bitsight Groma provides a near real-time view of connected assets and entities, powering the changes that offer faster rescan. The Dynamic Remediation initiative leverages Groma to prioritize where the technology is pointed, offering faster access to results for areas that customers are currently making remediation.
To learn more about Bitsight Groma, click here.
