

Fortress: Making Success Reliable

Fortress Secures the Supply Chain
- Managing 300k+ assets and
- Managing 40k+ vendors
- Managing NIST, NERC ISO & other frameworks

Operations Friendly
- Bend the O&M curve with assessment & patch sharing
- Dedicated services team ensures your success
- You have a direct line to Fortress executives

Flexible Solutions
- Fortress Platform comes preconfigured or customized
- Dedicated developer resources ensure perfect fit
- Existing tools are integrated for complete visibility
- Bridge vendor and assets (IT/OT/IoT/IIoT) risk management
It takes companies an average of 69 days to fix or mitigate a critical web application vulnerability, and 65 days to close a critical infrastructure vulnerability.
2019 VULNERABILITY STATISTICS REPORT
Fortress Capabilities
-
Fortress Platform is modular
-
Smaller engagements focus on automation, technology tools and advisory services
-
Larger engagements are delivered as outcome-as-a-service with deep integration into existing software solutions

The Fortress Platform
-
Built on lightning-fast, modern architecture
-
Has the simplicity of a spreadsheet with all the “oomph” of an enterprise system
-
Features include workflow management, task assignment, approvals and vendor portal
-
Flexible architecture for integrations and enhancements
-
Robust analytics module included, enabling simple self-service for reporting
Built for Security, Tailored to Compliance
Flexible to handle any regulatory standards
✓ NERC CIP, NIST 800, ISO 27001 and other cybersecurity frameworks are mapped to findings and remediation
✓ Special documentation as required by industry regulatory frameworks such as NRC, HIPAA, CCPA, etc., is also stored directly in the Platform. Proprietary assessments are also supported
✓ C2M2, DoD’s CMMC, VRMMM and other maturity models are captured in the Platform and measured over time
Case Study $40Bn
Investor-Owned Utility
leveraging all offerings
✓ Orchestration platform
(1) Implemented fully-compliant program in 45 days; (2) integrated GRC system, RSA Archer, and the procurement system, AssetSuite; (3) integrations were also implemented to perform consolidated vendor and asset risk management (integrations included ServiceNow, Rapid7, Industrial Defender, Tufin and Tenable); (4) advisory services enabled instant program stand-up with predefined processes, procedures and workflows
✓ Data-driven risk ranking
Deployed the “data-driven risk rank” to instantly classify and create an initial inherent risk estimate for 20,000 organizations
✓ Cyber and business risk monitoring
(1) Continuous cyber risk monitoring performed on all 20,000 organizations (e.g., malware, spam propagation, application vulnerabilities, unsecured ports, secure protocol configuration, domain configuration); (2) Continuous operational risk monitoring performed on 4,000 high-risk vendors (e.g., negative news, social media, financial, regulatory, safety, legal, sentiment and AML/anti-bribery risk areas)
✓ Asset to Vendor Network (A2V)
Asset to Vendor Network for vendor assessments and product vulnerability solutions where costs are shared across network participants. Contract was structured to allow for capital treatment
✓ Assessment services
Managed services provided to deliver outcome-as-a-service for manual risk ranks, risk assessments, contract reviews, on-site security assessments and remediation
✓ Vulnerability management
Managed services provided to deliver outcome-as-a-service for asset inventorying and CIP governance management for timely patch deployments on 250,000+ assets
Fortress is a Partner you can grow with.
Orchestration platformWorkflow, integrations, vendor portal, onboarding, document mgmt., self-assessments, contract mgmt., etc |
Data-Driven Risk RankingLeveraging machine learning, third-party data sources, public data and filings on ALL vendors |
Cyber & Business Risk MonitoringIncluding negative news & sentiment, anti-bribery/AML, legal, financial, safety, regulatory/compliance |
Asset to Vendor (A2V) NetworkSharing security costs, created in partnership with founding members such as American Electric Power and Southern Company |
Assessment |
Asset Risk ManagementDevice and product vulnerability, patch and secure delivery solution; linkage of vendor risk to asset risk |
|
---|---|---|---|---|---|---|
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
![]() |
Assessment Exchange Providers | ![]() |
![]() |
- |
![]() |
![]() |
- |
GRC Software Providers | ![]() |
- |
- |
- |
- |
![]() |
Continuous Monitoring Providers | ![]() |
![]() |
![]() |
- |
- |
- |
"Big 4" Consultancies | ![]() |
- |
- |
- |
![]() |
- |
Buy or Build? Fortress program rollout is simple and fast.

FORTRESS IN THE NEWS
Mixed Reactions on Looming DOE NOPR for Bulk Power System Security
The Department of Energy (DOE) will issue a notice of proposed rule-making (NOPR) to implement President Trump’s broad bulk power system (BPS) security executive order (EO) “later this fall,” a DOE official confirmed to POWER on Oct. 5. Though the...
Power Sector, Federal Entities Scramble to Close Supply Chain Security Gaps
Marking another major federal effort to address potential supply chain risks to the bulk power system (BPS), the Federal Energy Regulatory Commission (FERC) on Sept. 17 sought industry’s perspective on a number of important considerations,...
FERC investigates risk of foreign adversary-supplied bulk power equipment, with focus on Huawei, ZTE
If utilities are forced to pull suspect components from the grid then the cost implications could be significant, according to Tobias Whitney, vice president of energy security solutions at Fortress Information Security. The average utility could...
Get in touch
Want to find out how Fortress can solve problems specific to your business?
Let's connect!
189 S. Orange Avenue, Ste 1950, Orlando, FL 32801
(407) 573.6800
sales@fortressinfosec.com
COPYRIGHT © 2020. FORTRESS INFORMATION SECURITY. ALL RIGHTS RESERVED. PRIVACY POLICY