

Foresite Cybersecurity
Google Cloud Premier SecOps Partner delivering MDR built on Chronicle SIEM and SOAR. Foresite's Agentic SOC uses AI agents to analyze attack paths and stage response actions, but all containment requires human authorization before execution (their "Glass Box Model"). Compliance automation focus (CMMC, HIPAA, PCI) integrated with threat detection. Vendor-agnostic approach works with CrowdStrike, Tanium, and other EDR tools. ~80-96 employees, headquartered in Overland Park, Kansas.
Buyer fit
Good fit when
- ✓Google Cloud-first organizations wanting deep Chronicle SIEM and SOAR integration from a dedicated Google partner
- ✓Mid-market companies (100-1000 employees) needing compliance automation bundled with MDR
- ✓Regulated industries (healthcare, finance, government) requiring CMMC, HIPAA, or PCI alignment
- ✓Organizations that want full visibility into AI-driven analysis before actions are taken (Glass Box Model)
Watch out when
- ×Organizations wanting fully autonomous remediation without human approval loops
- ×SMBs with limited budgets -- deployment packages alone cost $25K-$100K before ongoing MDR fees
- ×Multi-cloud or non-Google environments where Foresite's Google-centric expertise is less relevant
- ×Buyers needing follow-the-sun SOC coverage or global SOC presence (single Kansas site)
Coverage
EDR
SIEM
Cloud
Additional capabilities
Incident response
Pricing
What costs extra
- –Advanced and Security Transformation deployment tiers ($50K-$100K) for dashboards, SOAR tuning, co-management
- –vCISO services available as add-on
- –Compliance assessments (CMMC, HIPAA, PCI) may be separate engagements
- –Breach Response Services with $250K cyber liability insurance (unclear if bundled with MXDR or separate purchase)
Cost caveats
- –Deployment packages ($25K-$100K) are one-time setup fees on top of ongoing MDR subscription, which is not publicly priced
- –Google Chronicle SIEM and SOAR licensing costs may be separate from Foresite's managed service fees -- clarify who holds the Chronicle license
- –Data ingestion costs scale with log volume on Chronicle platform, which can grow unpredictably
- –Specific response actions available through SOAR playbooks are not publicly documented -- ask exactly what containment actions they can execute
- –Single SOC site in Kansas means no geographic redundancy or follow-the-sun coverage
Pricing compiled from public sources. Verify directly with the provider.
Team and access
Certifications
Reputation
MSSP Alert Top 250 (2020, top 10%). Clutch: 30 reviews with 100% satisfaction rate. Limited presence on Reddit, G2, or PeerSpot. Available feedback highlights strong technical support and effective communication. Small provider (~80-96 employees) with regional Kansas focus and heavy Google Cloud positioning means limited visibility outside the Google ecosystem.
What customers praise
- ✓Strong technical support with dedicated engineers (Clutch reviews highlight this consistently)
- ✓Effective communication on complex topics with timely ticket response
- ✓Deep Google Cloud SecOps expertise with certified engineers across Chronicle, SOAR, and GCP security
Common complaints
- ×Limited public reviews make it hard to assess consistency across customer base
- ×Pricing opacity requires custom quotes, complicates budgeting
- ×Regional presence (Kansas-based) may concern buyers wanting global SOC coverage
Questions to ask
- 1.
What is the total cost breakdown: deployment package + Chronicle SIEM licensing + ongoing MXDR subscription? Who holds the Chronicle license, us or Foresite?
- 2.
What specific containment actions can your SOAR playbooks execute? Can you isolate endpoints, kill processes, disable accounts? Through which tools?
- 3.
What is the average time from AI-staged recommendation to human authorization and execution? How does that delay affect containment during an active incident?
- 4.
Your SOC operates from a single site in Kansas. How do you handle 24/7 coverage, overnight staffing, and what happens if that site goes down?
- 5.
Is the $250K cyber liability insurance included with MXDR or a separate Breach Response Services purchase? What are the coverage terms?
- 6.
What happens to Foresite-built detection rules, SOAR playbooks, and Catalyst configurations if we terminate the managed service contract?
- 7.
Can you provide customer references in our size range who have completed CMMC or HIPAA audits using your compliance automation?
- 8.
What is the boundary between your 24/7 managed SOC monitoring and full incident response? At what point does an incident require a separate IR engagement?
Evidence
Sources reviewed
Public-data caveats
- –No public contractual response-time SLA is recorded for this profile.
- –No public fixed price is recorded; compare only after a scoped quote.
- –No public breach warranty is recorded.
- –Response workflows are described, but exact standard containment actions are not public.
Also consider
Information compiled from public sources. Verify details directly with the provider before making decisions.