FORTRESS BOOSTS THIRD-PARTY RISK IDENTIFICATION & CONTINUOUS CYBER VULNERABILITY MONITORING PLATFORM CAPACITY TO 2 MILLION COMPANIES
FORTRESS INFORMATION SECURITY’S RISK IDENTIFICATION, MONITORING & MANAGEMENT (RIMM) PLATFORM NOW TRACKS THIRD-PARTY CYBER RISK OF 2 MILLION BUSINESSES WORLDWIDE; RIMM IS MOST COMPREHENSIVE CONTINUOUS MONITORING DATABASE IN INDUSTRY
ORLANDO, FL – May 23, 2017 – Fortress Information Security today announced it has expanded the analytics database of its Risk Identification, Monitoring & Management (RIMM) Platform to include continuous cyber security monitoring of more than 2 million businesses.
The RIMM Platform is the central element of Fortress’ Third Party Risk Management Service, providing continuous, non-intrusive monitoring of third parties for potential cyber security threats.
The expanded database is a result of the growth of the company’s service and improvements to its algorithm, which allows RIMM users to find risk intelligence information on a broader base of companies worldwide. RIMM users now have better information on their expanded security perimeter, thus helping them make cyber security readiness a proactive component of their vendor selection process.
Finding Cyber Risk in the Supply Chain
Fortress is a leader in the market for third-party risk management solutions that help organizations judge potential cyber risks that exist in their supply chain. The market for third-party risk management is divided into managed services (assessments, contract review, etc.), threat and vulnerability scanning and asset management.
These options provide snapshots of risk management issues, but Fortress’ RIMM is a pioneering technology for continually monitoring third parties to help companies manage evolving risk challenges. RIMM goes beyond “one size fits all” ratings by delivering actionable vulnerability findings. RIMM customers can use a combination of non-intrusive monitoring or contractually agreed-upon intrusive monitoring to get even more in-depth information. With this data, RIMM users can expedite vendor risk assessments.
“Companies are increasingly aware that third-party risk is an important cyber security dimension that needs to play a bigger role in supply chain decisions,” said Alex Santos, Fortress Information Security CEO and Co-Founder. “Fortress’ unique system scalability offers comprehensive and continuous non-intrusive vulnerability assessments covering most major companies worldwide. Our objective is to scan the Internet so we can put more information into the hands of our users, empowering them to both make better decisions and help their vendors to improve their cyber security defenses.”
RIMM Detects Third-Party Cyber Security Issues
RIMM continuous monitoring is a proprietary process that non-intrusively or, with agreement, intrusively scans publicly accessible online data sources about a company and can detect malware, ransom attacks, compromised email and other cyber security issues that impact the company’s risk profile.
RIMM scans expose key security issues such as availability of leaked employee credentials on the dark web, a lack of SSL on log-in pages, lack of encryption on a marketing portal, or a customer website that is susceptible to cross-site scripting or path-transversal attacks.
RIMM evaluations are organized as easy-to-read score cards with a letter grade assigned to each company (ranging from “A” to “F”), a composite score that determines the grade and the company’s key cyber security challenge highlighted. A button on the scorecard provides access to the full scan results.
The monitoring reports are also a valuable tool for critical infrastructure providers (such as utility companies) and other businesses in regulated industries that need to disclose when breaches occur and document how issues are mitigated.
Given the increase in database size, Fortress customers can now more fully utilize the risk intelligence results as part of the due diligence assessment process. This allows for an unparalleled level of focus on third-party cyber risks, which brings clients the most return on their monitoring dollar by seamlessly combining both services (monitoring & assessments).
A critical component of the platform is Fortress’ Threat Intelligence service that proactively monitors breach disclosures and the dark web to forewarn customers of breaches and assist with remediation.
TECHNOLOGY ALONE IS NO LONGER ENOUGH
Our customizable solutions utilize scalable Data, Analytics, People, and Processes (DAPP) including machine learning and continuous monitoring, which enhance today’s expensive, manual, yet mature partner risk management processes – thereby making it cheaper, repeatable, more accurate, more actionable, and closer to real-time.