FortiEDR

Advanced, automated endpoint protection, detection, and response

ESG Research paper on the latest trends in endpoint security
ensilo icon

FortiEDR Overview

Advanced attacks can take just minutes, if not seconds, to compromise the endpoints. First-generation endpoint detection and response (EDR) tools simply cannot keep pace. They require manual triage and responses that are not only too slow for fast moving threats but they also generate a huge volume of indicators that burden already overstretched security teams. Further, legacy EDR tools drive up the cost of security operations and can slow processes, negatively impacting business.

FortiEDR delivers advanced, real-time threat protection for endpoints both pre- and post-infection. It proactively reduces the attack surface, prevents malware infection, detects and defuses potential threats in real time, and can automate response and remediation procedures with customizable playbooks. FortiEDR helps organizations stop breaches in real-time automatically and efficiently, without overwhelming security teams with a slew of false alarms or disrupting business operations. 

   

FortiEDR News

  • Sep 23, 2020
    School District Secures Distance Learning for 18,000+ Students With FortiEDR
    This educational organization found itself a target of cybercriminals exploiting the recent pandemic through social engineering attacks. Explore how this organization leveraged FortiEDR to secure endpoints during distance learning.
  • Feb 18, 2020
    Every Second Counts in Endpoint Protection: Why Real Time Matters
    FortiEDR was designed with a single clear goal in mind - stopping attackers from achieving their goals, whether data exfiltration or sabotage, by stopping their attack. By understanding the nature of ransomware behavior and similar high-speed attacks, FortiEDR has the unique ability to defuse and disarm a threat in real time, even after an endpoint is already infected.
  • Dec 28, 2019
    Fortinet Adds EnSilo to its Security Portfolio
    Fortinet has acquired enSilo, a privately-held advanced endpoint security company. The solution uses a robust set of endpoint security tools to deny attackers from achieving their ultimate goals, while stopping the damage by automatically contain a threat, stopping data exfiltration, and preventing ransomware data tempering.
  • Dec 26, 2019
    Introducing BIOLOAD: FIN7 BOOSTWRITE’s Lost Twin
    Recently, FortiEDR, (formerly enSilo) blocked malicious payloads running in legitimate Microsoft Windows processes. A deeper look uncovered that the attacker abused the DLL search order to load their own malicious DLL.

  

FortiEDR Video

Protecting Endpoint, Every Seconds Count | FortiEDR Real-Time Endpoint Security Platform

Advanced attacks take seconds to compromise endpoints and ransomware attacks take seconds to cause damage to your systems and infrastructure. Find out how FortiEDR protects your endpoints pre- and post-infection and see how FortiEDR detect and defuse threats in real-time, automatically to protect the endpoint and prevent a breach.

Watch Now

FortiEDR Product Details:

FortiEDR is the only endpoint protection solution that provides both comprehensive machine-learning anti-malware execution and real-time post-infection protection. From day one, it automatically detects and defuses potential threats in real time even on already infected hosts. The defusing post-infection protection layer controls outbound communications and file systems modifications to prevent data exfiltration, lateral movement and C2 communications, as well as file tampering and ransomwares.

With automated EDR functions for threat hunting and incident response, FortiEDR eliminates the breach response time gap, dwell time, and alert fatigue. Additionally, it protects systems and supports broad OS coverage workstations, servers, and virtual machines, including legacy operating and embedded systems. 

 

 

Please see the product datasheet for more information these and many more Product features.

Features and Benefits

icon benefit fortiattack

Discover, Predict, Prevent

Discover, enrich, and control rogue computers, IoT devices, and applications based on risk mitigation policies. Prevent threats with next-generation antivirus.
icon vulnerability

Detect and Defuse in Real Time

Detect and defuse potential threats in real time, automatically. Stop the breach, prevent data exfiltration, and protect data from ransomware encryption even on compromised devices.
icon benefits forticlient

Playbook-based Incident Response

Create customizable contextual incident response playbooks. Automate incident response including terminating processes, removing files, isolating devices, and rolling back malicious changes.
Icon automation

Real Time and Automatic

Stop breaches and prevent data loss and ransomware damage with no dwell time. Eliminate the incident response time gap.
Compliance icon

Efficient Security Operations

Eliminate alert fatigue and optimize operations with customizable, standardized incident response processes.
minimized overhead icon

Minimize Business Impact

Ensures business continuity in the event of a security incident. FortiEDR enables response and remediation while keeping systems online, saving time and money.

Building a Cybersecurity Workforce

Advanced training for security professionals, technical training for IT professionals, and awareness training for teleworkers.

Learn More

FortiEDR Features and Specifications

Discovery with proactive attack surface risk mitigation

FortiEDR delivers the most advanced automated attack surface policy control with vulnerability assessments and IoT security that allows security teams to:

  • Discover and control rogue devices (e.g., unprotected or unmanaged devices) and IoT devices
  • Track applications and ratings
  • Discover and mitigate system and application vulnerabilities with virtual patching
  • Reduce the attack surface with risk-based proactive policies 

Next-generation antivirus (NGAV)

FortiEDR uses a machine learning antivirus engine to stop malware pre-execution. This cross-OS NGAV capability is configurable and comes built into the single, lightweight agent, allowing users to assign anti-malware protection to any endpoint group without requiring additional installation.

  • Enable machine learning, kernel-based NGAV
  • Enrich findings with real-time threat intelligence feeds from a continuously updated cloud database
  • Protect disconnected endpoints with offline protection
  • USB device control

Real-time and automated breach protection   

FortiEDR detects and defuses fileless malware and other advanced attacks in real time to protect data and prevent breaches. As a soon as FortiEDR detects suspicious process flows and behaviors, it immediately defuses the potential threats by blocking outbound communications and access to the file system from those processes if and once requested. These steps prevent data exfiltration, command and control (C&C) communications, file tampering, and ransomware encryption. At the same time FortiEDR backend continues to gather additional evidence, enrich event data and classify the incidents. FortiEDR surgically stops data breach and ransomware damage in real time, automatically allowing business continuity even on already compromised devices.
 

 

  • Leverage OS-centric detection, highly accurate in detecting stealthy infiltrated attacks, including memory based and “living off the land” attacks
  • Stop breaches in real time and eliminate threat dwell time
  • Achieve analysis of entire log history
  • Prevent ransomware encryption, file, and registry tempering
  • Continuously validate classification of threats
  • Enhance signal to noise ratio and eliminate alert fatigue

Orchestrate incident response with customizable playbooks 

Orchestrate incident response operations using tailor-made playbooks with cross environment insights. Streamline incident response and remediation processes, manually or automatically roll back malicious changes done by already contained threats—on a single device or on devices across the environment.

  • Automate incident classification and enhance the signal-to-alert ratio
     

 

  • Standardize incident response procedures with playbook automation
  • Optimize security resources by automating incident response actions such as removing files, terminating malicious processes, reversing persistent changes, notifying users, isolating applications and devices, and opening tickets
  • Enable contextual-based incident response using incident classification and the subjects of the attacks, (e.g., endpoint groups)
     
 
  • Gain full visibility of the attack chain and malicious changes with patented code tracing
  • Automate cleanup and roll back malicious changes while preserving system uptime
  • Optional managed detection and response (MDR) service can supplement a SOC

Guided interface with data enrichment

FortiEDR automatically enriches data with detailed information on malware both pre- and post-infection to conduct forensics on infiltrated endpoints. Its unique guided interface provides helpful guidance, best practices and suggests the next logical steps for security analysts.  

  • Automate investigation with minimal interruption to end users
  • Automatically defuse and block threats, allowing security analysts to hunt on their own time
  • Patented code-tracing technology delivers full attack chain and stack visibility even if the device is offline
  • Preserve memory snapshots of in-memory attacks for memory-based threat hunting
  • Guide interface displays clear explanations why the event is flagged as suspicious or malicious, lists corresponding MITRE attack framework, as well as logical next step for forensic investigation
     

FortiEDR leverages the Fortinet Security Fabric architecture and integrates with many Security Fabric components including FortiGate, FortiSandbox, and FortiSIEM. 

FortiGate
The FortiEDR connector enables the sharing of endpoint threat intelligence and application information with FortiGate. FortiEDR management can instruct enhanced response actions for FortiGate, such as suspending or blocking an IP address following an infiltration attack.

FortiNAC
FortiEDR shares endpoint threat intelligence and discovered assets with FortiNAC. With syslog sharing, FortiEDR management can instruct enhanced response actions for FortiNAC, such as isolating a device.

FortiSandbox 
FortiEDR native integration with FortiSandbox automatically submits files to the sandbox in the cloud, supporting real-time event analysis and classification. Additionally, it also shares threat intelligence with FortiSandbox. 

FortiSIEM 
FortiEDR sends events and alerts to FortiSIEM for threat analysis and forensic investigation. FortiSIEM can also utilize JSON and REST APIs to further integrate with FortiEDR. 

FortiGuard Labs
FortiEDR native integration with FortiGuard Labs allows up-to-date intelligence, supporting real-time incident classification to enable accurate incident response playbook activation. 

Management, architecture, and platform support

A single, integrated management console provides prevention, detection, and incident response capabilities. Extended REST APIs are available to support any console action and beyond.

Offline protection. Protection and detection happen on the endpoint, protecting disconnected endpoints.

Native cloud infrastructure. FortiEDR features multi-tenant management in the cloud. The solution can be deployed as a cloud-native, hybrid, or on-premises. It also supports air-gapped environments.

Lightweight endpoint agent. FortiEDR utilizes less than 1% CPU, up to 120 MB of RAM, 20 MB of disk space, and generates minimal network traffic.

Supported operating systems. FortiEDR supports Windows, MacOS, and Linux operating systems, and offers offline protection.

  • Windows (both 32-bit and 64-bit versions) XP SP2/SP3, 7, 8, 8.1 and 10
  • Windows Server 2003 R2 SP2, 2008 R1 SP2, 2008 R2 SP2, 2012, 2012 R2, 2016 and 2019
  • MacOS Versions: Yosemite (10.10), El Capitan (10.11), Sierra (10.12), High Sierra (10.13), Mojave (10.14) and Catalina (10.15)
  • Linux Versions: RedHat Enterprise Linux and CentOS 6.8, 6.9, 6.10, 7.2, 7.3, 7.4, 7.5, 7.6 and 7.7 and Ubuntu LTS 16.04.5, 16.04.6, 18.04.1 and 18.04.2 server, 64-bit
  • Virtual Desktop Infrastructure (VDI) environments in VMware and Citrix. VDI Environments: VMware Horizons 6 and 7, and Citrix XenDesktop 7

FortiEDR Use Cases

FortiEDR protects endpoints pre- and post-infection and stops data breaches and tampering in real-time, automatically. With contextual incident response playbooks, security teams can customize and automate incident investigation and response per classification and target host, optimizing security operations. Security teams can deploy some or all of the key use cases for FortiEDR.

 

Real-Time Breach and Ransomware Protection

With discovery and risk mitigation capabilities, FortiEDR enables security teams to discover and proactively control rogue devices, IoT devices, and applications, along with their respective vulnerabilities across the system or applications—in real time. The FortiEDR machine-learning, kernel-based anti-malware engine provides effective malware protection.

In the event of a security incident, FortiEDR can protect data on compromised devices and defuse threats in real time to prevent data exfiltration and protect against ransomware encryption. Further, automated incident response and remediation capabilities will roll back any malicious changes that have affected endpoints.

 

Optimize the Incident Response Process

With pre-canned playbook-based incident response, security teams can create customized incident response processes based on asset value, endpoint groups, and incident classification, enabling contextual-based incident response. This operationalized approach allows organizations to have a consistent security incident response and optimizes security resources. FortiEDR delivers automated, real-time incident responses, including isolating devices, terminating malicious processes, and deleting malicious files. Users can also specify automated remediation processes in their playbook to automate cleanup and roll back malicious changes without taking machines offline.

Additionally, Fortinet provides a managed detection and response (MDR) service that can supplement a customer’s security operations center (SOC).  


Secure Operational Technology (OT)

Manufacturing, oil and gas, energy, and transportation organizations running on unsupported and unpatched legacy systems are easy targets for attackers. Attacks on OT systems threaten business continuity and possible destruction of critical infrastructure that can affect much of the population.

FortiEDR is the only solution that ensures high availability for OT systems even in the midst of a security incident or breach. It prevents, detects, and defuses threats while keeping machines online. At the same time, the patented code tracing technology records forensics artifacts and automates response and remediation. The small footprint of FortiEDR supports and protects legacy and embedded systems without weighing them down. FortiEDR protects OT and similar systems in air-gapped environments and delivers virtual patching and mitigation controls to protect systems from exploits until the next available maintenance window.  

Read Solution Brief

Secure POS systems

FortiEDR protects credit card user data at point of sale (POS) systems. Not only is it Payment Card Industry Data Security Standard (PCI DSS) certified, but it prevents data exfiltration in the unfortunate event of system compromise. Additionally, FortiEDR delivers virtual patching to shield POS systems from vulnerabilities in between scheduled maintenance windows. While POS systems are patched in scheduled maintenance windows, FortiEDR ensures that they are kept secure in between routine updates in the event of an unknown vulnerability. It also delivers embedded OS support all with a small footprint that does not slow or drag systems.  

Read Solution Brief

Our Customers Emphasize the Value of FortiEDR (Formerly enSilo) in Gartner Peer Insights Reviews

Many enterprise customers realize the efficiency and effectiveness of FortiEDR (formerly enSilo) and have provided positive feedback on Gartner Peer Insights. Read what end users say about FortiEDR. 

★★★★★
"EnSilo Is The First Product In My 15 Year Career That Makes Me Think We Have A Chance."

CISO in the Financial Industry

"EnSilo is efficient in all aspects. The agent has almost no overhead, the management interface provides detail without needing to dig, and most importantly, blocking occurs with minimal user impact."


★★★★★
"Successfully Regain Advantage Over Malicious Actors"

Sr. Security Analyst in the Manufacturing Industry

"From sales, to implementation, to support, the enSilo global team was a partner ensuring our success to regain an advantage over malicious actors."

"The zero-day capabilities are outstanding. Changes the table on suspicious activity from "Opt out" to "Opt In" -- suspicious activity is stopped and only allowed after activity analysis."


★★★★★
"Easy To Use Tool That Reduces Malicious Attacks While Not Negatively Affecting Production."

IT Director in the Miscellaneous Industry

"A well designed easy to use tool that helps to mitigate cyber risk. The product provides a high level of protection while keeping false positives to a minimum. Thus keeping business technology safer and working."


★★★★★
"Fast Effective EDR Compared To Others During POCs"

Security and Risk Management in the Manufacturing Industry

"Triage times are about 3 minutes compared to 30 minutes with the last vendor. Initial tuning was simplified by exceptions built into the main UI making all capabilities in one single pain of glass."

"From a product perspective, the EDR tool provides a significant time advantage when triaging and coming to conclusions. The tool has been very accurate, and the professional services is the icing on the cake. Their professional services are side by side with you for questions so knowing that you have a team by your side makes this a complete solution."


★★★★★
"Rollout Was Extremely Easy And The Support Is Great!"

Director - Enterprise Dev/Ops in the Manufacturing Industry

"By implementing enSilo we have been able to free up internal resources to work on large projects while ensuring that our enterprise is protected from malicious software."

"The monitoring service is excellent! They are proactive and only escalate alerts to the internal team after they have removed any false positives."
 

★★★★★
"My Favorite Enterprise Endpoint Security Application Thus Far"

Security Analyst in the Services Industry

"Working with the enSilo Endpoint Security application has been incredibly easy while still being very effective."


★★★★★

Product With Small Footprint But Magnificent Malware Prevention And Forensic Capabilities"

Security Architect in the Manufacturing Industry

"Lightweight Product - small Footprint on machines. Sophisticated Detection and Prevention mechanisms and Insight into complete malware kill chain. Fast support and customer request response Fast development "

"The product still prevents damage if you are already infected. Try it on a PoC and watch the results.”

 

For more Peer Insight reviews on FortiEDR click here

 

 
Gartner Peer Insights reviews constitute the subjective opinions of individual end users based on their own experiences, and do not represent the views of Gartner or its affiliates.

FortiEDR Deployment Service

Fortinet Professional Services will assess a customer’s existing security posture and partners with them to create a customized security implementation plan to ensure successful and proactive:

  • Architecture and planning
  • Deployment and installation
  • Environment tuning
  • Prevention mode migration
  • Project management
  • Training 
     

FortiResponder Managed Detection and Response Service (MDR)

The FortiResponder Managed Detection and Response (MDR) Service is designed for customers of the FortiEDR advanced endpoint security platform. FortiResponder MDR service provides organizations with 24x7 continuous threat monitoring, alert triage, and incident handling by experienced analysts and the platform. Fortinet experts review and analyze every alert, take actions to keep customers secure based risk profile, and provide detailed recommendations on remediation and next steps for incident responders and IT administrators. The FortiResponder MDR Service helps scale existing operations and further enhances SOC maturity. It provides:

  • 24x7 threat monitoring and response
  • Alert triage with guided response. The FortiResponder MDR team supplements a customer’s SOC team, acting as senior SOC analysts
  • Guided remediation instructions with remote remediation and rollback
  • Recommended course of action per classified event based on risk profile
  • Environment management and MDR 
  • Quarterly security environment review

Read the solution brief

FortiResponder Forensics and Incident Response Service

The FortiResponder Forensics and Incident Response Service assists customers with the analysis, response, containment, and remediation of security incidents to reduce the time to resolution, limiting the overall impact to an organization. In addition to serving FortiEDR customers—regardless of whether or not they have subscribed to the FortiResponder MDR Service—FortiResponder Forensics and Incident Response Service can also help organizations that have not deployed FortiEDR for specific incident or breach investigation.

Learn More
 

Resources