Advanced, automated endpoint protection, detection, and response
Overview
FortiEDR delivers innovative endpoint security with real-time visibility, analysis, protection, and remediation. As proven in MITRE evaluations, FortiEDR proactively shrinks the attack surface, prevents malware infection, detects and defuses potential threats in real time, and automates response and remediation procedures with customizable playbooks.
FortiEDR identifies and stops breaches in real-time automatically and efficiently. And it does so without a slew of false alarms or disrupting business operations.
FortiEDR Advanced Endpoint Protection
FortiEDR Meets Today’s Endpoint Security Requirements
Models and Specifications
Management, architecture, and platform support
A single, integrated management console provides prevention, detection, and incident response capabilities. Extended REST APIs are available to support any console action and beyond.
Offline protection
Protection and detection happen on the endpoint, protecting disconnected endpoints.
Native cloud infrastructure
FortiEDR features multi-tenant management in the cloud. The EDR solution can be deployed as a cloud-native, hybrid, or on-premises. It also supports air-gapped environments.
Lightweight endpoint agent
FortiEDR utilizes less than 1% CPU, up to 120 MB of RAM, 20 MB of disk space, and generates minimal network traffic.
Supported operating systems
FortiEDR supports Windows, MacOS, and Linux operating systems, and offers offline protection.
Security Fabric Integration
FortiEDR leverages the Fortinet Security Fabric architecture and integrates with many Security Fabric components including FortiGate, FortiSandbox, and FortiSIEM.
FortiGate
The FortiEDR connector enables the sharing of endpoint threat intelligence and application information with FortiGate. FortiEDR management can instruct enhanced response actions for FortiGate, such as suspending or blocking an IP address following an infiltration attack.
FortiNAC
FortiEDR shares endpoint threat intelligence and discovered assets with FortiNAC. With syslog sharing, FortiEDR management can instruct enhanced response actions for FortiNAC, such as isolating a device.
FortiSandbox
FortiEDR native integration with FortiSandbox automatically submits files to the sandbox in the cloud, supporting real-time event analysis and classification. Additionally, it also shares threat intelligence with FortiSandbox.
FortiSIEM
FortiEDR sends events and alerts to FortiSIEM for threat analysis and forensic investigation. FortiSIEM can also utilize JSON and REST APIs to further integrate with FortiEDR.
FortiGuard Labs
FortiEDR native integration with FortiGuard Labs allows up-to-date intelligence, supporting real-time incident classification to enable accurate incident response playbook activation.
Services
Use FortiEDR managed EDR (MDR), Incident Response, JumpStart, and Best Practices Services to manage, respond, set up, or tune the EDR Solution for your organization.
JumpStart Services
Fortinet JumpStart Services assesses a customer’s existing security posture and partners with them to create a customized security implementation plan to ensure successful and proactive:
- Architecture and planning
- Deployment and installation
- Environment tuning
- Prevention mode migration
- Project management
- Training
FortiResponder Managed Detection and Response Service (MDR)
We supplement your SOC team, acting as senior SOC analysts by providing:
- 24×7 threat monitoring and response
- Alert triage and response
- Guided remediation instructions with remote remediation and rollback
- Recommended course of action per classified event based on risk profile
- Environment management and MDR
- Quarterly security environment review
FortiResponder Forensics and Incident Response Service
We assist with the analysis, response, containment, and remediation of security incidents to reduce the time to resolution, limiting the overall impact to an organization. FortiResponder Forensics and Incident Response Service can also help organizations that have not deployed FortiEDR for specific incident or breach investigation.
FortiEDR Best Practice Service
Fortinet experts will provide advice and guidance as the customer deploys the product throughout their organization. This advice/guidance will cover:
- Prerequisites and preparation
- Architecture and planning
- Deployment and optimization
- Closeout and basic training
Security Operations
To keep up with the volume, sophistication, and speed of today’s cyber threats, you need AI-driven security operations that can function at machine speed. Fortinet Security Operations enables advanced threat detection, response capabilities, centralized security monitoring, and optimization to easily be added across the entire Fortinet Security Fabric.
