FREQUENTLY ASKED QUESTIONS:

  • Technology:  Forthright Security uses a commercial Security Information and Event Management system to collect, correlate, and alert when security events happen.  Our vendor is listed as “Visionary” on the Gartner Magic Quadrant, and has a robust suite of tools that bring expert visibility of security threats while reducing noise (false positives).   In today’s world, the hard part is deciphering the ‘signal’ from the ‘noise’.
  • How do you address the 0-DAY threat?
    • Integrated global threat network and reputation monitor keeps all customers aware.  Attacks are anonymized and pushed to the cloud.  Threat data is correlated at the global level (multiple single incidents correlate to a larger threat), and then new threat data is downloaded to each console every 30 minutes.  Customers are protected almost as soon as an attacker starts a campaign, thereby proactively eliminating a threat vector.
    • Half-Hourly:  The Open Threat Exchange provides threat intelligence for collaborative defense for every protected client around the world. Updates happen every 30 minutes, 200,000-350,000 IPs validated daily, 8000 collection points, and 140 countries are participating in the OTX.
    • Weekly: Updates cover all of the coordinated rule sets.  These include network-based IDS signatures, host-based IDS signatures, asset discovery and inventory database updates, vulnerability database updates, event correlation rules, reporting modules and templates, incident response templates/ ”how to” guidance for each alarm, plug-ins to accommodate new data sources, and more.
  • Question:  How would you change your strategy if you knew for certain you were going to be compromised?
    • This question changes the conversation from prevention to detection & response. Prevention is a proven failed effort.  We have to adapt and respond to threats we don’t even know about.
    • The only way we can adapt and respond is to normalize behavior (capture logs, capture netflow, monitor behavior), and alert when we see anomalies.  This is behavior-based protection, and our product utilizes a 6 phase methodology to identify and alert to proactively protect.
  • How do you know if you’ve been compromised?
    • Bill Hess of PixelPrivacy.com has built an amazing educational website to help answer this very question at http://www.pixelprivacy.com.  I would strongly recommend taking some time to delve into this excellent resource to educate yourself on some of the common warning signs.
    • Here’s a link to the specific PixelPrivacy post that answers that specific question:  http://pixelprivacy.com/resources/have-you-been-hacked/
    • If you see any of the signs listed in the article above, contact us at Forthright Security for a free assessment and we’ll be glad to help.
  • Cyber is more than just Tech:  Cyber is not just a technology problem, it is a problem across people, technology, and operations.
    • Social Engineering, constant threat evolutions (changing & adapting to countermeasures), and adversarial thinking make it tough to defend.
    • Forthright Security has a defense in depth methodology to implement a robust security program that makes our customers a ‘hard target’.  Our job is to pick all the low-hanging fruit so the adversaries have to work hard and make a lot of noise which is easy to detect.
  • How much am I saving by outsourcing my security?
    • Given the 10 most recommended technologies and the pricing range, an organization could expect to spend anywhere from $225,000 to $1.46M in its first year, including technology staff. (Source:  The real cost of Security, 451 Research, April 2015).
    • Small and Mid-Size companies have the same problems as large companies, but don’t necessarily have the resources or the budget to execute the same way.  Forthright Security can bring you a Fortune 500 level security infrastructure and knowledge for a fraction of the cost.  Forthright Security provides everything you need (equipment) AND the expertise (people) for a fraction of the cost that a customer would pay to build a solution and hire people of their own.
    • Additionally, companies can move the investment in security from a Capital Expenditure (CapEx) into an Operational Expenditure (OpEx).  OpEx is fully tax-deductible in the year it is expended, so companies don’t have to recoup tax breaks through depreciation over the next 5 or 10 years.  OpEx makes it much easier to budget, because risk is placed on the vendor to provide services (OpEx), rather than having to unexpectedly replace in-house assets (CapEx) that fail.
  • What’s Forthright Security’s Value Proposition?
    • The value we bring to the table is that we integrate all the tools that an IT Security team needs to do the job, and we do that very cost effectively. We bring Asset Discovery, Vulnerability Assessment, Threat Detection, Behavioral Monitoring, and Security Intelligence all into one system.  On top of that, we also have a logging solution built in to meet compliance and forensics requirements.
  • What we do: Security Intelligence through Integration
    • We integrate 30 Open source tools (the same ones the bad guys use!)
    • The USM Framework visualizes the outputs from those tools and makes it easy to understand and harness intelligence into action.
    • The USM Extension API supports inclusion of additional data sources into the USM Framework.
  • What happens when I need something fixed, or I need expertise?
    • Forthright Security has a narrow focus in monitoring, threat detection, threat response, and forensics.  Our intent is to stay excellent at what we do.  With that said, we will provide support and service when it relates to security, but we intend to outsource regular IT type duties to a 3rd party local IT vendor.
      • For example, Let’s say that Forthright detects a critical flaw on one of your internet exposed web servers.  Our procedure is to call the company IT representative and let them know the flaw, the severity, and how to fix it.  Let’s say for instance that it’s something with SharePoint that the customer isn’t comfortable doing because it requires registry editing and could have the potential to disrupt business.  In this case, we’d work with the customer to pull in 3rd party assistance to help.  Our Forthright Security Senior Engineer would work with the company and the 3rd party vendor to get the problem fixed.
      • Second example – Let’s say that a router has gone End Of Life (EOL), and a new vulnerability was published that exploits that particular hardware.  Forthright Security would identify the flaw, the severity, and how to fix the issue to the customer.  In this case, the customer is totally comfortable installing the new equipment, and the upgraded equipment solves the problem.
      • Third example – New equipment is needed to support a production need.  The customer has purchased installation services from the vendor.  Forthright Security detects flaws on the new deployment and alerts the customer.  The customer will then work with the vendor to solve the problem, and Forthright Security will work with both parties to validate the issue is solved.
      • Forth example – Just like Example 2, Let’s say that a router has gone End Of Life (EOL), and a new vulnerability was published that exploits that particular hardware.  Forthright Security would identify the flaw, the severity, and how to fix the issue to the customer.  In this case, the customer asks for a recommendation.  The Forthright Security Senior Engineer would take a look and help the customer understand the best path forward based on his company’s future plans and mission.  In this case, a router needs to be upgraded to an adaptive security appliance to add an email proxy and web proxy capability.  Forthright would then contact the local 3rd party IT vendor, and provide the requirement with hardware suggestions.  Final specifications and price would be negotiated between all three parties.  The 3rd party IT vendor would then coordinate with the customer to arrange the installation.  Forthright Security would then validate the security of the new solution and then the ticket would be closed.