59% of companies have experienced a third-party breach.

2018 Data Risk in the Third-Party Ecosystem: Third Annual Study

Cost of a Data Breach

Data Breaches can be expensive, to your reputation, to your bottom line, to your compliance profile, to the value of your company.  So you do everything you can and should do to secure your data. But 50% of data breaches happen because of circumstances beyond your control – because of errors and omissions made by others – those you do business with, people and businesses who provide valuable products and services that you rely on to succeed in your own business. How can you be certain that those you rely on to do business aren’t introducing vulnerabilities that will cost you? 

26%
Reputational 
damage

23%
Financial
reporting errors

23%
Regulatory
non-compliance

21%
Breach of
sensitive data

10%
Lost
business

Deloitte survey respondents, damages by third parties.

It takes an average of 197 days to identify a data breach and an average of 70 days to contain it.

2018 Data Risk in the Third-Party Ecosystem: Third Annual Study

Fortress Reduces the Cost of Security & Compliance

To support the needs of commercial clients, Fortress Platform offers a systematic and flexible workflow engine for all major assessment frameworks, including National Institute of Standards & Technology (NIST), ISO 27000, the Cloud Security Alliance (CSA), Star, Software Assurance, Standardized Information Gathering (SIG), etc. To support our DoD clients, the Fortress Platform offers the framework workflows for DoD 8500 series and SECNAV Instruction 5239.3C.

Third Party Risk Management 3

Third-party risk management should be simple.

but sometimes it’s not 🡪

Third Party Risk Management 4

Fortress Brings Simplicity with Comprehensive Risk Management 

AUTOMATED INHERENT RISK RANKING

It is important to know which vendors are critical enough to your business to justify spending precious resources on assessments.  Automated risk ranking evaluates a vendor’s likely (1) data access, (2) physical access, (3) global footprint, (4) cloud and distributed offerings, (5) reputation-related services and (6) financial health risks.

CONTINUOUS CYBER RISK MONITORING

The externally-visible (i.e., on the web) cyber posture of your vendors is a very good leading indicator of internal cyber hygiene. Fortress Guardian cyber risk monitoring evaluates hundreds of data points summarized into (1) application security, (2) application vulnerabilities, (3) domain name server configuration, (4) secure protocol configuration and certificates, (5) known breaches, (6) dark web activity and (7) compromised assets.

CONTINUOUS OPERATIONAL RISK MONITORING

The third-party risk industry has fragmented solutions for monitoring other, non-cyber risks.  Fortress Guardian’s continuous operational risk monitoring includes (1) negative news, social media & sentiment analysis, (2) anti-bribery & anti-money-laundering, (3) legal, (4) financial, (5) safety/OSHA and (6) regulatory & compliance issues.

ANALYTICS, WORKFLOW AND INTEGRATIONS

Fortress believes in connected intelligence and self-service data discovery and has infused rich, industry-leading business intelligence.  Workflow is also equipped out of the box to give you real-time updates on assessments and asset information you have requested.  Fortress Platform also integrates with all leading GRC, procurement and contract management systems.

Fortress covers 40,000 vendors and 300,000 assets

The Fortress Platform

Fortress Platform is a combination of technology, analytics and services (TAS) that provides seamless integrations to enable advanced threat scenarios and program governance. Value is unlocked from existing tools with machine learning and deep analytics driving prioritization.

 

Fortress Platform provides the following benefits. Click on each to learn more.

Visibility & Simplicity

FP gives you visibility through a single pane of glass, removing the need for disparate technologies that may not be compatible.

Machine Learning & Human Intelligence

FP uses both machine learning-enabled analytics and human intelligence to drive actionable insights. The objective methods used to aggregate and synthesize data provide greater dependability and reduce reliance on the subjectivity inherent in manual data collection and evaluation.

Blockchain Technology

FP utilizes patented technologies including the validation of the integrity of unique file hashes and public key cryptography using a blockchain distributed ledger – to ensure end-to-end software integrity, transactional assurance and security of cyber-physical assets.

Objective, Reliable & Proactive

FP is enabled by a NERC-onboarded Fortress VSOC team to support machine learning and to provide visibility and also recommendations and tracking for remediation, mitigation, and risk outcomes.

Automated Risk Calculations

FP allows calculation of Risk based on Consequences (Business Impact and Technical Impact) and Likelihood. This includes consideration of threat indicators and implemented controls.

Data Ingestion & Analytics Reporting

Fortress ingests data from multiple sources such as these:

  • Open Source threat intelligence from our client community
  • Fortress threat analysis is driven by our Virtual Security Operations Center (VSOC), which supports existing critical infrastructure companies
  • Other curated threat intelligence

Fortress Secures 10% of the Power Grid and Key Assets

Fortress TPRM Resources

Webinar: NERC CIP Supply Chain Security Standards

Webinar: NERC CIP Supply Chain Security Standards

WebinarNERC CIP Supply Chain Security Standards  This webinar event originally broadcast live on May 29, 2019. Summary In this webinar, we will discuss the new requirements from NERC CIP-013-1, Cyber Security Supply Chain Risk Management. Join us as we address...

read more

Fortress Accelerates Your Security and Compliance

Third Party Risk Management 5

300% faster
program maturity

Third Party Risk Management 6

100% more vendor coverage in the same time period

Third Party Risk Management 7

40 days to
implement

Third Party Risk Management 8

40% effort
reduction

Third Party Risk Management 9

Get in touch

Want to find out how Fortress can solve problems specific to your business?

Let's connect!

Third Party Risk Management 10407.573.6800

 For Recruiting, please call  855.367.8737

Third Party Risk Management 11sales@fortressinfosec.com

 


Third Party Risk Management 12

Third Party Risk Management 13 Third Party Risk Management 14 Third Party Risk Management 15

189 S Orange Ave #1950, Orlando, FL 32801
(407) 573.6800
sales@fortressinfosec.com

COPYRIGHT © 2019. FORTRESS INFORMATION SECURITY. ALL RIGHTS RESERVED. PRIVACY POLICY

DOWNLOAD THE FULL

THREAT INTELLIGENCE REPORT

ZOOM VIDEO CONFERENCING AND COMMUNICATIONS

THREAT INTELLIGENCE REPORT

Windows CryptoAPI Vulnerability

White Paper

Asset to Vendor Network for Power Utilities

PRESS RELEASE

FORTRESS LAUNCHES INNOVATIVE COLLABORATION TO HELP PROTECT THE POWER GRID FROM CYBER THREATS

Emerging Risk Brief

ASSET RISK MANAGEMENT - FOR PORT AUTHORITIES

Advisory

5 STEPS FOR AN EFFECTIVE THIRD PARTY VENDOR RISK PROGRAM

White Paper

CIP COMPLIANCE – UPDATES, ENFORCEMENT AND PRACTICAL IMPLEMENTATION

Advisory

5 STEPS TO A STRONG VULNERABILITY MANAGEMENT PROGRAM

WHITE PAPER

NERC CIP COMPLIANCE

Subscribe to Fortress Newsletter

For breach reports, threat intelligence, regulatory updates, cyber security news alerts and more, sign up to receive the Fortress Newsletter.

No, thanks!

Threat Advisory

Outdated Security Appliance Facilitates Denial-of-Service Attack on U.S. Grid

WEBINAR DOCUMENT

NERC CIP SUPPLY CHAIN SECURITY STANDARDS