BitSight OverviewUNIXBusinessApplication

BitSight is the #2 ranked solution in top IT Vendor Risk Management tools. PeerSpot users give BitSight an average rating of 8.0 out of 10. BitSight is most commonly compared to SecurityScorecard: BitSight vs SecurityScorecard. BitSight is popular among the large enterprise segment, accounting for 69% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a computer software company, accounting for 21% of all views.
What is BitSight?

BitSight transforms how organizations manage cyber risk. The BitSight Security Ratings Platform applies sophisticated algorithms, producing daily security ratings that range from 250 to 900, to help organizations manage their own security performance; mitigate third party risk; underwrite cyber insurance policies; conduct financial diligence; and assess aggregate risk. With over 2,100 global customers and the largest ecosystem of users and information, BitSight is the Standard in Security Ratings. For more information, please visit, read our blog or follow @BitSight on Twitter.

BitSight Customers

Fannie Mae, Cabela's, BNP Paribas, PWC, AIR Worldwide, Con Edison, The Container Store, OshKosh, Steris, University of South Florida, Emblem Health, Lloyds Bank

BitSight Video

BitSight Reviews

Filter by:
Filter Reviews
Filter Unavailable
Company Size
Filter Unavailable
Job Level
Filter Unavailable
Filter Unavailable
Filter Unavailable
Order by:
  • Date
  • Highest Rating
  • Lowest Rating
  • Review Length
Showingreviews based on the current filters. Reset all filters
SOC at Renault
Real User
Great solution that provides information about the external servers, botnet infection and credential leaks
Pros and Cons
  • "Offers open ports from an external point of view."
  • "Data enrichment is the major issue."

What is most valuable?

BitSight provides information about the external servers, botnet infection and credential leaks. It also offers open ports from an external point of view, so we benefit before any adversary misuses the particular servers that are exposed externally.

What needs improvement?

There has been quite a bit of data discrepancy in BitSight. When we observe a particular event or alert and check it three to four days a month, the alert seems to be gone, but the vulnerability still exists. In addition, certain assets are becoming repetitive for the same vulnerability. We have reported these couple of instances to BitSight, but we haven't received any updates from them yet. So we are unsure if the issue is from the access end or the BitSight end when it fails to detect that particular asset.

We would like to see better data enrichment to give more information about the particular asset. For example, if BitSight scouts a specific website, it tells you that the website is using TLS Version 1.1 or that the web server is accessible using this server. It will be good if it can give a screenshot of what version BitSight scouts and allow us to validate whether it is aligned. Also, I think the alert system can also be fixed. Still, data enrichment is the major issue because we only see some information that is provided by the data and specific fixes about particular vulnerabilities. If we check for remediation tips for certain vulnerabilities, it only gives generic information.

For how long have I used the solution?

We have been using this solution for five months. It is a cloud-based solution, but I am unsure what version we use.

What do I think about the scalability of the solution?

It is a scalable solution. We gave access to BitSight to multiple people in our organization, from the security team and other teams. About 30 or more people have access to BitSight.

Expanding usage depends on giving permissions on an ad hoc basis and who handles certain assets. It is not mandatory to give everybody access to BitSight, and it is based on a need to know.

How are customer service and support?

We raised the issue of alerts with technical support and put in a ticket. We have a meeting with them in two weeks. The technical support is pretty solid because I've raised a couple of tickets in the past month, and they fixed it in a concise amount of time. It took them about one or two days to get back to me.

Which solution did I use previously and why did I switch?

We haven't used another solution, but I know there's a product called Census, but we haven't had an opportunity to work with it. I believe they are a competitor of BitSight.

How was the initial setup?

I was not a part of the implementation of BitSight.

What's my experience with pricing, setup cost, and licensing?

I can't comment on the pricing because different parties evaluate it, and a different department administers it.

What other advice do I have?

I rate this solution an eight out of ten. Regarding advice, BitSight scours assets to discover exposure and searches for existing vulnerabilities. Vulnerabilities that exist on the internet might try to abuse a company's assets, and it is important to get the upper hand before adversaries try to take advantage of organizational assets.

Disclosure: I am a real user, and this review is based on my own experience and opinions.
Flag as inappropriate
PeerSpot user