BitSight Reviews

BitSight provides information about the external servers, botnet infection and credential leaks. It also offers open ports from an external point of view, so we benefit before any adversary misuses the particular servers that are exposed externally.

There has been quite a bit of data discrepancy in BitSight. When we observe a particular event or alert and check it three to four days a month, the alert seems to be gone, but the vulnerability still exists. In addition, certain assets are becoming repetitive for the same vulnerability. We have reported these couple of instances to BitSight, but we haven't received any updates from them yet. So we are unsure if the issue is from the access end or the BitSight end when it fails to detect that particular asset.

We would like to see better data enrichment to give more information about the particular asset. For example, if BitSight scouts a specific website, it tells you that the website is using TLS Version 1.1 or that the web server is accessible using this server. It will be good if it can give a screenshot of what version BitSight scouts and allow us to validate whether it is aligned. Also, I think the alert system can also be fixed. Still, data enrichment is the major issue because we only see some information that is provided by the data and specific fixes about particular vulnerabilities. If we check for remediation tips for certain vulnerabilities, it only gives generic information.

We have been using this solution for five months. It is a cloud-based solution, but I am unsure what version we use.

It is a scalable solution. We gave access to BitSight to multiple people in our organization, from the security team and other teams. About 30 or more people have access to BitSight.

Expanding usage depends on giving permissions on an ad hoc basis and who handles certain assets. It is not mandatory to give everybody access to BitSight, and it is based on a need to know.

We raised the issue of alerts with technical support and put in a ticket. We have a meeting with them in two weeks. The technical support is pretty solid because I've raised a couple of tickets in the past month, and they fixed it in a concise amount of time. It took them about one or two days to get back to me.

We haven't used another solution, but I know there's a product called Census, but we haven't had an opportunity to work with it. I believe they are a competitor of BitSight.

I was not a part of the implementation of BitSight.

I can't comment on the pricing because different parties evaluate it, and a different department administers it.

I rate this solution an eight out of ten. Regarding advice, BitSight scours assets to discover exposure and searches for existing vulnerabilities. Vulnerabilities that exist on the internet might try to abuse a company's assets, and it is important to get the upper hand before adversaries try to take advantage of organizational assets.