Our Clients
Orbit Security vs Bitsight vs SecurityScorecard
Capabilities
Headquarters
Founded / Product Launched
Security rating scale
Orbit Security
Capabilities
- Security Ratings
- Third Party Risk Management
- Cyber Advisory
- Incident Response
- Cyber Threat Simulation
- eDiscovery
Headquarters
London
Founded / Product Launched
1994 / 2021
Security rating scale
0-1000 for overall, domain and sub-domain level ratings
BitSight
Capabilities
- Security Ratings
- Third Party Risk Management
Headquarters
Boston
Founded / Product Launched
2011 / 2013
Security rating scale
0-950 for overall rating
SecurityScorecard
Capabilities
- Security Ratings
- Third Party Risk Management
- Incident Response
- Cyber Threat Simulation
Headquarters
New York
Founded / Product Launched
2013 / 2014
Security rating scale
A-F for overall rating, with A-F and 0-100 scale for individual risks
See how Orbit Security works
This table will help you understand some of the differences and similarities between the market’s leading solutions. However, the best way to assess them is with a free trial. Get started by signing up and we will provide:
Orbit Security vs Bitsight vs SecurityScorecard product overview
In 2022, we commissioned independent market research from market intelligence firm M-Brain to find out what CISOs and other practitioners think is most important in a security ratings solution. The following comparison is based on CISOs’ own priorities:
These four features regularly ranked as the most important to CISOs looking for a security ratings platform:
Feature
Platform’s dashboarding features
The highest priority for CISOs, CIOs, Heads of IT Security and other decision makers was the platform’s ability to provide simplified dashboards and reports that can be presented to a board.
Timely and accurate information
CISOs want a solution that sends timely alerts about new issues and high-risk third parties. Above all, they need accurate information that they can rely on.
Benchmarking ability: Comparison with peers
Users need to be able to compare their organisations’ security posture to industry peers and competitors.
Pricing and inclusiveness of features
CISOs want providers to provide transparent pricing with all features included and no arbitrary limitations on number of users and customer support hours.
Rating of highest-priority features
Orbit Security
Platform’s dashboarding features
- Clear dashboarding and off-the-shelf executive reporting.
- “The security rating has become a key, objective KPI for our management team” (CISO, ATHEX)
Timely and accurate information
- Machine learning tool for network footprint discovery, designed to eliminate false positives.
- Weekly security ratings with ability to request rescan.
- Real-time alerts by email and in-platform.
Benchmarking ability: Comparison with peers
- Comprehensive benchmarking vs industry peers, as well as against global benchmark
- Users can compare vs competitors and peers.
Pricing and inclusiveness of features
- Customers report that prices are typically up to 50% cheaper than competitors. Pricing starts at $15,000 for self-assessment plus all subsidiaries.
- We never limit features based on pricing. All features are developed in-house by experts.
Rating of highest-priority features
4.25/5
BitSight
Platform’s dashboarding features
- Innovated security ratings concept in the early 2010s; feature-rich platform.
- “Tends to have complex user interface” compared to other providers (M-Brain)
Timely and accurate information
- Security ratings updated daily, but “the platform’s ability to eliminate false positives is very low” (M-Brain)
- Notifications can be sent through email, platform and API.
Benchmarking ability: Comparison with peers
- Ability to compare with the industry average as well as the sub-category.
- Users can compare ratings to five to seven competitors at a time.
Pricing and inclusiveness of features
- Pricing is reported to start at US$30,000 for self-assessment plus two subsidiaries.
- “BitSight does not provide enough in-house services. Most of them are offered via integration with third parties.” (M-Brain)
*Reported pricing as of February 2022
Rating of highest-priority features
3.25/5
SecurityScorecard
Platform’s dashboarding features
- "Provides simplified dashboarding and reporting features that can be presented to board level management compared to BitSight” (Retail Bank in the US).
- Clear dashboarding and reporting.
Timely and accurate information
- Scorecards recalculated daily.
- Some users report lack of transparency about hosts to which issues are attributed in reports.
- Notifications can be sent through email, platform and API.
Benchmarking ability: Comparison with peers
- Users can compare scores with the industry average, and up to seven competitors at a time.
- Option to create a portfolio to benchmark against competitors.
Pricing and inclusiveness of features
- Pricing is reported to start at US$22,000 for self-assessment plus all subsidiaries, and additional vendors cost $1,500-$2,000 per vendor per year.
- A free version of the platform is available for vendors to check their score and upload public comments.
*Reported pricing as of February 2022
Rating of highest-priority features
3.75/5
Conclusion: for the highest-priority features and capabilities, Orbit Security ranks consistently highly. Since our journey to build the world’s most comprehensive and accurate cyber security ratings platform began in 2019, we have focused on developing critical features with clarity, purpose and actionability.
These features were also considered priorities, depending on the specific use case or attitude of the CISO.
Feature
Questionnaires and third-party access
CISOs want the ability to issue IT security questionnaires in-platform, and to provide third parties with access to their own security ratings and assessments.
Data transparency
CISOs want to demonstrate to other stakeholders how the data is collected and how ratings are calculated.
Remediation features
Intuitive workflow for remediation action plans and co-working.
Customer support
End-to-end customer support.
Scalability and speed
Speed at which ratings can be provided, and scalability of solution.
Rating of medium-priority features
Orbit Security
Questionnaires and third-party access
- Users can issue questionnaires using the Orbit Diligence module.
- The platform is free to third parties for 30 days.
- Third parties have access to expert remediation support.
Data transparency
- Issues aggregated by ‘Risk’ and by ‘Domain’.
- All issues are attributed to a specific host.
- CTI sources transparently labelled.
- Every issue ranked as high, medium, low or informational.
- Charts show which issues are having the highest impact on the overall rating.
Remediation features
- Issues can be flagged for remediation, allocated to team members and given a deadline.
- Managers can track and report on remediations.
Customer support
- Dedicated account manager and regular customer success meetings.
- Technical support SLA is usually 12 hours.
- Full suite of advisory, testing and incident response services.
Scalability and speed
- Clients can access Orbit Security’s existing ratings immediately.
- New ratings can be produced in days.
- Highly scalable solution in terms of price and usability.
Rating of medium-priority features
4.8/5
BitSight
Questionnaires and third-party access
- BitSight offers standard frameworks for questionnaires, as well as integrations.
- A third party can upload a public, as well as a private, comment.
- The platform is free to third parties for 45 days
Data transparency
- Issues are analysed by risk category and are attributed to a specific ‘Identifier’.
- Risk grading is good, neutral, warning and bad, with minor, moderate, material and severe severity.
- Issues are attributed ‘first seen’ and ‘last seen’ time stamps.
Remediation features
- During major security events, critical vulnerabilities will be highlighted.
- Remediations can be flagged, tracked and reported on.
Customer support
- Dedicated account manager.
- Technical support SLA is 24 hours (M-Brain).
- No in-house advisory or incident response team for expert escalation.
Scalability and speed
- Clients can access BitSight’s existing ratings immediately.
- New ratings can be generated in days.
- Pricing makes scalability challenging for many companies.
Rating of medium-priority features
4.4/5
SecurityScorecard
Questionnaires and third-party access
- Users can issue questionnaires using the ATLAS module.
- Third parties receive notification and can create an account for answering.
- Platform allows users to invite third parties to view their own assessments.
Data transparency
- Issues are analysed by risk category, but vendor reports do not include domain attribution.
- Risk grading is high, medium and low severity, ‘positive signals’ and informational.
Remediation features
- Users can create a score plan for themselves or third parties.
- Issues are marked as open, under review, resolved, declined or decayed.
Customer support
- Overall customer support is reported to be good.
- Customer query response time is 48 hours SLA (M-Brain).
- Incident Response, Testing and Red Team services
Scalability and speed
- Organisations already scored by SecurityScorecard can receive immediate ratings.
- New scores can be generated in hours.
- Pricing makes scalability challenging for many companies.
Rating of medium-priority features
4.4/5
Conclusion: For medium-priority features and capabilities, Orbit Security again ranks highly. In particular, our clients value our outstanding customer support and data transparency.
These features and criteria were rarely top priorities, but users often appreciated them.
Feature
Clients feed into product roadmap
CISOs value the ability to:
- Customer requirements fed into product roadmap.
- White-labelling capabilities.
- Local hosting where regulations and/or risk frameworks demand.
Financial quantification
CISOs want to be able to quantify the potential financial impact of cyber risk on an organisation or its third parties.
Tracking over time
Ability to track issues and overall scores over time
Critical vs non-critical third parties
CISOs would like to prioritise certain ‘critical’ service providers and clients over other third parties.
Integrations
Integrations with other platforms.
Orbit Security
Clients feed into product roadmap
- Expert customer feedback fed into product development.
- White-labelling option available – a high priority for many government clients.
- Local hosting not supported
Financial quantification
- Orbit Security does not offer financial quantification.*
Tracking over time
- Overall scores and individual hosts tracked over time.
- All historical assessments available to users.
- Trend analysis highlights issues causing significant score drops.
Critical vs non-critical third parties
- Does not distinguish between critical and non-critical third parties; full analysis is provided for every third party.
Integrations
- Integrations can be supported on request.
BitSight
Clients feed into product roadmap
- Not known whether client feedback is taken into account for overall product roadmap.
- It is reported that BitSight cannot be white labelled or hosted locally.
Financial quantification
- BitSight provides financial quantification of cyber risk with the help of VisibleRisk and via its partnership with Moody’s.
Tracking over time
- BitSight provides one year of historical scores by default.
- Overall scores can be tracked over time.
Critical vs non-critical third parties
- BitSight distinguishes between critical and non-critical vendors, providing fuller assessments of critical suppliers (though at a higher reported price).
Integrations
- Integration can be supported, and partners include Archer GRC, OneTrust, ServiceNow, ProcessUnity and Prevalent.
SecurityScorecard
Clients feed into product roadmap
- Not known whether client feedback is taken into account for the overall product roadmap.
- It is reported that SecurityScorecard cannot be white labelled or hosted locally.
Financial quantification
- SecurityScorecard does not offer financial quantification.
Tracking over time
- Overall scores can be tracked over time.
- Trend analysis shows which issues have effective scores where significant drops occur.
Critical vs non-critical third parties
- SecurityScorecard gives access to third-party ‘slots’ that can be swapped and changed from the initial list.
Integrations
- Integration can be supported, and partners include Archer GRC, ServiceNow, OneTrust, Jira and others.
Overall verdict
Thomas Murray was founded in 1994 and built its reputation as a risk intelligence firm by providing data, risk analysis, advisory and technology services to some of the world’s biggest banks and institutional investors. Our goal is to create the world’s leading cyber security ratings platform for every sector, building on our deep analytical and technical expertise.
*A note on Financial Quantification: As a result of our deep expertise analysing financial counterparties, we understand that to quantify the potential financial impact of an organisation’s external security posture requires deeper analysis and more context than can be observed through an external analysis. We therefore do not offer financial quantification.
Speak with
an Expert
Speak with
an Expert
Contact an expert
