|
By Viet Tran
Most organizations now recognize that even if they have a strong internal security posture, a security lapse by any one of their many third-party vendors or partners can be just as catastrophic to their business as a direct breach. Industry and government regulators are increasingly focused on this topic as well, resulting in a wave of new compliance requirements that extend to third-party risks.
|
By Arzu Ozbek Akay
Earlier this year, we announced Bitsight’s next-generation internet scanning, Bitsight Groma, and AI-powered discovery and attribution technology, Bitsight Graph of Internet Assets (Bitsight GIA). While these technologies work as partners in the Bitsight Cyber Risk Data Engine to create a dynamic map of internet infrastructure, it is helpful to separate them out to understand their unique contributions.
|
By Pedro Umbelino
As we are all very aware, being a technical person or layman, the recent CrowdStrike outage caused disruptions on a myriad of systems worldwide, affecting multiple industry sectors and millions of people in some way, shape, or format.
|
By Derek Vadala
As most in the industry are aware, a defective content update to CrowdStrike’s Falcon Sensor for Windows led to a global cascade of system outages affecting critical industry sectors such as transportation, banking, healthcare, and public safety. Many enterprises and government agencies around the world are still actively managing their response to this incident.
|
By Ben Edwards
In the course of a major research rollout like my recent whitepaper on KEV vulnerabilities, I frequently end up doing some bit of analysis that doesn’t make it into the final doc. Usually, it is because I am dealing with limited space and attention spans, and I gotta stop sometime. The stuff that gets cut is usually not terribly compelling or surprising or is maybe more an artifact of the particular bias in our sample or is only interesting to a very small audience.
|
By Rachel Holmes
Economic pressures have been leading to greater budget scrutiny and justification of resources for cybersecurity teams. Boards are asking harder questions around cyber risk and exposure. Not only are CISOs working hard to justify and measure their program, they’ve had to become more data-driven in the way they align investments towards company outcomes and business objectives.
On June 20th, 2024, the Department of Commerce's Bureau of Industry and Security (BIS) announced the prohibition of Kaspersky Lab, Inc., the U.S. subsidiary of a Russia-based anti-virus software and cybersecurity company, from directly or indirectly providing anti-virus software and cybersecurity products or services in the U.S. or to U.S. persons. The prohibition also applies to Kaspersky Lab, Inc.’s affiliates, subsidiaries, and parent companies.
|
By Francisco Fonseca
As the NIS2 Directive reshapes the cybersecurity landscape across Europe, a key focus for organisations is understanding and managing their critical suppliers. The directive mandates heightened scrutiny and tighter controls around these essential entities, underscoring their importance in your overall cybersecurity strategy. But the pivotal question remains: How do you determine who qualifies as a 'critical supplier'?
As our 2024 Rating Algorithm Update (RAU) goes live on July 10, 2024, we wanted to share some research that validates this update and reinforces the importance of the RAU process. As we noted in our announcement blog, after RAU 2024, remediated Patching Cadence findings will impact the Bitsight Rating for 90 days after the last vulnerable observation instead of 300 days.
|
By Ben Edwards
As I mentioned at the beginning of this year, I am trying to do a monthly blog post on what might be termed “Major Security Events”. In particular this year, I’ve written about the Ivanti meltdown, Lockbit ransomware, and the xz backdoor. These events usually emerge cacophonously and suddenly into the cybersecurity landscape, and generally get everyone’s attention “real quick”.
|
By BitSight
Exposure management tooling can act as an excellent source of truth for cybersecurity leaders as they communicate risk up to the board level. The visibility and data streaming from exposure management solutions makes it easier for CISOs to track security performance over time, quantify improvements in security maturity levels, establish better financial quantification of cyber risk and ensure the organization's exposure levels match up with industry averages.
|
By BitSight
Learn about our Bitsight Professional Services and how they bring a consultative support to the areas that matter most to your organization.
|
By BitSight
Learn about our Continuous Monitoring Service offering where we help organizations manage their third-party ecosystem to prioritize critical vendors, work to collaborate with vendors on remediation plans and to monitor and report on vendor performance over time.
|
By BitSight
Learn about our Managed Assessment Service offering where we help organizations manage the entire risk assessment process from sending out questionnaires, to executing a control gap analysis on responses, to surfacing relevant findings.
|
By BitSight
Learn how Bitsight Professional Services help organizations manage third-party risk by helping with vendor assessment/validation, continuous monitoring of your vendors and effectively reporting on your program to executive level stakeholders.
|
By BitSight
Streamline Assessments, Monitor Vendors, and Validate Security Posture with Ease. No more manual workflows or toggling between tools—with Bitsight VRM, part of the industry’s first end-to-end third-party risk management solution, you can effortlessly navigate through risk assessments and continuous monitoring with just a flip of a switch. Discover a new level of clarity and efficiency with instant access to an ever-growing network of 40,000+ vendor profiles. Track onboarding and validate questionnaire responses with objective data to make informed decisions and expedite risk mitigation.
|
By BitSight
With our latest Bitsight Continuous Monitoring enhancement, we help security leaders connect cyber risk to business risk when it comes to their vendor relationships. Risk Analytics expedites decision-making with portfolio-wide risk insights and data tied to key risk indicators.
|
By BitSight
Take a peek into our latest Bitsight Continuous Monitoring enhancement that helps you surface both known and, more importantly, unknown vendor relationships. With Vendor Discovery, we shine a light on Shadow IT within your organization so you can understand the full scope of your third-party cyber risk to your business.
|
By BitSight
Bitsight Portfolio Risk Analytics provides governance, risk, and security teams actionable insights into material risk across the vendor ecosystem. It’s a simple-to-use view into hidden risk across the portfolio that could someday manifest into very visible business impact.
|
By BitSight
Did you know that 69% of organizations have experienced some type of cyber attack in which the attack itself started through the exploit of an unknown, unmanaged, or poorly managed internet-facing asset? Understanding the scope of your organization’s external attack surface is essential. You need to continuously manage your digital footprint to know where risks exist and how to prioritize vulnerable areas. Gain visibility into what an attacker sees and take informed action to reduce exposure and empower your organization’s growth and success.
|
By BitSight
Cybersecurity ROI isn't about cost savings. It's about how your cybersecurity program helps you achieve your goals while managing risk to a level that your executive team is comfortable with. So if you shouldn't measure success in cost savings, how do you measure it? BitSight is providing five steps that help CISOs and executive teams evaluate their company's cybersecurity performance.
|
By BitSight
Are you overwhelmed by the intricacies of your attack surface? Concerned about the rising risk of vulnerabilities in your and your partners' digital ecosystems? New BitSight research finds that the average vulnerability remediation rate across organizations is about 5 percent per month, sparking concern that the status quo of exposure and vulnerability management is broken. Moreover, organizations face significant challenges in managing vulnerabilities in their extended, third-party ecosystem, and most security leaders do not have the tools to address these emerging threats.
|
By BitSight
Stop reacting to cyber risk as it comes. BitSight for Security Performance Management empowers security leaders to strengthen cyber resilience over time with objective, meaningful, and evidence-based metrics. Gain insights, drive decisions, and build confidence with our suite of advanced analytics.
|
By BitSight
Traditional vendor risk management programs are not effective at mitigating risk in ever-expanding third-party networks, and yet 69% of businesses still rely on manual processes. It's time to take your program to the next level. How can you centralize, automate, and streamline your process to manage hundreds of vendors as effectively as you manage ten? Scalable VRM continuously detects, monitors, and mitigates risk, going beyond due diligence and initial assessments to constantly reassess and proactively act on vendor risk.
- July 2024 (8)
- June 2024 (8)
- May 2024 (14)
- April 2024 (11)
- March 2024 (6)
- February 2024 (7)
- January 2024 (27)
- December 2023 (4)
- November 2023 (7)
- October 2023 (10)
- September 2023 (11)
- August 2023 (16)
- July 2023 (16)
- June 2023 (13)
- May 2023 (17)
- April 2023 (20)
- March 2023 (8)
- December 2022 (2)
- August 2022 (2)
- July 2022 (8)
Bitsight is a cyber risk management leader transforming how companies manage exposure, performance, and risk for themselves and their third parties. Global enterprises, governments, and organizations rely on Bitsight to prioritize their cybersecurity investments, build greater trust within their ecosystem, and reduce their chances of financial loss. When unrelenting market pressure pushes organizations to uncertainty and caution, they turn to Bitsight to confidently navigate cyber risk and grow with confidence.
Bitsight's universally recognized risk standard and market-leading data provides actionable insights into how companies set and manage to standards and report results to internal and external stakeholders. Built on over a decade of technological innovation, Bitsight's integrated solutions deliver value across enterprise security performance, digital supply chains, cyber insurance, and data analysis.
Bitsight is on a mission to free the global economy from the material impact of cyber incidents.