Startup Fortress Information Security LLC, whose technology helps protect 40% of the U.S. power grid from cybersecurity risks, has raised $125 million in funding. 

Fortress announced the investment today, detailing that it was provided entirely by Goldman Sachs’s private equity group. The company has raised a total of $160 million in funding since launch.

The funding will be used to expand its feature set. “This growth capital infusion will empower us to accelerate the execution of our vision of resilient supply chains,” said Fortress co-founder and Chief Executive Officer Alex Santos.

Founded in 2015, Fortress provides tools that help organizations ensure the software products they are using don’t contain malware or vulnerabilities. The startup says it works with several of the top utilities in the U.S. and helps protect about 40% of the power grid. Fortress also has customers in the public and manufacturing sectors, as well as other areas.

One of the startup’s products, the Fortress Platform, detects potential cybersecurity issues affecting the software products that a company is using. The platform prioritizes the cybersecurity risks that it finds, which helps enterprises tackle the most urgent issues first, and stores relevant technical information in a centralized database.

Fortress provides insight into what components a software product includes. The startup’s platform can detect situations when an application contains open-source code with a known vulnerability, or if one of the application’s components should be updated to a newer version. To spot hacking attempts, Fortress scans software products for signs of malware.

In addition to evaluating the security of an application, the startup can assess how well the supplier that developed the application protects its network from hackers. Fortress can alert a company if one of its software suppliers experiences a data breach. The startup detects more subtle cybersecurity risks as well, such as if some of servers in a software maker’s network are not properly secured and could potentially be compromised by hackers.

It’s already standard practice among enterprises to evaluate their software suppliers’ cybersecurity posture regularly. As part of the process, an enterprise often requests that suppliers share detailed data about their cybersecurity defenses. But such evaluations are often only carried out once or twice a year because they involve a lot of manual work. If a cybersecurity issue emerges at a time when the next evaluation is months away, the issue may go undetected. 

Using software to evaluate suppliers allows companies to detect cybersecurity risks faster. Whereas manual supplier assessments are only practical to carry out once or a few times per year, a software tool can monitor a firm’s supply chain on a continuous basis. In addition to Fortress, several other venture-backed startups are working to help companies adopt a continuous approach to supplier cybersecurity monitoring. 

Fortress provides its platform alongside a service called the Fortress A2V Library. According to the startup, the service provides cybersecurity data about products from more than 40,000 suppliers.

Fortress A2V Library customers can receive notifications if a vulnerability is found in a product they are using or there’s a hacking campaign targeting the product’s users. Software suppliers, in turn, can use the service to share cybersecurity risk assessments with users.

Image: Fortress