BitSight in Cambridge, Massachusetts offers an Internet security platform.
N/A
Qualys TruRisk Platform
Score 6.0 out of 10
N/A
Qualys TruRisk Platform (formerly Qualys Cloud Platform, or Qualysguard), from San Francisco-based Qualys, is network security and vulnerability management software featuring app scanning and security, network device mapping and detection, vulnerability prioritization schedule and remediation, and other features to provide vulnerability management and network attack surface reduction.
N/A
Pricing
BitSight Security Ratings
Qualys TruRisk Platform
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
BitSight Security Ratings
Qualys TruRisk Platform
Free Trial
No
No
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
—
—
More Pricing Information
Features
BitSight Security Ratings
Qualys TruRisk Platform
Threat Intelligence
Comparison of Threat Intelligence features of Product A and Product B
BitSight Security Ratings
-
Ratings
Qualys TruRisk Platform
8.7
Ratings
9% above category average
Network Analytics
00 Ratings
8.90 Ratings
Threat Recognition
00 Ratings
8.30 Ratings
Vulnerability Classification
00 Ratings
8.80 Ratings
Automated Alerts and Reporting
00 Ratings
9.00 Ratings
Threat Analysis
00 Ratings
8.20 Ratings
Threat Intelligence Reporting
00 Ratings
8.90 Ratings
Automated Threat Identification
00 Ratings
8.70 Ratings
Vulnerability Management Tools
Comparison of Vulnerability Management Tools features of Product A and Product B
If you are considering BitSight Security Ratings as a portion or bulk of a larger vendor management project you will be well served in letting the risk scores be an indication of how closely you need to examine a vendor. However, you should not base your assessment solely on the risk score provided. The risk score is based on publicly available data and can be inaccurate.
It is well suited for environments that are looking for a solution that is top notch for vulnerability scanning, and is the most accurate at doing so. It would also fit environments that have a lot of endpoints to scan or like to have scanning done on an automatic basis. It is less appropriate in environments that want to use a platform right away, without getting training in how to use it, or reading documentation on the product.
Since data is based on public registration IP and domain data can be stale depending on ISP/Domain registration update delays.
Correcting a false detection is a month-long endeavor and requires the company with the impacted score to clean up BitSight's data.
Customer service for incorrect data is convoluted and requires a deep understanding of domain registration to correct the data. The responsibility for correcting data is placed solely on the customer's shoulders.
Again, the usability of Qualys has been a pinpoint for this entire review. It was easily the worst thing about the product and because of this, I would not recommend Qualys to anybody in my field. This should be something that Qualys strives to improve if they wish to stay in business.
They had a support page within the WAS to report any concerns or seek help. But the UI of that is not smooth. Regardless support staff were pretty responsive and helpful. They scheduled calls to understand and address our problems. Email support is good as well.
BitSight Security Ratings ranks evenly with SecurityScorecard and both below OneTrust for our use case. We needed a platform that would let us define risk for our organization and weight scores differently based on data sensitivity. BitSight and SecurityScorecard are aggregate data that can provide insight into the security habits of a potential vendor and should be considered as an addition to most vendor management projects. However, they both provide metrics based on hygiene and not on data-defined risk. In concert with a platform to evaluate risk based on data and to inform the overall evaluation of a vendor, BitSight Security Ratings can be made to shine. Just understand that you may have to validate some data.
We find that Nessus is a great product, on par if not slightly better compared to Qualys in terms of their pricing model. However, Qualys Cloud Platform has better quality reporting, and offers great tips and suggestions on quickly closing a gap and eliminating the risk. In our organization, both products are great and meet our expectations, but due to pricing, we favor Nessus slightly more.
The most important thing that happens with this program is to automate one hundred percent the security of my system since this program is in charge of supervising each of the applications and websites in detail.
One of the purposes for which we trust Qualys Cloud Platform is to keep our system clean and secure; the ability of this software to manage our vulnerability makes us more cautious about working with it.