Bitsight

Continuous monitoring of cyber security risks

This article describes how you can activate and use BitSight data on the 3rdRisk platform. To activate BitSight, you need to have a valid BitSight subscription. Please contact us if you want to know more about the subscription models.

BitSight

As one of the world’s leading Security Rating Service for third-party cyber risk assessment, BitSight enables organizations to improve cyber security and risk management throughout the vendor lifecycle. BitSight Security Ratings are a proven cyber security assessment tool, providing a dynamic measurement of each vendor’s cybersecurity posture based on objective, verifiable data. Through continuous monitoring and assessment – including attack surface monitoring, cyber risk monitoring, and cloud security monitoring – BitSight helps organizations make faster, more strategic decisions about third-party cyber security risk management and cybersecurity policy.

Benefits

The BitSight integration offers several benefits for your TPRM process:

  • Enrich information provided in due diligence assessments with BitSight ratings.
  • Inform your inherent risk management process with independent BitSight ratings.
  • Get real-time alerts when the BitSight rating drops, which enables you to timely initiate action in case of a threat or incident.

Activation

3rdRisk platform users with admin rights can activate BitSight in the Integration section.

1. Go to the Integrations page

2. Go to the External ratings tab

3. Go to the BitSight section

4. Insert your BitSight API token

5. Press the Save button.

Enabling/disabling monitoring

After activating BitSight within the 3rdRisk platform, you have to decide which third parties you want to put under monitoring. This usually depends on the number of third-parties that you can monitor within your BitSight subscription. You can enable or disable monitoring of a third-party in the third-party catalog.

6. Go to Third-parties and then Catalogue

7. Click Edit third-party in the actions column

8. Go to the field Website. Make sure the website is provided.

9. Scroll down to Integrations and click on the search icon

10. Select the right entity that you want to monitor by BitSight

11. Press Save selected company

In the Catalogue an additional column "Bitsight rating" will be added showing the BitSight rating of the third-parties that you have put under monitoring.

Functionalities

The 3rdRisk BitSight integration gives you real-time insight into the cyber security level of your third parties.

BitSight ratings in third-party catalogue
In the third-party catalogue, you will see the BitSight ratings of the third parties that you have put under BitSight monitoring. When you hover over the BitSight rating, you will see a pop-up with a brief explanation of the rating.

When you click on the BitSight rating in the third-party catalogue, you will get pop-up that shows you all the details related to the rating.* It includes a direct link to the BitSight portal in which you can find even more details.

3rdRisk dashboard
The platform's dashboard comes with a default widget containing the BitSight score. If a rating changes, it will be shown in the widget. This includes the change (e.g. a drop of 20 points) including the new rating.

Alerts and notifications

When the BitSight rating drops, you will get an instant notification by the platform's virtual officer. There are two BitSight-related alerts:

  • A slight decrease of the BitSight rating of a third-party
  • A significant decrease of the BitSight rating of a third-party

In both situations, the virtual officer will ask you if you would like to see the BitSight panel. In case of a significant decrease of the BitSight rating, the virtual officer will ask you whether an assessment should be initiated to the third-party.