CRITICAL INFRASTRUCTURE. SECURED.
How Fortress Provides Product Security
Identify and prioritize vulnerabilities at the component level based on business impact, historical data,
CVSS scores, threat intelligence and threat scenarios.
Automatically determine criticality and cyber maturity of suppliers to quickly prioritize assessments and focus in on actionable risk.
Leverage trained analysts and AI driven tools to obtain detailed vendor assessments and help identify threats, vulnerabilities, and other weaknesses that could impact critical systems.
Continuously monitor breaches, vulnerabilities and other indicators of compromise.
Leverage out-of-the-box procedures for resolving issues and validating evidence of remediation.
Our analysis begins with the component at its most basic level.
Fortress provides technology assessment services for regulatory-driven businesses to illuminate the vulnerabilities that come bundled within the same technology that allows these businesses to thrive.
We begin with visibility and end with security – leaving you confident in the integrity of the technology that runs your critical operations. Over 80% of software components used in today’s applications come from third parties.
What does this mean for the security of your company? In short, the very technology that plays a pivotal role in your day-to-day business operations, also leaves your business at risk—vulnerabilities that are often well-hidden.
These vulnerabilities take industry-leading expertise and a unique approach to reveal and remediate.
Product Security Assessments
Fortress Product Security Assessments narrow the gap between vendor, asset, and product security management disciplines. Our Product Security Assessments evaluate a given product’s capability and configurability to cybersecurity controls mapped to regulatory frameworks and weighted by product archetype and known vulnerability risk profile.
Data Driven Product Assessment
The Data Driven Product Assessment allows you to understand inherent product risk, vulnerability risk, patching risk, product security controls and obsolescence risk prior to procurement. Structured data feeds provide vulnerability information, patching cadence is identified and compared to vulnerability release dates, and over 65 product security controls are validated based on publicly available information such as product guides and web searches.
File Integrity Assurance
Our File Integrity Assurance solution looks for new software updates for a given piece of software. Once a new piece of software is published, the file is automatically downloaded and verified to ensure there are no signs of compromise. Once the software has been downloaded, our process includes malware analysis, sandbox analysis, and checksums to ensure that the software itself is not compromised in any way.
By understanding a product’s provenance, companies can determine that products are free from foreign adversary control and influence (FOCI) and understand if the product has any inherent vulnerabilities.
Software Bill of Materials (SBOM)
The organizations that support and supply products and services to our critical infrastructure are wholly reliant on advanced operational software and hardware assets to ensure effective and reliable operations, and therefore are particularly vulnerable to cyber risk within their complex supply chains.
A Software Bill of Materials (SBOM) provides those who produce, purchase, and operate software with information that enhances their understanding of the supply chain. This provides multiple benefits, most notably a potential method for tracking known and newly emerged vulnerabilities and risks.
Hardware Bill of Materials (HBOM)
Fortress has capabilities to tear down hardware components to their smallest component parts to identify the original manufacturer of any hardware component and its subcomponents. We start with the asset and then examine the vulnerability of the vendor.
Does the vendor have manufacturing facilities that are controlled by foreign adversaries? Do they have weak cyber supply chain themselves? If we go down to the asset level, do they have vulnerabilities in any of the components?
Machines have control systems with programmable automation controllers and motor management systems. If one of those critical components has a vulnerability, for example it was made in a factory of an adversarial nation or a region that is suffering from geopolitical turmoil or has availability issues related to the pandemic; all of these have important implications for security, compliance, and productivity.
Cyber Supply Chain Threat Intelligence
Continuously scan external-facing attack surface and receive consolidated view of assets, vulnerabilities and scan health. Our security analysts and automated tools monitor everything from foreign influence to cyber hygiene to breaches and indicators of compromise. Continuous monitoring across multiple products simultaneously provides greater viability and insight into supply chain integrity and whether there are appropriate controls in place related to various cybersecurity requirements.
Successful vulnerability management relies upon a variety of remediation activities. Fortress offers a varied and textured portfolio to fit the unique needs of each client. Our program identifies and classifies suppliers, provides data driven risk evaluations and analyst assessments, and facilitates continuous monitoring and remediation workflows, including configuration management and file authenticity assurance.