Bitsight Reviews

Name: Bitsight
Brand: BitSight
Rating: 4.1 (9 reviews)

Vendor: BitSight

4.1 out of 5

9 reviews
100% willing to recommend

Leave a review

What is Bitsight?

BitSight transforms how organizations manage cyber risk. The BitSight Security Ratings Platform applies sophisticated algorithms, producing daily security ratings that range from 250 to 900, to help organizations manage their own security performance; mitigate third party risk; underwrite cyber insurance policies; conduct financial diligence; and assess aggregate risk. With over 2,100 global customers and the largest ecosystem of users and information, BitSight is the Standard in Security Ratings. For more information, please visit www.bitsight.com, read our blog or follow @BitSight on Twitter.

Get the IT Vendor Risk Management Buyer's Guide and find out what your peers are saying about Bitsight, CrowdStrike Falcon, Trend Vision One and more!

Bitsight is the #3 ranked solution in top IT Vendor Risk Management solutions and #5 ranked solution in top Attack Surface Management (ASM) solutions. PeerSpot users give Bitsight an average rating of 8.2 out of 10. Bitsight is most commonly compared to CrowdStrike Falcon: Bitsight vs CrowdStrike Falcon. Bitsight is popular among the large enterprise segment, accounting for 58% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 16% of all views.

Buyer's Guide

IT Vendor Risk Management

December 2025

Get the category report

Helped 879,371 peers since 2012

Featured Bitsight reviews

Suresh A.

Senior AIML Engineer at a tech vendor with 1,001-5,000 employees

There are areas for improvement; we do notice sometimes finding vulnerabilities which gives us visibility to find them quickly. However, there could be a mechanism they can build on top of that for validation as they identify the issues. What will the real risk be for that identifiable issue? Sometimes it could be open because of the traffic; how they detected it could be seen as vulnerable, but upon testing, it might not be a real issue. It could be a false positive because there could be a honeypot that we built. My thinking is about validation, so if they can build that validation part before they expose the risk to the specific asset, that would help. Additionally, based on their reporting, they could also build risk scores and prioritization, which would also aid us. I would suggest adding dashboards and custom reporting, which could help us by enabling rich custom reports with filters. That is especially for leadership because they will not look at each technical area, but overall they would be looking at the risk score and what the assets or critical exposure areas are. Customizable reporting based on requirements would be valuable. I chose 9 out of 10 because the reporting and dashboards would be the first thing I would consider for improvement, and then the second is about the validation part, which could probably improve to 10 out of 10. I cannot think of too much for additional improvements. Maybe some good automation with the API solutions that could be integrated with the CI/CD pipeline or DevOps tools we are running would also be automated and tested.

Read full review

Tarang Parmar

Founder at The Cyber Security Network

Bitsight has been good overall, and I do not see any negative points. However, if another organization can spy on us, that is concerning, as they can see our score and we cannot see theirs. I wish for the addition of features such as leak credentials within Bitsight, which would be more useful because we need to rely on some other third-party tools. If those features were available, there would be no need to use additional tools. I chose 8 out of 10 because if we receive invites from clients every 45 days, our subscription ends, and we have to renew it. Additionally, it does not show vulnerabilities according to the CVSS score or the impact they are causing. Instead, it labels these vulnerabilities as bad or one, which can be confusing for those unfamiliar with identifying errors. It would be better to categorize them as high vulnerability, critical vulnerability, or low vulnerability.

Read full review

reviewer2774376

Senior Manager and Global Capability Lead - Offensive Security at a tech vendor with 10,001+ employees

Bitsight's scan could be more rigorous and then more accurate. I think it would be good to try to see each and everything of the company in a more accurate way. Their scan scheduling could be improved and they could take more inputs from the companies they are working with. If they can speed up that process, they would obviously increase that score. We found that some of the findings are clear false positives, but they still report that, and based on that, the rating goes down until we rectify them. So that is something they need to work towards; the number of false positives they are rating should focus on producing more accurate results to get a higher rating.

Read full review

Bitsight mindshare

Product category:

As of December 2025, the mindshare of Bitsight in the IT Vendor Risk Management category stands at 8.6%, down from 11.9% compared to the previous year, according to calculations based on PeerSpot user engagement data.

IT Vendor Risk Management Market Share Distribution
Product	Market Share (%)
Bitsight	8.6%
RSA Archer	9.2%
SecurityScorecard	9.0%
Other	73.2%

IT Vendor Risk Management

Key learnings from peers

Last updated Dec 21, 2025

Valuable Features

Bitsight excels in third-party risk management, vulnerability identification, and external scans providing visibility into exposed assets. It offers valuable ratings, helps manage vendors, displays risk vectors, and simplifies task assignments. Users appreciate detailed anomaly information, user-friendly web portal, and API integration. Its ratings, frequent scans, and comprehensive reporting enhance security posture, reduce risk, speed up remediation, improve compliance programs, and build customer trust.

"My advice to others looking into using Bitsight is that it provides a lot of information that was not available before, and it is especially good in recon as it can identify many things about an organization that have never been found earlier, making it a valuable tool."
"Bitsight has positively impacted my organization by improving security and customer trust, giving us continuous monitoring so we now find misconfigurations within hours instead of days or weeks, which directly improves our overall security posture and reduces risk as we catch high-risk exposures early, especially unexpected cloud assets or testing endpoints that accidentally went public."
"Bitsight gives me a holistic view of my entire security posture, which is something any organization would want to have after getting a tool such as Bitsight."

Room for Improvement

Bitsight needs to enhance data enrichment and alert system accuracy, reduce data discrepancies, and address false positives. Improvements in score adaptation time, factor analysis, and benchmarking are necessary. Validation mechanisms, comprehensive scanning, risk prioritization, and customizable reporting should be enhanced. Facilitation of integration with CI/CD pipelines and DevOps tools is also required. Users desire features such as leaked credential alerts, vulnerability categorization by severity, and enhanced methodologies for identifying technical findings. Better scan scheduling and data accuracy are needed.

"I chose 8 out of 10 because if we receive invites from clients every 45 days, our subscription ends, and we have to renew it."
"There are areas for improvement; we do notice sometimes finding vulnerabilities which gives us visibility to find them quickly. However, there could be a mechanism they can build on top of that for validation as they identify the issues."
"We found that some of the findings are clear false positives, but they still report that, and based on that, the rating goes down until we rectify them."

Pricing

Many users find Bitsight pricing to be average, with some noting it is reasonably priced. However, some perceive it as expensive and more oriented towards large companies. Pricing evaluations and administration are typically handled by different departments, making it challenging for individuals to provide detailed insights regarding costs.

"The product has a reasonable price."
"The solution's price is average."

Popular Use Cases

Entities primarily use Bitsight for monitoring supply chain and security performance management. They rely on it to check security scores, assess security posture, identify vulnerabilities in networks and web applications, and gather signal intelligence. Bitsight aids in external security assessments by providing ratings based on asset vulnerabilities. Users benefit from real-time detection and notification of security issues, enabling quick remediation and fostering customer trust through improved security ratings.

Service and Support

Customer service and support from Bitsight demonstrate promptness and efficiency. Teams often resolve issues quickly, with responses arriving within days. Technical support proves effective, especially for those with geographic advantages. Professional service assists in rectifying false positives and rating adjustments. Fast email responses contribute to a positive experience. Various teams such as pre-sales and customer success ensure effective customer interactions. Satisfaction with support is high, often rated 10 out of 10.

Deployment

Bitsight's initial setup generally receives high marks for being straightforward. Companies find it easy and quick, often completed in just a couple of days. Users with prior experience may find the process even smoother. Although telecommunications companies might face additional work to clean up the attack surface, they still report the process as manageable. Pricing and licensing experience is deemed fair, with no significant challenges reported in that aspect.

Scalability

Bitsight demonstrates strong scalability, able to accommodate diverse organizations ranging from SMBs to large enterprises. Users report implementing Bitsight across various teams with seamless expansion based on permissions and asset management. Its international user base benefits from Bitsight's cloud capabilities, ensuring effective scaling without concerns. With high ratings for scalability, organizations highlight Bitsight's adaptability in supporting numerous users, establishing it as an efficient option for growing needs in varied regions.

Stability

Users commend Bitsight for its strong stability, consistently rating it highly. Some rate it a perfect ten, while others note it as very stable with an eight out of ten. Even when algorithm updates occur, these changes are considered normal and do not impact the reliability of the platform. Bitsight is regarded as stable, indicating satisfaction with its performance.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our IT Vendor Risk Management Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company Size	Count
Small Business	3
Large Enterprise	4

By reviewers

By visitors reading reviews
Company Size	Count
Small Business	95
Midsize Enterprise	92
Large Enterprise	258

By visitors reading reviews

Top industries

By visitors reading reviews

Financial Services Firm

16%

Manufacturing Company

11%

Computer Software Company

Insurance Company

Media Company

University

Government

Healthcare Company

Wholesaler/Distributor

Energy/Utilities Company

Outsourcing Company

Construction Company

Retailer

Comms Service Provider

Legal Firm

Educational Organization

Recreational Facilities/Services Company

Performing Arts

Pharma/Biotech Company

Non Profit

Hospitality Company

Marketing Services Firm

Logistics Company

Real Estate/Law Firm

Transportation Company

Engineering Company

Compare Bitsight with alternative products

Learn more about Bitsight

Bitsight customers

Fannie Mae, Cabela's, BNP Paribas, PWC, AIR Worldwide, Con Edison, The Container Store, OshKosh, Steris, University of South Florida, Emblem Health, Lloyds Bank

Product Categories

IT Vendor Risk Management

Attack Surface Management (ASM)

Popular Comparisons

CrowdStrike Falcon vs Bitsight

Trend Vision One vs Bitsight

RSA Archer vs Bitsight

Qualys CyberSecurity Asset Management vs Bitsight

Axonius vs Bitsight

SecurityScorecard vs Bitsight

OneTrust GRC vs Bitsight

AuditBoard vs Bitsight

Cybersixgill vs Bitsight

Microsoft Defender External Attack Surface Management vs Bitsight

IONIX vs Bitsight

Cortex Xpanse vs Bitsight

ProcessUnity vs Bitsight

Tenable Attack Surface Management vs Bitsight

CyCognito vs Bitsight

See all alternatives

Bitsight Reviews Summary
Author info	Rating	Review Summary
Senior AIML Engineer at a tech vendor with 1,001-5,000 employees	4.5	I've used Bitsight for around eight years to detect vulnerabilities in internet-facing systems, appreciating its external scans and continuous monitoring, though I’d like better validation, risk prioritization, and customizable dashboards for broader usability.
Founder at The Cyber Security Network	4.0	I use Bitsight to identify network vulnerabilities, and its clear reporting, task assignment, and automated scanning are valuable. While helpful overall, I wish it categorized vulnerabilities better and included credential leak detection. I rate it 8/10.
Senior Manager and Global Capability Lead - Offensive Security at a tech vendor with 10,001+ employees	3.0	I used Bitsight to monitor Virtusa's external security posture, found its ratings and scanning useful, appreciated its vendor oversight and support, but noted issues with accuracy and false positives, ultimately rating it a six out of ten.
VP at FUbon	4.5	I find BitSight valuable for its diverse evaluation points and ease of use, although its benchmarking could be improved. I prefer it over Black Kite for patch management and am considering SecurityScorecard as an alternative.
Telecommunications Engineer at Portugal Telecom	4.5	Bitsight provides us with comprehensive insights into our security posture, helping to effectively reduce risks. Its user-friendly features allow us to conduct scans and assess security risks. However, the methodology for identifying findings occasionally has errors that need improvement.
Chief Security Officer at Cetelem	4.0	I use BitSight to monitor security scores for my organization and its subsidiaries. Its most valuable feature is listing vulnerabilities, but the score adaptation could be faster. I previously evaluated SecurityScorecard before choosing BitSight for this purpose.
SOC at Renault	4.0	No summary available
Retired at a media company with 1-10 employees	4.5	I primarily use BitSight for gathering signal intelligence and risk vectors related to a company's attack surface. It offers detailed insights and a user-friendly portal but could improve its anomaly detection to compete better with companies like Qualys.

Bitsight Reviews

What is Bitsight?

Featured Bitsight reviews

Bitsight mindshare

Valuable Features

Room for Improvement

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

Top industries

Compare Bitsight with alternative products

Learn more about Bitsight

Bitsight customers

Related questions

Product Categories

Popular Comparisons