BitSight Technologies, a company that recently got $24 million (€18 million) in a Series A funding round, has launched a new cyber security risk rating service that enables organizations to assess the effectiveness of their IT security.
The SaaS offering, called the BitSight Partner SecurityRating, offers daily objective ratings based on externally visible network behavior. This allows organizations to be able to better protect their own and their customers’ data, particularly the one shared with third parties.
The key benefits of this offering are up-to-date partner ratings, timely alerts and in-depth analytics.
“Traditional approaches to measuring and mitigating partner security risk, including network security audits and assessments, have fallen short,” commented Stephen Boyer, co-founder and CTO of BitSight.
“These methods fail to deliver an objective and simple way to understand the effectiveness of an organization's network security practices. BitSight Partner SecurityRating delivers a single, daily rating that encapsulates the information security integrity of any third-party network, allowing customers to make data-driven, risk-based decisions.”
The risk rating service is based on online sensors placed at strategic locations throughout the Web. The platform collects and analyzes the organization’s incoming and outgoing traffic in an effort to identify suspicious behavior.
If distributed denial-of-service (DDOS) traffic or botnet activity is identified, it’s analyzed for frequency, severity and duration. Based on these factors, an overall rating is generated.
One benefit of this system is the fact that the ratings are delivered from the outside, which means that no special disclosures are required and there’s no need to conduct any intrusive testing.
“BitSight's unique, data-driven approach to information security rating provides organizations with valuable insight to more confidently mitigate risk,” noted Charles J. Kolodgy, research vice president of security products for IDC. “On a broader scale, it should also help the industry reduce the overall number of third-party data breaches.”