Bitsight Launches New Solutions to Uncover and Mitigate Hidden Risk from Third-Party Vendors

BOSTON – January 9, 2024 – Bitsight, a leader in managing and monitoring cyber risk, today unveiled two additions to its expanding Third-Party Risk Management portfolio, enabling enterprises to identify, prioritize, and mitigate risk. The new Vendor Discovery capability automatically identifies third-party relationships across an organization, providing teams instant visibility into potentially unknown and unauthorized vendors. Meanwhile, the new Portfolio Risk Analytics dashboard provides a comprehensive view of exposure risk across an enterprise’s vendor ecosystem, helping teams more effectively prioritize mitigation efforts.

Over the past three years, nearly 3 in 4 organizations have experienced a major disruption directly attributable to third parties2. Ransomware attacks are on the rise and global regulatory bodies like the Security and Exchange Commission (SEC) and the European Union (EU) have enforced new requirements to address enterprise cyber risk management. The new offerings from Bitsight make it faster and easier for organizations to detect issues and swiftly take action to address their most imminent threats.

"Today’s security and risk teams can no longer operate as if there is a clear separation between enterprise cyber risk and third or fourth party vulnerabilities,“ said Stephen Boyer, Co-founder and Chief Technology Officer of Bitsight. "It’s all business risk and our mission is to help those leaders charged with mitigating it to not only see it, but take action."

The shift to a distributed workforce drove an influx of new technology, applications, and third-party relationships. Many are not sanctioned or monitored by the enterprise security and risk teams. Today, more than 80% of workers admit to using non-approved SaaS applications1, potentially sharing sensitive company information or creating new exposure risk for the enterprise.

"Risk leaders don’t often think of social media applications, cloud infrastructure services, or new AI technologies as enterprise Shadow IT, ” said Vanessa Jankowski, SVP of Third Party Risk Management at Bitsight, "However, their unauthorized use is exploding within a decentralized workforce. It creates more than just headaches for third-party risk managers. It introduces real risk that can have potentially devastating impacts on business operations."

Vendor Discovery surfaces unknown third-party software

Auto Vendor Discovery enables risk and security teams to immediately identify vendor relationships in the organization, both known and unknown, reducing weeks of work to just minutes.

With Vendor Discovery, organizations can:

  • Jump start a continuous monitoring program with immediate access to vendor relationships
  • Uncover hidden risk from previously unknown vendor usage or Shadow IT
  • Surface newly discovered vendors in your ecosystem over time

Portfolio Risk Analytics simplifies vendor risk management

Bitsight Portfolio Risk Analytics provides a comprehensive view of third-party risk across the enterprise vendor ecosystem.

Portfolio Risk Analytics allows customers to:

  • View the health of their vendor portfolio risk at a glance
  • Track how programs and policies impact their portfolio risk
  • Enable executive and board level reporting on program performance over time
  • Identify which vendors are an elevated risk of security incident
  • Identify vendors that are exposed to a 2x, 3x, or even 7x likelihood of ransomware attack

Both Bitsight Vendor Discovery and Portfolio Risk Analytics are available now as part of the Continuous Monitoring product suite.


About Bitsight
Bitsight is a global cyber risk management leader transforming how organizations manage exposure, performance, and risk for themselves and their third parties. Companies rely on Bitsight to prioritize their cybersecurity investments, build greater trust within their ecosystem, and reduce their chances of financial loss. Built on over a decade of market-leading innovation, its integrated solutions deliver value across enterprise security performance, digital supply chains, cyber insurance and data analysis.