About 4

Fortress: Making Success Reliable

About 5

Fortress Secures the Supply Chain

  • Managing 300k+ assets and
  • Managing   40k+ vendors
  • Managing NIST, NERC ISO & other frameworks


About 6

Operations Friendly

  • Bend the O&M curve with assessment & patch sharing
  • Dedicated services team ensures your success
  • You have a direct line to Fortress executives 
About 7

Flexible Solutions

  • Fortress Platform comes preconfigured or customized
  • Dedicated developer resources ensure perfect fit
  • Existing tools are integrated for complete visibility 
  • Bridge vendor and assets (IT/OT/IoT/IIoT) risk management

It takes companies an average of 69 days to fix or mitigate a critical web application vulnerability, and 65 days to close a critical infrastructure vulnerability.


Fortress Capabilities

  • Fortress Platform is modular


  • Smaller engagements focus on automation, technology tools and advisory services


  • Larger engagements are delivered as outcome-as-a-service with deep integration into existing software solutions

About 8
About 9

The Fortress Platform

  • Built on lightning-fast, modern architecture

  • Has the simplicity of a spreadsheet with all the “oomph” of an enterprise system

  • Features include workflow management, task assignment, approvals and vendor portal

  • Flexible architecture for integrations and enhancements

  • Robust analytics module included, enabling simple self-service for reporting

Built for Security, Tailored to Compliance

Flexible to handle any regulatory standards

✓  NERC CIP, NIST 800, ISO 27001 and other cybersecurity frameworks are mapped to findings and remediation

✓  Special documentation as required by industry regulatory frameworks such as NRC, HIPAA, CCPA, etc., is also stored directly in the Platform. Proprietary assessments are also supported

✓  C2M2, DoD’s CMMC, VRMMM and other maturity models are captured in the Platform and measured over time

Case Study $40Bn 
Investor-Owned Utility

leveraging all offerings

✓  Orchestration platform

(1) Implemented fully-compliant program in 45 days; (2) integrated GRC system, RSA Archer, and the procurement system, AssetSuite; (3) integrations were also implemented to perform consolidated vendor and asset risk management (integrations included ServiceNow, Rapid7, Industrial Defender, Tufin and Tenable); (4) advisory services enabled instant program stand-up with predefined processes, procedures and workflows

✓  Data-driven risk ranking

Deployed the “data-driven risk rank” to instantly classify and create an initial inherent risk estimate for 20,000 organizations

✓  Cyber and business risk monitoring

(1) Continuous cyber risk monitoring performed on all 20,000 organizations (e.g., malware, spam propagation, application vulnerabilities, unsecured ports, secure protocol configuration, domain configuration); (2) Continuous operational risk monitoring performed on 4,000 high-risk vendors (e.g., negative news, social media, financial, regulatory, safety, legal, sentiment and AML/anti-bribery risk areas)

✓  Asset to Vendor Network (A2V)

Asset to Vendor Network for vendor assessments and product vulnerability solutions where costs are shared across network participants. Contract was structured to allow for capital treatment

✓  Assessment services

Managed services provided to deliver outcome-as-a-service for manual risk ranks, risk assessments, contract reviews, on-site security assessments and remediation

✓  Vulnerability management

Managed services provided to deliver outcome-as-a-service for asset inventorying and CIP governance management for timely patch deployments on 250,000+ assets

Fortress is a Partner you can grow with.

Orchestration platform

Workflow, integrations, vendor portal, onboarding, document mgmt., self-assessments, contract mgmt., etc

Data-Driven Risk Ranking

Leveraging machine learning, third-party data sources, public data and filings on ALL vendors

Cyber & Business Risk Monitoring

Including negative news & sentiment, anti-bribery/AML, legal, financial, safety, regulatory/compliance

Asset to Vendor (A2V) Network

Sharing security costs, created in partnership with founding members such as American Electric Power and Southern Company


Many types of audit services from hygiene to controls to product/technical assessment

Asset Risk Management

Device and product vulnerability, patch and secure delivery solution; linkage of vendor risk to asset risk

About 10
About 11
About 11
About 11
About 11
About 11
About 11
Assessment Exchange Providers
About 17
About 17


About 11
About 11


GRC Software Providers
About 11





About 11
Continuous Monitoring Providers
About 17
About 17
About 17




"Big 4" Consultancies
About 17




About 11


Buy or Build? Fortress program rollout is simple and fast.

About 28


Get in touch

Want to find out how Fortress can solve problems specific to your business?

Let's connect!

About 31

About 32 About 33 About 34

189 S. Orange Avenue, Ste 1950, Orlando, FL 32801
(407) 573.6800


Subscribe to Fortress Newsletter

For breach reports, threat intelligence, regulatory updates, cyber security news alerts and more, sign up to receive the Fortress Newsletter.

No, thanks!