Likelihood to Recommend If you are considering BitSight Security Ratings as a portion or bulk of a larger vendor management project you will be well served in letting the risk scores be an indication of how closely you need to examine a vendor. However, you should not base your assessment solely on the risk score provided. The risk score is based on publicly available data and can be inaccurate.
Read full review If you want a platform that is covering thousands of sources, and that includes deep, dark web, clear web forums, blogs, newspapers, social media networks, etc. Recorded Future is the most complete solution that I have seen. On the other hand, if you are looking for a really advanced platform with lot of human added value, research papers, advanced investigations, etc. Recorded Future might not be the ideal solution.
Read full review Pros Security hygiene tracking over time Understandable risk score based on observations Predictability model of potential cyber security issues based on security habits. Read full review Gives latest threat reports regarding an artifact (IP, domain or hash). Browser extension provides a real-time information about an artifact. Accurate in identifying malicious domains and IPs. Read full review Cons Since data is based on public registration IP and domain data can be stale depending on ISP/Domain registration update delays. Correcting a false detection is a month-long endeavor and requires the company with the impacted score to clean up BitSight's data. Customer service for incorrect data is convoluted and requires a deep understanding of domain registration to correct the data. The responsibility for correcting data is placed solely on the customer's shoulders. Read full review E-Mail reports can show unrelated content, especially sometimes you'll see alerts popping up for articles which have been published years ago but for some reason were just recently discovered by RF. Yara rules from their insikt blog sometimes are not syntactically correct and need to be manually edited to actually work. There's some proper QA missing. Their global and 3rd party risk reports could be more tailored towards the industries of their client. There is entries for totally unrelated security incidents. Of course a global list aims to find incidents on a global view, but it doesn't add much value at that point. Read full review Support Rating I've had an issue with their browser-plugin which didn't want to authenticate correctly. RF's support could arrange for a session with me and identify and solve the issue. I was very pleased how serious they took my problems and also how knowledgeable they are.
If I have more general questions they quickly reply and most likely also have a solution at hand.
Read full review Alternatives Considered BitSight Security Ratings ranks evenly with
SecurityScorecard and both below
OneTrust for our use case. We needed a platform that would let us define risk for our organization and weight scores differently based on data sensitivity. BitSight and
SecurityScorecard are aggregate data that can provide insight into the security habits of a potential vendor and should be considered as an addition to most vendor management projects. However, they both provide metrics based on hygiene and not on data-defined risk. In concert with a platform to evaluate risk based on data and to inform the overall evaluation of a vendor, BitSight Security Ratings can be made to shine. Just understand that you may have to validate some data.
Read full review It is the most complete solution of these three, as the others are focused in specific areas and having really detailed analysis about threat actors, APT groups, etc. Recorded Future is not having this level of knowledge in really specific areas but doing a really good work covering thousands of sources and the most relevant forums.
Read full review Return on Investment Wasted resource hours cleaning up data to correct erroneous risk score. Extra time spent addressing calls from clients about erroneous risk score data. Extra time validating risk score provided by BitSight Security Ratings for potential vendors to ensure valid data. Read full review Recorded Future crashes my web browser in cases I have to open a web page containing hundreds of IPs. A quick disable feature for a particular tab would be beneficial for someone like me. Read full review ScreenShots