BitSight Security Ratings

Simplifying vendor risk management through continuous risk monitoring

www.bitsighttech.com

Agenda

www.bitsighttech.com 2

1. Current Challenges

2. BitSight Security Ratings

3. Use Cases

4. Why BitSight

5. Business Value

6. Next Steps

Today’s IT and Risk Teams Face Daunting Numbers…

*Kaspersky Lab, 2016**Identity Theft Resource Center Breach Report, 2016***Center for Strategic and International Studies, Net Losses: Estimating the Global Cost of Cybercrime Economic impact of cybercrime II****Bomgar/CSO, 2016 Vendor Vulnerability Index

www.bitsighttech.com 3

323K

$375~575B

581

89

69%

66%

new malware files detected per

day in 2016*

confirmed major data breaches in 2015

5,000+ confirmed breaches since 2005**

cybercrime losses annually***

different vendors access the average company's network

weekly****

of companies definitely or possibly suffered a third party

security breach in the past year****

of IT “decisions makers” don’t know how many vendors

have access to their networks****

• Objective

• Verifiable

• Actionable

• Intuitive

What If…

www.bitsighttech.com 4

• Continuous

• Scalable

• Cost-effective

• Public record-based

…you could quantify

security risks as easily as

looking up a consumer

credit rating?

BitSight Security Ratings

Translating complex

cybersecurity issues into

simple business context

• Data-driven rating of security

performance

• Non-intrusive SaaS platform

• Continuous monitoring

www.bitsighttech.com 5

BASIC

250 - 640

INTERMEDIATE

640 - 740

ADVANCED

740 - 900

Superior Depth, Breadth and Quality

www.bitsighttech.com 6

“TransUnion trusts BitSight to

deliver the most accurate,

transparent and verifiable

security ratings in the industry.”

Jasper Ossentjuk

SVP and CISO, TransUnion

Ratings assigned based on

• Compromised Systems

• Security Diligence

• User Behavior

• Data Breaches

Network Maps for 72,000+ companies

• Automated & hand validated

• ~500 customer requests added weekly

• Owned IP addresses, domains, etc.

50+B security events gathered globally and processed

daily. Extensive quality checks to assess severity,

frequency, and duration of issues.

Addressing the Spectrum of Today’s Most Pressing

Risk and Security Needs

www.bitsighttech.com 7

VENDOR RISK MANAGEMENT

• Continuously Monitor

• Collaborate with Vendors

• Screen Prospective Vendors

BENCHMARKING

• Establish a Baseline

• Monitor and Remediate

• Report to the Board

MERGERS & ACQUISITIONS

• Conduct Due Diligence

• Onboard Acquisitions

• Manage the Portfolio

CYBER INSURANCE

• Underwrite Cyber Insurance

• Aggregate Risk

• Monitor the Book of Business

SIEM

Data

Room

Risk

Model

GRC

BitSight: The Trusted Brand

www.bitsighttech.com 8

80

7

650

3

3

Fortune 500 Companies leverage

BitSight in their security programs

enterprise customers worldwide and

across all major industries

of the top 10 global cyber insurers

use BitSight to make underwriting

decisions

of the top 5 investment banks

use BitSight for Vendor Risk Management

of the Big 4 accounting firms use BitSight - one

firm has attested to the ratings methodology

The world’s largest security rating

ecosystem

Leading Organizations Using BitSight

www.bitsighttech.com 9

BitSight is “well on its way to being as widely recognized as a Moody’s or S&P ratings for the information security space.” (Gartner)

Why Customers Choose BitSight

10www.bitsighttech.com

Trusted Time-tested Actionable

x1

x2

x3

x4

x5

< 400 400-500 500-600 600-700 > 700

Third-party-validated breach to

rating correlation

Possib

ility

of

Public

Bre

ach

650

Third parties

Customers sharing

ratings with

72,000

6Years of data analysis

and rating platform

enhancements.

The Proven Business Value of Security Ratings

www.bitsighttech.com 11

1. Make more informed decisions

at scale.

1. Focus limited resources in the

riskiest places.

1. Enable consistent, data-driven

security and risk conversations.

1. Reduce exposure to data

breach.

“It used to take weeks to complete vendor assessments.Now it takes us hours. BitSight Security Ratings facilitatesecurity discussions with potential vendors. It’s anintegral part of our vendor risk management program.”

MICHAEL CHRISTIAN

Information Security Manager of Cyber Risk & Compliance

Cabela’s

Next Steps

www.bitsighttech.com 12

125 CambridgePark Drive, Suite 204Cambridge, MA. 02140

info@bitsighttech.comFrank.weisel@bitsighttech.com

+491728337342

Action Based on Vendor Tier and Security Rating

900

740

640

250

Bit

Sig

ht

Se

cu

rit

y R

ati

ng

Vendor Risk Tiering & Segmentation

Do Nothing Do Nothing Monitor Monitor

Do Nothing Monitor Monitor Respond

Monitor Monitor RespondRespond /

Intervene

4 3 2 1

In this example, Tier 1 denotes the

most critical vendor. Tiers may vary

depending on the company.