products & services
The Fortress PlatformTM derives its power from a unique bundling of innovative technology, human analysts and managed services designed to help both large and small companies wherever they are in their cyber risk management journey. Platform modules include:
Third Party Risk Management
Fortress prevents breaches through one
of your vendors and enables compliance
with regulations by providing end-to-end
expert assessment services, continuous
monitoring, consulting and intelligence.
Vulnerability Risk Management
Fortress prevents breaches by ensuring your most
critical business impacting vulnerabilities are
identified, prioritized and remediated. Whether
security or compliance is your goal, Fortress has
technology and expertise to deliver you results.
Managed Intelligence and Analytics
Powered by machine learning and artificial
intelligence, Fortress analytics and intelligence
enable you to do more with less. Fortress
analyst contextualize data and intelligence so
your business can make smarter prioritization
and remediation decisions.
Advisory and Awareness
Fortress’ expert advisors accelerates your cyber
security maturation. Whether it’s consulting you
on compliance or creating awareness programs
to enable the business, our advisors are ready to
share industry best practices and hard-earned
third-party risk management
Program Policy Development • Vendor Inventory and Risk Rankings • Business Process Automation • Vendor Assessments • Remediation Management • Continuous Monitoring • Workflow Management • Contract Assessments • Compliance Reporting • Real-time Reporting
vulnerability risk management
Program Assessments, Development & Management • Vulnerability Visualizations • Asset Management • Asset Classification • Threat Intelligence Correlation & Action • Vulnerability Prioritization • Workflow Automation • Managed Services • Compliance Framework Reporting
operational technology (OT)
Program Assessment, Development & Mgmt. • Asset Identification, Mgmt. & Classification • Vulnerability and Patch Mgmt. • Remediation Mgmt. • Incident Response • OT Passive Monitoring • OT Process Automation • Managed Services • Compliance Reporting • Reporting & Analytics
the fortress platformTM enables its solutions
The Fortress PlatformTM delivers a unique, holistic picture of cyber risks and business impacts across your entire Connected Asset Ecosystem of supply chain, third parties, industrial technology and traditional IT networks and applications.
should you buy or build?
Regardless of where they are on their cyber risk management journey, companies both
large and small buy Fortress to strengthen their cyber defenses with speed and certainty.
Fortress uses a “Technology, Analytics and Services” (TAS) approach that leverages automation, continuous monitoring, vulnerability scanning and human assets to proactively uncover and contextualize risks across your enterprise and third party ecosystem.
Fortress Platform is pre-configured to align with industry best practices and processes. Our platform is pre-populated with threat intelligence and vulnerability data from your supply chain.
The Fortress Platform is tools agnostic and can integrate, standardize, communicate and remediate across IoT and mobile devices, laptops, servers and anything with an IP address — it is compatible with XML, CSV, APIs and any environment where tooling exists to push or pull data.
Even at the scale of a large enterprise that may have thousands of vendors and third parties, we leverage automation to get the most complete picture of risk. Automated systems inherit data from control questionnaires and other major risk information sources to power your own company’s insights. Automation also drives ongoing vulnerability scans to continuously pull analyst reports.
The Fortress Platform conducts rigorous and dynamic risk modeling to assess the “criticality” of risk across a range of supply chain parameters: Does a third party have physical or back end access to systems? Do they operate offshore? Do they leverage a public or multi-tenant cloud? Is their work customer-facing? Do they perform custom development?
We don’t just limit ourselves to servers and nodes, we’re also looking at workflows and processes that govern how both data and people interact across the enterprise for better performance and compliance — aligning everything for secure operations, transparent reporting and smart, proactive business decisions.
Unlike every other tools-centric cyber security vendor, Fortress has deep, combined expertise in both cyber security and your specific industry to provide solutions that specifically tie into your business processes. You can’t take a security posture without knowing the business — and that’s what we pride ourselves on. Fortress has developed best practices for Top-10 companies in finance, energy, oil & gas, manufacturing and healthcare.
use case :
vulnerability risk management
- Risk is everywhere in the enterprise
- Modern connectivity makes risk more widespread and less visible
- Many enterprise risks feel like Whack-a-Mole, but are really systemic
- Fortress gives holistic visibility for root causes of risk across all connected assets
- We connect disparate data for better insight into business risk causes and remedies
use case :
third party risk management
- Third parties bring risk into the organization
- It’s beyond just what vendors self-report or even know about
- Fortress uncovers unseen third-party risks — diving deep with continuous monitoring and advanced security scoring models
- We rank criticality of risk and prioritize actions
- We track the ripples of business impact for better enterprise decisions
FORTRESS IN THE NEWS
As new fallout and revelations emerge from the massive SolarWinds hacking campaign that hit multiple U.S. agencies, a barrage of other online threats is likely to challenge President Biden's pledge to boost cybersecurity.
An executive order signed by President Joe Biden last week included the 90-day suspension of an order issued by his predecessor aimed at fortifying the nation's bulk power system against malicious cyberattacks by foreign adversaries.
U.S. officials and cybersecurity experts believe the SolarWinds attackers were elite operatives carrying out a Russian espionage operation targeting the American government and entities close to it. Yet, nearly a month after we first learned of the...