Skip to content

ANNOUNCEMENT: Get Software Supply Chain Accountability with a Software Bill of Materials (SBOM). Learn More >>

Speak with an Expert

PRODUCT SECURITY ASSESSMENT

Get FIA with Patch Integrity and Source Validation

Cyber risk management tools and services for the cyber supply chain that our national security depends on


Ensure uncompromised software updates with real-time alerts of patch integrity and source validation. 

Fortress continuously monitors all software and files, ensuring integrity and delivering intelligence to identify known and emerging threats from third-party application patches, updates, and more. Our full chain of custody on software provides you with the ability to fully assess risk and take action.

Authenticity Checks

Known breaches,
SSL certificate status,
DNS checks

Integrity Validation

Code signing, malware checks and sandbox analysis, and firmware
third-party analysis

Delivery Mechanism

Leverage private blockchain with
off-prem or on-prem solutions
for file hashing

Benefits for the Fortress File Integrity Assurance (FIA)

Find threats that traditional scans miss.

Traditional scans search for known malware and eliminate it, but don’t address new malware or vulnerabilities that exhibit atypical characteristics. FIA operates by identifying file changes, and can identify unusual activity in real time, either as it becomes active or when it is introduced.

Assess threats more holistically.

Coverage extends to software supply chains to produce a software bill of materials (SBOM) to identify and catalog components for risk analysis.

Easily operationalize.

Fortress makes it easy to operationalize Software Assurance. We offer programmatic integration and allow you to do your job more efficiently by integrating into your patch delivery process.

Software Assurance isn’t just about risk identification; we provide tools to enable response and remediation.

 

Validate authenticity and integrity of all patches and updates for a given product.

Authenticity checks include analyzing the supplier for known breaches, appropriate encryption delivery, updated security certificates, and DNS checks. Integrity checks include reviewing code signage, malware analysis, and in some cases, sandbox, and firmware analysis.

Automate compliance and evidence sharing.

NERC CIP 10-3 requires checking the authenticity and integrity of every patch before it is installed into the Bulk Electric System. Fortress helps validate these associated controls.

Speak with an Expert

The Fortress Assessment team is made up of industry leaders with deep expertise in validated control assessments, TPRM, and certifications including CISA, CISSP, CompTIA Security+, and CTPRP.

Speak with an Expert

Learn how to upgrade your organization’s cyber supply chain diligence while advancing your digital transformation.