Fortinet FortiEDR
Advanced, automated endpoint protection, detection, and response
FortiEDR delivers innovative endpoint security with real-time visibility, analysis, protection, and remediation. As proven in MITRE evaluations, FortiEDR proactively shrinks the attack surface, prevents malware infection, detects and defuses potential threats in real time, and automates response and remediation procedures with customizable playbooks.
FortiEDR identifies and stops breaches in real-time automatically and efficiently. And it does so without a slew of false alarms or disrupting business operations.
FortiEDR Product Details
Endpoint Detection and Response (EDR) subscription bundles are available for different use cases, depending on the customer needs, other Fortinet Security Fabric products deployed, as well as managed service options.
FortiEDR Advanced Endpoint Protection
See how FortiEDR detects and blocks ransomware and other file-less attacks to stop breaches in real time. It also reduces the attack surface and remotely remediates affected endpoints.
FortiEDR Meets Today’s Endpoint Security Requirements
Learn more about today’s requirements for endpoint security, as well as our unique detect and defuse capability. Also, understand how we prevent attacks by extending visibility and security across endpoints and workloads, no matter where they are.
Security Fabric Integration
FortiEDR leverages the Fortinet Security Fabric architecture and integrates with many Security Fabric components including FortiGate, FortiSandbox, and FortiSIEM.
- FortiGate
The FortiEDR connector enables the sharing of endpoint threat intelligence and application information with FortiGate. FortiEDR management can instruct enhanced response actions for FortiGate, such as suspending or blocking an IP address following an infiltration attack. - FortiNAC
FortiEDR shares endpoint threat intelligence and discovered assets with FortiNAC. With syslog sharing, FortiEDR management can instruct enhanced response actions for FortiNAC, such as isolating a device. - FortiSandbox
FortiEDR native integration with FortiSandbox automatically submits files to the sandbox in the cloud, supporting real-time event analysis and classification. Additionally, it also shares threat intelligence with FortiSandbox. - FortiSIEM
FortiEDR sends events and alerts to FortiSIEM for threat analysis and forensic investigation. FortiSIEM can also utilize JSON and REST APIs to further integrate with FortiEDR. - FortiGuard Labs
FortiEDR native integration with FortiGuard Labs allows up-to-date intelligence, supporting real-time incident classification to enable accurate incident response playbook activation.
EDR Solution Features and Benefits
DISCOVER AND CONTROL
Discover and control rogue devices and applications based on risk mitigation policies.
DETECT AND DEFUSE IN REAL TIME
Automatically detect and defuse potential threats in real time—even on compromised devices.
AUTOMATIC INCIDENT RESPONSE
Use customizable contextual incident response playbooks that automate incident response.
INSTANTLY STOP ATTACKS
Instantly stop breaches and prevent data loss and ransomware damage with no dwell time.
GAIN EFFICIENT SECURITY OPERATIONS
Eliminate alert fatigue and optimize operations with customizable incident response processes.
MINIMIZE BUSINESS IMPACT
Enable response and remediation while keeping systems online, maintaining business continuity.
Bundles:
Endpoint Detection and Response (EDR) subscription bundles are available for different use cases, depending on the customer needs, other Fortinet Security Fabric products deployed, as well as managed service options. The following table summarizes the most common and recommended options:
| Discover and Protect | Discover, Protect, and Respond | Discover, Protect, and Respond with XDR | |
|---|---|---|---|
| Discover - IT Hygiene | |||
| Asset Discovery | |||
| Asset Assessment | |||
| Attack Surface Reduction | |||
| Application Control | |||
| USB Control | |||
| Protect - Endpoint Protection | |||
| NGAV (pre-execution) | |||
| Post-execution Protection | |||
| Cloud Sandbox | |||
| Cloud Threat Intelligence | |||
| Attack Chain Visualization | |||
| Advanced Incident Forensics | |||
| MITRE Tagging | |||
| Malicious Web Filtering | |||
| Repsond - Endpoint Detection and Response | |||
| Continuous Recording and Analysis | |||
| Threat Hunting Enablement | |||
| AI-based Behavior Tagging | |||
| IOC Ingestion and Search | |||
| AI-powered Investigation | |||
| Security Fabric Integration | |||
| 3rd Party Integration | |||
| Automated Remediation | |||
| Automated Incident Response Framework | |||
| Secured Remote Shell | |||
| XDR - eXtended Detection and Response | |||
| eXtended Detection Across Security Fabric | |||
| eXtended Detection Across AWS Guard-Duty | |||
| eXtended Detection Across Google SCC | |||
| MDR - Managed Service Options | |||
| High Fidelity Alert Triage | Managed EDR | Managed EDR | Managed XDR |
| Extended Alert Triage | Managed EDR | Managed XDR | |
| Containment and Remediation Guidance | Managed EDR | Managed XDR | |
| Alerting and Reporting | Managed EDR | Managed XDR | |
| Correlated Security Fabric Alert Triage | Managed XDR | ||
| Additional Services | |||
| 24x7 Support | Included | Included | Included |
| Deployment | Cloud | On-premise Internet access enabled | Cloud |
Services:
Use FortiEDR managed EDR (MDR), Incident Response, JumpStart, and Best Practices Services to manage, respond, set up, or tune the EDR Solution for your organization.
JumpStart Services
Fortinet JumpStart Services assesses a customer’s existing security posture and partners with them to create a customized security implementation plan to ensure successful and proactive:
- Architecture and planning
- Deployment and installation
- Environment tuning
- Prevention mode migration
- Project management
- Training
FortiResponder Managed Detection and Response Service (MDR)
Fortinet supplement your SOC team, acting as senior SOC analysts by providing:
- 24x7 threat monitoring and response
- Alert triage and response
- Guided remediation instructions with remote remediation and rollback
- Recommended course of action per classified event based on risk profile
- Environment management and MDR
- Quarterly security environment review
FortiResponder Forensics and Incident Response Service
We assist with the analysis, response, containment, and remediation of security incidents to reduce the time to resolution, limiting the overall impact to an organization. FortiResponder Forensics and Incident Response Service can also help organizations that have not deployed FortiEDR for specific incident or breach investigation.
FortiEDR Best Practice Service
Fortinet experts will provide advice and guidance as the customer deploys the product throughout their organization. This advice/guidance will cover:
- Prerequisites and preparation
- Architecture and planning
- Deployment and optimization
- Closeout and basic training
Software Specifications:
- Management, architecture, and platform support - A single, integrated management console provides prevention, detection, and incident response capabilities. Extended REST APIs are available to support any console action and beyond.
- Offline protection - Protection and detection happen on the endpoint, protecting disconnected endpoints.
- Native cloud infrastructure - FortiEDR features multi-tenant management in the cloud. The solution can be deployed as a cloud-native, hybrid, or on-premises. It also supports air-gapped environments.
- Lightweight endpoint agent - FortiEDR utilizes less than 1% CPU, up to 120 MB of RAM, 20 MB of disk space, and generates minimal network traffic.
FortiEDR supports Windows, Google Cloud, macOS, and Linux operating systems, and offers offline protection.
- Windows Versions: XP SP2/SP3, 7, 8, 8.1, 10, and 11 (32-bit and 64-bit versions)
- Windows Server Versions: 2003 SP2, R2 SP2, 2008 SP2, 2008 R2 SP1, 2012, 2012 R2, 2016, 2019, and 2022
- Google Cloud Versions: Compute Engine Deployments and Procurement
- macOS Versions: El Capitan (10.11), Sierra (10.12), High Sierra (10.13), Mojave (10.14), Catalina (10.15), Big Sur (11.x), and Monterey (12.x)
- Linux Versions: RedHat Enterprise Linux and CentOS 6.x, 7.x, and 8.x, Ubuntu LTS 16.04.x, 18.04.x, 20.04.x server, 64 bit only Oracle Linux 6.x+, 7.7+, and 8.2+, Amazon Linux AMI 2 SuSE SLES 15.1
- VDI Environments Versions: VMware Horizons 6 and 7 and Citrix XenDesktop 7
Use Cases:
With contextual incident response playbooks, security teams can customize and automate incident investigation and response per classification and target host, optimizing security operations. Security teams can deploy some or all of the key use cases for Fortinet's EDR Solution -- FortiEDR.
Real-Time Breach Protection
In the event of a security incident, FortiEDR can protect data on compromised devices and defuse threats in real time to prevent data exfiltration, and ransomware protect against ransomware. Further, automated capabilities will roll back any malicious changes.
Attack Surface Reduction
Security teams can discover and proactively control rogue devices, IoT devices, and applications, along with their respective vulnerabilities across the system or applications—in real time.
Optimize Incident Response
With pre-canned playbook-based incident response, create customized incident response processes based on asset value, endpoint groups, and incident classification, enabling contextual-based incident response. Our MDR team can supplement your SOC as well.
Secure Operational Technology
FortiEDR is the only endpoint security solution with EDR that ensures high availability for OT systems even in the midst of a security incident or breach. It prevents, detects, and defuses threats while keeping machines online across multiple operating systems.
Secure POS System
Payment Card Industry Data Security Standard (PCI DSS) certified, FortiEDR prevents data exfiltration in the event of system compromise. It delivers virtual patching to shield POS systems from vulnerabilities in between scheduled maintenance windows.