News
Vendors

Fortress Information Security, NetRise align to secure software supply chains for critical industries

September 22, 2023
Fortress Information Security, NetRise align to secure software supply chains for critical industries

Fortress Information Security (Fortress) and NetRise partnered on Wednesday to offer a new Software Bill of Materials (SBOM) transparency solution to secure software supply chains and meet evolving regulatory requirements for software transparency. The move will also help remediate risk through SBOM transparency. 

Fortress’ cybersecurity experts partner with public sector organizations and critical infrastructure stakeholders to fortify every link in the software supply chain. NetRise and Fortress provide a comprehensive view of software components for products that manage critical infrastructure facilities. The SBOM data from NetRise combined with Fortress’ analysis and data will be available to users of the North American Energy Software Assurance Database (NAESAD) via the Fortress Platform. 

The need for SBOM transparency is fundamental and critical. An Executive Order from The White House this year and formal remarks from the Cybersecurity and Infrastructure Security Agency (CISA) have singled out SBOMs as a critical tool to secure software. In the future, critical infrastructure companies will require an SBOM for software products they purchase.

New research from Fortress found that software vulnerabilities can ‘lie in wait’ for up to three years before being detected and 90 percent of products used by U.S. electric companies contained software code that was developed in Russia or China, which is three times more likely to have cyber vulnerabilities.

“Our two companies provide organizations drowning in data with the insight they need to mitigate their most critical vulnerabilities,” Fortress CEO and co-founder Alex Santos, said in a media statement. “With our combined tools and expertise, organizations can build SBOMs that position organizations to identify and mitigate threats proactively and respond quickly and resiliently to attacks.”

NetRise specializes in examining firmware and binary analysis. Firmware can be like a black box, but NetRise is unique in its ability to give users an inside view of products that are hard to examine.

Fortress provides comprehensive Operational Technology (OT) supply chain cyber risk management software that secures companies’ critical data. Offering NetRise’s firmware capabilities, Fortress’ Platform, and the ability to analyze applications, libraries, and operating systems, puts Fortress at the leading edge of SBOMs for firmware and NAESAD users will get a comprehensive view of risk resulting from their software products.

“Working with Fortress, we offer users best-in-class SBOMs that provide a complete picture of the software that so many companies rely on,” said NetRise CEO and co-founder Thomas Pace. “We’ve joined forces to give customers insight into all the vulnerabilities in their software security supply chains. And, most importantly, a means of fixing those issues.”

Over the past several years, incidents like the SolarWinds attack and the Log4J vulnerability disclosure have highlighted the need to identify and assess every software component used within critical industries. SBOMs provide the recipe of proprietary and open-source ingredients in software that run critical infrastructure technologies and enable companies to identify, triage, and remediate the most impactful and destructive risks.

“The need for increased SBOM usage is critical,” said Santos. “For security, compliance, and business reasons, we can’t kick the can down the road on SBOM adoption any longer. Software-based attacks are the greatest threat to the security of critical infrastructure and the citizens who rely on it. This partnership with NetRise fortifies our comprehensive and conclusive approach to software supply chain security.”

Last month, John Katko, a former U.S. Congressman and New York Republican, assumed a pivotal role on the advisory board of Fortress. Katko now collaborates with advisory board members Norm Willox, Ben Miron, Emily Murphy, Brian Harrell, and Anna Cotton.

Industrial Cyber News Desk
Industrial Cyber News Desk

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Building a Culture of Cyber Resilience in Manufacturing (WEF)
WEF playbook addresses cyber resilience in manufacturing and supply chains, provides three guiding principles
DOE, EPA support NSM-22 focused on critical infrastructure security and resilience
DOE, EPA support NSM-22 focused on critical infrastructure security and resilience
White House releases National Security Memorandum on critical infrastructure security and resilience
White House releases National Security Memorandum on critical infrastructure security and resilience
US DHS delivers safety and security guidelines to secure critical infrastructure from AI-related threats
US DHS delivers safety and security guidelines to secure critical infrastructure from AI-related threats
Xage’s Zero Trust Session Collaboration tool delivers remote access, collaboration across industrial frameworks
Xage announces AI-powered analytics and insight capabilities to boost zero trust access and protection
US DHS establishes AI Safety and Security Board to advise on safe deployment in critical infrastructure
US DHS establishes AI Safety and Security Board to advise on safe deployment in critical infrastructure
AI for Energy - Opportunities for a Modern Grid and Clean Energy Economy (DoE)
US DOE rolls out initial assessment report on AI benefits and risks for critical energy infrastructure
Honeywell’s 2024 USB Threat Report reveals significant rise in malware frequency, highlighting growing concerns
Honeywell’s 2024 USB Threat Report reveals significant rise in malware frequency, highlighting growing concerns
Claroty’s Team82 details exploitation of classic deserialization vulnerability in Siemens EnMPro line
Claroty’s Team82 details exploitation of classic deserialization vulnerability in Siemens EnMPro line
Microsoft debuts ICSpector framework to enable examining information and configurations of industrial PLCs
Microsoft debuts ICSpector framework to enable examining information and configurations of industrial PLCs