How it Works

How we use machine-intelligence to manage your security program.

Under the Hood


Managing a comprehensive cyber-security program is a complex task and typically requires many years of education, training and experience.

Integrating management decisions, scripted interviews, system telemetry, and manual reporting FortMesa’s CyberMarshal triages the highest priority security actions at all times and delegates them to your team the way a human security program manager would.

Let’s drill down and look at some of the ways CyberMarshal performs its job as Deputy CISO.

Gathering Intelligence

CyberMarshal continually collects the information it needs to triage your security.

Building the Asset Inventory

Identifying assets in need of protection is a critical prerequisite to security. CyberMarshal uses a combination of approaches to ensure it knows about all organizational systems and information resources. Assets are added automatically using infrastructure integration connectors. Where assets cannot be automatically detected the platform will prompt users to fill in the gaps. The system will also maintain a living contact list of asset owners and custodians ensuring the right people are involved when making decisions or when remediation is required.

Vulnerability Detection & Reporting

The system will ask custodians to install detection agents on each system resource to facilitate automated scanning of many organizational systems. These scans can identify known CVEs, misconfigurations and deviations from baselines. Not all vulnerabilities can be detected automatically, but the system encourages manual reporting to coordinate remediation of vulnerabilities known only to organizational stakeholders.

Building the Threat Map

Threat modeling informs how to position and prioritize defenses. CyberMarshal uses a simplified threat mapping excercise to accomplish this. Users are invited to participate in a collaborative Real-Time-Delphi threat mapper to form group consensus. This user-driven approach allows for rapid iteration and is responsive to agile information systems.

Security Actions

Based on gathered intelligence CyberMarshal determines the actions that need to be performed and breaks them down into small discrete tasks.

Chartering & Governance

Authorizing a security program with an executive mandate is the root of a best practice security architecture. CyberMarshal identifies this basic necessity and assists the organization in satisfying the due care requirement of executive management. After authorizing a formalized security program CyberMarshal ensures you fulfil the governance requirements of a security program by identifying the accountable Business Owner (BO) and appointing an Information Security Officer (ISO). Following role assignments the system coordinates key decisions through these responsible parties.

Security Control & Policy Management

Users with a security program managed by CyberMarshal will choose their security framework from a list of well regarded standards.

For each control in the framework CyberMarshal manages deployment, management and documentation using a triage methodology to ensure security resources are always allocated toward improvements with the highest value potential.

In cases where the customer organization already has a solution CyberMarshal will help document and manage a current control deployment. In other cases CyberMarshal will help the customer choose from low-cost vetted solutions to implement the selected control. CyberMarshal endeavors to keep your team on track but allows you to reprioritize as required. At any time the control framework can be reviewed by management and tasks can be reprioritized. At any time Policy Documentation can be generated which accurately reflects the current up-to-date control deployment.

Asset Management

In some cases, security best practices will require you to make changes to better manage your assets. CyberMarshal prompts you for action when action is required.

Vulnerability Management

CyberMarshal ensures both the Asset Owner and the Asset Custodian are notified in the case of vulnerability, each has an important role to play in best-practice vulnerability management.

In some cases an Asset Custodian (often a sysadmin) may determine that the vulnerability has already been resolved or does not apply; in this case the custodian logs a technical exception. In other cases the Asset Owner may elect to accept the risk of a vulnerability.

In both of these examples the management action must be approved by an Information Security Engineer, this separation of duties provides extra assurance that vulnerabilities have been managed effectively.

Communicating Trust

We help you communicate trust to your customers and stakeholders.

A Fully-Documented Security Architecture

Having a fully documented up-to-date Security Architecture can provide a high level of assurance that your organization is satisfying due care and due diligence responsibilities.

Documents autogenerated by CyberMarshal include:

  • A Security Charter
  • Control Deployment Policies
  • A Threat Model
  • An Asset Inventory
  • A Vulnerability Summary
  • A Certificate of Attestation

Together, these documents can short-cut the audit process required by insurance underwriters.

Additionally, documentation generated automatically by CyberMarshal directly supports evaluating your organization against ISO 27000, NIST CSF or SP800-53, and PCI.

The FortMesa Trustmark Badge

We award the FortMesa Trustmark Badge to all customers who commit to a process of continuous improvement in information security. This mark differentiates your security efforts from companies who do not make a similar pledge.

A short HTML snippet allows embedding an awarded trustmark badge into most websites and applications.

FortMesa Certified Badge

Organization: Barsoom Engine Shop
Validity: May 19 2017
Badge ID: d39149ffd4 (verify)

Use the FortMesa Trustmark badge to help communicate trust during transactional customer interactions.

Using a Certificate of Attestation

It’s not uncommon for a customer or partner to send security questionaires or ask for copies of audit or internal security documentation.

While some information may be disclosed under NDA it’s better to communicate trust without disclosing highly sensitive information.

A third-party endorsed Certificate of Attestation can help assure others of your commitment. These documents often satisfy due diligence requests from partner organizations.

Product Datasheet

Learn about how FortMesa CyberMarshal and the FortMesa Trustmark can help your organization on the path to continuous improvements in information security.

Ready To Get Started?