Bitsight Reviews & Product Details

What I like best about BitSight is that it gives companies a simple daily "security score" like a credit score for cyber risk.

It watches your own systems and your vendors from the outside without bothering anyone, spotting problems early.

This makes it super easy to fix the biggest risks first and keep everyone safer. It is easy to use. Review collected by and hosted on G2.com.

Bitsight can be laggy sometimes, also the scoring mechanism is not transparent Review collected by and hosted on G2.com.

The organization of vulnerability findings by severity, risk vector, type of vulnerability makes it helpful to organize and report on your vulnerabilities. Many findings have been from areas we either didnt know about, or never knew were vulnerable. While the GUI interface is extremely well organized and easy to use, I found it quite helpful using the Bitsight API structure to pull finding totals by Risk Vector, Grade, etc into a spreadsheet that gets regularly updated every few hours. Bitsight has not only helped our company's security posture, but also helped in my knowledge of website construction on a deeper level than I previously had, and Ive been in this field as a developer and a security analyst for over 30 years. Of all the security tools we employ here, Bitsight is probably my preferred tool to use. I find it challenging and easy at the same time.

I find the customer support team an excellent resource. In my 4 years of working with them now, Im sure Ive aggrivated them to no degree with my relentless questions and requests. But they are always there and willing to help me.

I use Bitsight everyday. Its part of my job. I consider it to be my 3rd arm. The loss of this tool would be a significant change in my career. Review collected by and hosted on G2.com.

As helpful as it can be, at times there are areas that can be improved as well. Bitsight isnt as always as thorough as it could be. While it does in depth scanning of many of our external resources. there are several with the same vulnerabilities that seemingly get overlooked. Or its like one group of findings gets found one month.. two months later, another group is found with the same vulnerabilities. Also Id love to see a bit more transparency about the formulas used in calculating grades, and RV scores.

Lately, my use of customer support has been not as frequent as their response time has dropped off a bit. Where I used to get responses to questions within a few hours to a day.. now it seems many questions go several days before they get a first response. Review collected by and hosted on G2.com.

BitSight delivers strategic insights that go far beyond traditional scoring. As consultants, we leverage its continuous monitoring, benchmarking, and cyber intelligence capabilities to build truly risk-informed roadmaps. The addition of Identity Intelligence and dark web monitoring has significantly raised the bar in threat visibility — helping our clients act faster and smarter. Review collected by and hosted on G2.com.

While the platform is powerful, there’s room for improvement in real-time customization and GRC-native integrations. Advanced users may also wish for more granular control when correlating findings with internal telemetry. That said, the platform continues to evolve fast — and the partnership and roadmap discussions with BitSight have been outstanding. Review collected by and hosted on G2.com.

Have been using it for around 5 years and it's a must have tool for us since its used on more than a weekly basis. Has been a great tool since the start and has been growing with bigger and better features in this time keeping up to date with current needs.

The interface is very user friendly and intuitive, with implementation being fast for most use cases and integration to our workflow has been great as well. I have a great response time from support team. Review collected by and hosted on G2.com.

As is usual with these types of platforms, false positives are always something negative that's not really all BitSight's fault at times, but it could be better, specifically with risk vectors related to web app and web headers security settings. Review collected by and hosted on G2.com.

There are two main features that assist us. The first to be able to monitor our risk posture from an external perspective and compare ourselves with other like businesses. The other which is currently very important is the ability to monitor our Thirds Parties and be able to make risk based decisions on whether we do business with them. This is important due to APRA 230 requirements Review collected by and hosted on G2.com.

At the moment there are some limitations in how we can configure alert emails. Review collected by and hosted on G2.com.

BitSight provides our team an outside-in view of our security posture. The daily security ratings are easy to track and give clear insight into areas like potential compromised systems, risky behavior, and probable past incidents. As part of our multi-layered security strategy, BitSight adds a unique layer of visibility that complements our internal tools, helping us with potential blind spots and external risks that we might otherwise miss. I especially like the Ratings Tree as it breaks down risk across different business units so we can quickly pinpoint where to focus our efforts. It doesn’t replace our internal monitoring or detection tools, but its part of our multi-layered defense where BitSight provides an essential external perspective that strengthens our overall defense and helps us communicate and prioritize cybersecurity with leadership. Further Luisa from the CS team is an amazing contact and so is Ciaran; with both of them we're confident we're getting the services that we need without waiting days for a reply. Its also easy to implement and integrate. Review collected by and hosted on G2.com.

It's good for us. So nothing I can think of at the moment. Review collected by and hosted on G2.com.

What I appreciate most about BitSight is its ability to provide findings across all domains based on WHOIS records. It also delivers detailed insights on web application headers, DMARC, DKIM, SSL configurations, and SSL certificates. Review collected by and hosted on G2.com.

Occasionally, BitSight reports incorrect findings for domains that do not have DNS records. Review collected by and hosted on G2.com.

I have found the most value in two things :

1) The findings table which combines asset discovery with EASM to provide a solid list of issues to be reviewed and addressed

2) The 3rd Party cyber risk module which allows me to compare my overall security posture with similar companies in my vertical. Review collected by and hosted on G2.com.

I understand why it is this way, but sometimes it takes a long time to change the security "score" after I've made positive improvements to my company's security posture. Alot of work goes in to implementing the fixes and it can take a long time to see the benefit. Review collected by and hosted on G2.com.

Positive Bitsight CM List: - Bitsight Scan - Risk Vectors - Asset Distribution - Security Rating - Security Incidents - Ratings Tree - Findings - PDF Report flexibility - Alerts and notifications Review collected by and hosted on G2.com.

Negative Bitsight CM List: - Collaboration (EVA) - there was some issues with getting vendors access to SPM, but I think it's been fixed since. However, I don't think it's always clear to vendors how to access the SPM when we send them the EVA invitation. If there was a tip sheet or another document available to explain what SPM is giving them and what they can do with the data provided with the access. Review collected by and hosted on G2.com.

Bitsight provides clear, data-driven security ratings that help benchmark our organization’s cybersecurity posture and evaluate third-party vendors. The intuitive dashboards and detailed analytics allow for quick risk assessments and informed decision-making.

Data Transparency: The platform provides visibility into the specific risk vectors affecting the rating, allowing our team to prioritize mitigation efforts.

Regulatory Alignment: Bitsight’s reports are helpful for communicating risk posture to stakeholders and auditors.

Responsive Support: Their support staff is knowledgeable and responsive, helping us quickly resolve questions and get the most from the tool. Review collected by and hosted on G2.com.

Until recently, the remediation timeline for reflected improvements in the score can be slow, even after fixing identified issues. This sometimes creates a disconnect between our internal posture and the external rating. Review collected by and hosted on G2.com.