MCPc Carves Out Security Risk Management Business As Fortress SRM

The newly created division will focus on serving midmarket customers with a ‘full-spectrum’ security approach to combating cybercrime, Fortress executives tell CRN.


Solution provider powerhouse MCPc has carved out its cybercrime prevention and response business as a new division, Fortress Security Risk Management, which will bring a focus on midmarket customers and highly regulated industries, executives said.

Fortress SRM will specialize in providing customers with a “better way” to protect themselves from the devastating impacts of cybercrime, said Andy Jones, CEO of Fortress SRM and MCPc.

Cybercrime activities such as ransomware and business email compromise are among the fastest-growing cyberthreats to businesses, with the cost of cybercrime pegged at more than $1 trillion in 2020, according to a report from McAfee and the Center for Strategic and International Studies. On Sunday, ransomware operator REvil publicly demanded $70 million to decrypt the data of more than 1,000 victims impacted by an attack that used a vulnerability in Kaseya’s VSA remote monitoring and management tool.

Sponsored post

[Related: Huntress CEO Kyle Hanslovan To MSPs On Kaseya Ransomware Attack: ‘Get It Together Or Go Out Of Business’]

MCPc and its Fortress SRM division are privately held, and will continue to be based in Cleveland.

MCPc, No. 157 on CRN’s 2021 Solution Provider 500, will continue its focus on managed endpoint computing, including IT asset management—provisioning, deployment and support—and asset disposition, executives said.

Jones said that both MCPc and Fortress SRM will get a boost from the focusing of both divisions, enabling the company to fully capitalize on its opportunities.

“One of the primary reasons we’re doing this is to be able to create a little more energy and focus for these two disparate pieces of the organization—to allow them to grow in the way that’s best for serving their clientele,” he said. “Both MCPc and Fortress SRM have lofty expansion goals and growth plans.”

That will likely include making strategic acquisitions over the next several quarters to support the new Fortress SRM division, Jones said.

Fortress SRM will target midmarket customers, which are often underserved in the IT channel, with many solution providers focused on serving either large enterprises or small businesses, Jones said. In particular, Fortress SRM will focus on customers in heavily regulated industries such as health care, financial services and manufacturing, he said.

In addition to containment and remediation services after an attack, Fortress provides the “services that are necessary so that organizations don’t find themselves back in these situations,” Jones said.

“That’s whether it’s helping organizations with basic cyber hygiene, or whether it’s providing services around governance and compliance and assisting them with risk management strategies. Or it could be a more holistic set of managed outcomes around helping organizations protect the data that’s on their servers, laptops, desktops, tablets—and doing the managed endpoint detection response services there. We do all of that.”

Top vendor partners of Fortress SRM include N-able (formerly known as SolarWinds MSP) and SentinelOne. Seventy-five employees of MCPc have moved over to Fortress SRM.

Top MCPc executives that have moved include Michael Montisano, formerly the president of MCPc and now the president of Fortress SRM, and Scott Farris, who was CIO and senior vice president of security services at MCPc and is now holding the same role at Fortress SRM.

The new division will be differentiated through its ability to offer “full-spectrum cybersecurity,” with a “continuum of care from planning, prevention, protection and response,” said Peter Cavrell, vice president of business development and marketing at Fortress SRM, who was formerly the vice president of marketing and sales operations at MCPc.

Fortress SRM provides consulting around strategic planning and high-level maturity and framework assessments; training for executives and board members; insider threat detection and insider access management; and managed security solutions such as patching and EDR.

The service offering extends all the way to incident response and recovery services, which are focused on “how fast can we get you back in business,” Cavrell said.

Ultimately, that breadth of services is “a big differentiator,” he said. “You’re dealing with one shop to do all that.”