Curated Supplier · MDR · Agentic SOC · Google Stack

Foresite — the Google-stack MDR that Ontinue is for Microsoft.

Google Cloud Premier SecOps Partner running Catalyst Citadel — an agentic SOC platform built on Google SecOps (Chronicle). AI agents investigate threats and stage response actions; humans authorize containment under the "Glass Box Model." If you've standardized on Google Cloud or your security stack is moving to Google SecOps, this is the MDR brief built around that decision.

What Foresite actually does.

Foresite ran the full evolution from Chronicle to Google SecOps and architected Catalyst Citadel as the automation and response engine layered on top. The pitch isn't "we also do Google" — it's "Google SecOps is the only platform we operate." 95% of their team are technical practitioners on the Google stack. For organizations standardizing on Google Cloud and adopting Google SecOps for SIEM/SOAR/XDR, Foresite operationalizes that investment the same way Ontinue operationalizes M365 E5 Security on the Microsoft side.

Capabilities · A short list

Catalyst Citadel — agentic SOC on Google SecOps AI-driven threat analysis with autonomous investigation agents. Integrates with Chronicle SIEM, SOAR, and XDR as native, not bolted-on.
"Glass Box Model" agentic response AI agents stage response actions, but every containment requires human authorization. Every AI action is explainable, auditable, and owned by a named analyst. The "agentic but accountable" pattern.
Cyber Fusion Center 24/7 SOC US-based SOC analysts. Human-led validation on top of AI-driven triage. Co-pilot mode for orgs with internal SOCs, fully managed for orgs without.
ProVision platform — MDR + compliance Integrated compliance automation (CMMC, HIPAA, PCI) alongside detection. Single platform for both security operations and audit readiness.
SIEM migration + detection engineering Lift-and-shift migrations from legacy SIEMs (Splunk, QRadar) to Google SecOps. YARA-L rules, parsers, content packs, dashboards authored and maintained by Foresite.
Vendor-agnostic EDR integration Works with CrowdStrike, Tanium, SentinelOne, and other EDR tools. Not locked to any single endpoint vendor.

Who this fits.

Best Fit

CISO at Google-stack organization adopting Google SecOps

You've made or are making the Google Cloud bet. Google SecOps is your SIEM/SOAR direction. Foresite operationalizes that investment so you don't have to staff a SOC against the Google consoles internally.

Strong Fit

Organizations migrating off legacy SIEM to Google SecOps

Foresite's specialty is exactly this migration — parsers, content packs, dashboards, data pipeline hardening. Most MSSPs treat migrations as side projects; this is Foresite's core.

Mixed Fit

Organizations exploring agentic SOC concepts generally

If "agentic SOC" is the priority but you're not Google-aligned, this isn't your brief. Ontinue's agentic story is on the Microsoft side; Sophos and Arctic Wolf have their own agentic plays.

Less Likely

Microsoft-first organizations with E5 Security

If you're standardized on M365 E5, Defender, and Sentinel, Ontinue is the parallel brief. Don't run Foresite against a Microsoft stack.

How Foresite sits against the field.

This page

Foresite

Google-stack MDR specialist
Google Cloud Premier SecOps Partner
Catalyst Citadel agentic SOC platform
"Glass Box Model" — AI + human accountability
Strong fit: Google Cloud / Google SecOps organizations

Adjacent

Ontinue

The Microsoft-stack parallel to Foresite
Same pattern, different ecosystem
Microsoft Security MSSP of the Year
Available through our sourcing network
Brief choice depends on stack alignment

Different shape

eSentire

Stack-agnostic top-tier MDR
Atlas XDR is proprietary, not Google-native
Wins on detection engineering depth
Available through our sourcing network
Multi-supplier brief recommended