Frequently Asked Questions
In the long term it would be more operationally and cost efficient to consolidate to a service and retire the SIEM. Because many clients have made significant investments in their SIEM tools this may not be a viable option for them. We can work with them on a hybrid approach and help them with the transition over to a service. We can log into the SIEM and review of the logs/escalations historically so it would be more of a reactive service in the short term until we transition them to our full 24×7 real-time monitoring and escalation.
Changes to the Desktop level can be done by leveraging the customer’s suitable toolset (unless they don’t have any) but there are loads of options available in the market place. We may keep this as a separate stream or monitor the server that this sits on but would need to investigate further.
- Certified Security Professionals
- CEH – Certified Ethical Hacker & Pen Testers Certified Ethical Hacker v8 – (EC-Council)
- GIAC GPEN (Penetration Tester)
- GIAC GSNA (Network Security Auditor)
- GIAC GCIH (Incident Response and Forensics)
- CompTIA A+
- CompTIA Network+
- Microsoft Certified Professional
- Certified Information System Security Professional
- CISA – (ISACA)
- CISSP – (ISC2)
- Qualified Security Assessor – QSA
- PCIP – PCI Professional
- HealthCare Information Security and Privacy Practitioner (HCISPP) –(ISC2)
- CHPSE (Certified HIPAA Privacy and Security Expert)
- Accredited Configuration Engineer (ACE) – Palo Alto Networks
- Comptia – Security+
- Comptia – Network+
- Microsoft – MCSE
- Microsoft – MCTS
- Microsoft – MCITP /Exchange 2010
- Microsoft – MCSA /Server 2012
- Microsoft – MCSE /Server 2012
- Juniper Networks Certified Associate
- Juniper Networks Certified Professional Security (JNCIP-SEC)
- Juniper Networks Certified Professional Enterprise Routing and Switching (JNCIP-ENT)
- Juniper Networks Certified Sales Specialist Firewall/ IDP/ Enterprise Switching and Routing
- Juniper Networks Certified Support Professional (JNCSP-ENT)
- Palo Alto ACE
- CCNA R&S
- CCNA DC
- OSCP (offensive Security Certified Professional)
- ISO 27001 / 02
- 301 MSSP and close to 400 consulting base customers
- Our customers span all verticals and range from SMB to small enterprise (2,500-30,000 employees)
This is the same as we would any other piece of infrastructure. Monitor/manage the logging output.
We would access logs to analyze traffic patterns and troubleshoot back-end applications. Example would be a notification on Pool up/down.
- SOC 1 AICPA SSAE 16 Attestation (replaces the old SAS70 Standard)
Foresite’s strategic approach is to add value and complement existing technology investments while extending visibility and holistic capabilities to your security program. We support all the best-in-breed technology solutions and are constantly adding integrations to benefit our clients.
Foresite currently has nearly a thousand clients from a diverse array of industry verticals and sizes. We are rapidly growing and attracting new clients while maintaining top scores in client satisfaction and success.
Foresite provides comprehensive Managed Detection and Response-as-a-Service leveraging industry leading solutions along with our ProVision Security Platform to deliver capabilities and hands on mitigation, remediation and proactive threat hunting to significantly reduce risk and impact of unsanctioned and nefarious activities above and beyond alerts and notifications.
Log based monitoring and alerting is essentially confined and dependent to the efficacy of the log data to correlation derived from data collection (i.e. the fidelity of the assets and their logs) and application of rules to create events to investigate, analyze, notify and provide recommended actions from a reactive response perspective. MDR is not constrained by the limitation of log data only and provides a greater level of system visibility and enrichment of data with the ability to also take proactive, hunting actions and additional remediation and control of the endpoint vs SIEM log monitoring and analysis.
Foresite security services delivered with ProVision leverages internal and external threat indicators and intelligence sources that include threat feeds as well as community/industry specific sources like ISACs, etc. A threat feed itself is arguably not threat intelligence, it requires appropriate analysis, dissemination and application to derive operational value. Foresite expertise and delivery methodology bring the value of available threat sources to operations to further identify and reduce risk for our clients.
Foresite’s innovative ProVision platform and delivery approach provide the same level of access and transparency as if you were leveraging a tradition on-prem or SaaS SIEM solution, without having to maintain a technology stack, hire and retain SIEM Engineers and Security Analysts or have to leverage additional budget to procure external providers to manage, maintain and perform analysis.
Foresite can not only assist with patch management, we can deliver Patch Management as a Service to eliminate additional technology debt while alleviating the operational burden of keeping up to date with patching, not only for operating systems but also third party applications on those systems. Foresite can provide further value by performing Vulnerability and Patch Management as a Service. Our experts not only deliver quality patching services, but go even further by performing Vulnerability Scanning, identifying and prioritizing asset patches to intelligently remediate to reduce organizational risk.
At Foresite, our advanced software platform is able to leverage best in breed technology in delivery of our MDR/MSSP services. Our services do not stop at the endpoint, our ProVision platform is able to correlate valuable data from other devices on the network. We also build an incident response plan into our service offering to ensure our clients security programs are complete. ProVision is able to give us a competitive advantage, it takes a holistic approach and extends visibility beyond the perimeter.