端點安全

FortiClient Overview

Endpoints are frequently the target of initial compromise or attacks. One recent study found that 30% of breaches involved malware being installed on endpoints. FortiClient strengthens endpoint security through integrated visibility, control, and proactive defense. With the ability to discover, monitor, and assess endpoint risks, you can ensure endpoint compliance, mitigate risks, and reduce exposure. FortiClient proactively defends against advanced attacks. Its tight integration with the Security Fabric enables policy-based automation to contain threats and control outbreaks. FortiClient is compatible with Fabric-Ready partners to further strengthen enterprises’ security posture.

 

   

FortiClient News

Reaching the Holy Grail of Integrated Endpoint and Network Security

7/13/2018: Be Ready to deliver network security and performance while the number of users, devices, and applications rapidly increase. Watch the webinar


You Can’t Protect What You Can’t See: Gaining Visibility in Endpoint Security

6/12/2018: The current digital transformation underway has led to unprecedented network expansion. This increased complexity can result in losing visibility into new attack vectors and exploits targeting devices and services running across the network. This has been especially challenging with regards to endpoint and IoT security. Read the article

 

Fortinet Receives Recommended Rating in NSS Labs Latest Advanced Endpoint Protection Test Report

4/17/2018: FortiClient is a top performer and “Recommended” by NSS labs in its 2018 Advanced Endpoint Protection (AEP) group test. NSS Labs expanded the scope of the AEP test and included malware, exploits, blended threats (combinations of threats), false positives, and evasions. FortiClient with integrated Sandbox blocked 100% exploits, 100% document and script-based attacks; 100% web and email attack, and offline threats with zero false positives. Read the press release

 

 

 

FortiClient Video

Fortinet Endpoint-IoT Solution

Monitor, control, and protect the expanding digital attack surface.

立即觀看

 

FortiClient Product Details:

FortiClient is more than advanced endpoint protection. As an integrated agent, FortiClient contains three key modules: Fabric Agent for security Fabric connectivity, the endpoint security modules, and the secure remote access modules. Fabric Agent shares endpoint telemetry with the Security Fabric and delivers broad endpoint visibility, compliance control, and vulnerability management. It provides advanced endpoint protection with pattern-based anti-malware, behavior-based exploit protection, web-filtering, and an application firewall. FortiClient natively integrates with FortiSandbox to detect zero-day threats and custom malware. FortiClient also provides secure remote access with built-in VPN, single-sign-on, and two-factor authentication for added security.

Features and Benefits

icon benefit fortiattack

Broad endpoint visibility

FortiClient Fabric Agent integrates endpoints into the Security Fabric and provides endpoint telemetry, including user identity, protection status, risk scores, unpatched vulnerabilities, security events, and more.
Compliance icon

Endpoint compliance and vulnerability management

Reduce the endpoint attack surface and manage endpoint-borne risk. 
Vulnerability scanning with flexible patching options. Detect and enforce endpoint compliance. 
icon benefits forticlient

Proactive endpoint defense

Anti-exploit, sandbox integration, and behavior and pattern-based malware detection proactively detect and block malware, malicious scripts, document-based, and other advanced attacks.
platform support icon

Automated threat containment

Integration with the Security Fabric enables automated response. Mitigate unpatched vulnerabilities, alert users, and quarantine risky or compromised endpoints to stem an outbreak.
platform support icon

Secure remote access

Reliable, simple, and secure remote access with built-in, always-on VPN, with the added security of two-factor authentication, plus single-sign-on capabilities.
icon benefits management

Easy to deploy and manage

Easy to deploy and manage Modular and light-weight endpoint agents are centrally managed with the Enterprise Manager Server (EMS).
Fabric Agent is compatible with Fabric-Ready endpoint security solutions.

Please see the product datasheet for more information these and many more Product features.

FortiClient Features and Specs

FortiClient contains the following key modules: Fabric Agent for Security Fabric connectivity, the endpoint security modules, and the secure remote access modules. FortiClient integrates with many key components of the Fortinet Security Fabric and is centrally managed by the Enterprise Management Server (EMS).

Try FortiClient Fabric Agent today

Endpoint telemetry for visibility

FortiClient shares endpoint telemetry with the Security Fabric to ensure unified endpoint awareness and deliver integrated endpoint and network security. Endpoint information shared includes device information, OS, security status, vulnerabilities, events, and user ID.


Compliance enforcement

Enables the enforcement of enterprise security policy and use criteria such as the severity of unpatched vulnerabilities, running software, web filtering, and security posture. 

Automation/host quarantine

Automates policy-based response when triggered by security events. For example, automatically quarantine a suspicious or compromised endpoint to contain incidents and prevent outbreaks.


Vulnerability management

Identifies and prioritizes unpatched OS and software vulnerabilities with flexible patching options including auto-patching.


Software inventory

Provides visibility of installed software. In addition to managing licenses, software inventory can improve security hygiene. When software installed is not required for business purposes, it unnecessarily introduces potential vulnerabilities, and thereby increases the likelihood of compromise.


Try FortiClient Fabric Agent today

Anti-malware

Anti-malware leverages FortiGuard Content Pattern Recognition Language (CPRL) , machine learning, and AI to protect endpoint against malware. The pattern-based CPRL is highly effective in detecting and blocking polymorphic malware. It also blocks attack channels and malicious websites.

Anti-exploit

Protects against advanced threats exploiting zero-day and unpatched vulnerabilities. This signature-less and behavioral-based technology detects and blocks memory violation techniques. It shields web browsers, java/flash plug-ins, office applications, PDF readers, load library, and script interpreters from exploit-based attacks.

Web filtering

Powered by FortiGuard research, the web filtering function monitors all web browser activities to enforce web security and acceptable usage policy with 75+ categories. It works across all supported operating systems and works with Google SafeSearch. Admins can set black/white lists, on-/off-net policies, and import FortiGate web filtering policies for consistent enforcement. 

Application firewall

Provides the ability to monitor, allow, or block application traffic by categories. It uses the same categories as FortiGate, enabling consistent application traffic control. It leverages FortiGuard anti-botnet, IPS, and application control intelligence and can prevent the use of unwanted applications including proxy apps and HTTPS messaging apps.

FortiClient leverages the Security Fabric Architecture and integrates with many Security Fabric components:

FortiSandbox

FortiClient natively integrates with FortiSandbox. FortiClient automatically submits files to the sandbox for real-time analysis. Real-time threat intelligence from FortiSandbox is instantly shared across the enterprise.  

FortiGate

FortiClient shares endpoint telemetry with FortiGate enterprise firewalls to enforce endpoint security compliance.  FortiClient telemetry also contributes to the security rating. The diverse VPN client provides secure remote access.

FortiAnalyzer/FortiManager/FortiSIEM

In addition to endpoint telemetry, FortiClient sends logs including vulnerability, traffic, and events for the Network Operation Center (NOC) and Security Operation Center (SOC) for threat analysis and forensic investigation. 

FortiAuthenticator

Enables secure sign-on (SSO) and two-factor authentication.

VPN

FortiClient uses SSL and IPsec VPN to provide secure and reliable access to the corporate network. Two-factor authentication can also be leveraged for additional security. Features such as always-on, auto-connect, dynamic VPN gateway selection and split-tunneling, result in optimized user experience and security. 

Single sign-on

It integrates with FortiAuthenticator identity and access management service to provide single sign-on. 

EMS provides central management of Windows, Mac, Linux, iOS, Android, and Chromebook devices. Features include remote endpoint deployment, client provisioning, Windows AD integration, real-time endpoint status, vulnerability dashboard, software inventory, quarantine management, alerts, and more. 

  Windows MAC OS X Linux Android iOS Chromebook
FABRIC AGENT            
Endpoint telemetry - visibility
Compliance enforcement  
Host quarantine        
Vulnerability management      
Application inventory

     
Secure Access            
VPN ✔*  
SSO        
Endpoint Protection            
Anti-malware
     
Anti-exploit          
Sandbox integration   partial**      
Web filtering  
Application firewall        

*Separate VPN agent

**Can consume Sandbox intelligence  

FortiClient leverages FortiGuard threat intelligence research and services

FG Antivirus

防毒

FortiGuard 防毒可阻斷最新病毒、間諜軟體以及其他內容層面的威脅。它採用行業領先的進階偵測引擎來阻止不斷變化的新威脅在您的網路中獲得據點、存取網路中寶貴的內容。

FG AntiBotnet

IP 聲譽評等 & 預防殭屍網路安全服務

FortiGuard IP 聲譽評等服務從 Fortinet 分佈式威脅感測器網路、CERT、MITRE、進行合作的競爭對手以及其他全球資源彙集惡意來源 IP 資料,這些資源共同協作,合力提供關於敵對來源的最新威脅情報。憑藉來自分佈式網路閘道近乎即時的情報,再結合 FortiGuard Labs 的世界級研究,組織可得到更安全的保護並對攻擊實施主動攔截。

FG Application Control

應用程式控制

可對您的客戶正在執行的應用程式獲得無可比擬的即時可視性,並輕鬆實施您可接受的使用原則,進而提高安全性並滿足合規要求。透過 FortiGuard 應用程式控制,您可以快速建立原則來允許、拒絕或限制對應用程式或整個類別的應用程式的存取。

FG Intrusion Prevention

入侵防護

FortiGuard IPS 透過偵測威脅並在威脅侵入到網路裝置前進行封鎖,以此抵禦最新的網路入侵。

FG Web Filtering

Web Filtering

Protects your organization by blocking access to malicious, hacked, or inappropriate websites.

FortiClient Enterprise Management Server (EMS) Demo

This full working demo shows the Enterprise Management Server (EMS) for FortiClient. Have a look at the Dashboard, FortiClient Status, Vulnerability Scan and Software Inventory.  Check out the Endpoints section and see the summary and available actions, such as quarantine an endpoint.   And you can also configure system settings and scanning options under Endpoint Profile. 

Access the demo

NSS Labs 2018 Advanced Endpoint Protection (AEP) Test

The NSS Labs AEP group test evaluates products for security effectiveness, performance, and total cost of ownership (TCO). These products include endpoint security technologies that combine the protective capabilities of anti-threat products with the detection, investigation, and prevention capabilities of endpoint security products. FortiClient with integrated FortiSandbox earned a “Recommended” rating with average security effectiveness of over 97.3%, zero false positives, and low TCO.

NSS Labs Breach Prevention Systems (BPS) Test 2017

NSS Labs introduced a new group test, BPS focused on detecting and blocking exploits, advanced malware, and evasions. This helps validate the advanced threat response cycle of prevent-detect-mitigate across a number of threat vectors including web, email, and endpoint. Fortinet's Security Fabric consisting of FortiSandbox, FortiGate, FortiMail, and FortiClient integrated together, earned a Recommended award by achieving a block rate of 99.6% and offering the lowest 3-year TCO.

FortiClient Ecosystem

FortiClient provides integration with many leading IT vendors as part of the Fortinet Security Fabric. Below is a list of current FortiClient Alliance Partners:

Carbon Black
Carbon Black

Carbon Black leads a new era of endpoint security by enabling organizations to disrupt advanced attacks, deploy the best prevention strategies for their business, and leverage the expertise of 10,000 professionals from IR firms, MSSPs, and enterprises to shift the balance of power back to security teams.

McAfee
McAfee

McAfee is one of the world’s leading independent cybersecurity companies. Inspired by the power of working together, McAfee creates business and consumer solutions that make the world a safer place.

SentinelOne
SentinelOne

SentinelOne is shaping the future of endpoint security with an integrated platform that unifies the detection, prevention and remediation of threats initiated by nation states, terrorists, and organized crime. SentinelOne’s unique approach is based on deep inspection of all system processes combined with innovative machine learning to quickly isolate malicious behaviors, protecting devices against advanced, targeted threats in real time.

Symantec
Symantec

Symantec Corporation (NASDAQ:SYMC), the world’s leading cyber security company, helps organizations, governments and people secure their most important data wherever it lives. The partnership with Fortinet combines Symantec’s endpoint protection leadership with Fortinet’s best-in-class network security and Fabric integration to deliver unparalleled security protection.

Ziften
Ziften

Ziften delivers all-the-time visibility and control for any asset, anywhere - client devices, servers, and cloud VMs – whether on-network or remote; connected or not. Our unified systems and security operations (SysSecOps) platform empowers IT and security operations teams to quickly repair user impacting endpoint issues, reduce their overall risk posture, speed security threat response, and increase operations productivity. Ziften’s secure architecture delivers continuous, streaming endpoint monitoring and historical data collection for large and mid-sized enterprises, governments, and managed security service providers (MSSP). And Ziften helps extend the value of incumbent tools and fill the gaps between fragmented, siloed systems.

FortiClient | Fortinet 的新一代端點安全解決方案

What is Fabric Agent?

Fabric Agent, one of the FortiClient modules, connects endpoints and integrates endpoints into the Security Fabric. Fabric Agent sends endpoint telemetry with the Security Fabric. Information shared includes risk profile, unpatched vulnerabilities, operating systems, protection status. User, device ID, and endpoint behavior data can be shared too.

Can FortiClient help us mitigate endpoint vulnerabilities?

Yes, when unpatched vulnerabilities are discovered during the scan, FortiClient provides flexible patching options including auto patching.  Additionally, administration can define endpoint compliance policy to monitor unpatched vulnerabilities and their severity.

How does FortiClient prevent exploit-based attacks?

FortiClient endpoint protection capabilities feature anti-exploit, a behavioral-based detection technology that protects against memory exploitation techniques and exploit kits. 

With vulnerability management, FortiClient helps companies improve security hygiene and provides visualization for the network security team to identify vulnerable endpoints and mitigate the risks.

How does FortiClient integrate with FortiSandbox?

FortiClient integrates natively with FortiSandbox and can automatically submit objects to the sandbox for analysis. What’s unique about Fortinet is that the sandbox infrastructure can be shared across FortiGate, FortiMail, and partners. The threat intelligence is automatically disseminated across the enterprise.

I have a FortiGate, can I try FortiClient and endpoint telemetry feature?

Yes, you can download FortiClient and EMS from the product download page. Your FortiGate can receive telemetry from up to 10 client for testing.

What endpoint telemetry does Fabric Agent send?

FortiClient telemetry data include: Endpoint operation system, device ID (such as MAC), logged-in user ID with avatar, endpoint protection (AV) status, endpoint vulnerabilities, endpoint behavior data, FortiClient version, and the device online/offline status.