Startup Fortress Information Security LLC, whose technology helps protect 40% of the US power grid from cybersecurity risks, has raised $125 million in funding.
Fortress announcement the investment today, stating that it was provided entirely by Goldman Sachs’ private equity group. The company has raised a total of $160 million in funding since launch.
The funding will be used to expand its feature set. “This injection of growth capital will allow us to accelerate the execution of our vision of resilient supply chains,” said Fortress co-founder and CEO Alex Santos.
Founded in 2015, Fortress provides tools that help organizations ensure the software products they use are free of malware or vulnerabilities. The startup says it works with several of the major utilities in the United States and helps protect around 40% of the power grid. Fortress also has clients in the public and manufacturing sectors, as well as in other areas.
One of the startup’s products, the Fortress Platform, detects potential cybersecurity issues affecting the software products a company uses. The platform prioritizes the cybersecurity risks it detects, helping companies address the most pressing issues first, and stores relevant technical information in a centralized database.
Fortress provides information about the components included in a software product. The startup’s platform can detect situations where an app contains open-source code with a known vulnerability, or if any of the app’s components need to be updated to a newer version. To spot hacking attempts, Fortress scans software products for signs of malware.
In addition to evaluating an application’s security, the startup can assess how well the vendor that developed the application protects its network from hackers. Fortress can alert a company if one of its software vendors experiences a data breach. The startup also detects more subtle cybersecurity risks, such as if certain servers in a software maker’s network are not properly secured and could potentially be compromised by hackers.
It’s already common practice among companies to regularly assess the cybersecurity posture of their software vendors. As part of the process, a company often asks vendors to share detailed data about their cybersecurity defenses. But these assessments are often only done once or twice a year because they involve a lot of manual work. If a cybersecurity issue arises when the next assessment is months away, the issue may go unnoticed.
Using software to assess vendors allows companies to detect cybersecurity risks more quickly. While manual supplier assessments are only practical once or a few times a year, a software tool can continuously monitor a company’s supply chain. In addition to Fortress, several other venture capital-backed startups are work to help companies adopt an ongoing approach to vendor cybersecurity monitoring.
Fortress provides its platform alongside a service called Fortress A2V Library. According to the startup, the service provides cybersecurity data on products from more than 40,000 vendors.
Fortress A2V Library customers can receive notifications if a vulnerability is discovered in a product they are using or if there is a hacking campaign targeting users of the product. Software vendors, in turn, can use the service to share cybersecurity risk assessments with users.