Skip to content Skip to navigation Skip to footer

Network Detection and Response (NDR)

Fortinet NDR identifies cybersecurity incidents in progress based on anomalous network activity to reduce the risk and impact of cyber threats

Watch the Overview Video
Network Detection and Response (NDR) banner background banner dots


Network Detection and Response (NDR) uses artificial intelligence and other analytics to identify suspicious network activity outside of the norm, which may be an indicator of a cyber attack in progress.  FortiNDR enables full-lifecycle network protection, detection, and response. It covers both network traffic and file-based analysis, along with root-cause identification. New threats can be identified by FortiNDR so you can instantly adapt threat containment and protection to new attacks.  

Artificial intelligence in action
In addition to dynamically profiling an organization’s network activity, FortiNDR also conducts file-based analysis. It comes pre-trained with more than 6+ million malicious and safe features that can identify IT- and OT-based malware and classify it into threat categories. These features can also accurately pinpoint patient zero and lateral spread of multi-variant malware by analyzing the entire malware movement.

Virtual security analyst
FortiNDR includes a virtual security analyst capability (formerly known as FortiAI) that can operate in unsupervised mode, helping lean SecOps teams fully analyze and investigate new threats within the shortest period of time. Because of our deep neural network’s innate ability to self-learn, it continuously adapts to the evolving cyber-threat landscape including AI-powered cyberattacks.


Machine Learning Across the Digital Attack Surface

A visual exploration of the digital attack surface, and how AI-SecOps within the Fortinet Security Fabric protects the entire network through an integrated set of security products, many of which include machine learning inspection points

Watch Now

FortiNDR is offered as an on-premises hardware appliance designed for deployment at data centers and campuses.

View by:

Form Factor
2 RU
2 x 10GE (RJ45), 1 xGE (RJ45)
NDR Throughput
Malware Analysis Throughput
100,000 files/hour with sub-second verdict

The virtual appliance of FortiNDR can be deployed on VMware and KVM platforms.

16 cores
NDR Throughput
Hypervisor hardware dependent
Malware Analysis Throughput
40,000 files/hr
Memory (Minimum/Recommended)
32 cores
NDR Throughput
Hypervisor hardware dependent
Malware Analysis Throughput
80,000 files/hr
Memory (Minimum/Recommended)

FortiNDR utilizes both local and cloud network intelligence for updates to threat detection. NDR updates such as encrypted hashes, outbreak intelligence, IP reputations, are coupled with local and cloud ML to assist with detection.


FortiGuard Security Services

FortiGuard Labs delivers timely, global intelligence combined with fast decision-making and response across all critical vectors. This enables near-real time, AI-driven protection across the Fortinet Security Fabric.

FortiNDR Service


FortiCare Technical Support and Services

FortiCare provides 24x7 support options to help keep your Fortinet deployment up and running smoothly. We also have services such as our Premium RMA options with 4-hour replacements, to make sure you’re covered in case of an extreme event.

24x7 Support

FortiNDR represents the future of AI-driven breach protection technology, designed for short-staffed Security Operation Center (SOC) teams to defend against various threats including advanced persistent threats through a trained Virtual Security AnalystTM that helps you identify, classify, and respond to threats including those well camouflaged. FortiNDR employs patent pending* Deep Neural Networks based on Advanced AI and Artificial Neural Network to provide sub-second investigation by harnessing deep learning technologies that assist you in an automated response to remediate different breeds of attacks.

FortiNDR Use Cases

FortiNDR detects threats where traditional security solutions fail, by using ML and AI, combined with FortiGuard updates.

Features and Benefits


Baselines network behavior, detects anomalous activity, validates incidents, and contains cyber actors


Sub-second malware classification and inline blocking of zero-day malware with MITRE ATT&CK investigation results


ML-based traffic profiling with mature deep learning model leveraged since 2012 comes pre-trained with 6+ million malware detection features for file based analysis


Integrates with third party via API or Fortinet security products upon detection to contain threats


Security Fabric integration across the Fortinet portfolio, and third-party solutions via robust API


Protects both IT and OT environments from threats
security operations | security fabric

Security Operations

To keep up with the volume, sophistication, and speed of today’s cyber threats, you need AI-driven security operations that can function at machine speed. Fortinet Security Operations enables advanced threat detection, response capabilities, centralized security monitoring, and optimization to easily be added across the entire Fortinet Security Fabric.

Network Detection and Response

Find solution guides, eBooks, data sheets, analyst reports, and more. Go to Resource Center >

Learn more about Fortinet Network Detection and Response Contact Us >