Partner Portal

Welcome to your Foresite Partner Portal


The Latest from our Blog

9 U.S. States Pass New or Expanded Data Breach Laws

In the absence of federal action, states have been actively passing new and expanded requirements for privacy and cybersecurity. While laws like the California Consumer Privacy Act (CCPA) are getting all the attention, many states are actively amending their breach...

read more

New NIST Requirements Increase Cyber Security Controls

A new supplement to the National Institute of Standards and Technology (NIST) 800-171 “Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations” is on the way.  The proposed supplement 800-171B adds 35 new requirements that go alongside...

read more

What is Credential Stuffing?

Credential stuffing has been in the news because it is a method of attempting to take over accounts of a company by using the databases of known breaches to ‘stuff’ thousands or millions of known credentials into an automated bot and attempting to see if they can get...

read more

NIST CSF – Part 3 – Detect

The NIST Cyber Security Framework (NIST CSF) is the result of a February 2013 Executive Order titled “Improving Critical Infrastructure Cybersecurity” and 10 months of collaborative discussions with more than 3,000 security professionals. It comprises a risk-based...

read more

What is proactive incident response?

Incident response as a term is reactive, so it's no wonder that a proactive approach to incident response is a foreign concept to many clients and resellers that we work with.  Let's look at a few common scenarios to understand why proactive incident response is so...

read more

Poorly Written Ransomware Still Infects Unpatched Systems

WannaCry malware hit the news in 2017 when reports of the damaging attack spread through more than 150 countries.  The National Health Service in the UK, and FedEx where two of the worst hit organizations, but countless others, including small business, schools, and...

read more

Why you should frustrate your pen testers

The third or fourth step in any breach (depending on who you talk to) is that an attacker must ‘gain authority’. Think of it like a bank; if the criminal breaks into the vestibule they have little or nothing to steal, they have to get from the vestibule to the main...

read more

Register a Deal

Request a Resource

 

Managed Security Service Form

  • Once you have completed this questionnaire, please re-save the form and email it to your Foresite contact (listed on the cover page of this questionnaire). Within a few days, we will provide you with a proposal tailored specifically for your information security assessment needs as well as your pricing options.

    Download/Print Form

 

Security Engagement Form

  • Once you have completed this questionnaire, please re-save the form and email it to your Foresite contact (listed on the cover page of this questionnaire). Within a few days, we will provide you with a proposal tailored specifically for your information security assessment needs as well as your pricing options.

    Download/Print Form
  • A. Background Information

  • (Example: We are a law firm who works with HIPAA clients and want to confirm that our security meets the level required for our HIPAA Business Associate Agreements)
  • Types of data generated, transmitted, and/or maintained:

  • B. Network Security Assessment - External

  • Black box testing – Black box testing is done without prior knowledge based on what the tester can uncover. White box testing – White box testing is done with knowledge of the environment being known to the tester. Many times, black box testing is followed by white box testing for a thorough check of vulnerabilities from both outside and inside.
  • C. Network Security Assessment - Internal

  • Black box testing – Black box testing is done without prior knowledge based on what the tester can uncover. White box testing – White box testing is done with knowledge of the environment being known to the tester. Many times, black box testing is followed by white box testing for a thorough check of vulnerabilities from both outside and inside.
    If White Box Testing will be done:
  • D. Social Engineering

    We will use your responses to scope the amount of effort that will be required to perform the assessment and to provide you with pricing options. Note that we have strict procedures for protecting information in our custody; it will not be disclosed and will be used only to accurately scope your assessment.
  • E. Application Security Assessment

  • F. Additional Comments

    Additional Comments If you have any comments on your organization’s background information, desired assessment areas, internal network characteristics or the security devices within your internal network, please provide them below:

Partner Documents

Application Penetration Testing [PDF]

Azure Security Monitoring and Alerting [PDF]

Detailed Services Description for Foresite Security Subscription Bundle [PDF]

Foresite Check Point SMB Service Description [PDF]

Foresite Sales Cheat Sheet [PDF]

Foresite Service Implementation Document [PDF]

Foresite Service Implementation Document (SID) [PDF]

Foresite Terms And Conditions [PDF]

Foresite Terms And Conditions – External [PDF

Managed Security Services Form [WORD]

Security Engagement Form [PDF]

Security Subscription Bundle Datasheet (Customer Version) [PDF]

Security Subscription Bundle Datasheet (Partner Version) [PDF]

Selling BattleCards PPTX [PPTX File]

Social Engineering Data Sheet [PDF] [ILLUSTRATOR FILE]

Check Point Powered by Foresite as a Service Data Sheet [PDF] [INDESIGN FILE]

Cloud Services Security Assessment Data Sheet [PDF] [INDESIGN FILE]

Cloud Security Case Study [PDF] [INDESIGN FILE]

Cybersecurity Consulting Services Data Sheet [PDF] [INDESIGN FILE]

Education Case Study [PDF] [INDESIGN FILE]

Education Data Sheet [PDF] [ILLUSTRATOR FILE]

Features and Benefits of Foresite Security Services Data Sheet [PDF] [INDESIGN FILE]

Finance Case Study [PDF] [INDESIGN FILE]

Financial Sector MSSP Case Study [PDF] [INDESIGN FILE]

Financial Sector Security Assessment Case Study [PDF] [INDESIGN FILE]

Financial Services Case Study [PDF] [INDESIGN FILE]

Foresite Check Point SMB Service Description [PDF]

Healthcare Case Study [PDF] [INDESIGN FILE]

HIPAA Compliance Services Data Sheet [PDF] [INDESIGN FILE]

Incident Management Services Data Sheet [PDF] [INDESIGN FILE]

Insurance Services Case Study [PDF] [INDESIGN FILE]

K-12 Education Case Study [PDF] [INDESIGN FILE]

Legal Services Case Study [PDF] [INDESIGN FILE]

Manufacturing NIST 800-171 Case Study [PDF] [INDESIGN FILE]

NIST – ProVision Matrix [PDF]

Partner Compromise Assessment Data Sheet [PDF] [INDESIGN FILE]

Patch Management Data Sheet [PDF] [ILLUSTRATOR FILE]

Payment Card Industries Compliance Services Data Sheet [PDF] [INDESIGN FILE]

Public-facing Compromise Assessment Data Sheet [PDF] [INDESIGN FILE]

Retail PCI Services Case Study [PDF] [INDESIGN FILE]

Red Team Services Data Sheet [PDF] [ILLUSTRATOR FILE]

Reseller Program Case Study [PDF] [INDESIGN FILE]

Reseller Reference Guide [PDF] [INDESIGN FILE]

Security Monitoring & Alerting Services Data Sheet [PDF] [INDESIGN FILE]

Security Monitoring and Incident Data Sheet [PDF] [INDESIGN FILE]

Small and Medium Business Solutions Data Sheet [PDF] [INDESIGN FILE]

SOC 2 Readiness Data Sheet [PDF] [PHOTOSHOP FILE]

SOC 2 Readiness & Assessment Case Study [PDF] [INDESIGN FILE]

State and Local Government Public Utilities Case Study [PDF] [INDESIGN FILE]

The Art and Science of Compliance Whitepaper [PDF] [INDESIGN FILE]

Vendor Management Services Data Sheet [PDF] [INDESIGN FILE]

Frequently Asked Questions

We would access logs to analyze traffic patterns and troubleshoot back-end applications.  Example would be a notification on Pool up/down

Changes to the Desktop level can be done by leveraging the customer’s suitable toolset (unless they don’t have any) but there are loads of options available in the market place.  We may keep this as a separate stream or monitor the server that this sits on but would need to investigate further.

This is the same as we would any other piece of infrastructure.   Monitor/manage the logging output.  

In the long term it would be more operationally and cost efficient to consolidate to a service and retire the SIEM. Because many clients have made significant investments in their SIEM tools this may not be a viable option for them. We can work with them on a hybrid approach and help them with the transition over to a service. We can log into the SIEM and review of the logs/escalations historically so it would be more of a reactive service in the short term until we transition them to our full 24x7 real-time monitoring and escalation.

  • Certified Security Professionals
  • CEH – Certified Ethical Hacker & Pen Testers Certified Ethical Hacker v8 – (EC-Council)
  • GIAC GPEN (Penetration Tester)
  • GIAC GSNA (Network Security Auditor)
  • GIAC GCIH (Incident Response and Forensics)
  • CompTIA A+
  • CompTIA Network+
  • Microsoft Certified Professional
  • Certified Information System Security Professional
  • CISA  – (ISACA)
  • CISSP – (ISC2)
  • Qualified Security Assessor – QSA
  • PCIP – PCI Professional
  • HealthCare Information Security and Privacy Practitioner (HCISPP) –(ISC2)
  • CHPSE (Certified HIPAA Privacy and Security Expert)
  • Accredited Configuration Engineer (ACE) – Palo Alto Networks
  • Comptia – Security+
  • Comptia – Network+
  • Microsoft – MCSE
  • Microsoft – MCTS
  • Microsoft – MCITP /Exchange 2010
  • Microsoft – MCSA /Server 2012
  • Microsoft – MCSE /Server 2012
  • Juniper Networks Certified Associate
  • Juniper Networks Certified Professional Security (JNCIP-SEC)
  • Juniper Networks Certified Professional Enterprise Routing and Switching (JNCIP-ENT)
  • Juniper Networks Certified Sales Specialist Firewall/ IDP/ Enterprise Switching and Routing
  • Juniper Networks Certified Support Professional (JNCSP-ENT)
  • JNCIA
  • PCNSE6
  • Palo Alto ACE
  • CCNA R&S
  • CCNA DC
  • CCENT
  • OSCP (offensive Security Certified Professional)

Auditor Certifications

  • PCI
  • HIPAA
  • ISO 27001 / 02
  • SOC 1 AICPA SSAE 16 Attestation (replaces the old SAS70 Standard)
  • ISO27001
  1. # Customers
    1. 301
  2. # Devices
    1. 1,832
  3. # Logs (Alerts) per month
    1. About 1 billion per month
  4. # Events per period
    1. About 5,000 per month
  5. Assets Managing
    1. Over $7B
  • 301 MSSP and close to 400 consulting base customers
  • Our customers span all verticals and range from SMB to small enterprise (2,500-30,000 employees)

Subscribe to ForeSite Updates