Accelerating Rating Updates Post-Remediation with Bitsight Groma

Thousands of organizations globally rely on the Bitsight Security Rating to prioritize their internal security efforts and ensure that third-party vendors meet their security commitments. While this is a highly strategic activity, progress is often measured in incremental steps as individual security findings are remediated over time. Reflecting the impact of these remediation efforts in the Bitsight Security Rating as quickly as possible helps build critical momentum while ensuring that organizations always have an up-to-date view of their risk posture.

This is one of the many areas where Bitsight Groma, our next-generation Internet scanning technology, is enabling powerful new product capabilities. Today, we’re pleased to preview a new example of this that we think Bitsight customers will be very excited about: Dynamic Remediation.

Dynamic Remediation will greatly accelerate the impact of customers’ remediation efforts on their Bitsight Security Rating, while also giving them more direct feedback over the refresh process for their assets and findings.

Key Takeaways

Bitsight Groma gives Bitsight substantially more speed, coverage, and flexibility with its ongoing Internet scanning activities.
The Dynamic Remediation initiative will take advantage of this architecture to make remediated findings immediately impactful to the affected customer’s Bitsight Security Rating.
This will happen automatically as part of Groma’s continuous scanning, or customers may initiate an immediate rescan for specific findings through the Bitsight portal.
Dynamic Remediation will be introduced in phases beginning in February 2025.

Enabling innovation with Bitsight Groma

In July, we shared an update on how we are using Bitsight Groma to enable behind-the-scenes benefits across Bitsight’s product offerings.

Three important themes of these efforts are:

Broadening and accelerating the security observation process
Completing rescans on existing findings faster
Gaining more flexibility to address customer feedback and suggestions

For example, the centerpiece of our 2024 Ratings Algorithm Update (RAU) was a reduction of the lifetime of Patching Cadence findings from 300 days to 90 days. This update, which Groma helped enable, was well-received by our customers, since their progress in this important area is now reflected in their Bitsight Security Rating much faster from the time that improvements are observed.

Now, Dynamic Remediation is our latest effort to make the Bitsight Security Rating more responsive to customers’ day-by-day progress with risk reduction.

Impact your Bitsight Security Rating instantly with Dynamic Remediation

Dynamic Remediation is a new capability that is coming soon to Bitsight’s Security Performance Management (SPM) and Third-Party Risk Management (TPRM) products. As customers and their third-party vendors remediate security findings on an ongoing basis, Dynamic Remediation will provide feedback of success or failure immediately and reflect these efforts in the affected organization's Bitsight Security Rating with the next daily update.

After remediation, request a rescan of findings and see immediate results

This provides two important benefits to Bitsight customers:

Their Bitsight Security Rating will be an even more up-to-date snapshot of their current risk posture.
Tracking and follow-up on security findings and remediation–internally and with third-parties–will be greatly simplified.

Immediate Rating Impact

The most notable impact of Dynamic Remediation is that whenever a finding surfaced by Bitsight is observed to be remediated, the negative impact of the finding on the organization’s Bitsight Security Rating will cease the next time that the rating is updated. This applies whether the issue is corrected or the risk is mitigated by taking the affected asset offline.

This change, combined with the fact that Bitsight Groma scans the Internet continuously, means that customers’ remediation efforts will be reflected in their security rating significantly faster.

Instant Rescan Option

While Groma scans the Internet and gathers most up-to-date telemetry continuously, customers may want to expedite the rescan process for specific remediated findings in certain situations. For this reason, we’re also introducing a new instant rescan option in the findings as part of the Dynamic Remediation.

This will allow Bitsight users to select findings–individually or in batches–and request an immediate rescan with a simple button click. This will initiate a prioritized scan by Groma, and the scan results will be graded and displayed to the user quickly after they request the scan. The Bitsight Security Rating will incorporate the results of the rescan at the next available rating update.

Phased rollout timing

The accelerated rating impact will be available to all customers of Bitsight’s SPM and TPRM offerings at no additional cost. This feature will be rolled out in phases focused on individual risk vectors beginning in February 2025.

We will provide additional updates as the rollout progresses. In the meantime, please feel free to contact your customer success manager to discuss how your organization can take advantage of this exciting new capability in the coming months.

Dynamic Remediation is a direct result of our ongoing dialogue with customers, and we appreciate the valuable feedback and insights that guided our efforts with this initiative. We’re excited to turn this idea into a reality over the coming months and collaborate on additional ways to unlock new customer value from Bitsight’s products in the coming year.

Learn more about how Bitsight Groma continuously monitors the entire internet to provide a near real-time view of connected assets and entities.

Bitsight Named a Leader in the Forrester Wave™: Cybersecurity Risk Ratings Platforms, Q2 2024

Get The Report