BitSight Expands Breadth and Transparency of Security Ratings
Ben Fagan | November 25, 2014
BitSight has released new capabilities and features in the BitSight Security Ratings portal to widen the data breadth offered to customers and give more detailed, granular performance analytics on specific risk vectors. These changes are available to all enterprise, team, and individual tier customers today.
Since our Security Ratings came to market September 2013, companies in a multitude of industries have been adopting the technology to better manage security risks throughout their network ecosystem. BitSight, and the whole concept of Security Ratings, was born out of a desire to help companies better manage third party and vendor risks. We are still committed to this goal but along the way have identified new use cases driven by customer feedback, such as security performance benchmarking and cyber insurance underwriting. By expanding our data breadth across our entire platform, all customers will have better visibility into the security posture of themselves, vendors, peers and acquisitions. This release dramatically augments Security Ratings, and underlines BitSight’s leadership in providing customers with data breadth, quality and innovation.
This release gives customers the ability to better manage important security implementations and controls that are critical for a company’s cybersecurity program. By knowing records are up to date and well configured, companies can ensure that they are taking steps to prevent potentially serious attacks. In addition, companies are able to engage with important third parties to make sure that they also have such important configurations in place. With detailed analysis of each record, along with visualizations of current performance and historical trends, users can also better communicate changes to upper level management. After demoing the new features, a CISO at a healthcare organization noted, “This release further augments the quantity and quality of actionable data that I can bring to the table when having conversations about my company’s information supply chain.”
Here are some highlights of the latest release:
Addition of Diligence Risk Vectors: BitSight has added new diligence risk vectors to the portal. These security implementations are strong indicators of steps a company has taken to prevent attacks. Customers can see interactive graphs of each risk vector, as well as search for specific records and certificates that BitSight has assessed. Extensive documentation is provided to outline the various risk vectors and how they are assessed. The following risk vectors are now available in the portal:
Sender Policy Framework (SPF): This DNS record identifies which mail servers are permitted to send email on behalf of a domain. SPF records help prevent spammers from sending emails with forged From addresses and can prevent phishing attacks.
Secure Sockets Layer (SSL): SSL is a widely used protocol to secure communications over the internet. Without SSL authentication, attackers can intercept multiple forms of communications
DomainKeys Identified Mail (DKIM): This protocol prevents unauthorized servers from sending email on behalf of a domain.
Rating Details and Risk Vector Letter Grades: BitSight has added letter grades for specific risk vectors, allowing users to more easily communicate and understand performance for each individual risk vector. This feature also helps demonstrate areas for improvement allowing for better prioritization for security and risk teams.
Relative Performance: The addition of data that indicates the standing of a company relative to others gives valuable insights into a company’s performance across risk vectors, as well as its overall BitSight rating. For each risk vector, we also provide industry statistics to enable comparisons between companies and their peers in the same line of business.
Through the addition of new data and features, along with our industry leading and accurate IP mapping, this release underlines our track record of leadership and innovation in security ratings. With these new features (and a whole lot more coming), BitSight is enabling customers to tackle security risks across the enterprise. With capabilities for vendor risk management, security performance benchmarking and cyber insurance underwriting, we hope to continue to roll out products and features that our customers can use effectively to help them mitigate risks across their network ecosystem.