Prioritizing Risk Vectors for Remediation Using Peer Analytics

Refer to this guide to define your desired level of security performance and determine how it can be achieved with an objective, data-driven approach to comparing companies with peer groups using Peer Analytics.

(1) Choose a Peer Group

Select the [SPM app] Edit Peer Group or [Insurance app] Edit Comparison button at the top-right to designate a peer group for comparing your selected company against. Once designated, the peer group will be overarching throughout this workflow. Save your peer group and redefine it at any time.

• Select an “Industry” or refine your peer group to “Sub-industries.” This defaults to your own industry and all sub-industries.
• Define a “Peer Group Location” that limits your peer group to a region or countries within that region. Please note a company's region is based on the company’s headquarters. We don't have headquarter data for our entire inventory of companies, which may restrict the peer comparison group.
• Define the “Number of Employees” of your peer group to be of similar or any size.
• Define the “Number of Unique Services” of your peer group to be of similar or any size. Companies in the same industry with roughly the same number of employees may have very different Internet presences. With Peer Analytics, the digital footprint of similar companies is measured using the number of unique open host-port sets.

(2) Desired Level of Security Performance

Refer to the Peer Group Distribution over Rating Ranges, the Risk Vector Performance, and Top Ten panels in the Peer Analytics dashboard to define your desired level of security performance.

(3) Define Solutions and Prioritize

Refer to the Risk Vector Gap Analysis and Risk Vectors panels in the Risk Vectors page to identify the risk vectors with the highest impact.

The right column of the Risk Vector Gap Analysis shows the lowest ranked risk vectors in security management performance. The top row shows the risk vectors that have the highest impact on security ratings. Therefore, the following risk vectors (top-right scalar of the matrix) are the risk vectors that are of critical priority.

• Botnet Infections, Potentially Exploited, and Spam Propagation, which goes towards the 27% Compromised Systems risk category weight.
• File Sharing, which accounts for 2.5% of the total User Behavior risk category weight.

(4) Collaboration with Reporting

Select the Reports button at the top-right. Export and download the available reports to share with stakeholders and collaborate.

• Summary: The Ratings History report provides Bitsight Security Ratings data of a company during the past 12 months including daily ratings, grades, and percentiles.
• Compromised Systems Details: Compromised Systems details including infection type, start date, end date, and duration.
• Diligence Details: Diligence details including evidence, grade, start date, end date, and risk vector specific information.
• File Sharing Details: User Behavior details including risk type, category, start date, and end date.