BitSight in Cambridge, Massachusetts offers an Internet security platform.
N/A
Recorded Future Intelligence Cloud
Score 9.7 out of 10
N/A
Recorded Future is an intelligence company. Its Intelligence Cloud provides coverage across adversaries, infrastructure, and targets. Combining persistent and pervasive automated data collection and analytics with human analysis, Recorded Future provides visibility into the digital landscape, enabling countries and organizations to take proactive action to disrupt adversaries.
N/A
Pricing
BitSight Security Ratings
Recorded Future Intelligence Cloud
Editions & Modules
No answers on this topic
No answers on this topic
Offerings
Pricing Offerings
BitSight Security Ratings
Recorded Future Intelligence Cloud
Free Trial
No
No
Free/Freemium Version
No
No
Premium Consulting/Integration Services
No
No
Entry-level Setup Fee
No setup fee
No setup fee
Additional Details
—
—
More Pricing Information
Community Pulse
BitSight Security Ratings
Recorded Future Intelligence Cloud
Features
BitSight Security Ratings
Recorded Future Intelligence Cloud
Threat Intelligence
Comparison of Threat Intelligence features of Product A and Product B
If you are considering BitSight Security Ratings as a portion or bulk of a larger vendor management project you will be well served in letting the risk scores be an indication of how closely you need to examine a vendor. However, you should not base your assessment solely on the risk score provided. The risk score is based on publicly available data and can be inaccurate.
Recorded Future is mainly beneficial to the SOC. As part of the Monitoring team, Recorded Future makes the investigation of the alarms a lot easier for me. It can show the reputation of the IP/domain or even hashes which helps me redirect my focus to potentially malicious network activities.
Since data is based on public registration IP and domain data can be stale depending on ISP/Domain registration update delays.
Correcting a false detection is a month-long endeavor and requires the company with the impacted score to clean up BitSight's data.
Customer service for incorrect data is convoluted and requires a deep understanding of domain registration to correct the data. The responsibility for correcting data is placed solely on the customer's shoulders.
For the Browser extension, since the main purpose is to present information with regards to the IP, I think it's best to give us an idea of where the IP originated/some additional information about the organization it belongs to.
I've had an issue with their browser-plugin which didn't want to authenticate correctly. RF's support could arrange for a session with me and identify and solve the issue. I was very pleased how serious they took my problems and also how knowledgeable they are.
If I have more general questions they quickly reply and most likely also have a solution at hand.
BitSight Security Ratings ranks evenly with SecurityScorecard and both below OneTrust for our use case. We needed a platform that would let us define risk for our organization and weight scores differently based on data sensitivity. BitSight and SecurityScorecard are aggregate data that can provide insight into the security habits of a potential vendor and should be considered as an addition to most vendor management projects. However, they both provide metrics based on hygiene and not on data-defined risk. In concert with a platform to evaluate risk based on data and to inform the overall evaluation of a vendor, BitSight Security Ratings can be made to shine. Just understand that you may have to validate some data.
It is the most complete solution of these three, as the others are focused in specific areas and having really detailed analysis about threat actors, APT groups, etc. Recorded Future is not having this level of knowledge in really specific areas but doing a really good work covering thousands of sources and the most relevant forums.
We've been able to identify leaked credentials and close those accounts off.
We've also been able to identify malware being distributed or spam being sent out by customers using our infrastructure. Again we could shut off those accounts.
Their domain-monitoring allows us to identify typo-squats and issue domain-takedowns for those (or at least add them to our monitoring / detection)