BitSight Expands Data Breadth in Security Ratings Platform
Ben Fagan | April 29, 2016
BitSight is proud to announce the release of new features that provide expanded data breadth to all customers. These new innovations enable customers to better identify risks in third party networks and their own networks. Annotations, a new innovation in the security ratings market that allows customers to add tags to specific parts of their network asset maps, providing context for customers to take appropriate action with new events on their network or the network of a third party. Furthering BitSight’s mission to provide actionable data, Patching Cadence, the newest Diligence risk vector, is expanding data breadth in the platform. This risk vector evaluates a company’s responsiveness in patching major vulnerabilities. Learn more about these features that are helping customers better manage and streamline their security risk management efforts:
Building a Collaborative Platform with Annotations
Annotations enable companies to provide tags on specific CIDR blocks belonging to that company. As a quickly growing standard in the market, companies can use these tags to provide internal or external comments on specific CIDR blocks. For example, many companies have guest wifi networks that are separate from the corporate network. These guest wifi networks may have specific event, diligence or user behavior issues that are reflected in the BitSight platform.
Annotations provides collaborative capabilities previously not available to security ratings customers. By introducing this new innovation, companies can streamline their internal security processes, vendor monitoring, cyber insurance underwriting and mergers and acquisitions due diligence. By being able to filter by tagged IP addresses, customers can better manage changes in events, diligence or user behavior items on their own network, or better prioritize outreach to vendors with new observed issues. This latest innovation by BitSight expands the platform to give companies the ability to expand communication and provide context both internally and externally.
Patching Cadence is the newest Diligence risk vector available for all customers in the platform. This risk vector evaluates how many systems in an organization's network infrastructure are affected by vulnerabilities and how quickly the company resolved any issues. Vulnerabilities are publicly disclosed holes or bugs in software or device firmware that can be used by attackers to gain unauthorized access to systems and data. Patches are updates to the affected software that resolve the vulnerability and close that particular avenue of attack.
Patching Cadence is a beta risk vector and is not currently used in the rating of a company’s ratings. Yet, customers can begin to put this information to immediate action by identifying any major vulnerabilities on their network to remediate any major issues. Companies can also use the Request Vendor Access button to enable third parties to remediate issues as they arise.
These new powerful features help customers move their security risk management forward. By providing additional context to their network asset maps, companies can have more informed and insightful conversations around security and potential issues in their network or the network of a third party. The Patching Cadence risk vector will provide even more data breadth and insight into security posture of organizations worldwide. These new features are further enhancing the BitSight platform and solidifying this solution as the standard in security ratings.