ProVision provides unprecedented visibility of your logs and security efforts, giving you incomparable views into your security position.
View and customize dashboards and reports. Leverage analytics to reveal actionable business intelligence.
Manage all of your assets and system inventory all in one place
Quickly and efficiently analyze security log data with our built-in log management dashboard.
Knowing is half the battle. Know which events are critical with ProVision’s identification of legitimate threats, while weeding out false positives.
Choose to manage your own or access our team of trained security analysts allowing your team to focus on core activities.
There are no limited to the size or volume of logs that can be forwarded to ProVision with our scalable infrastructure.
ProVision, our proprietary cutting-edge management platform, puts you in the driver’s seat of your business data and security operations. It is designed to meet the most stringent of today’s industry standards, but provides ease of use and flexibility that is unmatched. ProVision allows your business to anticipate the demands of tomorrow and make business decisions that allow you to seize opportunities.
While some SIEM tools provide very proficient analysis engines but may not offer a full suite of capabilities, the ProVision infrastructure has many components for full Security Monitoring & Analysis, unifying all the toolsets into one, complete solution. There are no limits to size or volume of logs that can be forwarded to ProVision as it is a scalable infrastructure, built as a multi-tenant platform to accommodate multiple customers and technologies.
Business rules create the intelligent analysis of data within the environment. These come ready-made but can also be specifically written to accommodate your needs. Dashboards can also be customized for specific views or requirements and can include Logs, Events, Statistics, Threats, and other important data.
Many reports are available out of the box, plus we give you the ability to customize your reporting. Build reports that focus on compliance, service, data analysis, and many more business objectives.
Large enterprises might deal with tens of thousands of security alerts daily, most of which turn out to be harmless. While it does pay to do your due diligence, assessing hundreds of unnecessary alerts is a real resource sink for your IT security team.
ProVision allows your security team to home in on potential threats by intelligently reducing the number of security alerts that your team must assess each day. The system identifies legitimate threats, weeding out false positives within your log streams to intelligently analyzes those threats of interest to be investigated by our team of security analysts, allowing your team to focus on core activities.
ProVision was designed to be extremely flexible, which is why it is built upon our robust cloud-based architecture. It’s the same system that we use for our own Managed Services Solutions!
ProVision provides unprecedented visibility of your logs and security efforts, giving you incomparable views into your security position and allowing you to:
- Manage assets and system inventory
- View and customize dashboards and reports
- Leverage analytics to reveal business intelligence
- Download reports
- Review and search alerts
- Open and manage tickets
- Access the Foresite knowledge base
We work with companies to implement ProVision with their current IT security systems. If you want all of the power and flexibility of Foresite managed security services, with the ability to see a top-down analysis of your data security operations, ProVision can help your business gain an edge in your industry.
Is Foresite’s ProVision a SIEM or an MSSP?
Let’s start by defining the terms. SIEM stands for Security Information and Event Management, and a SIEM tool collects logs for the analysis of security alerts. MSSP stands for Managed Security Service Provider, a technology company that provides cybersecurity monitoring and management.
Can I use ProVision if I already own a SIEM or Cybersecurity tool?
Yes! Our services actually complements what many of the common tools provide.
When an organization purchases a tool, hardware device, or software solution in an effort to make their network more secure, there are a number of steps that need to happen. The technology must be installed and tuned properly to be effective, and ongoing tuning is also required for many tools. In the case of SIEM tools, someone needs to determine all of the scenarios that the organizations wants to be alerted to and create rules to generate these alerts. Let’s then assume that everything has been configured and rules exist to alert. Who is going to be monitoring 24/7 to see the alerts, be trained to investigate them to determine if there is a threat, technical issue, or just a “false alarm” that can be ignored? And if a true threat is detected, who will have the experience to know what steps to take for incident response?
How does ProVision differ from a SIEM tool?
First and foremost it comes back to the additional services, expertise and experience that our human team provides. There are other important differences as well, including our ticketing system and ability to integrate it with the customer’s ticketing system, our logging and auditing that addresses compliance requirements, our pre-set business rules and knowledge base to enrich detection of suspicious behaviors, our ability to manage or co-manage firewalls, and the multi-tenancy of our portal for customers to be able to view by location or department or Resellers to be able to have a single portal log in with drop down to view individual customers, but each customer only able to view their own portal.
How does the cost of ProVision compare to SIEM tools and other MSSPs?
We use fixed cost device-based pricing, so the most important aspect is that your pricing will not fluctuate based on bandwidth, alerts or tickets generated, firewall management requirements, business rule tuning or any other usage.
ProVision does not require the up-front purchase of an expensive tool or proprietary appliance, our VisionLink log collector is a one-time license fee per location with minimal onboarding labor, as opposed to the cost of a SIEM implementation project.
ProVision also includes ongoing business rule tuning via the assigned Technical Account Manager. Our pricing is extremely competitive with other MSSPs that are providing similar services, and we do offer competitive discounts.
Depending on the size and nature of the estate, ProVision often costs less than SIEM tools and also includes all the human analysis, interaction, escalation and notification plus ongoing tuning.
What are some of the key differentiators between ProVision and other solutions?
AKA – How does Foresite ProVision compare to XYZ?
ProVision is both a SIEM-like tool for log collection and aggregation, plus our trained security analysts, solutions architects, compliance auditors, and incident response resources. Our solutions also includes our ticketing system with the ability to integrate it with other ticketing systems (Service Now, ConnectWise Manage, etc.), our logging and auditing that addresses compliance requirements, our pre-set business rules and knowledge base to enrich detection of suspicious behaviors, our ability to manage or co-manage firewalls, and the multi-tenancy of our portal for customers to be able to view by location or department or Resellers to be able to have a single portal log in with drop down to view individual customers, but each customer only able to view their own portal.
Taking advantage of a multi-tenant platform that services multiple customers enables you to capitalize on the everything that is being seeing across the entire base and not just specific traffic on your infrastructure. For example, if a threat is seen on another account, it can be mitigated across all customers quickly and efficiently
What are the technical requirements to run ProVision?
Unless logging for the in scope technologies is centralized, a VisionLink log collector needs to be installed at each location. The VisionLink download requires a virtual or physical server with minimum specs of 500GB HDD, quad-core CPU, 4 GB RAM. The rest of the service is all run in the Foresite cloud.
How long are logs retained with ProVision?
Logs are stored locally on the VisionLink log collector for 90 days, and in the ProVision SOC cloud for 1 year by default. Log retention can be customized for longer retention on client-provided at no additional cost, or in the ProVision cloud archives for an additional storage fee.
Does Foresite collect sensitive data from our environment?
The log data collected via VisionLink is normalized and aggregated locally before being sent into our portal. Most of the log files are not considered sensitive data, however, all transmissions are encrypted and the portal access is protected with multi-factor authentication
Does data collected by Foresite leave the U.S.?
All data currently resides within our US Data centers. Cloud data centers can be set up within other supported countries (including EU and Canada).
Does Foresite incorporate any outside threat feeds?
Yes, we incorporate 10-15 outside threat feeds at any given time, and we continually adjust the feeds we find most effective and relevant. We can incorporate a specific feed (or feeds) for a particular customer as well.