The Bitsight Security Rating is a powerful tool used by security and risk leaders to assess, monitor, prioritize, and communicate cyber risk. It provides an objective, data-driven lens to view the health of an organization’s cyber security program.
It’s more than a security rating. It’s a cyber risk story.
What is the Bitsight security rating?
Who uses security ratings.
From boardrooms to credit agencies, insurers to regulators, compliance officers to SOC analysts, Bitsight Security Ratings are woven into the fabric of global commerce. Cyber risk IS business risk. And the Bitsight Security Rating is the universal language used to communicate it.
Categories of Risk
Bitsight categorizes cyber risk data into four primary categories as part of the collection and verification process.
It's not only you. Your vendor risk matters.
The enterprise attack surface doesn’t end at the corporate firewall. As integration with more vendors accelerates, so too does the risk. The Bitsight Security Rating helps leaders see and take action on the third parties that introduce exposure for the enterprise.
See what others see.
How the Bitsight Security Rating is created.
Collect and Aggregate
We ingest over 400 billion events every day into Bitsight’s Cyber Risk Analytics Engine, leveraging a variety of tools and techniques including:
- Crawlers
- Sinkholes
- P2P network monitoring
- Honeypots
- BitTorrent monitoring
- Spam traps
- Darknet traffic monitoring
Our data collection methods continuously evolve to help you outpace the expanding threat landscape.
Map and Attribute
We then meticulously map our findings to entities to accurately build an organization’s network footprint. This includes:
- Company relationships
- Asset mapping
- IP and CIDR block mapping
- DNS mapping
- IP address mapping
- Subsidiary attribution
We monitor over 40 million organizations and maps 1 million entities.
Weight and Grade
Our threat research analysts apply a combination of artificial intelligence (AI) and human intelligence (HUMINT) to assess across risk vectors that have a known correlation to breach. We review things like:
- Botnet infections
- Spam infections
- Malware server
- PUPs , PUAS
- Pathing cadence
- TLS and SSL certificate config
- Open ports
- Software versioning
Calculate Rating
The final step is to communicate risk through a simple-to-consume rating on a scale from 300-820, analogous to a credit score. Letter grades are provided as well to provide an understanding of how a company is performing in each risk vector.
What makes the Bitsight Rating so special?
Bitsight data is independently verified to correlate with an organization’s risk of a security incident or data breach. See reports by AIR Worldwide, IHS Markit, and Moody’s Analytics, demonstrating this critical connection.