New BitSight Discover Module Enables Risk Teams to Uncover Potential Single Points of Failure Stemming from Service Provider Relationships
BitSight Technologies, the standard in Security Ratings, today announced BitSight Discover for Enterprises, a new cloud offering that builds on its already powerful Risk Aggregation solution. The newest solution enhances vendor management techniques by identifying single points of failure in an organization’s supply chain and automatically revealing the service providers used.
Many of the recent high-profile breaches, such as those at the Office of Personnel Management (OPM) and Home Depot, originated from third parties. These third parties were exploited to gain access to critical systems and data. Organizations are now closely monitoring vendors with access to sensitive data; however, analysis of direct third party relationships only addresses part of the problem.
“Leaders in risk management and regulatory bodies are looking beyond third parties and focusing on risk from fourth parties (the third parties of their third parties),” said Stephen Boyer, co-founder and CTO for BitSight. “In some cases, fourth party risk can be just as catastrophic as third party risk, especially because it’s not an area of risk that is well understood, quantified, or managed for most organizations. An outage or exploitation of a fourth party could be particularly damaging if that fourth party provides services to a large number of organizations -- one disruption could impact multiple vendors. This was recently the case with NS1, a domain name server (DNS) provider who was the target of a sophisticated cyber attack that disrupted access to millions of US and European high-profile websites.”
In a BitSight report analyzing more than 35,000 companies, researchers found that one out of four technology companies are linked to Amazon’s cloud services. Pinpointing every possible fourth party connection like this is impossible for many companies that rely on questionnaires to collect this type of risk management data. The manual approach depends on disclosure, which only represents a moment-in-time view and relies on the accuracy of the vendor’s responses. With BitSight Discover for Enterprises, organizations can now identify single points of failure by instantly viewing the service providers with whom their vendors do business. BitSight Discover for Enterprises continuously updates its connections, providing organizations with a comprehensive and continuous look into their vendor ecosystem, enabling them to manage the evolving risk landscape as relationships change. The simple user interface makes it easy for any user to pull fourth party connections and generate dynamic reports without the need for custom code or dedicated integration professionals.
“Cloud service providers, like other organizations, are not immune to outages or data breaches. For any organization to stay ahead of potential disruptions, information security teams should identify whether any of their critical IT systems or key vendors rely on service providers,” said Jon Oltsik, senior principal analyst at ESG. “BitSight can provide continuous visibility into subcontractor risks to help organizations identify single points of failure in their supply chain and enhance their approach to vendor management.”
BitSight Discover for Enterprises is the second module to be released on the BitSight Discover platform, which has a proven track record in the cyber insurance space with BitSight Discover for Risk Aggregation. Along with BitSight’s flagship Security Ratings solution, organizations are able to obtain a complete view of risk from any vendor engagement.
BitSight Discover for Enterprises will be generally available in late June. For more information, visit https://www.bitsight.com/vendor-discovery.
About BitSight Technologies
BitSight Technologies is transforming how companies manage information security risk with objective, verifiable and actionable Security Ratings. Founded in 2011, the company built its Security Rating Platform to continuously analyze vast amounts of external data on security issues and behaviors in order to help organizations manage third party risk, underwrite cyber insurance policies, benchmark performance, conduct M&A due diligence and assess aggregate risk. Seven of the top 10 cyber insurers, 56 Fortune 500 companies, and 3 of the top 5 investment banks rely on BitSight to manage cyber risks. For more information, please visit www.bitsight.com, read our blog or follow @BitSight on Twitter.