IT security is a moving target: Just when you think you have all the holes covered, a new one pops up. Then security pros cover that one.
But how is the organization performing over time and against its peers?
A Massachusetts risk management company has a new service it says can answer that question. BitSight Technologies, which sells a cloud-based IT security ratings service allowing organizations to rate suppliers who connect to their networks, now offers a benchmark scoring service.
The idea, says co-founder and chief technology officer Stephen Boyer, is that CSOs and CIOs can see how they are doing against any company they want to be measured against.
Formed in 2011, BitSight pulls in malicious Internet traffic daily from around the world flowing out from organizations – data being sent by botnets and other malware to command and control servers. Data is classified by type (spam, DDoS, unsolicited communications).
In short, it ranks organizations by external measurement.
It has petabytes of data stored — some of it as far back as three years on organizations with poor IT security. The data can show how much has been flowing out of an organization, for how long, and how long it took for detection and remediation.
The resulting report helps guide management and boards of directors in deciding how IT security is performing.
The original Security Ratings service looked at an organization’s partners and suppliers and aimed at security pros, risk managers and insurers. Boyer said he has Canadian financial services and telcos as customers.
Security Ratings for Benchmarking compares an organization against its peers, or, against any other company the customer wants. A retailer for example, may want to benchmark not merely against the best in the industry but against the financial services industry.
Boyer didn’t detail pricing of the benchmarking service, which includes comparison with five organizations, except to say it is on an annual subscription basis. More than five companies costs extra.
Subscribers to the benchmark service can log into a dashboard to see ongoing results. There are also regular reports includes details on the subscriber’s own organization, such as events, ports and IP addresses, so issues can be addressed (these details aren’t available for third parties). The reports can be exported to a PDF.
BitSight sells either direct or through consulting partners. In Canada that partner is Accuvant Inc., a Denver-based firm with an office in Mississauga, Ont.