Incident Response

When you're under attack, Fortis specialists will fight by your side

Given the constant innovation and complexities generated by the modern threat landscape, it has become more difficult than ever to properly protect your environment. In most cases it’s not a question of if your organization will be forced to fend off a major attack or breach, but rather how you’ll respond when one finally does occur. Delays in action, procedural/configuration errors, and/or a weakened security posture can significantly increase the impact of a security incident in a number of different ways.

  • Temporary loss of access to critical data and systems
  • Potential permanent loss or public exposure of sensitive data and backups
  • Damage to company reputation with customers and partners
  • Costs to restore operations (paying ransomware or hiring outside help for assistance)
  • Purchase of additional security solutions, services, and training to prevent future attacks
  • Increase in cyber insurance premiums and legal fees

Many unprepared or under-prepared organizations do not survive a substantial attack on their environment. The best way to protect your assets, mitigate risk, and maintain compliance is by partnering with Fortis and our Incident Response offerings.

Why Fortis?

Experience matters – The elite specialists from Fortis have performed triage, incident response, and remediation for hundreds of organizations across many different industries. While studies show that a majority of companies do not survive for longer than six months following a significant cyberattack, the Fortis IR team has helped 100% of our customers achieve a solid recovery and remain in business.

Proven strategy – The Fortis team understands the current threat landscape and bases the tools and methodologies we use on industry best practices. Our incident response experts use best-of-breed security products in order to contain a threat, then work with you to restore operations, reduce the attack vector, and perform forensics analysis so you can recover quickly.

Analysis and reporting – It’s important to obtain as many details as possible about an attack on your organization, so you can understand how the bad actor gained access to your environment, what actions they took and damage they caused once inside, along with guidance on ways to prevent this from happening again in the future. Fortis specialists conduct a forensics analysis and detail all IR findings in documentation that can be used as a building block to further harden your security posture.


  • Improve response times and contain a threat faster
  • Minimize the damage and costs associated with an attack
  • Utilize the Fortis team of battle-tested, highly certified incident response experts in combination with the latest threat intelligence
  • Assessments and exercises test your defenses and train your team on the proper actions to take during an attack
  • Develop a more mature incident response strategy tailored to your specific operational needs

Fortis Incident Response Portfolio

ActiveRecovery [click to view PDF]

When an incident occurs, be it a data breach, exfiltration, email compromise, or ransomware, the Fortis team of elite ActiveRecovery specialists can respond remotely or at your site to counteract the attack. Utilizing best of breed security products, our experts contain the threat, work to restore operations, reduce the attack vector, and perform forensics analysis to help your organization recover quickly.

Retainer [click to view PDF]

A Fortis Incident Response Retainer (IRR) is designed to be an adjustable agreement enabling your organization to set preferred rates, create a two-hour response SLA (service level agreement), and take advantage of our specialists’ experience via proactive services. Our consulting services and flexible use provisions ensure your invested hours can be applied in different ways to help maintain organizational readiness.

Compromise Assessment [click to view PDF]

This high level forensics evaluation of your organization’s environment is designed to detect past and present attacker activity. A Fortis compromise assessment can also identify security configuration issues, policy violations, and unknown vulnerabilities. It can be targeted to endpoints, email services, or customized to fit your specific needs.

Tabletop Exercise [click to view PDF]

Fortis tabletop exercises are designed to stress your organization’s processes, policies, tools, and proficiencies when it comes to responding to an incident. They have been developed with real-world scenarios based on NIST, SANS, and CIS standards. Tabletop exercises are built to be engaging and executed in a no-fault environment.

Readiness Assessment [click to view PDF]

Fortis proactive services develop, practice, and validate your organization’s capabilities, along with its readiness to successfully respond to an incident. You can take advantage of a wide range of readiness assessments and incident response plan development services, either as part of a retainer or ad hoc as needed. All services are fully customized to meet your unique needs.