BitSight

BitSight’s Newest Alerting Capabilities Showcase Evolution of Leading Security Rating Service

Alex Campanelli | October 20, 2017

This August, BitSight announced the release of several new risk vectors specifically chosen to help organizations identify and manage risks across their own networks and the networks of their third parties. BitSight chose those new risk vectors to enhance the insights across the “spectrum of risk” and provide a more comprehensive picture of an organization’s security posture.

As your vendor ecosystem scales, your vendor risk management strategy needs to scale, and monitor evolving risk across your portfolio of vendors becomes an increasingly difficult challenge. We are pleased to announce the release of two new alert types to help you stay up to date with the latest security ratings changes, Risk Vector Grade and NIST Cyber Security Framework (CSF) Grade alerts.

BitSight alerts monitor your vendor portfolio for changes based on your risk appetite and alert preferences. We recommend that you tier your vendor portfolio by business function criticality and set unique alert preferences for each. For example, you may have a low risk appetite for your Tier 1 vendors, who store customer’s personally identifiable information (PII).  You can then use Risk Vector Grade alerts and set alert preferences to receive decrease alerts when grades go below a “B” and critical decrease alerts when grades go below a “C.” As vendor tier risk appetite increases, alert preference stringency decreases.

10.20-Blog-1.png

Once set, use alerts to drive vendor risk strategy and trigger actions based on alert notifications. A decrease alert may serve as notification for a Risk Analyst to begin an external investigation, whereas a critical decrease alert requires immediate contact and extending vendor access directly to the BitSight portal.

10.20-Blog-2.png

Similar to the Risk Vector Grade alerts, the NIST/CSF notifications alert users when a vendor’s CSF grade has decreased to a pre-established threshold.

These important new alerts help provide a more comprehensive picture about your organization’s security controls and policies. As a key part of your vendor risk management strategy, BitSight Security Ratings’ Risk Vector Grade alerts allow your vendor risk management program to grow as the spectrum of risk increases. BitSight is leading the way in the Security Rating Services industry to provide this granular detail to better equip your security team to reduce risk.

Want to see BISIGHT SECURITY RATINGS IN ACTION? Register for a demo today.

Request A Demo

Suggested Posts

What Companies Using Cloud Services Need To Know About Their Risk Responsibilities

Cloud computing is not new to the cyber world; it’s here to stay. Web services are common in our everyday lives and workplaces, with things like Facebook, Salesforce, JIRA, Adobe, and GSuite all falling into the cloud-based category. But...

READ MORE »

Joint Effort with Microsoft to Disrupt Massive Criminal Botnet Necurs

Since 2017 BitSight has been working together with Microsoft’s Digital Crimes Unit (DCU) to understand the inner workings of the Necurs malware, its botnets and command and control infrastructure in order to take disruptive action against...

READ MORE »

Forecasting and Advanced Analytics: Building a Solid Security Strategy For 2020

2020 is not only the beginning of a new year, but the start of a new decade, and with it comes the dawn of a new era for the digital world. We’re now in the midst of the once far-off, “futuristic” time periods old books and movies used to...

READ MORE »

Subscribe to get security news and updates in your inbox.