Fortress: Making Success Reliable
Fortress Secures the Supply Chain
- Managing 300k+ assets and
- Managing 40k+ vendors
- Managing NIST, NERC ISO & other frameworks
Operations Friendly
- Bend the O&M curve with assessment & patch sharing
- Dedicated services team ensures your success
- You have a direct line to Fortress executives
Flexible Solutions
- Fortress Platform comes preconfigured or customized
- Dedicated developer resources ensure perfect fit
- Existing tools are integrated for complete visibility
- Bridge vendor and assets (IT/OT/IoT/IIoT) risk management
It takes companies an average of 69 days to fix or mitigate a critical web application vulnerability, and 65 days to close a critical infrastructure vulnerability.
2019 VULNERABILITY STATISTICS REPORT
Fortress Capabilities
-
Fortress Platform is modular
-
Smaller engagements focus on automation, technology tools and advisory services
-
Larger engagements are delivered as outcome-as-a-service with deep integration into existing software solutions
The Fortress Platform
-
Built on lightning-fast, modern architecture
-
Has the simplicity of a spreadsheet with all the “oomph” of an enterprise system
-
Features include workflow management, task assignment, approvals and vendor portal
-
Flexible architecture for integrations and enhancements
-
Robust analytics module included, enabling simple self-service for reporting
Built for Security, Tailored to Compliance
Flexible to handle any regulatory standards
✓ NERC CIP, NIST 800, ISO 27001 and other cybersecurity frameworks are mapped to findings and remediation
✓ Special documentation as required by industry regulatory frameworks such as NRC, HIPAA, CCPA, etc., is also stored directly in the Platform. Proprietary assessments are also supported
✓ C2M2, DoD’s CMMC, VRMMM and other maturity models are captured in the Platform and measured over time
Case Study $40Bn
Investor-Owned Utility
leveraging all offerings
✓ Orchestration platform
(1) Implemented fully-compliant program in 45 days; (2) integrated GRC system, RSA Archer, and the procurement system, AssetSuite; (3) integrations were also implemented to perform consolidated vendor and asset risk management (integrations included ServiceNow, Rapid7, Industrial Defender, Tufin and Tenable); (4) advisory services enabled instant program stand-up with predefined processes, procedures and workflows
✓ Data-driven risk ranking
Deployed the “data-driven risk rank” to instantly classify and create an initial inherent risk estimate for 20,000 organizations
✓ Cyber and business risk monitoring
(1) Continuous cyber risk monitoring performed on all 20,000 organizations (e.g., malware, spam propagation, application vulnerabilities, unsecured ports, secure protocol configuration, domain configuration); (2) Continuous operational risk monitoring performed on 4,000 high-risk vendors (e.g., negative news, social media, financial, regulatory, safety, legal, sentiment and AML/anti-bribery risk areas)
✓ Asset to Vendor Network (A2V)
Asset to Vendor Network for vendor assessments and product vulnerability solutions where costs are shared across network participants. Contract was structured to allow for capital treatment
✓ Assessment services
Managed services provided to deliver outcome-as-a-service for manual risk ranks, risk assessments, contract reviews, on-site security assessments and remediation
✓ Vulnerability management
Managed services provided to deliver outcome-as-a-service for asset inventorying and CIP governance management for timely patch deployments on 250,000+ assets
Fortress is a Partner you can grow with.
Orchestration platformWorkflow, integrations, vendor portal, onboarding, document mgmt., self-assessments, contract mgmt., etc |
Data-Driven Risk RankingLeveraging machine learning, third-party data sources, public data and filings on ALL vendors |
Cyber & Business Risk MonitoringIncluding negative news & sentiment, anti-bribery/AML, legal, financial, safety, regulatory/compliance |
Asset to Vendor (A2V) NetworkSharing security costs, created in partnership with founding members such as American Electric Power and Southern Company |
Assessment |
Asset Risk ManagementDevice and product vulnerability, patch and secure delivery solution; linkage of vendor risk to asset risk |
|
|---|---|---|---|---|---|---|
 |
 |
|
|
|
|
|
| Assessment Exchange Providers |  |
|
- |
|
|
- |
| GRC Software Providers | |
- |
- |
- |
- |
|
| Continuous Monitoring Providers | |
|
|
- |
- |
- |
| "Big 4" Consultancies | |
- |
- |
- |
|
- |
Buy or Build? Fortress program rollout is simple and fast.
FORTRESS IN THE NEWS
Colonial Pipeline led to a cyber order for sector operators. Will JBS lead to more?
Less than a week after the Transportation Security Administration responded to the Colonial Pipeline shutdown with a landmark order for oil and gas pipelines to abide by cybersecurity rules, major food supplier JBS had operations interrupted by its...
Pipeline hack exposes holes in U.S. cyber oversight
When Colonial Pipeline Co.'s computer files were kidnapped by ransomware attackers last week, the company called the FBI for help. It did not call the top cyber agency at the Department of Homeland Security.
Biden Takes Executive Action to Strengthen National Cybersecurity, Secure Supply Chains
The Biden administration this week issued a new spate of actions to bolster the nation’s cybersecurity, though details of its 100-day plan issued last month to address risks to the U.S. bulk power system (BPS) remain scant.
Get in touch
Want to find out how Fortress can solve problems specific to your business?
Let's connect!
189 S. Orange Avenue, Ste 1950, Orlando, FL 32801
(407) 573.6800
sales@fortressinfosec.com
COPYRIGHT © 2020. FORTRESS INFORMATION SECURITY. ALL RIGHTS RESERVED. PRIVACY POLICY
