Today, supply chain cybersecurity platform provider Fortress Information Security announced that it had raised $125 million as part of a strategic investment managed by the Private Equity business within Goldman Sachs Asset Management. 

To date, Fortress’ platform includes a range of tools and features to help enterprises automate supply chain management including risk assessments, workflow, analytics continuous monitoring and regulatory reporting. 

Its flagship platform provides enterprises with a solution for mitigating risks throughout the data supply chain, and more effectively managing the compliance challenges of the cloud era. 

This latest investment will enable the provider to innovate new solutions and expand its existing Fortress Asset to Vendor (A2V) library, a central repository of over 40,000 companies’ information, where asset owners and suppliers can process and assess the impact of new cyberthreats. 

Waging war on supply chain attacks 

The announcement comes as concerns over supply chain attacks have increased ever since the SolarWinds breach that took place at the end of 2020, with organizations like the Cyber Security and Infrastructure Security Agency (CISA) issuing guidelines in the past year.

However, despite awareness of supply chain attacks growing substantially, many organizations are woefully unprepared to defend against them. 

Just last year, ENISA found that attackers targeted supplier’s code in 66% of reported incidents, but in 66% of supply chain attacks, suppliers didn’t know or failed to report on how they were compromised.

“This increasingly flattened world provides economic and manufacturing benefits, but it also results in a troubling lack of visibility for organizations as they lose total control of the software and physical components for the products they provide,” said Alex Santos, Fortress Information Security’s cofounder and CEO. 

“The resultant outcome is an increased vulnerability to network intrusions, hacks, and more sophisticated cyberattacks — putting information, critical infrastructure and global supply chains at risk,” Santos said. 

Fortress aims to increase this visibility by providing enterprises with a platform they can use to get a holistic view of the cyber risks that exist throughout the entire software supply chain, giving them ability to identify vulnerabilities with the assistance of real-time risk intelligence, alongside automated remediation capabilities. 

Fixing the supply chain 

Fortress Information Security is one of many organizations competing in the global supply chain security market, which researchers pegged at $903 million in 2021 and anticipate will reach $1,227 million by 2026 as organizations turn to risk prediction and mitigation technologies to get to grips with the increase in ransomware and supply chain attacks. 

One of the organization’s competitors is Synopsys, which raised $4.204 billion in revenue last year, and offers an Application Security solution, to help organizations identify and manage end-to-end supply chain risks by detecting open source vulnerabilities in development and production.

Another new entrant to the market is Palo Alto Networks, who generated over $5.275 billion last year and recently launched a new supply chain security platform called Prisma Cloud, designed to integrate with CI/CD workflows to secure cloud infrastructure and applications with a mix of container security, threat detection, and API security. 

However, Santos argues that Fortress stands out as the only holistic supply chain security provider on the market today. “Between the data repository and the software offerings, no other company in the market provides this type of seamless integration,”