BitSight Announces BitSight Discover, A New Solution Designed to Automatically Map Risks Associated with Fourth Party Connections

Security Ratings Company Expands Product Suite with BitSight Discover for Risk Aggregation Aimed at Cyber Insurers

BitSight Technologies, the standard in Security Ratings, today announced BitSight Discover, a new platform designed to enable users to quickly identify fourth party connections and their associated risks. The first module built on the BitSight Discover platform, BitSight Discover for Risk Aggregation is purpose-built to provide cyber insurers with a holistic view of their portfolio, the connections of insureds, and their aggregate risk. As many organizations within an industry rely on a single service provider, software platform or 4th party supplier, single points of failure have become a reality that insurance providers must address amongst their portfolio clients.

“Organizations recognize that outside connections can often be a cyber criminal’s best point of entry, and to protect themselves, investment in third-party vendor risk management solutions is necessary. However, as companies increase dependency on fourth parties – cloud service providers, web hosting platforms, and other external services – it is essential to monitor and assess the security effectiveness of those companies as well,” said Stephen Boyer, co-founder and CTO of BitSight Technologies. “Tracking fourth party connections has historically been a time-consuming process, with teams manually compiling information based on risk assessments and questionnaires to track the dependencies between their vendors and subcontractors. The BitSight Discover Platform is the first risk product that automatically reveals the level of reliance on a common set of service providers.”

Today, BitSight’s flagship Security Ratings platform uses publicly accessible data to rate companies’ security performance from 250 – 900 on a daily basis. The new BitSight Discover platform examines different technology providers (e.g. Content Delivery Networks, Web Hosting Providers, etc.) and automatically maps their connections to domains and the companies associated with each domain. Users have a new lens into risk management that enables them to quickly see connections between their vendors and any service provider.

Combining BitSight Security Ratings and BitSight Discover depicts any dependencies to fourth parties and illustrates the security performance of each service provider, enhancing how risk is managed.

BitSight Discover for Risk Aggregation

The first solution built on the BitSight Discover platform was specifically designed for cyber insurers and reveals the level of reliance on a common set of service providers among all insureds within a portfolio. BitSight Discover for Risk Aggregation allows insurance companies to manage aggregate risk by identifying dependencies between their book of business and common service providers, pinpointing key areas that could significantly impact their portfolios.

"As an early adopter of BitSight Discover for Risk Aggregation, we are thrilled with this groundbreaking solution," said Scott Stransky, manager and principal scientist at catastrophe modeling firm AIR Worldwide. "Companies across the insurance value chain are anxious to capture data on the virtual supply chain automatically, a task that was previously cumbersome. This latest offering from BitSight allows for rapid analysis, and we’re finding that its ease of use and comprehensive view of aggregation encourages well-informed decision-making at all levels of business.”

New Research

In conjunction with the BitSight Discover announcement, BitSight published a new Insights report titled, “Risk Degrees of Separation: The Impact of Fourth Party Networks on Organizations,” which analyzed Security Ratings of more than 35,000 companies across 22 different industries to uncover the vulnerabilities posed by fourth parties. To download a copy of the report, visit


BitSight Discover for Risk Aggregation will be available March 2016. Enhanced features for additional use cases for BitSight Discover will follow later this year.

For more information about BitSight Discover and BitSight Discover for Risk Aggregation, visit


About BitSight Technologies

BitSight Technologies is transforming how companies manage information security risk with objective, evidence-based security ratings. The company's Security Rating Platform continuously analyzes vast amounts of external data on security behaviors in order to help organizations manage third-party risk, benchmark performance, and assess and negotiate cyber insurance premiums. Based in Cambridge, MA, BitSight is backed by the National Science Foundation, Globespan Capital Partners, Menlo Ventures, Flybridge Capital Partners, Comcast Ventures, Commonwealth Capital Ventures, Liberty Global Ventures, Shaun McConnon, and Singtel Innov8. For more information, please visit, read our blog or follow @BitSight on Twitter.