Your request has been received.

Foresite Blog

So many logs, so little time. Where do you focus?

Posted on November 14, 2017

Under any framework, cybersecurity regulation, or security program an organization adheres to, there will be requirement for  logging, alerting and/or monitoring. This is to be expected as the third logical link in the security cycle is detection, and how do we detect? For the most part, we detect using logs. (There are other methods, but in today’s world primarily we are using logs to detect as other methods are maturing). This leads to important questions given the many log files your devices will produce, and the fact that you only have so many hours in a day. Which logs are…

Read More

Expertise isn’t free, but not having it can really cost you….a true story

Posted on November 7, 2017

Normally when we discuss a recent project, we review the client’s challenges and objectives and how we helped meet them.  This case was a bit different. We were contacted by one of our Resellers who had a former client who had sold his company at the beginning of 2017.  The business was an online retailer, and had been sold to the new owners as PCI compliant.  The new owners had a PCI audit performed, were told they were far from compliant, and were suing the former owner for damages in excess of $700,000. Foresite agreed to take a call with…

Read More

The value of comprehensive endpoint security

Posted on October 31, 2017

Cyber security companies are all announcing their latest and greatest endpoint solutions, and clients are asking about the value of moving from traditional antivirus (AV) to these endpoint suites.  There are a number of things to consider to make sure you get the value from an endpoint investment:  Is your organization subject to compliance requirements?  If so, you want to confirm that any solution you consider meets the compliance requirements that apply to you.  Compliance requirements often lag behind the latest solutions, and you may technically need to have antivirus to “check the box” even if an endpoint solution provides…

Read More

Banks With Bad Cybersecurity Could Face SWIFT Justice

Posted on October 24, 2017

Is SWIFT now playing good cop/bad cop? SWIFT – formally known as the Society for Worldwide Interbank Financial Telecommunication – is a nonprofit cooperative owned by 3,000 banks that bills itself as “the world’s leading provider of secure financial messaging services.” Its network and software daily processes 25 million communications that collectively account for billions of dollars’ worth of transfers. SWIFT CEO Gottfried Leibbrandt initially said that his organization wouldn’t impose data security standards on any of its 11,000 members. “The system is only as secure as the weakest link.” “SWIFT is not all-powerful, we are not a regulator, and…

Read More

GDPR – Frequently Asked Questions

Posted on October 17, 2017

The General Data Protection Regulation has many organizations concerned, and with good reason.  Although the requirements don’t take effect until May 2018, they may be challenging to address.  The first step is to gain a better understanding of them through our frequently asked questions. Where do we start to prepare for an audit?  The first step is to determine what data you hold. Think about your HR files, client database(s), vendor records, etc.  If you maintain any records that include information on citizens protected under GDPR, you need to document not only which systems, but also the data flow. Isn’t…

Read More

Foresite’s Response to 7 SIEM Situations That Can Sack Security Teams

Posted on October 10, 2017

Dark Reading published the 7 SIEM Situations That Can Sack Security Teams, and it highlights many of the reasons why we developed our ProVision solution as another option to address these challenges. #1 – SIEM expenses are more than expected.  As noted in the article, many teams budget for the cost of the solution, but greatly underestimate the cost of the implementation and ongoing resources.  In other cases, billing by usage (bandwidth, events per second, change requests) can also be major budget-busters. Solution: Foresite’s quotes include licensing of our proprietary tool, onboarding, and ongoing support and tuning.  No usage or…

Read More

How to Maintain PCI Compliance

Posted on October 3, 2017

Companies struggle to maintain PCI compliance within a year of meeting it, according to a new payment security report by Verizon. The number of businesses achieving full compliance with their annual Payment Card Industry Data Security Standard (PCI DSS) review reached a record 55.4% last year, but nearly half of companies fall out of compliance within a year, according to the Verizon 2017 Payment Security Report. Even more telling: in all of the nearly 300 payment card data breaches that Verizon investigated in 2010 to 2016, the businesses hit were not fully PCI DSS-compliant at the time of their breach….

Read More

CASE STUDY – Limited staff and budget doesn’t have to compromise cybersecurity

Posted on September 26, 2017

These days you would be hard-pressed to find any organization who felt they had adequate staff and financial resources to stand up to the constant barrage of cyber threats.  The education sector has been especially hard hit due to their reliance on public funding. A K-12 school system approached one of our Resellers with several concerns.  With only a handful of IT staff, they couldn’t monitor their network for threats 24/7 and keep up with day-to-day support requests and implementation projects.  They were also finding it challenging to stay on top of change requests on the district’s firewalls. Investing in…

Read More

Cloud Computing- Moving data to cloud does not transfer liability to protect it

Posted on September 19, 2017

It’s a common misconception that by moving to the cloud or relying on a third-party cloud service provider to process and store data that the full responsibility to protect it falls in the vendor.  Not so! The data is still your data and your potential liability. It is critical to perform due diligence when selecting cloud vendors and/or applications, and due care when moving into the cloud. Foresite provides consulting services to help vet out vendors and solutions, confirm proper configuration and insure that you are following cyber security best practices.  If your data is protected by compliance, we can…

Read More

Avoid Being the Next Equifax – Learn From Their Recent Breach

Posted on September 8, 2017

The Equifax breach just hit the news last week, and already a class action suit has been proposed, seeking $70 billion dollars in damages due to the estimated exposure of personal information of over 143 million people.  It also doesn’t help Equifax’s reputation when several executives dumped stock worth $1.8 million just days prior to the breach being made public. While details of the breach are still being confirmed, it was reportedly exploitation of a known application vulnerability that allowed access.  Why wasn’t there monitoring in place that could have triggered on unusual behavior patterns, such as exfiltration of data…

Read More

Interested in what Foresite can do for you?

At Foresite, we like to consider each client’s needs individually, in order to determine the best approach to your unique requirements. So let’s talk! Contact Foresite to request a scoping call today.

Contact Foresite