Armor is a cloud and mobile security solution. The vendor’s value proposition is that this solution was purpose-built to deliver the highest level of defense and control for an organization’s critical data, no matter where it’s hosted.
The vendor says they are so confident in the ability of their solution to protect an organization’s data that they back it with their Cyber Warranty Guarantee.
N/A
Bitsight Third-Party Risk Management
Score 7.5 out of 10
N/A
Bitsight provides comprehensive, AI-accelerated visibility into your vendors, assets, and digital footprint of every third party (and beyond) in your network, whether you work with them directly or indirectly.
Armor gives you what you need to be successful regardless of technical ability. If you can maintain the systems yourself, you are definitely ahead of the game with their service. If you're not prepared to configure and maintain the systems, they do a pretty good job of getting it set up during the onboarding process so that you don't need to dig into the technical guts too much. If you find yourself in over your head, their support staff can handle it for you in most cases.
If you are considering BitSight Security Ratings as a portion or bulk of a larger vendor management project you will be well served in letting the risk scores be an indication of how closely you need to examine a vendor. However, you should not base your assessment solely on the risk score provided. The risk score is based on publicly available data and can be inaccurate.
Authentication and access against the secure messaging portal is overkill when the response I'm logging in to see merely says, "yes, we have your message. An agent will respond shortly". There should be an option to receive updates like this through email.
The online portal that allows us to clone servers is very slow to respond. More than once I've spun up an additional server due to the lack of visual feedback on the initial request.
The web application firewall does not seem to be sophisticated enough to differentiate between logged in administrators and end users. We use a CMS system which allows admins to create scripts. These often get barred by the WAF even though they are not malicious.
Since data is based on public registration IP and domain data can be stale depending on ISP/Domain registration update delays.
Correcting a false detection is a month-long endeavor and requires the company with the impacted score to clean up BitSight's data.
Customer service for incorrect data is convoluted and requires a deep understanding of domain registration to correct the data. The responsibility for correcting data is placed solely on the customer's shoulders.
Approximately 50% of all messages we receive are automated. Either that an agent will be assigned, has been assigned, or a ticket is closed. I'd like to see more 'real' interaction, and less box ticking, though I appreciate process has to be followed. That's the one point off. Everything else is very good.
BitSight Security Ratings ranks evenly with SecurityScorecard and both below OneTrust for our use case. We needed a platform that would let us define risk for our organization and weight scores differently based on data sensitivity. BitSight and SecurityScorecard are aggregate data that can provide insight into the security habits of a potential vendor and should be considered as an addition to most vendor management projects. However, they both provide metrics based on hygiene and not on data-defined risk. In concert with a platform to evaluate risk based on data and to inform the overall evaluation of a vendor, BitSight Security Ratings can be made to shine. Just understand that you may have to validate some data.
