Boston, MA, USA
  |  By João Batista
At the end of May 2024, the largest ever operation against botnets, dubbed Operation Endgame, targeted several botnets including IcedID, SystemBC, Pikabot, Smokeloader, Bumblebee, and Trickbot. This operation significantly impacted the botnets by compromising their operations and shutting down their infrastructure. Although Latrodectus was not mentioned in the operation, it was also affected and its infrastructure went offline.
  |  By Tim Grieveson
Talking to fellow CISO’s around the globe - and in particular Europe - the topic of cybersecurity regulations and compliance has taken on a new life. Most recently, the Network and Information Security (NIS 2) Directive is the latest regulation shaking up the region. NIS2 is much more than an update though—it's transforming the cybersecurity landscape of the EU.
  |  By Vanessa Jankowski
As cybersecurity leaders try to get ahead of threats to their organization, they're increasingly seeking ways to get off the hamster wheel of chasing countless CVEs (common vulnerabilities and exposures). The brass ring that most CISOs reach for today is prioritization of exposures in their infrastructure (and beyond), so their teams can focus on tackling the ones that present the greatest risk. In some cases, the highest priority exposures will still be critical CVEs on mission critical assets.
In our global study of the CISA KEV Catalog, we uncovered widespread vulnerabilities and the swift pace at which threats evolve. As we dissect the layers of data from the report, it becomes evident that each country's unique approach to cybersecurity regulation, vulnerability management, and remediation presents distinct challenges and opportunities.
  |  By Sabrina Pagnotta
Every cybersecurity team is being challenged to do more with less. CISOs experience top-down pressure to maximize the value of their resources, consolidate vendors as much as possible, and optimize their tool stack. And, they have unchanged expectations of keeping their organization safe across ever-growing digital supply chains. But traditional approaches to VRM often leave cybersecurity teams grappling with a tangled web of manual processes, disparate tools, and fragmented data.
  |  By Diogo Ferreira & Fábio Freitas
At Bitsight, part of the Vulnerability Research team's core work involves analyzing vulnerabilities in order to create detection capabilities that can be implemented on an Internet-wide scale.
  |  By George V. Hulme
Whether it's because industrial control systems remain quite vulnerable to attacks, or because these systems manage valuable physical resources and uptime is essential—or a bit of both—attackers are increasingly targeting operational technology (OT) and industrial control systems (ICS).
  |  By Jake Olcott
Bitsight was named a Leader in The Forrester Wave: Cybersecurity Risk Ratings Platforms, Q2 2024 for a third consecutive time. Click here to download The Forrester Wave: Cybersecurity Risk Ratings Platforms, Q2 2024. We are incredibly proud to be highlighted as a Leader, and our placement in this report is validation of our ongoing effort to help risk and security leaders identify exposure, prioritize investment, communicate with stakeholders, and mitigate risk.
  |  By Ben Edwards
It’s been a while since I’ve blogged. Things have been busy; Bitsight released a great report authored by yours truly on CISA’s KEV catalog. It’s really great if I do say so myself so I highly recommend going and giving it a glance.
  |  By Alex Campanelli
With economic sanctions being levied by the US against Iran and a trade war heating up with China, some security experts are cautioning that attacks targeting US critical infrastructure may be inevitable. Are electric utilities prepared to defend themselves and their facilities against these attacks?
  |  By BitSight
Exposure management tooling can act as an excellent source of truth for cybersecurity leaders as they communicate risk up to the board level. The visibility and data streaming from exposure management solutions makes it easier for CISOs to track security performance over time, quantify improvements in security maturity levels, establish better financial quantification of cyber risk and ensure the organization's exposure levels match up with industry averages.
  |  By BitSight
Learn about our Bitsight Professional Services and how they bring a consultative support to the areas that matter most to your organization.
  |  By BitSight
Learn about our Continuous Monitoring Service offering where we help organizations manage their third-party ecosystem to prioritize critical vendors, work to collaborate with vendors on remediation plans and to monitor and report on vendor performance over time.
  |  By BitSight
Learn about our Managed Assessment Service offering where we help organizations manage the entire risk assessment process from sending out questionnaires, to executing a control gap analysis on responses, to surfacing relevant findings.
  |  By BitSight
Learn how Bitsight Professional Services help organizations manage third-party risk by helping with vendor assessment/validation, continuous monitoring of your vendors and effectively reporting on your program to executive level stakeholders.
  |  By BitSight
Streamline Assessments, Monitor Vendors, and Validate Security Posture with Ease. No more manual workflows or toggling between tools—with Bitsight VRM, part of the industry’s first end-to-end third-party risk management solution, you can effortlessly navigate through risk assessments and continuous monitoring with just a flip of a switch. Discover a new level of clarity and efficiency with instant access to an ever-growing network of 40,000+ vendor profiles. Track onboarding and validate questionnaire responses with objective data to make informed decisions and expedite risk mitigation.
  |  By BitSight
With our latest Bitsight Continuous Monitoring enhancement, we help security leaders connect cyber risk to business risk when it comes to their vendor relationships. Risk Analytics expedites decision-making with portfolio-wide risk insights and data tied to key risk indicators.
  |  By BitSight
Take a peek into our latest Bitsight Continuous Monitoring enhancement that helps you surface both known and, more importantly, unknown vendor relationships. With Vendor Discovery, we shine a light on Shadow IT within your organization so you can understand the full scope of your third-party cyber risk to your business.
  |  By BitSight
Bitsight Portfolio Risk Analytics provides governance, risk, and security teams actionable insights into material risk across the vendor ecosystem. It’s a simple-to-use view into hidden risk across the portfolio that could someday manifest into very visible business impact.
  |  By BitSight
Did you know that 69% of organizations have experienced some type of cyber attack in which the attack itself started through the exploit of an unknown, unmanaged, or poorly managed internet-facing asset? Understanding the scope of your organization’s external attack surface is essential. You need to continuously manage your digital footprint to know where risks exist and how to prioritize vulnerable areas. Gain visibility into what an attacker sees and take informed action to reduce exposure and empower your organization’s growth and success.
  |  By BitSight
Cybersecurity ROI isn't about cost savings. It's about how your cybersecurity program helps you achieve your goals while managing risk to a level that your executive team is comfortable with. So if you shouldn't measure success in cost savings, how do you measure it? BitSight is providing five steps that help CISOs and executive teams evaluate their company's cybersecurity performance.
  |  By BitSight
Are you overwhelmed by the intricacies of your attack surface? Concerned about the rising risk of vulnerabilities in your and your partners' digital ecosystems? New BitSight research finds that the average vulnerability remediation rate across organizations is about 5 percent per month, sparking concern that the status quo of exposure and vulnerability management is broken. Moreover, organizations face significant challenges in managing vulnerabilities in their extended, third-party ecosystem, and most security leaders do not have the tools to address these emerging threats.
  |  By BitSight
Stop reacting to cyber risk as it comes. BitSight for Security Performance Management empowers security leaders to strengthen cyber resilience over time with objective, meaningful, and evidence-based metrics. Gain insights, drive decisions, and build confidence with our suite of advanced analytics.
  |  By BitSight
Traditional vendor risk management programs are not effective at mitigating risk in ever-expanding third-party networks, and yet 69% of businesses still rely on manual processes. It's time to take your program to the next level. How can you centralize, automate, and streamline your process to manage hundreds of vendors as effectively as you manage ten? Scalable VRM continuously detects, monitors, and mitigates risk, going beyond due diligence and initial assessments to constantly reassess and proactively act on vendor risk.

Bitsight is a cyber risk management leader transforming how companies manage exposure, performance, and risk for themselves and their third parties. Global enterprises, governments, and organizations rely on Bitsight to prioritize their cybersecurity investments, build greater trust within their ecosystem, and reduce their chances of financial loss. When unrelenting market pressure pushes organizations to uncertainty and caution, they turn to Bitsight to confidently navigate cyber risk and grow with confidence.

Bitsight's universally recognized risk standard and market-leading data provides actionable insights into how companies set and manage to standards and report results to internal and external stakeholders. Built on over a decade of technological innovation, Bitsight's integrated solutions deliver value across enterprise security performance, digital supply chains, cyber insurance, and data analysis.

Bitsight is on a mission to free the global economy from the material impact of cyber incidents.