Your request has been received.

Foresite Blog

What makes our ProVision solution different from other MSSPs?

Posted on July 26, 2017

Whether you are looking to implement security monitoring of your network for the first time, or you have a renewal coming up and want to explore your options, the MSSP landscape can be confusing.  Here are some key differentiators of Foresite’s ProVision solution that you may want to consider: Scalability – Gartner’s Competitive Landscape: Managed Security Services highlighted a “technical glass ceiling” in the industry.  Very few MSSPs get past the combination of 1,000 clients/5000 devices under management.  The reason?  Technical limitations of the MSSP’s platforms. Our ProVision platform was built with this in mind, and also allows us to…

Read More

New Cybersecurity Strategy

Posted on July 18, 2017

The State of CT is the latest to release a cybersecurity strategy to assist state agencies and private businesses to protect critical data. The seven principles discussed in the strategy – leadership, literacy, preparation, response, recovery, communication and verification – can be applied to every person, organization, government agency and business in Connecticut. The strategy will also reach beyond state lines as state agencies and business aligning to the strategy will ask their vendors to do the same.  As the strategy is based on the National Institute of Standards and Technology (NIST) framework, it will be easy for organizations to…

Read More

Why not all healthcare breaches are reported, and what OCR is doing about it.

Posted on July 12, 2017

The numbers just don’t add up. Ransomware is on the rise, with the U.S. Justice Department estimating 4,000 attacks occurring each day.  Healthcare is a known target because of the value of patient data on the black market, yet only nine organizations reported malware breaches to OCR in all of 2016. “We’ve see a spike in the number of attacks, but we haven’t seen an increase in reporting. It’s interesting,”said Pam Hepp, shareholder, healthcare practice at Buchanan, Ingersoll & Rooney “I wouldn’t be shocked that the number of ransomware attacks are underreported, the analytics undertaken or wasn’t sufficient to demonstrate…

Read More

Frequently Asked Questions about Cyber Security

Posted on July 5, 2017

Cyber security certainly seems like a straightforward concept from the outset, right? It’s all about safeguarding your data from hackers and their various malware. Of course, once you dig just a little deeper you find out that threats to cyber security come from many more fronts than just the typical external one. Human error is still one of the highest contributing factors to compromised computer systems, only second to phishing/malware, which is reliant on human error. Once you realize some of the largest data breaches happen because of simple mistakes made by employees at opportune moments, things get a lot…

Read More

What can Wannacry and Petya outbreaks teach us about cybersecurity?

Posted on June 28, 2017

Organizations worldwide have been affected by the Wannacry and Petya ransomware strains. What can these latest attacks teach us about cybersecurity? Cybersecurity must be proactive – If you aren’t proactively preparing for threats like Wannacry and Petya and taking steps to prevent them, you will be impacted by them.  The costs of being reactive and having to investigate, remediate, and then put the protections and in place that you could have implemented to protect yourself will be high – and hopefully you won’t have to factor in costs for notification and credit monitoring of affected parties, or litigation and lost…

Read More

Why is separation of duties important when it comes to IT vendors?

Posted on June 21, 2017

Separation of duties is a means to prevent fraud or other behaviors that could harm an organization by preventing any one individual to have complete access to all controls that protect something of value. Just as no single staff member should handle all aspects of an organization’s finances without any controls, it is important to look at valuable data in the same way. SANS put together separation of duties guidelines for some of the most common areas to address within an internal IT dept. One area that is sometimes forgotten is the separation of duties with IT vendors.  Just as…

Read More

Does the EU General Data Protection Regulation (GDPR) apply to organizations in the U.S.?

Posted on June 14, 2017

The EU General Data Protection Regulation (GDPR) was designed to set a standard for data privacy laws throughout Europe, and to extend beyond those boundaries to protect the data of all EU citizens in this global economy. GDPR applies to all companies who process or store personal data of EU citizens, regardless of the company’s location. Although the GDPR regulation was adopted in April 2016, there is a two-year transition period for organizations to understand and plan to meet the requirements. Those who do not comply can be fined up to 4% of global revenues or €20 Million (whichever is…

Read More

A case study in maximizing IT resources

Posted on June 6, 2017

While there is certainly no shortage in cyber threats, there is a cyber skills shortage that is affecting most organizations. In fact, 46% of organizations have reported a “problematic shortage” of cybersecurity skills, and this issue has been the #1 area of concern for six years in a row. This issue presents a threat that can be addressed by leveraging outsourcing to supplement the skills of your internal IT staff.  The case study below is an actual example with some details changed to obscure the identity of our client. Foresite Case Study A multi-state provider of property and casualty insurance…

Read More

New Cybersecurity Guidance via NIST

Posted on May 31, 2017

NIST 8170 aims to provide a path to incorporate cybersecurity framework into existing security As the widespread outbreak of the wannacry ransomware showed, basic cybersecurity practices are not being followed by organizations large and small. The National Institute of Standards and Technology (NIST) released guidance on incorporating the NIST cybersecurity framework into existing security.  Dubbed “Framework meets FISMA”, this document was intended to assist federal agencies with meeting the new executive order issued by Donald Trump. Officially titled “NIST Interagency Report 8170“, it outlines how to vet third-party vendors, assign responsibilities across the staff, and to assess how well an…

Read More

Wannacry Ransomware

Posted on May 16, 2017

Reported by multiple news and information security outlets, Wannacry ransomware hit organizations in over 100 countries and is believed to be the largest successful attack to have occurred to date. WannaCry ransomware is successfully infecting organizations around the world. Malicious persons have taken this information and infected devices  through common phishing attacks. The inclusion of infected attachments in the email is the delivery mechanism of the payload. With the infection, the victim device is known to attempt to scan for open TCP port 445, which appears to be an attempt to identify additional victims. (Additional attack vector may also be…

Read More

Interested in what Foresite can do for you?

At Foresite, we like to consider each client’s needs individually, in order to determine the best approach to your unique requirements. So let’s talk! Contact Foresite to request a scoping call today.

Contact Foresite