Bitsight Reviews

Name: Bitsight
Brand: BitSight
Rating: 4.1 (10 reviews)

Vendor: BitSight

4.1 out of 5

10 reviews
100% willing to recommend

Leave a review

What is Bitsight?

Bitsight provides global cyber risk intelligence solutions, leveraging advanced AI to empower organizations with precise insights derived from an extensive external cybersecurity dataset. With more than 3,500 customers and 65,000 organizations active on its platform, Bitsight delivers real-time visibility into cyber risk and threat exposure, enabling teams to rapidly identify vulnerabilities, detect emerging threats, prioritize remediation, and mitigate risks across their extended attack surface. Bitsight proactively uncovers security gaps across infrastructure, cloud environments, digital identities, and third- and fourth-party ecosystems. From security operations and governance teams to executive boardrooms, Bitsight provides the unified intelligence backbone required for confidently managing cyber risk to address exposures before they impact performance.

Get the Bitsight Buyer's Guide and find out what your peers are saying about Bitsight, CrowdStrike Falcon, TrendAI Vision One and more!

Bitsight is the #3 ranked solution in top IT Vendor Risk Management solutions and #5 ranked solution in top Attack Surface Management (ASM) solutions. PeerSpot users give Bitsight an average rating of 8.2 out of 10. Bitsight is most commonly compared to CrowdStrike Falcon: Bitsight vs CrowdStrike Falcon. Bitsight is popular among the large enterprise segment, accounting for 54% of users researching this solution on PeerSpot. The top industry researching this solution are professionals from a financial services firm, accounting for 17% of all views.

Helped 886,664 peers since 2012

Featured Bitsight reviews

Suresh A.

Senior AIML Engineer at a tech vendor with 1,001-5,000 employees

There are areas for improvement; we do notice sometimes finding vulnerabilities which gives us visibility to find them quickly. However, there could be a mechanism they can build on top of that for validation as they identify the issues. What will the real risk be for that identifiable issue? Sometimes it could be open because of the traffic; how they detected it could be seen as vulnerable, but upon testing, it might not be a real issue. It could be a false positive because there could be a honeypot that we built. My thinking is about validation, so if they can build that validation part before they expose the risk to the specific asset, that would help. Additionally, based on their reporting, they could also build risk scores and prioritization, which would also aid us. I would suggest adding dashboards and custom reporting, which could help us by enabling rich custom reports with filters. That is especially for leadership because they will not look at each technical area, but overall they would be looking at the risk score and what the assets or critical exposure areas are. Customizable reporting based on requirements would be valuable. I chose 9 out of 10 because the reporting and dashboards would be the first thing I would consider for improvement, and then the second is about the validation part, which could probably improve to 10 out of 10. I cannot think of too much for additional improvements. Maybe some good automation with the API solutions that could be integrated with the CI/CD pipeline or DevOps tools we are running would also be automated and tested.

Read full review

Aditya Vikram Raj

Associate at a financial services firm with 10,001+ employees

There was one case scenario where a lot of parked domains were observed for a particular organization that we were monitoring via Bitsight. Bitsight flagged a missing web application header although no exact web applications or web application had been hosted on that particular domain, and it had been in a parked state. We had a discussion with Bitsight team, and their concern was that although no web application was being hosted on that particular domain, it could still be exploited by threat groups. They provided examples in which those domains had already been leveraged by threat groups to emulate ransomware attacks. From their point of view, Bitsight continues to flag those particular domains in their platform under the missing web application headers criteria. Since if the number of findings increases for a particular month, your overall risk score decreases, which can become a challenge for a team working on this particular issue. Bitsight could work on this use case scenario where they could either exclude or include findings, or create a separate criteria which would not affect the score. When delivering reports to a CISO, CTO, or CIO level, the score is one of the things that gets focused on first. My suggestion is that Bitsight might consider whether findings from parked domains where no web application is being hosted really need to be included in the mainstream findings. Bitsight could create a separate tab or criteria where they could inform customers about these findings without directly including them in the total number of findings. If the total number of findings increases for a particular month, that will impact the overall score, which becomes a challenge for a team working on this field and they have to explain why the score has dropped and whether remediations were not completed the previous month. This is an area that could be improved.

Read full review

Tarang Parmar

Founder at The Cyber Security Network

Bitsight has been good overall, and I do not see any negative points. However, if another organization can spy on us, that is concerning, as they can see our score and we cannot see theirs. I wish for the addition of features such as leak credentials within Bitsight, which would be more useful because we need to rely on some other third-party tools. If those features were available, there would be no need to use additional tools. I chose 8 out of 10 because if we receive invites from clients every 45 days, our subscription ends, and we have to renew it. Additionally, it does not show vulnerabilities according to the CVSS score or the impact they are causing. Instead, it labels these vulnerabilities as bad or one, which can be confusing for those unfamiliar with identifying errors. It would be better to categorize them as high vulnerability, critical vulnerability, or low vulnerability.

Read full review

Bitsight mindshare

Product category:

As of April 2026, the mindshare of Bitsight in the IT Vendor Risk Management category stands at 6.1%, down from 10.9% compared to the previous year, according to calculations based on PeerSpot user engagement data.

IT Vendor Risk Management Mindshare Distribution
Product	Mindshare (%)
Bitsight	6.1%
OneTrust GRC	8.8%
RSA Archer	7.0%
Other	78.1%

IT Vendor Risk Management

PeerResearch reports based on Bitsight reviews

Type	Title	Date
Category	IT Vendor Risk Management	Apr 16, 2026	Download
Product	Reviews, tips, and advice from real users	Apr 16, 2026	Download
Comparison	Bitsight vs SecurityScorecard	Apr 16, 2026	Download
Comparison	Bitsight vs OneTrust GRC	Apr 16, 2026	Download
Comparison	Bitsight vs RSA Archer	Apr 16, 2026	Download

Valuable Features

Bitsight is praised for its user-friendly interface and extensive coverage, including attack surface monitoring, vulnerability scanning, and task assignment. Features like email headers, external vulnerability scans, third-party risk management, and detailed ratings enhance security posture. Organizations value the ability to identify vulnerabilities quickly, improve cyber insurance ratings, and strengthen compliance programs. The comprehensive risk vector list and robust API support system integration, aiding in reducing exposure time and building customer trust.

"If you are exactly looking for external attack surface monitoring, and you are exploring options, then Bitsight is a very good option that you can explore."
"BitSight provides information about the external servers, botnet infection and credential leaks, and also offers open ports from an external point of view, so we benefit before any adversary misuses the particular servers that are exposed externally."
"My advice to others looking into using Bitsight is that it provides a lot of information that was not available before, and it is especially good in recon as it can identify many things about an organization that have never been found earlier, making it a valuable tool."

Room for Improvement

Bitsight users note challenges with parked domains affecting scores, slow score adaptation, and data discrepancies. Improvements suggested include separate criteria for findings, validation mechanisms, enhanced reporting and dashboards, advanced automation, and false positive reduction. Data enrichment and benchmarking are requested for clarity and accurate scanning. Users also seek quicker detection processes, better risk score correlation, and improved anomaly detection, aiming for competition with cybersecurity platforms like Qualys.

"Since if the number of findings increases for a particular month, your overall risk score decreases, which can become a challenge for a team working on this particular issue."
"There has been quite a bit of data discrepancy in BitSight."
"I chose 8 out of 10 because if we receive invites from clients every 45 days, our subscription ends, and we have to renew it."

Pricing

Enterprise users generally perceive Bitsight's pricing as reasonable, with some finding it a bit expensive but suitable for large companies. While some users consider its cost average, other departments often handle pricing assessments, leading to limited insights from certain users.

"The product has a reasonable price."
"The solution's price is average."

Popular Use Cases

Organizations primarily use Bitsight for attack surface monitoring, risk score improvement, and vulnerability identification on networks and web applications. They focus on analyzing security scores, assessing security posture, and enhancing security measures based on alerts like open ports and missing security headers. Users emphasize quick detection and remediation, building customer trust through improved security scores, monitoring supply chains, and integrating insights into cyber detection and response strategies.

Service and Support

Bitsight's customer service and support are highly regarded, with users highlighting timely responses and effectiveness in addressing issues. Users frequently receive quick feedback and have had positive interactions via email and calls. Bitsight's team is commended for professionalism, particularly in handling concerns about ratings and technical aspects. Various users find their interaction with customer success and support teams impressive, noting efficient communication and swift resolution of technical tickets. Some experience personal connections due to local offices.

Deployment

Users report Bitsight's initial setup is generally straightforward and efficient, typically taking between a day to three days. Those with prior implementation experience found the process smoother, while telecom companies require some additional adjustments. Manual requirements and subscription customization are possible. Ratings for ease of setup range from eight to ten out of ten. The pricing model is perceived as fair, with no significant challenges faced during setup or licensing phases.

Scalability

Bitsight is praised for handling growth and increased workload effectively, scaling seamlessly as a cloud-based platform. Organizations appreciate its ability to accommodate a large, diverse user base, ranging from security teams to international groups. Permissions are given based on necessity, allowing for flexible access management. Bitsight's scalability earns high ratings, showing no significant concerns among users of varying sizes, including both SMBs and enterprises.

Stability

Users find Bitsight to be highly stable with strong reliability. Many rate its stability very highly, often with a perfect score or close to it. They mention that Bitsight operates without downtime or technical difficulties, though normal fluctuations may occur when updates or adjustments are made to the rating algorithm. Despite these updates, users consistently express confidence in the robustness and dependability of Bitsight.

These insights are based on the in-depth reviews provided by peers to help you make a better buying decision.

Download our Bitsight Buyer's Guide for additional reliable information.

Review data by company size

By reviewers
Company Size	Count
Small Business	3
Large Enterprise	5

By reviewers

By visitors reading reviews
Company Size	Count
Small Business	119
Midsize Enterprise	101
Large Enterprise	261

By visitors reading reviews

Top industries

By visitors reading reviews

Financial Services Firm

17%

Manufacturing Company

10%

Computer Software Company

Insurance Company

Media Company

University

Construction Company

Healthcare Company

Government

Retailer

Wholesaler/Distributor

Outsourcing Company

Energy/Utilities Company

Comms Service Provider

Legal Firm

Educational Organization

Performing Arts

Recreational Facilities/Services Company

Pharma/Biotech Company

Transportation Company

Marketing Services Firm

Real Estate/Law Firm

Non Profit

Hospitality Company

Logistics Company

Engineering Company

Consumer Goods Company

Compare Bitsight with alternative products

Learn more about Bitsight

Product Demo

Interactive Bitsight demo

Bitsight customers

Cabela's, Belgium Center for Cybersecurity, Fordham University, RBC, Max Life Insurance, Schneider Electric

Product Categories

IT Vendor Risk Management

Attack Surface Management (ASM)

Popular Comparisons

CrowdStrike Falcon vs Bitsight

TrendAI Vision One vs Bitsight

Cymulate vs Bitsight

Qualys CyberSecurity Asset Management vs Bitsight

RSA Archer vs Bitsight

Axonius vs Bitsight

OneTrust GRC vs Bitsight

Amazon Inspector vs Bitsight

Mandiant Advantage vs Bitsight

AuditBoard vs Bitsight

SecurityScorecard vs Bitsight

Cybersixgill vs Bitsight

Microsoft Defender External Attack Surface Management vs Bitsight

ImmuniWeb vs Bitsight

ProcessUnity vs Bitsight

See all alternatives

Bitsight Reviews Summary
Author info	Rating	Review Summary
Senior AIML Engineer at a tech vendor with 1,001-5,000 employees	4.5	I've used Bitsight for around eight years to detect vulnerabilities in internet-facing systems, appreciating its external scans and continuous monitoring, though I’d like better validation, risk prioritization, and customizable dashboards for broader usability.
Associate at a financial services firm with 10,001+ employees	4.0	I found Bitsight excellent for external attack surface monitoring, offering broad coverage. It was stable and helped improve our cyber insurance standing. My main concern is how it flags parked domains, unnecessarily impacting the risk score.
Founder at The Cyber Security Network	4.0	I use Bitsight to identify network vulnerabilities, and its clear reporting, task assignment, and automated scanning are valuable. While helpful overall, I wish it categorized vulnerabilities better and included credential leak detection. I rate it 8/10.
Senior Manager and Global Capability Lead - Offensive Security at a tech vendor with 10,001+ employees	3.0	I used Bitsight to monitor Virtusa's external security posture, found its ratings and scanning useful, appreciated its vendor oversight and support, but noted issues with accuracy and false positives, ultimately rating it a six out of ten.
Chief Security Officer at Cetelem	4.0	I use BitSight to monitor security scores for my organization and its subsidiaries. Its most valuable feature is listing vulnerabilities, but the score adaptation could be faster. I previously evaluated SecurityScorecard before choosing BitSight for this purpose.
Telecommunications Engineer at Portugal Telecom	4.5	Bitsight provides us with comprehensive insights into our security posture, helping to effectively reduce risks. Its user-friendly features allow us to conduct scans and assess security risks. However, the methodology for identifying findings occasionally has errors that need improvement.
VP at FUbon	4.5	I find BitSight valuable for its diverse evaluation points and ease of use, although its benchmarking could be improved. I prefer it over Black Kite for patch management and am considering SecurityScorecard as an alternative.
SOC at Renault	4.0	I find BitSight good for external server and open port visibility. However, I experience data discrepancies, repetitive alerts, and poor data enrichment, needing more specific vulnerability details. Though customer support is solid, these are key areas for improvement.

Title	Rating	Mindshare	Recommending
CrowdStrike Falcon	4.3	N/A	97%	139 interviews Add to research
TrendAI Vision One	4.3	N/A	98%	104 interviews Add to research

Bitsight Reviews

What is Bitsight?

Featured Bitsight reviews

Bitsight mindshare

PeerResearch reports based on Bitsight reviews

Valuable Features

Room for Improvement

Pricing

Popular Use Cases

Service and Support

Deployment

Scalability

Stability

Review data by company size

Top industries

Compare Bitsight with alternative products

Learn more about Bitsight

Product Demo

Bitsight customers

Related questions

Product Categories

Popular Comparisons