PRODUCT SECURITY ASSESSMENT
Get FIA with Patch Integrity and Source Validation
Cyber risk management tools and services for the cyber supply chain that our national security depends on
Ensure uncompromised software updates with real-time alerts of patch integrity and source validation.
Fortress continuously monitors all software and files, ensuring integrity and delivering intelligence to identify known and emerging threats from third-party application patches, updates, and more. Our full chain of custody on software provides you with the ability to fully assess risk and take action.
Authenticity Checks
Known breaches,
SSL certificate status,
DNS checks
Integrity Validation
Code signing, malware checks and sandbox analysis, and firmware
third-party analysis
Delivery Mechanism
Leverage private blockchain with
off-prem or on-prem solutions
for file hashing
Benefits for the Fortress File Integrity Assurance (FIA)
Find threats that traditional scans miss.
Traditional scans search for known malware and eliminate it, but don’t address new malware or vulnerabilities that exhibit atypical characteristics. FIA operates by identifying file changes, and can identify unusual activity in real time, either as it becomes active or when it is introduced.
Assess threats more holistically.
Coverage extends to software supply chains to produce a software bill of materials (SBOM) to identify and catalog components for risk analysis.
Easily operationalize.
Fortress makes it easy to operationalize Software Assurance. We offer programmatic integration and allow you to do your job more efficiently by integrating into your patch delivery process.
Software Assurance isn’t just about risk identification; we provide tools to enable response and remediation.
Validate authenticity and integrity of all patches and updates for a given product.
Authenticity checks include analyzing the supplier for known breaches, appropriate encryption delivery, updated security certificates, and DNS checks. Integrity checks include reviewing code signage, malware analysis, and in some cases, sandbox, and firmware analysis.
Automate compliance and evidence sharing.
NERC CIP 10-3 requires checking the authenticity and integrity of every patch before it is installed into the Bulk Electric System. Fortress helps validate these associated controls.