Insights blog.

In recognition of our groundbreaking innovation and true differentiation in serving the IT channel, we’re proud to announce that the Bitsight Peer Analytics solution has been selected as a winner in the CRN 2019 Tech Innovator Awards.

A few weeks ago Google confirmed that there was malware pre-installed on a number of Android devices due to a supply-chain attack. The latest installment was discovered by security researchers from Dr.Web who have been investigating this situation for several years as it was already theorized by security researchers back in July 2017 that these infections originated as part of a supply-chain attack. In this instance, these devices were pre-installed with Triada, a form of Android malware that has been studied and reported on by Kaspersky and most recently Google in its attempt to surface this critical information to users and the wider community.

On May 14th, Microsoft issued a warning about the BlueKeep vulnerability (CVE-2019-0708) affecting Remote Desktop Services Protocol (RDP), a component common in most versions of Microsoft Windows that allows remote access to its graphical interface. This vulnerability, if exploited by an external attacker, will lead to full system compromise, without requiring any form of authentication or user interaction.

Since creating the Security Ratings market in 2011, a core component of Bitsight’s value to users has been providing industry-leading comprehensive visibility into malware communications.

Every day, Bitsight monitors the global threat landscape in a constant effort to identify software that may be placing users and organizations at risk. The presence of malware — or simply potentially unwanted applications — in an organization is an indicator that some security controls may be failing, or that some additional measures should be taken.

Based on security performance data of hundreds of thousands of global organizations, Peer Analytics gives security and risk leaders visibility into the relative performance of their cybersecurity programs against a meaningful set of peers. These analytics help them set achievable performance targets based on their Bitsight Security Rating, effectively allocate limited resources, and efficiently prioritize security efforts with a focus on continuous program improvement.
Peer Analytics provides companies with a more granular view of their security rating. It is based on hundreds or thousands of companies (a broader set of similar organizations) that allow you to see where there are gaps in your security performance: at the ratings level, risk vector grade level, and at the vector detail event level.
Peer Analytics: Analyze, Prioritize, Act
Today, security and risk leaders use Peer Analytics to:

Set achievable security goals based on relative performance withi

This quarter, Bitsight released several new product features that enable organizations to more rapidly assess, prioritize and manage cyber risk. These new capabilities — the Portfolio Risk Matrix and Asset Risk Matrix — leverage Bitsight’s market-leading data to provide risk prioritization, helping customers address the most important risks within their own environment as well as their broader third-party ecosystem.

After years of debate over whether to impose new cybersecurity regulations on companies,  General Data Protection Regulation (GDPR) laws went into effect in Europe in May 2018. Already we’ve seen several data breach victims ordered to pay fines under the new rules and cookie disclosure notices are popping up on more websites than ever. 

When it comes to security performance management within your organization, how do your security teams measure performance? If they’re using security ratings, they know that this objective, quantitative measurement is an effective place to start when evaluating performance in certain areas.

This past Tuesday, Bitsight was named a Leader in The Forrester New Wave™: Cybersecurity Risk Rating Solutions, Q4 2018 evaluation. This report evaluates the current offering and strategy of vendors in a particular technology market, such as security ratings. This is significant, as this is the first analyst report that has a core focus on evaluating security ratings services solutions side-by-side.

On October 9th & 10th, Bitsight will host EXCHANGE, the premier event for security and risk professionals, at the Intercontinental New York Times Square. Over the course of this one-day event, distinguished business and technology leaders will discuss the current and evolving state of cybersecurity, best practices for addressing cyber threats, and how to both prioritize and focus risk management efforts within an organization.

For the last five years, Bitsight Security Ratings have been helping companies gain insight into the efficacy of their security programs, as well as the security performance of third and fourth party vendors. Today, the Bitsight Security Rating platform provides a year’s worth of data on all companies to paint a comprehensive picture of a company’s security posture over time.

Bitsight is moving fast, but we don’t want to sacrifice code quality for speed, which is why tests have always played an important role in our development process. Although we are not doing TDD (Test-driven development), one of the key requirements for doing test heavy development is that the full test suite should be fast. If running all tests takes less than 5 minutes, developers are more likely to run them frequently and keep adding more tests. However, Bitsight's portal application is a bit of a monolith and takes longer than we would like to run test suites.

Over the last several months, members of our product team have been working to aggregate all of Bitsight’s security ratings data and highlight important insights about patterns in data breaches. In fact, Bitsight boasts one of the largest data breach data sets. Of course, this only highlights what data Bitsight has visibility into; with the largest sinkholing infrastructure in the world and the security posture of over 130,000 organizations, we have the most comprehensive view into global breach trends.

On July 12th, eighteen Bitsight employees participated in the Boston Children’s Hospital Corporate Cup. This is an annual event where local Boston companies from across all sectors compete against each other for a good cause: raising one million dollars for the children at Boston Children’s Hospital.