Skip to main content
FORTISEU
First-PartyNew

EU-Sovereign Endpoint
Compliance Agent

No MDM required. No data leaves the EU.

Fortis Monolith collects device security evidence automatically from every endpoint — disk encryption, firewall, OS patches, software inventory, vulnerabilities. Evidence syncs to your compliance dashboard and maps to NIS2, DORA, ISO 27001, and GDPR controls. Self-hosted on Scaleway France. EU-hosted by default. Ask about self-hosted and air-gapped deployment for strict sovereignty requirements.

macOSWindowsLinux
Create accountSchedule Demo
Architecture

From device to dashboard. Zero US dependencies.

macOS
Windows
Linux
TLS 1.3
Monolith Server
Docker containerScaleway FR-PAR
Direct PostgreSQL
PostgreSQL 16 + RLS
monolith_hostsmonolith_softwaremonolith_policiesautomated_evidence
Sync Adapter
FortisEU Compliance Dashboard
Alerts, scoring, audit-readiness packs, framework mapping
Evidence Collection

13 evidence types. One agent.

BasePremium

Device Compliance

Aggregate posture score across all enrolled endpoints. Tracks overall fleet health in real time.

Disk Encryption

FileVault (macOS), BitLocker (Windows), LUKS (Linux). Verifies full-disk encryption is active on every device.

Firewall Status

Host firewall enabled/disabled. Gatekeeper and SIP verification on macOS. Windows Defender Firewall state.

OS Patch Compliance

Automatic update status per device. Detects outdated OS versions and missing security patches.

Software Inventory

Complete list of installed applications, versions, and sources. Detects shadow IT and unapproved software.

Antivirus Status

Antivirus/EDR presence and signature freshness. Verifies real-time protection is active.

Premium

Vulnerability Detection

Known CVEs affecting installed software. Severity scoring (CVSS), affected package identification, and remediation guidance.

Premium

Custom Policy Compliance

User-defined osquery policies. SQL-based compliance rules that return pass/fail per device.

Premium

Process Audit

Running processes with code-signing verification. Detects unsigned or suspicious binaries.

Premium

Network Exposure

Open ports and listening services. Identifies unnecessary network surface area on endpoints.

Premium

USB Device Audit

USB attach/detach events. Tracks removable media usage for data exfiltration prevention.

Premium

Browser Extension Audit

Installed browser extensions across Chrome, Firefox, Edge. Flags known-malicious or unapproved extensions.

Premium

Login Audit

Login success/failure events with 24-hour rolling window. Detects brute-force attempts and unauthorized access.

Regulatory Mapping

Every evidence type maps to a regulation.

FrameworkArticleDescriptionEvidence Types
NIS2Art. 21Cybersecurity risk-management measures
Disk EncryptionFirewall StatusOS Patch ComplianceAntivirus Status
NIS2Art. 23Incident reporting and forensic evidence
Login AuditProcess AuditVulnerability DetectionNetwork Exposure
DORAArt. 9ICT risk management framework
Device ComplianceVulnerability DetectionSoftware Inventory
DORAArt. 11ICT systems, protocols and tools management
OS Patch ComplianceCustom Policy ComplianceSoftware Inventory
ISO 27001A.8.1User endpoint devices
Device ComplianceSoftware InventoryDisk Encryption
ISO 27001A.8.7Protection against malware
Antivirus StatusUSB Device AuditProcess AuditBrowser Extension Audit
ISO 27001A.8.8Management of technical vulnerabilities
Vulnerability DetectionOS Patch ComplianceSoftware Inventory
ISO 27001A.8.24Use of cryptography
Disk EncryptionOS Patch Compliance
GDPRArt. 32Security of processing
Disk EncryptionFirewall StatusAntivirus StatusLogin Audit
GDPRArt. 5(1)(f)Integrity and confidentiality principle
Disk EncryptionProcess AuditNetwork ExposureUSB Device Audit
OT / SCADA / Air-gap

Honest scope on operational technology.

Monolith is an IT-side endpoint compliance agent. It is not an OT-native inventory tool. Below is exactly what it covers, what it does not cover today, and how to pair it with an OT tool for full NIS2 / D.Lgs. 138/2024 / Loi NIS2 coverage.

Air-gapped network deployment

Monolith is deployable in air-gapped or DMZ-isolated networks via the on-premises Fortis Monolith Go server. The agent talks only to your Monolith server — there are no external callbacks.

  • Agent-server traffic only. No external SaaS callbacks, no telemetry beacons, no auto-updates from a vendor cloud.
  • TLS 1.3 with certificate pinning between agent and on-prem Monolith server.
  • Manifest-signed agent updates — every binary is cryptographically verified before install.
  • Optional one-way data diode bridge for the strictest network segmentation profiles.

Honest constraint

AI features (ASK assistant, build-time translation, evidence summarisation) require network egress to Mistral AI in France. They are NOT available in fully air-gapped mode. Compliance evidence collection, scoring and audit-readiness packs work fully offline.

OT / SCADA inventory — limited support

Monolith inventories OT-adjacent IT endpoints — HMIs running Windows, engineering workstations, jump hosts — through osquery. These are the IT-side instruments that sit on the OT network but run a general-purpose operating system.

Honest constraint

Native PLC and SCADA telemetry — Modbus TCP, OPC-UA, Siemens S7, DNP3 — is NOT supported today. Monolith does not poll PLCs, controllers or sensors directly.

Roadmap

PLC software inventory through an osquery extension running on the engineering workstation is planned for 2026-Q3. Direct industrial protocol support is not on the roadmap — that is what OT-native tools do well.

Purdue model positioning

The Purdue Enterprise Reference Architecture splits an industrial network into levels. Monolith covers the IT side cleanly. It does not cover the OT side.

Covered by Monolith

Levels 4 and 3.5 — enterprise IT, business systems, the DMZ between IT and OT, and engineering workstations that bridge into the OT network.

Not covered by Monolith

Levels 0 to 2 — physical sensors, actuators, PLCs, RTUs, HMIs at the controller layer, basic process control, area supervision.

Customer responsibility

Pair Monolith with an OT-native platform — Claroty, Nozomi Networks, or Dragos — to cover Levels 0 to 2. FortisEU surfaces the gap honestly rather than pretending the agent reaches into the controller layer.

Setup

Three steps. Fifteen minutes.

01

Enable in Dashboard

Navigate to Settings, select Integrations, click Enable Monolith. An HMAC enrollment secret is generated automatically. One toggle. No infrastructure provisioning.

02

Install the Agent

Run a single command on each device. The agent self-enrolls using the embedded tenant secret. Works on macOS, Windows, and Linux.

# macOS
curl -fsSL "https://your-instance.fortis.eu/api/v1/monolith/agent/install?secret=YOUR_SECRET&platform=macos" | sudo bash

# Windows (PowerShell, Run as Administrator)
irm "https://your-instance.fortis.eu/api/v1/monolith/agent/install?secret=YOUR_SECRET&platform=windows" | iex

# Linux (Debian/Ubuntu)
curl -fsSL "https://your-instance.fortis.eu/api/v1/monolith/agent/install?secret=YOUR_SECRET&platform=linux" | sudo bash
03

Evidence Flows Automatically

Devices appear within 60 seconds. Compliance evidence syncs every 15 minutes. Non-compliant devices generate alerts. Mapped to your active frameworks. No manual steps.

Pricing

Simple per-device pricing.

No seat minimums. No annual lock-in. Pay only for enrolled devices.

Base
EUR3/device/month

Essential endpoint compliance evidence. Device inventory, encryption, firewall, and patching verification.

  • Device compliance posture
  • Disk encryption verification
  • Firewall status monitoring
  • OS patch compliance
  • Software inventory
  • Antivirus status
  • 15-minute sync cycle
  • Compliance framework mapping
  • Vulnerability detection
  • Custom osquery policies
  • CIS benchmark templates
  • Device compliance scoring
Get Started
PremiumRecommended
EUR7/device/month

Full visibility. All 13 evidence types, custom policies, CIS benchmarks, vulnerability detection, and compliance scoring.

  • Everything in Base
  • Vulnerability detection (CVE/CVSS)
  • Custom osquery policies
  • CIS benchmark templates
  • Process audit with code signing
  • Network exposure analysis
  • USB device tracking
  • Browser extension audit
  • Login event audit
  • Device compliance scoring
  • Remediation suggestions
  • Priority support
Get Started
Comparison

Monolith vs. alternatives

FeatureMonolithJamfIntuneKandjiFleet
EU-Sovereign DataPartial
No MDM Required
Self-HostedPartial
Same-DB Compliance Sync
RLS Multi-Tenancy
Compliance Framework MappingPartialPartialPartial
Open Source Core
Price per DeviceEUR 3-7~EUR 5-15~EUR 2-10~EUR 5-12EUR 0-50
FAQ

Frequently asked questions

Deploy

Deploy Monolith today.

Create account, launch a live demo, or talk to our team about enterprise deployment. Tenant isolation is enforced with Row Level Security.

Create account
Talk to an engineer