BitSight

How BitSight Helps Drive Quick Risk Reduction Across Third Party Ecosystems

Noah Simon | March 27, 2018

At a recent BitSight Roadshow, a customer with an advanced third party risk management program declared “assessments are not risk reduction.” The statement was not meant to convey that assessments are useless for third party risk; rather, that assessments themselves don’t inherently drive risk down.

Assessments may lead risk managers to findings that can in turn drive risk reduction, but the path to remediating security issues is not always straightforward. There may be a lot of back and forth between the first and third party on the validity of the finding, the risk it actually presents, or the way in which to remediate the issue.

BitSight customers now have the ability to collaborate with third parties to get to a clear, quick path to risk reduction. Leveraging the Enable Vendor Access feature, which grants third parties access to the BitSight portal and customer success team free of charge, customers can pinpoint and share specific areas of risk that their third parties should look into. This makes feedback provided to third parties about their cybersecurity both manageable and actionable.

For example, customers can be alerted to new infections or malware that appear on a third party’s network, and then reach out to discern whether or not that infection may put their own data at risk.contextual eva.gif

Share specific records of botnet infections with third parties.

contextual eva2.gifShare and dig into certain security controls gaps on a company’s network, such as risk services being run on unsecured ports.

 

Third parties who receive this free access will understand exactly which issues are of concern, and can access the BitSight platform for remediation resources and context needed to resolve issues.

This process takes the path to potential risk reduction down to hours and minutes — a feat that is not possible with more manual, traditional vendor risk management exercises. Moreover, this kind of automation is key for organizations looking to bring scale and greater efficiency to their vendor risk management programs.

Learn more about how BitSight helps bring technology-enabled automation to vendor risk management.

Suggested Posts

How DataOps is Transforming How Business Handles Data

You are building a mission-critical big data infrastructure. You have a team of talented software engineers who are dragged into internal meetings with various stakeholders and customers as data and product Subject Matter Experts. You have...

READ MORE »

BitSight Security Ratings Platform Expands Its Visibility in Compromised Systems

Since creating the Security Ratings market in 2011, a core component of BitSight’s value to users has been providing industry-leading comprehensive visibility into malware communications.

READ MORE »

Advanced Security Benchmarking with BitSight Peer Analytics

On March 4th, BitSight released  Peer Analytics, the newest advanced analytics module from the leader in security ratings. This allows organizations to better understand and manage their security performance in relation to their industry...
READ MORE »

Subscribe to get security news and updates in your inbox.