Cyber risk management vendor Bitsight is boosting its threat intelligence capabilities with the planned $115 million acquisition of startup Cybersixgill, the latest deal in what has been an active cybersecurity M&A environment.
Boston-based Bitsight on Thursday announced it signed a definitive agreement to buy the 10-year-old Israeli company, which scours the darkest parts of the internet – including deep web forums and markets, invitation-only messaging groups, code repositories, and clear web platforms – analyzes the data it collects, and then reports its insights out to its customers and partners.
Bitsight’s platform monitors and analyzes publicly available data like threat intelligence feeds, network scans, and public records to create a broad picture of an organization's security posture. Organizations are given a numerical security rating so they can assess and manage their own level of cyber risk and find areas and steps for improvement.
Both companies work with MSSPs, who, through the acquisition, will have a single platform to offer organizations that will incorporate a broader array of data from a much wider range of sources to give them a fuller picture of the threats they face and their ability to protect themselves.
More Intelligence on One Platform
“Integrating Bitsight's large-scale asset and attack surface exposure data with Cybersixgill's threat intelligence will allow partners to deliver a robust, scaled solution that is responsive to the growing need for CISOs to consolidate solutions,” Derek Vadala, chief risk officer at Bitsight, told MSSP Alert.
Consolidation is helping to fuel the M&A push that’s been going on in the cybersecurity sector for the past couple of years, Bessemer Venture Partners wrote in a report earlier this year. That includes both CISOs looking to reduce the number of vendors they use and cybersecurity vendors wanting to pull more capabilities onto their platforms.
It also means MSSPs will be able to offer customers more services but work with fewer vendors.
In this case, Bitsight will fold Cybersixgill’s threat intelligence data into its own offerings, including its external attack surface management and continuous third-party monitoring products, to expand what it brings to organizations in threat hunting, adversary intelligence, industry reports, and vulnerability data.
Leaning in on AI
In addition, Bitsight will combine its emerging AI capabilities with those of Cybersixgill. Like most other cybersecurity vendors, Bitsight is incorporating AI techniques into its portfolio, including its Groma internet scanning tool and Graph of Internet Assets (GIA) for discovery and attribution of threats. Both are part of the company’s larger Cyber Risk Data Engine.
Groma, announced earlier this year, scans more than 40 million organizations, more than 250 million host names, and more than 4 billion routable IP addresses. GIA is used to create rating trees at scale via advanced graph technology and AI models.
Cybersixgill embeds its generative AI capabilitiy – Cybersixgill IQ – throughout its cyberthreat intelligence and attack surface management portfolios to make it easier to analyze and assess the data it brings in, roll out reports based on its finding, and offer 24/7 assistance to organizations.
Bitsight CEO Steve Harvey said in a statement that “with the integration of Cybersixgill’s team and technology, we can deliver even deeper insights to Bitsight customers about the targeted threats unique to their infrastructure. … Together, we’re unlocking a new level of cyber risk management, empowering organizations to stay ahead of emerging threats.”
Harvey added that Bitsight will continue to invest in the Cybersixgill products it inherits from the acquisition.
More Resources and Reach
In a blog post, Cybersixgill CEO Sharon Wagner wrote that the deal will give his company’s technology more resources and greater reach around the world.
“By joining Bitsight, we’re combining Cybersixgill’s threat intelligence with Bitsight’s powerful asset mapping capabilities that help organizations identify, prioritize, communicate, and mitigate risk,” Wagner wrote. “Together, we’ll deliver a game-changer: One platform that doesn’t just monitor risks but proactively connects them to real-world threats – both for a company’s first- and third-party environments. This means faster insights, smarter decisions, and stronger defenses.”
MSSPs that work with both companies also should see the capabilities they can offer their clients expand. Bitsight offers an API that enables integration with MSSPs’ security operation centers (SOCs) so they can include the vendor’s security ratings into their own assessments of organizations’ risk and reporting processes.
MSSPs also can integrate Bitsight’s data into their own reports and dashboards for clients.
Cybersixgill partners with more than 50 MSSPs who have more than 500 customers around the world. Theya also can draw from the vendor’s data to create their own reports and dashboards for their customers.
