|
By Ben Edwards
Happy New Year! As we usher in a year with some pleasant mathematical properties, I wanted to take a brief look back at one of the stories that was most interesting to me as a security data nerd from last year: our dependency on the National Institute of Standards and Technologies’s (NIST) National Vulnerability Database(NVD), and what the degradation in service has meant to the flow of information about new CVEs. TL:DR.
|
By Stephen Boyer
As security and risk leaders look to the year ahead, they face a rapidly evolving and dynamic set of challenges. The implementation of more stringent cybersecurity standards—such as the U.S. Security and Exchange Commission’s (SEC) rules and the EU’s Network and Information Security Directive 2 (NIS2)—has placed boardroom scrutiny at an unprecedented level.
|
By Greg Keshian
With technology supply chain risks at an all-time high, many governance, risk, and compliance (GRC) teams conduct formal risk assessments as part of their new vendor selection and onboarding processes. Audit-based reporting frameworks like SOC 2 are invaluable to these efforts, as they provide a consistent way to benchmark prospective vendors’ customer data management practices.
|
By Brian Mulligan
The effectiveness of external attack surface management (EASM) and third-party risk management (TPRM) capabilities hinges on the depth, breadth, and timeliness of the underlying data they are based on. For this reason, Bitsight makes a significant ongoing investment in: The introduction of Bitsight’s next-generation data engine enabled many improvements to our capabilities across all of these areas throughout 2024.
|
By Sabrina Pagnotta
The General Data Protection Regulation (GDPR) is a pivotal framework that governs data protection and privacy for individuals within the European Union (EU). Its implications are far-reaching, affecting organizations worldwide that handle EU citizens' data. Understanding and achieving GDPR compliance is essential to avoid substantial penalties and to maintain trust with customers.
|
By Chris Poulin
With all of that background from parts 1, 2, and 3 of this series out of the way, let's turn to some practical considerations for real-world web applications. The inherent security restrictions for resources, including cookies and JavaScript, assume that each website contains all of its functionality in one neat, isolated package. But websites often contain content and functionality from multiple websites that trust each other.
|
By Diogo Ferreira
At the beginning of June 2024, Bitsight TRACE started analyzing a new CISA KEV vulnerability that had just come out, with the goal of creating a detection capability that could be implemented on an Internet-wide scale.
|
By Nicole Matusek
In an era where digital resilience is vital to corporate health, cybersecurity is a critical governance issue. The partnership between Bitsight and Glass Lewis underscores this reality by providing companies with a forward-thinking approach to assessing cybersecurity as part of Environmental, Social, and Governance (ESG) considerations.
|
By Pedro Umbelino
In the spring of 2024, amid growing international concern about supply chain risk and the trust and reliability of technology suppliers, the United States banned Kaspersky Lab, Inc., the Russia-based antivirus company from providing its products to the US market. The ban went into effect on September 30, 2024. What impact has the ban had on US and global usage of Kaspersky? Has it been effective? A new analysis from Bitsight contains some surprising results.
|
By Pedro Falé
Imagine this: you're at home, eagerly waiting for the new device you ordered from Amazon. The package arrives, you power it on, and start enjoying all the benefits of 21st century technology—unaware that, as soon as you powered it on, a scheme was unfolding within this device. Welcome to the world of BADBOX. BADBOX is a large-scale cybercriminal operation selling off-brand Android TV boxes, smartphones, and other Android electronics with preinstalled malware. What does this mean?
|
By BitSight
Instantly summarize valuable insights from SOC 2 reports - through AI - to help assess & onboard vendors more quickly and at scale.
|
By BitSight
At Bitsight, our products empower organizations to make smarter, more secure decisions, helping to create a safer digital world.
|
By BitSight
From day one, Bitsight makes a lasting impression with its welcoming culture, innovative spirit, and a team driven to make an impact.
|
By BitSight
What do lemons and botnets have in common? You’ll have to watch to find out! Check out Ben Edwards in this week’s reel for a fresh take on cyber threats.
|
By BitSight
It's again! And this week, we're spicing up Cybersecurity Awareness Month with a fresh take on software updates. Don’t let outdated tech be the mold on your kohlrabi recipe! Watch now & join us next week for more insights.
|
By BitSight
Are you aware of cybersecurity? Well, October means you should be—it’s Cybersecurity Awareness Month, and Ben Edwards from the Bitsight TRACE security research team is here to make sure of it! Watch Ben break it down in his first video, and tune in next week for more of his insights.
|
By BitSight
When was the last time you checked your blinker fluid? Keeping up with car maintenance is key—but so is understanding ICS security! Ben Edwards is back with another video, and this week he's breaking down vulnerable ATG systems. Don’t miss it! Join us as we continue leading the way to a secure world, one reel at a time.
|
By BitSight
Exposure management tooling can act as an excellent source of truth for cybersecurity leaders as they communicate risk up to the board level. The visibility and data streaming from exposure management solutions makes it easier for CISOs to track security performance over time, quantify improvements in security maturity levels, establish better financial quantification of cyber risk and ensure the organization's exposure levels match up with industry averages.
|
By BitSight
Learn about our Bitsight Professional Services and how they bring a consultative support to the areas that matter most to your organization.
|
By BitSight
Learn about our Continuous Monitoring Service offering where we help organizations manage their third-party ecosystem to prioritize critical vendors, work to collaborate with vendors on remediation plans and to monitor and report on vendor performance over time.
|
By BitSight
Cybersecurity ROI isn't about cost savings. It's about how your cybersecurity program helps you achieve your goals while managing risk to a level that your executive team is comfortable with. So if you shouldn't measure success in cost savings, how do you measure it? BitSight is providing five steps that help CISOs and executive teams evaluate their company's cybersecurity performance.
|
By BitSight
Are you overwhelmed by the intricacies of your attack surface? Concerned about the rising risk of vulnerabilities in your and your partners' digital ecosystems? New BitSight research finds that the average vulnerability remediation rate across organizations is about 5 percent per month, sparking concern that the status quo of exposure and vulnerability management is broken. Moreover, organizations face significant challenges in managing vulnerabilities in their extended, third-party ecosystem, and most security leaders do not have the tools to address these emerging threats.
|
By BitSight
Traditional vendor risk management programs are not effective at mitigating risk in ever-expanding third-party networks, and yet 69% of businesses still rely on manual processes. It's time to take your program to the next level. How can you centralize, automate, and streamline your process to manage hundreds of vendors as effectively as you manage ten? Scalable VRM continuously detects, monitors, and mitigates risk, going beyond due diligence and initial assessments to constantly reassess and proactively act on vendor risk.
|
By BitSight
Stop reacting to cyber risk as it comes. BitSight for Security Performance Management empowers security leaders to strengthen cyber resilience over time with objective, meaningful, and evidence-based metrics. Gain insights, drive decisions, and build confidence with our suite of advanced analytics.
- January 2025 (9)
- December 2024 (10)
- November 2024 (4)
- October 2024 (10)
- September 2024 (8)
- August 2024 (7)
- July 2024 (11)
- June 2024 (8)
- May 2024 (14)
- April 2024 (11)
- March 2024 (6)
- February 2024 (7)
- January 2024 (27)
- December 2023 (4)
- November 2023 (7)
- October 2023 (10)
- September 2023 (11)
- August 2023 (16)
- July 2023 (16)
- June 2023 (13)
- May 2023 (17)
- April 2023 (20)
- March 2023 (7)
- December 2022 (2)
- August 2022 (2)
- July 2022 (8)
Bitsight is a cyber risk management leader transforming how companies manage exposure, performance, and risk for themselves and their third parties. Global enterprises, governments, and organizations rely on Bitsight to prioritize their cybersecurity investments, build greater trust within their ecosystem, and reduce their chances of financial loss. When unrelenting market pressure pushes organizations to uncertainty and caution, they turn to Bitsight to confidently navigate cyber risk and grow with confidence.
Bitsight's universally recognized risk standard and market-leading data provides actionable insights into how companies set and manage to standards and report results to internal and external stakeholders. Built on over a decade of technological innovation, Bitsight's integrated solutions deliver value across enterprise security performance, digital supply chains, cyber insurance, and data analysis.
Bitsight is on a mission to free the global economy from the material impact of cyber incidents.