Through fusing advanced attack surface management with deep contextual analysis and scalable automation, Bitsight is helping organisations take control of their cyberexposure and stay one step ahead. We spoke to Gabi Reish, VP Product, Threat Intelligence and Exposure Management, Bitsight, who delved into the details of the company’s unique threat intelligence solutions.
What sets Bitsight apart from other CTI products currently on the market?
At Bitsight, we’re focused on helping organisations understand their exposure management. We help to answer questions like, ‘How can I be proactive in terms of understanding my exposure?’ It’s understanding specific vulnerabilities that an organisation may have in their attack surface. Our strong ASM capabilities are very unique. By aligning that information with further context around the specific industry and geography an organisation is better able to understand the most threats and how to protect against them.
We also bring the business context to the forefront of our solutions by looking at the specific assets that are more and less important from a business perspective. Furthermore, we include another layer of context – threat context. On every asset, our CTI examines the threats related to a specific asset that were discovered as part of your attack surface.
Therefore, in addition to the ability to discover the asset and create the visibility of this asset, we have the business context. Then on top of that, now we have the threat context.
Bitsight stresses the importance of anticipating attacks rather than reacting to it where possible. How is BitSight helping organisations to make that transition from reactive to proactive defence?
We are providing two mechanisms that maintain a proactive defence – passive and active actions. Passive is everything from sending reports that we are generating through APIs and sending alerts and notifications to different stakeholders on bad things that are happening. On the active side, we have the ability to integrate different tools that you have in your SOC and trigger workflows automatically once we find a strong indication of an incident. This allows our solutions to be as pre-emptive and proactive as possible.
What role does automation play in Bitsight’s solutions?
We use AI and automation in a lot of ways. However, one significant way is for the prioritsation of incidents and actionability. Our solutions compile a vast amount of data which we do not want to overload onto our clients. Therefore, AI helps prioritise the most important suspicious activities. For example, if the CEO has a lot of important data on his computer, versus an old computer sitting in a lab not doing anything, we know that and we can prioritise one over the other, triggering an action. Using AI and different AI agents to provide the real context of a specific compromised endpoint is important information that we are providing to our customers today.
How are you ensuring that your product is scalable across complex environments?
Currently, we are covering more than 4 billion IP addresses, about 500 million domains, we monitor almost 280,000 CVEs, and we look at about 65,000 different vendors a day. So, it is a scalable solution. We are looking at more than one billion exposed credentials per week. These numbers are very large and are part of a very scalable data set. We collect all this data, as well as all the historic information about this data. And, as mentioned previously, we’re using AI to prioritise insights based on all of this data.
How do you ensure that the insights you get from CTI aren’t just informative, but drive defence actions as well?
Bitsight focuses on the personalisation of data. We have alerts and notifications based on specific topics that our customers are interested in. Using the power of AI, we are able to crystallise and scrutinise the data that is most important for you, and curate the data in a way that you can actually read and absorb. The curated delivery of data is as important as the collection. This is what is empowering the work that we do today.
Clients have a lot of third-party vendors, partners and suppliers, how does your CTI deal with potential third-party compromises?
A critical part of Bitsight’s ability today is to monitor organisations and provide the relevant indications to customers as soon as possible on the threats and risks that they may be exposed to as a result of working with third parties. This covers anything from vulnerabilities and exploits to compromised credentials of third parties. As well as this, we include the broader picture, looking at relevant risks related to the sector that the third party is in, or the geographical location. It’s critical to bring in the third party into the exposure story, because it’s a very important capability of exposure management.
