Foresite. Advanced Managed Services Solutions.
Our proprietary ProVision platform helps businesses manage assets, generate reports, and leverage analytics that enable them to make smart business decisions.
ProVision provides unprecedented visibility of your logs and security efforts, giving you incomparable views into your security position.
View and customize dashboards and reports. Leverage analytics to reveal actionable business intelligence.
Knowing is half the battle. Know which events are critical with ProVision’s identification of legitimate threats, while weeding out false positives.
Choose to manage your own or access our team of trained security analysts allowing your team to focus on core activities.
Powerful and flexible security management
Customize your security management environment
Business rules create the intelligent analysis of data within the environment. These come ready-made but can also be specifically written to accommodate your needs. Dashboards can also be customized for specific views or requirements and can include Logs, Events, Statistics, Threats, and other important data.
Many reports are available out of the box, plus we give you the ability to customize your reporting. Build reports that focus on compliance, service, data analysis, and many more business objectives.
Save time by focusing on important alerts
Large enterprises might deal with tens of thousands of security alerts daily, most of which turn out to be harmless. While it does pay to do your due diligence, assessing hundreds of unnecessary alerts is a real resource sink for your IT security team.
ProVision allows your security team to home in on potential threats by intelligently reducing the number of security alerts that your team must assess each day. The system identifies legitimate threats, weeding out false positives within your log streams to intelligently analyzes those threats of interest to be investigated by our team of security analysts, allowing your team to focus on core activities.
ProVision was designed to be extremely flexible, which is why it is built upon our robust cloud-based architecture. It’s the same system that we use for our own Managed Services Solutions!
ProVision provides unprecedented visibility of your logs and security efforts, giving you incomparable views into your security position and allowing you to:
- Manage assets and system inventory
- View and customize dashboards and reports
- Leverage analytics to reveal business intelligence
- Download reports
- Review and search alerts
- Open and manage tickets
- Access the Foresite knowledge base
We work with companies to implement ProVision with their current IT security systems. If you want all of the power and flexibility of Foresite managed security services, with the ability to see a top-down analysis of your data security operations, ProVision can help your business gain an edge in your industry.
ProVision Frequently Asked Questions
Learn More or Schedule a Demo Today.
NYDLA Members get special pricing off all things Foresite!
Is Foresite’s ProVision a SIEM or an MSSP?
- Let’s start by defining the terms. SIEM stands for Security Information and Event Management, and a SIEM tool collects logs for the analysis of security alerts. MSSP stands for Managed Security Service Provider, a technology company that provides cybersecurity monitoring and management.
- Foresite’s ProVision service provides both a SIEM-like tool (VisionLink) and the MSSP services, so we are effectively both.
Can I use ProVision if I already own a SIEM or Cybersecurity tool?
- Yes! Our services actually complements what many of the common tools provide.
- When an organization purchases a tool, hardware device, or software solution in an effort to make their network more secure, there are a number of steps that need to happen. The technology must be installed and tuned properly to be effective, and ongoing tuning is also required for many tools. In the case of SIEM tools, someone needs to determine all of the scenarios that the organizations wants to be alerted to and create rules to generate these alerts. Let’s then assume that everything has been configured and rules exist to alert. Who is going to be monitoring 24/7 to see the alerts, be trained to investigate them to determine if there is a threat, technical issue, or just a “false alarm” that can be ignored? And if a true threat is detected, who will have the experience to know what steps to take for incident response?
- Not happy with your SIEM tool, or looking to reduce costs? ProVision can potentially replace your SIEM to save on costly licensing and labor to maintain it.
How does ProVision differ from a SIEM tool?
- First and foremost it comes back to the additional services, expertise and experience that our human team provides. There are other important differences as well, including our ticketing system and ability to integrate it with the customer’s ticketing system, our logging and auditing that addresses compliance requirements, our pre-set business rules and knowledge base to enrich detection of suspicious behaviors, our ability to manage or co-manage firewalls, and the multi-tenancy of our portal for customers to be able to view by location or department or Resellers to be able to have a single portal log in with drop down to view individual customers, but each customer only able to view their own portal.
How does the cost of ProVision compare to SIEM tools and other MSSPs?
- We use fixed cost device-based pricing, so the most important aspect is that your pricing will not fluctuate based on bandwidth, alerts or tickets generated, firewall management requirements, business rule tuning or any other usage.
ProVision does not require the up-front purchase of an expensive tool or proprietary appliance, our VisionLink log collector is a one-time license fee per location with minimal onboarding labor, as opposed to the cost of a SIEM implementation project.
- ProVision also includes ongoing business rule tuning via the assigned Technical Account Manager. Our pricing is extremely competitive with other MSSPs that are providing similar services, and we do offer competitive discounts.
Depending on the size and nature of the estate, ProVision often costs less than SIEM tools and also includes all the human analysis, interaction, escalation and notification plus ongoing tuning.
What are some of the key differentiators between ProVision and other solutions?
- AKA – How does Foresite ProVision compare to XYZ?
- ProVision is both a SIEM-like tool for log collection and aggregation, plus our trained security analysts, solutions architects, compliance auditors, and incident response resources. Our solutions also includes our ticketing system with the ability to integrate it with other ticketing systems (Service Now, ConnectWise Manage, etc.), our logging and auditing that addresses compliance requirements, our pre-set business rules and knowledge base to enrich detection of suspicious behaviors, our ability to manage or co-manage firewalls, and the multi-tenancy of our portal for customers to be able to view by location or department or Resellers to be able to have a single portal log in with drop down to view individual customers, but each customer only able to view their own portal.
- Taking advantage of a multi-tenant platform that services multiple customers enables you to capitalize on the everything that is being seeing across the entire base and not just specific traffic on your infrastructure. For example, if a threat is seen on another account, it can be mitigated across all customers quickly and efficiently.
What are the technical requirements to run ProVision?
- Unless logging for the in scope technologies is centralized, a VisionLink log collector needs to be installed at each location. The VisionLink download requires a virtual or physical server with minimum specs of 500GB HDD, quad-core CPU, 4 GB RAM. The rest of the service is all run in the Foresite cloud.
How long are logs retained with ProVision?
- Logs are stored locally on the VisionLink log collector for 90 days, and in the ProVision SOC cloud for 1 year by default. Log retention can be customized for longer retention on client-provided at no additional cost, or in the ProVision cloud archives for an additional storage fee.
Does Foresite collect sensitive data from our environment?
- The log data collected via VisionLink is normalized and aggregated locally before being sent into our portal. Most of the log files are not considered sensitive data, however, all transmissions are encrypted and the portal access is protected with multi-factor authentication.
Does data collected by Foresite leave the U.S.?
- All data currently resides within our US Data centers. Cloud data centers can be set up within other supported countries (including EU and Canada).
Does Foresite incorporate any outside threat feeds?
- Yes, we incorporate 10-15 outside threat feeds at any given time, and we continually adjust the feeds we find most effective and relevant. We can incorporate a specific feed (or feeds) for a particular customer as well.