Fortress Information Security

Fortress Information Security provides cyber risk management solutions for mission critical supply chains and critical infrastructure including services for vendor risk management, asset risk management, product security, file integrity, procurement, continuous monitoring, assessments, and remediation to support overall zero trust supply chain cyber security and integrity.

Fortress guides complex enterprises to discover, prioritize, and monitor third-party supply chain cyber risks. We are the only company offering software integrated into a customizable platform to manage OT, IT and third-party technology threats into a single end-to-end solution.

Products & Services

• Fortress Platform

We help clients to augment their supply chain risk management program, mitigate and manage asset, vendor, and product risk, and get a lot more value out of their existing technology and security investments.

Most organizations want a single system that can ingest all vendors and products associated with all assets and systems. Fortress Platform provides that vehicle with unlimited vendor licensing, compliance modules, instant security & compliance ratings, automated findings lifecycle management, and the ability to view critical supplier security information stored in the Asset to Vendor Network.

Fortress Platform’s managed services execute related business processes and deliver measurable results. Orchestrate strategic risk management processes and continuously monitor a wide variety of threats to identify weaknesses in your technology footprint. Automatically rank vendors for inherent, cyber, and compliance risks. Out-of-the-box workflow capabilities support vulnerability and patch governance, file integrity assurance, and automated threat management. Streamlined dashboards provide automation of compliance and document management for a complete audit trail— every single change is tracked in the system.

• Continuous Monitoring

Continuously scan external-facing attack surface, and receive consolidated view of assets, vulnerabilities and scan health. Our security analysts and automated tools monitor everything from foreign influence to cyber hygiene to breaches and indicators of compromise. Continuous monitoring across multiple products simultaneously provides greater viability and insight into supply chain integrity and whether there are appropriate controls in place related to various cybersecurity requirements.

• Asset 2 Vendor Network (A2V)

The Asset to Vendor Network is a unique, scalable solution for achieving and maintaining regulatory requirements and managing multiple security frameworks simultaneously. This tool simplifies the seek-and-find process of managing third party security by providing instant access to security assessment documentation from a multitude of vendors. The A2V platform also provides continuous monitoring, assessment, and expertise from our security professionals.

• Software Bill of Materials (SBOM) Tools and Analysis

An effectively prepared and analyzed SBOM can be invaluable in addressing critical infrastructure cybersecurity challenges, but the sheer volume of documents and data they generate create their own set of challenges. Without a mechanism to automatically process and correlate the information elements in an SBOM to other risk attributes like vulnerabilities, software integrity and authenticity, provenance and adversarial control and influence, software licensing information, and so on, SBOM lacks inherent value in the race to secure our mission critical supply chains.

Fortress actively provides SBOM solutions and insights that help to meet security and compliance objectives.

Industries Served

  • Energy
  • Government
  • Pharmaceuticals
  • Healthcare
  • Finance
  • Transportation

Clients Include

  • American Electric Power
  • Southern Company
  • NiSource
  • Xcel Energy

Client Testimonials

“Utilities have a long history of working together to overcome challenges and securing our mutual supply chain through A2V [the Asset to Vendor Network] is just the latest example. A2V offers the opportunity for companies to collaborate and help share expertise and best practices.”

– Tom Wilson, Vice President and Chief Information Security Officer for Southern Company

“The A2V [Asset to Vendor Network] Platform provides a superior solution to resolving our third-party risk challenges. The A2V platform provides us with the tools we need to manage third party risk, and the shared information lowers our operating cost. The A2V Network is a great group of companies, and we are proud to participate, especially in these times of change in the cybersecurity industry. We champion information sharing as the best way to improve cybersecurity while minimizing operating costs.”

– Mike Rozsa, Chief Information Officer at NiSource

“Power utilities need to work together to accomplish our shared goal of a secure power grid. A2V offers the opportunity for companies to collaborate and help mitigate the significant costs of protecting the grid.”

– Stephen Swick, Director of Cybersecurity Intelligence and Defense for American Electric Power