Fortress Information Security partners with NetRise to secure software supply chains
Fortress Information Security and NetRise partnered to offer a new, innovative Software Bill of Materials (SBOM) transparency solution to secure software supply chains and meet evolving regulatory requirements for software transparency.
Fortress’ cybersecurity experts partner with public sector organizations and critical infrastructure stakeholders to fortify every link in the software supply chain. NetRise and Fortress provide a comprehensive view of software components for products that manage critical infrastructure facilities. The SBOM data from NetRise combined with Fortress’ analysis and data will be available to users of the North American Energy Software Assurance Database (NAESAD) via the Fortress Platform.
The need for SBOM transparency is fundamental and critical. New research from Fortress found that software vulnerabilities can “lie in wait” for up to three years before being detected and 90% of products used by U.S. electric companies contained software code that was developed in Russia or China, which is three times more likely to have cyber vulnerabilities.
“Our two companies provide organizations drowning in data with the insight they need to mitigate their most critical vulnerabilities,” said Fortress CEO Alex Santos. “With our combined tools and expertise, organizations can build SBOMs that position organizations to identify and mitigate threats proactively and respond quickly and resiliently to attacks.”
NetRise specializes in examining firmware and binary analysis. Firmware can be like a black box, but NetRise is unique in its ability to give users an inside view of products that are hard to examine. Fortress provides comprehensive Operational Technology (OT) supply chain cyber risk management software that secures companies’ critical data.
Offering NetRise’s firmware capabilities, Fortress’ Platform, and the ability to analyze applications, libraries, and operating systems, puts Fortress at the leading edge of SBOMs for firmware and NAESAD users will get a comprehensive view of risk resulting from their software products.
“Working with Fortress, we offer users best-in-class SBOMs that provide a complete picture of the software that so many companies rely on,” said NetRise CEO Thomas Pace. “We’ve joined forces to give customers insight into all the vulnerabilities in their software security supply chains. And, most importantly, a means of fixing those issues.”
The time is coming for everyone to have an SBOM program
Over the past several years, incidents like the SolarWinds attack and the Log4J vulnerability disclosure have highlighted the need to identify and assess every software component used within critical industries. SBOMs provide the recipe of proprietary and open-source ingredients in software that run critical infrastructure technologies and enable companies to identify, triage, and remediate the most impactful and destructive risks.
An Executive Order from The White House this year and formal remarks from the Cybersecurity and Infrastructure Security Agency (CISA) have singled out SBOMs as a critical tool to secure software. In the future, critical infrastructure companies will require an SBOM for software products they purchase.
“The need for increased SBOM usage is critical,” said Santos. “For security, compliance, and business reasons, we can’t kick the can down the road on SBOM adoption any longer. Software-based attacks are the greatest threat to the security of critical infrastructure and the citizens who rely on it. This partnership with NetRise fortifies our comprehensive and conclusive approach to software supply chain security.”