BitSight for Fourth-Party identifies technology dependencies and continuously monitors cyber risk across extended business ecosystems
BOSTON — December 16, 2019 — BitSight, the Standard in Security Ratings, today announced several enhancements to its BitSight for Fourth-Party Risk Management solution that provides organizations with deeper, automated and continuous visibility into their extended business ecosystem to help them more effectively manage fourth-party risk. The only solution of its kind in the security ratings market, BitSight for Fourth-Party enables organizations to identify areas of concentrated business and cyber risk by automatically pinpointing connections between any organization, its business partners, and potentially risky fourth-parties. Updates include expanded observable fourth-party datasets, including 80 categories of technology service providers (e.g. hosting, DNS, CDN, security, expense management) and more than 11,000 technology products (e.g. Amazon Web Services, Microsoft Azure, Dyn DNS, Microsoft Office 365), and an enhanced user experience.
As organizations’ vendor and fourth-party ecosystems continue to expand, so does their risk surface; however, lack of visibility into that ecosystem and the cyber risk within it makes it difficult for them to understand and effectively manage that risk. In spite of new regulatory requirements, security and risk leaders are challenged to provide measurable updates and confidence to executives and board members about their fourth-party risk management and operational resiliency plans. In fact, according to a recent EY survey, 74% of organizations say that fourth-party concentration risk would be extremely challenging to report on or that they could not report on it at all.
“Outages, disruptions and compromises affecting fourth-party service providers are becoming an increasing threat, while regulatory pressure on organizations to get a better handle on fourth-party risk continues to mount,” said Vineet Seth, vice president of Product Management, BitSight. “BiSight for Fourth-Party Risk Management equips organizations with the needed visibility to better evaluate and select vendors, identify common dependencies in order to triage and prioritize outreach to vendors, and continuously monitor fourth- and nth-parties to better manage cyber risk across the extended business ecosystem.”
With BitSight for Fourth-Party Risk Management, customers can tap the largest collection of service provider security performance data to:
Improve visibility across their extended business ecosystem:
- Identify connections across their extended ecosystem;
- Continuously monitor and be alerted to newly uncovered and ended relationships;
- Validate vendor assessment and questionnaire responses; and
- Receive alerts when new relationships are developed that could pose risk.
Pinpoint concentration risk and achieve a higher level of business resilience:
- Quickly identify and highlight risky business connections;
- Explore and understand service provider dependencies for disaster recovery planning;
- Know which products (e.g. Office 365) and vendors (e.g. Salesforce) have the greatest potential for impacting an organization’s level of risk;
- Gain insights for disaster recovery planning, including downstream impact assessments, and streamline their breach response; and
- Understand location risk by pinpointing services in the supply chain of specific regions.
Communicate effectively to internal and external stakeholders:
- Generate dynamic reports to communicate oversight and governance to executives, board members, regulators, auditors and insurers; and
- Leverage an intuitive, user-friendly dashboard with reports that instantly depict relationships between third- and fourth parties.
For more information about BitSight for Fourth-Party Risk Management, please visit: https://www.bitsight.com/fourth-party-risk-management.
Founded in 2011, BitSight transforms how organizations manage cyber risk. The BitSight Security Ratings Platform applies sophisticated algorithms, producing daily security ratings that range from 250 to 900, to help manage their own security performance; mitigate third party risk; underwrite cyber insurance policies; conduct M&A due diligence and assess aggregate risk. With over 1,800 global customers and the largest ecosystem of users and information, BitSight is the most widely used Security Ratings Service. For more information, please visit www.bitsight.com, read our blog or follow @BitSight on Twitter.