59% of companies have experienced a third-party breach.
2018 Data Risk in the Third-Party Ecosystem: Third Annual Study
Cost of a Data Breach
Data Breaches can be expensive, to your reputation, to your bottom line, to your compliance profile, to the value of your company. So you do everything you can and should do to secure your data. But 50% of data breaches happen because of circumstances beyond your control – because of errors and omissions made by others – those you do business with, people and businesses who provide valuable products and services that you rely on to succeed in your own business. How can you be certain that those you rely on to do business aren’t introducing vulnerabilities that will cost you?
Deloitte survey respondents, damages by third parties.
It takes an average of 197 days to identify a data breach and an average of 70 days to contain it.
2018 Data Risk in the Third-Party Ecosystem: Third Annual Study
Fortress Reduces the Cost of Security & Compliance
Third-party risk management should be simple.
but sometimes it’s not 🡪
Fortress Brings Simplicity with Comprehensive Risk Management
AUTOMATED INHERENT RISK RANKING
It is important to know which vendors are critical enough to your business to justify spending precious resources on assessments. Automated risk ranking evaluates a vendor’s likely (1) data access, (2) physical access, (3) global footprint, (4) cloud and distributed offerings, (5) reputation-related services and (6) financial health risks.
CONTINUOUS CYBER RISK MONITORING
The externally-visible (i.e., on the web) cyber posture of your vendors is a very good leading indicator of internal cyber hygiene. Fortress Guardian cyber risk monitoring evaluates hundreds of data points summarized into (1) application security, (2) application vulnerabilities, (3) domain name server configuration, (4) secure protocol configuration and certificates, (5) known breaches, (6) dark web activity and (7) compromised assets.
CONTINUOUS OPERATIONAL RISK MONITORING
The third-party risk industry has fragmented solutions for monitoring other, non-cyber risks. Fortress Guardian’s continuous operational risk monitoring includes (1) negative news, social media & sentiment analysis, (2) anti-bribery & anti-money-laundering, (3) legal, (4) financial, (5) safety/OSHA and (6) regulatory & compliance issues.
ANALYTICS, WORKFLOW AND INTEGRATIONS
Fortress believes in connected intelligence and self-service data discovery and has infused rich, industry-leading business intelligence. Workflow is also equipped out of the box to give you real-time updates on assessments and asset information you have requested. Fortress Platform also integrates with all leading GRC, procurement and contract management systems.
Fortress covers 40,000 vendors and 300,000 assets
The Fortress Platform
Fortress Platform is a combination of technology, analytics and services (TAS) that provides seamless integrations to enable advanced threat scenarios and program governance. Value is unlocked from existing tools with machine learning and deep analytics driving prioritization.
Fortress Platform provides the following benefits. Click on each to learn more.
Visibility & Simplicity
FP gives you visibility through a single pane of glass, removing the need for disparate technologies that may not be compatible.
Machine Learning & Human Intelligence
FP uses both machine learning-enabled analytics and human intelligence to drive actionable insights. The objective methods used to aggregate and synthesize data provide greater dependability and reduce reliance on the subjectivity inherent in manual data collection and evaluation.
FP utilizes patented technologies including the validation of the integrity of unique file hashes and public key cryptography using a blockchain distributed ledger – to ensure end-to-end software integrity, transactional assurance and security of cyber-physical assets.
Objective, Reliable & Proactive
FP is enabled by a NERC-onboarded Fortress VSOC team to support machine learning and to provide visibility and also recommendations and tracking for remediation, mitigation, and risk outcomes.
Automated Risk Calculations
FP allows calculation of Risk based on Consequences (Business Impact and Technical Impact) and Likelihood. This includes consideration of threat indicators and implemented controls.
Data Ingestion & Analytics Reporting
Fortress ingests data from multiple sources such as these:
- Open Source threat intelligence from our client community
- Fortress threat analysis is driven by our Virtual Security Operations Center (VSOC), which supports existing critical infrastructure companies
- Other curated threat intelligence
Fortress Secures 10% of the Power Grid and Key Assets
Fortress TPRM Resources
Press Release Fortress Delivers Technical Support and Operational Analysis to Army Fortress Unscathed by Virtual Attack in War Games Scenario Fort AP; Hill, VA March 25, 2021 - Fortress Information Security (Fortress) successfully conducted a full Technical Support...
PRESS RELEASE – SolarWinds attack and Executive Order on America’s Supply Chain illuminate gaps in supply chain risk management, spur innovative solutions by Fortress Information Security
Press Release SolarWinds attack and Executive Order on America’s Supply Chain illuminate gaps in supply chain risk management, spur innovative solutions by Fortress Information Security Challenges include identifying product provenance, detecting trojanized patches,...
Press Release NiSource Joins the Asset to Vendor Network in Push to Secure U.S. Utilities Orlando, FL, November 17, 2020 - NiSource, one of America’s largest fully-regulated natural gas and electric utilities has joined the Asset to Vendor Network (A2V), a national...
Fortress Accelerates Your Security and Compliance
100% more vendor coverage in the same time period
40 days to
FORTRESS IN THE NEWS
When Colonial Pipeline Co.'s computer files were kidnapped by ransomware attackers last week, the company called the FBI for help. It did not call the top cyber agency at the Department of Homeland Security.
The Biden administration this week issued a new spate of actions to bolster the nation’s cybersecurity, though details of its 100-day plan issued last month to address risks to the U.S. bulk power system (BPS) remain scant.
Following government cyber breaches, the Biden administration issued a cybersecurity order requiring improved protections at government agencies and prompt breach reports from federal computer network and cloud service suppliers.
Get in touch
Want to find out how Fortress can solve problems specific to your business?