BitSight Security Ratings
Simplifying vendor risk management through continuous risk monitoring
www.bitsighttech.com
Agenda
www.bitsighttech.com 2
1. Current Challenges
2. BitSight Security Ratings
3. Use Cases
4. Why BitSight
5. Business Value
6. Next Steps
Today’s IT and Risk Teams Face Daunting Numbers…
*Kaspersky Lab, 2016**Identity Theft Resource Center Breach Report, 2016***Center for Strategic and International Studies, Net Losses: Estimating the Global Cost of Cybercrime Economic impact of cybercrime II****Bomgar/CSO, 2016 Vendor Vulnerability Index
www.bitsighttech.com 3
323K
$375~575B
581
89
69%
66%
new malware files detected per
day in 2016*
confirmed major data breaches in 2015
5,000+ confirmed breaches since 2005**
cybercrime losses annually***
different vendors access the average company's network
weekly****
of companies definitely or possibly suffered a third party
security breach in the past year****
of IT “decisions makers” don’t know how many vendors
have access to their networks****
• Objective
• Verifiable
• Actionable
• Intuitive
What If…
www.bitsighttech.com 4
• Continuous
• Scalable
• Cost-effective
• Public record-based
…you could quantify
security risks as easily as
looking up a consumer
credit rating?
BitSight Security Ratings
Translating complex
cybersecurity issues into
simple business context
• Data-driven rating of security
performance
• Non-intrusive SaaS platform
• Continuous monitoring
www.bitsighttech.com 5
BASIC
250 - 640
INTERMEDIATE
640 - 740
ADVANCED
740 - 900
Superior Depth, Breadth and Quality
www.bitsighttech.com 6
“TransUnion trusts BitSight to
deliver the most accurate,
transparent and verifiable
security ratings in the industry.”
Jasper Ossentjuk
SVP and CISO, TransUnion
Ratings assigned based on
• Compromised Systems
• Security Diligence
• User Behavior
• Data Breaches
Network Maps for 72,000+ companies
• Automated & hand validated
• ~500 customer requests added weekly
• Owned IP addresses, domains, etc.
50+B security events gathered globally and processed
daily. Extensive quality checks to assess severity,
frequency, and duration of issues.
Addressing the Spectrum of Today’s Most Pressing
Risk and Security Needs
www.bitsighttech.com 7
VENDOR RISK MANAGEMENT
• Continuously Monitor
• Collaborate with Vendors
• Screen Prospective Vendors
BENCHMARKING
• Establish a Baseline
• Monitor and Remediate
• Report to the Board
MERGERS & ACQUISITIONS
• Conduct Due Diligence
• Onboard Acquisitions
• Manage the Portfolio
CYBER INSURANCE
• Underwrite Cyber Insurance
• Aggregate Risk
• Monitor the Book of Business
SIEM
Data
Room
Risk
Model
GRC
BitSight: The Trusted Brand
www.bitsighttech.com 8
80
7
650
3
3
Fortune 500 Companies leverage
BitSight in their security programs
enterprise customers worldwide and
across all major industries
of the top 10 global cyber insurers
use BitSight to make underwriting
decisions
of the top 5 investment banks
use BitSight for Vendor Risk Management
of the Big 4 accounting firms use BitSight - one
firm has attested to the ratings methodology
The world’s largest security rating
ecosystem
Leading Organizations Using BitSight
www.bitsighttech.com 9
BitSight is “well on its way to being as widely recognized as a Moody’s or S&P ratings for the information security space.” (Gartner)
Why Customers Choose BitSight
10www.bitsighttech.com
Trusted Time-tested Actionable
x1
x2
x3
x4
x5
< 400 400-500 500-600 600-700 > 700
Third-party-validated breach to
rating correlation
Possib
ility
of
Public
Bre
ach
650
Third parties
Customers sharing
ratings with
72,000
6Years of data analysis
and rating platform
enhancements.
The Proven Business Value of Security Ratings
www.bitsighttech.com 11
1. Make more informed decisions
at scale.
1. Focus limited resources in the
riskiest places.
1. Enable consistent, data-driven
security and risk conversations.
1. Reduce exposure to data
breach.
“It used to take weeks to complete vendor assessments.Now it takes us hours. BitSight Security Ratings facilitatesecurity discussions with potential vendors. It’s anintegral part of our vendor risk management program.”
MICHAEL CHRISTIAN
Information Security Manager of Cyber Risk & Compliance
Cabela’s
Next Steps
www.bitsighttech.com 12
125 CambridgePark Drive, Suite 204Cambridge, MA. 02140
[email protected]@bitsighttech.com
+491728337342
Action Based on Vendor Tier and Security Rating
900
740
640
250
Bit
Sig
ht
Se
cu
rit
y R
ati
ng
Vendor Risk Tiering & Segmentation
Do Nothing Do Nothing Monitor Monitor
Do Nothing Monitor Monitor Respond
Monitor Monitor RespondRespond /
Intervene
4 3 2 1
In this example, Tier 1 denotes the
most critical vendor. Tiers may vary
depending on the company.