We face difficulties in acquiring designs and findings. There may be room for improvement in the methodology for identifying findings, as occasional errors occur on the technical side of BitSight.
The solution’s benchmarking should be improved. The weakness was that they could only benchmark five companies simultaneously. I'm unsure whether this was due to the trial or another reason.
There could be an ability to adapt the score faster. At the moment, when the vulnerability score decreases, it remains the same for quite a while, even though issues are resolved in 24 hours. It reduces faster and increases very slowly. This particular area needs improvement.
There has been quite a bit of data discrepancy in BitSight. When we observe a particular event or alert and check it three to four days a month, the alert seems to be gone, but the vulnerability still exists. In addition, certain assets are becoming repetitive for the same vulnerability. We have reported these couple of instances to BitSight, but we haven't received any updates from them yet. So we are unsure if the issue is from the access end or the BitSight end when it fails to detect that particular asset. We would like to see better data enrichment to give more information about the particular asset. For example, if BitSight scouts a specific website, it tells you that the website is using TLS Version 1.1 or that the web server is accessible using this server. It will be good if it can give a screenshot of what version BitSight scouts and allow us to validate whether it is aligned. Also, I think the alert system can also be fixed. Still, data enrichment is the major issue because we only see some information that is provided by the data and specific fixes about particular vulnerabilities. If we check for remediation tips for certain vulnerabilities, it only gives generic information.
What is vendor risk management? Vendor risk management (VRM) is the policy of ensuring that the relationship between service providers and IT organizations does not create an opportunity for interruptions in business productivity, profitability, and performance. The VRM process indicates that organizations should consistently monitor, manage, and assess their risk potential from outside vendors and any third-party suppliers that provide IT products, services, and solutions or that have...
We face difficulties in acquiring designs and findings. There may be room for improvement in the methodology for identifying findings, as occasional errors occur on the technical side of BitSight.
The solution’s benchmarking should be improved. The weakness was that they could only benchmark five companies simultaneously. I'm unsure whether this was due to the trial or another reason.
There could be an ability to adapt the score faster. At the moment, when the vulnerability score decreases, it remains the same for quite a while, even though issues are resolved in 24 hours. It reduces faster and increases very slowly. This particular area needs improvement.
The solution's factor analysis feature could be better.
There has been quite a bit of data discrepancy in BitSight. When we observe a particular event or alert and check it three to four days a month, the alert seems to be gone, but the vulnerability still exists. In addition, certain assets are becoming repetitive for the same vulnerability. We have reported these couple of instances to BitSight, but we haven't received any updates from them yet. So we are unsure if the issue is from the access end or the BitSight end when it fails to detect that particular asset. We would like to see better data enrichment to give more information about the particular asset. For example, if BitSight scouts a specific website, it tells you that the website is using TLS Version 1.1 or that the web server is accessible using this server. It will be good if it can give a screenshot of what version BitSight scouts and allow us to validate whether it is aligned. Also, I think the alert system can also be fixed. Still, data enrichment is the major issue because we only see some information that is provided by the data and specific fixes about particular vulnerabilities. If we check for remediation tips for certain vulnerabilities, it only gives generic information.