"Failing to plan, is planning to fail".  Attributed to Ben Franklin, this adage is as relevant today as it was 250 years ago.

When a Cyber Incident occurs, the worst scenario for any organization is not having a plan in place.  Solis Security can help make sure you never face that worse case scenario. Every day, we help organizations respond to malware, ransomware and business email compromise incidents using our proven Digital Forensics and Incident Response tactics..

Built on our extensive experience remediating over 1,500 breach incidents, our proprietary Business Resumption and Forensics methods are noted for their efficacy and efficiency. With proactive Incident Response PlanningIncident Response Tabletop Exercises, and Incident Response Retainer services, you can have the confidence that if you are faced with a breach, you have a team of experienced experts behind you, ready to respond.




We are so very thankful that we had your team to help us navigate through this hard time. The technical help was great and the moral support was also amazing. Every person who helped us made us feel calm. I’ve already recommended you to other friends who run businesses.

Trust Experience

Successfully responding to a cyber incident requires specialized skills and tools, but it is the hands on, real-world experience that truly differentiates how quickly and effectively an incident is managed.

Solis Security has experience. We have remediated ransomware, malware, and business email compromise cases for organizations in a variety of industries and government agencies. This experience has informed our processes and protocols and streamlined our methods for getting companies back up and running with the greatest efficiency.

How would your organization manage a cyber attack?


Solis Security offers advisory services for the creation, review and maintenance of an organization-wide cybersecurity Incident Response Plan (“IRP”). We leverage standards and frameworks that speak to Incident Response, such as the Computer Security Incident Handling Guide published by NIST, the Incident Response Reference Guide published by Microsoft, Guidance on Response Programs for Unauthorized Access to Customer Information and Customer published by the FFIEC, and more.

The IRP will factor in process and compliance requirements of all facets of the organization, including: business resumption, compliance, legal, partner, customers and culture. The IRP is a living document that requires ongoing review and updating which reflects the client’s technology changes, business changes and changes in the threat landscape.


A Tabletop Exercise assesses the viability of an organization’s Incident Response Plan (IRP) by testing it against a variety of simulated cyber attacks.

Solis Security will facilitate the Tabletop Exercise and offer insight on plan deficiencies or areas for improvement. Our security analysts will provide detailed documentation outlining proposed changes to the IRP and can assist the client in making any updates.

An IRP Tabletop Exercise should be performed at least annually; however, if an organization has material changes to the environment during the course of the year, such as an acquisition or migration to a new accounting platform, etc., another test may be required.


When faced with a breach, finding, vetting, and engaging a cybersecurity team to manage an attack could mean losing critical hours or even days, and cost more money, more downtime, and more grief. Having an Incident Response Retainer in place with Solis Security insures you will be in capable hands within minutes. 

  • Dedicated email address to submit requests for services, with guaranteed 1-hour response time, M-F 8am – 9pm CT, non-holidays
  • Incident Hotline Number with 24x7x365 coverage
  • Dedicated personnel to respond to requests for services
  • Organized, efficient protocols for managing the DFIR process
  • Advisory services for negotiations or procurement needs related to cryptocurrency demands 
  • Decryption support
  • A liaison between cryptocurrency transaction providers
  • Sanctions Reports that may be required by Legal
  • Extortion negotiations services
  • Assistance and advice related to preparation, development, updating and execution of cyber extortion and decryption facets of  Incident Response Plan

Cyber Incident
Triage Tips

What do you do when you discover you've been compromised?  Download our Triage Tips for the steps to take that will help reduce malware proliferation. 

Download the Tip Sheet

How are DFIR Services from Solis Security different?

Remote Service for faster business resumption.

After a cyber attack, you need to resume business as quickly as possible. That’s why, unlike most others in our industry, Solis Security developed an almost entirely remote Business Resumption process. Our analysts are able to service and restore your systems, without the added time and expense of sending technicians on-site. While we look good in our logo’d polo shirts, you really don’t need to see us in person for us to get the job done.

Our Complete DFIR Solution means more efficiency and fewer errors.

Many other cybersecurity companies offer only part of the entire DFIR solution, but at Solis Security our in-house Business Resumption and Forensics teams work together, often simultaneously, to remediate cyber attacks. Because there is no transition from one company to another, our analysts are more cognizant of the way evidence and other data is handled, reducing the errors and lag time that are often seen during these hand-overs. Ultimately this means a swifter resolution with more comprehensive data analytics.

Unmatched Ransom Negotiation Experience.

An unfortunate reality of cybersecurity attacks are ransom demands. Once your system is stalled in a ransomware attack, your pain is leveraged into cash demands. Solis Security has managed ransom negotiations for hundreds of organizations, often dealing with the same threat actors on multiple occasions. Our approach is to understand what data has been stolen, then using our significant insight on the tactics of these various organizations to reduce pay-outs.

Efficient, cost-effective Forensics.

For most organizations, data from a select number of machines can provide all of the information needed to perform a forensics analysis after an attack. Extending those reviews to dozens, or even hundreds, of machines is unnecessary, yet many other cyber forensics companies still insist on this approach. Our Forensics Analytics can typically pinpoint the data they need using just a handful of machines, which keeps costs low and speeds up the forensics process.

Legal and Insurance Expertise.

Solis has working relationships with most of the top cyber and breach law firms and insurance carriers in North America, including our parent company CFC Underwriting. We are fully versed in the intricacies of cybersecurity legal issues and insurance policies and will help streamline your claims process by providing the appropriate documentation with the required terminology and backing.