Fortinet FortiEDR
Advanced, automated endpoint protection, detection, and response

FortiEDR delivers innovative endpoint security with real-time visibility, analysis, protection, and remediation. As proven in MITRE evaluations, FortiEDR proactively shrinks the attack surface, prevents malware infection, detects and defuses potential threats in real time, and automates response and remediation procedures with customizable playbooks.

FortiEDR identifies and stops breaches in real-time automatically and efficiently. And it does so without a slew of false alarms or disrupting business operations.

FortiEDR Product Details

Endpoint Detection and Response (EDR) subscription bundles are available for different use cases, depending on the customer needs, other Fortinet Security Fabric products deployed, as well as managed service options.

Discover and Protect

For customers in the process of migrating from a traditional endpoint protection platform or next generation antivirus solution towards EDR, a basic Discover and Protect option is available, which supports future migration to full EDR.

Protect and Respond

For special cases where customers may have complimentary vulnerability discovery in place already, a special subscription is available. This subscription supports the standard EDR, XDR, Managed EDR, and Managed XDR variations.

Discover, Protect and Respond

For the best security coverage, the all-in-one subscription is recommended. This subscription supports the standard EDR, XDR, Managed EDR, and Managed XDR variations.

Discover, Protect and Respond - AirGap

For special deployments, an on-premise hosting option with FortiGuard Cloud Services (FCS) connection enabled is available.

FortiEDR Advanced Endpoint Protection

See how FortiEDR detects and blocks ransomware and other file-less attacks to stop breaches in real time. It also reduces the attack surface and remotely remediates affected endpoints.

FortiEDR Meets Today’s Endpoint Security Requirements

Learn more about today’s requirements for endpoint security, as well as our unique detect and defuse capability. Also, understand how we prevent attacks by extending visibility and security across endpoints and workloads, no matter where they are.

Security Fabric Integration

FortiEDR leverages the Fortinet Security Fabric architecture and integrates with many Security Fabric components including FortiGate, FortiSandbox, and FortiSIEM.

FortiGate
The FortiEDR connector enables the sharing of endpoint threat intelligence and application information with FortiGate. FortiEDR management can instruct enhanced response actions for FortiGate, such as suspending or blocking an IP address following an infiltration attack.
FortiNAC
FortiEDR shares endpoint threat intelligence and discovered assets with FortiNAC. With syslog sharing, FortiEDR management can instruct enhanced response actions for FortiNAC, such as isolating a device.
FortiSandbox
FortiEDR native integration with FortiSandbox automatically submits files to the sandbox in the cloud, supporting real-time event analysis and classification. Additionally, it also shares threat intelligence with FortiSandbox.
FortiSIEM
FortiEDR sends events and alerts to FortiSIEM for threat analysis and forensic investigation. FortiSIEM can also utilize JSON and REST APIs to further integrate with FortiEDR.
FortiGuard Labs
FortiEDR native integration with FortiGuard Labs allows up-to-date intelligence, supporting real-time incident classification to enable accurate incident response playbook activation.

EDR Solution Features and Benefits

DISCOVER AND CONTROL

Discover and control rogue devices and applications based on risk mitigation policies.

DETECT AND DEFUSE IN REAL TIME

Automatically detect and defuse potential threats in real time—even on compromised devices.

AUTOMATIC INCIDENT RESPONSE

Use customizable contextual incident response playbooks that automate incident response.

INSTANTLY STOP ATTACKS

Instantly stop breaches and prevent data loss and ransomware damage with no dwell time.

GAIN EFFICIENT SECURITY OPERATIONS

Eliminate alert fatigue and optimize operations with customizable incident response processes.

MINIMIZE BUSINESS IMPACT

Enable response and remediation while keeping systems online, maintaining business continuity.

Bundles:

	Discover and Protect	Discover, Protect, and Respond	Discover, Protect, and Respond with XDR
Discover - IT Hygiene
Asset Discovery
Asset Assessment
Attack Surface Reduction
Application Control
USB Control
Protect - Endpoint Protection
NGAV (pre-execution)
Post-execution Protection
Cloud Sandbox
Cloud Threat Intelligence
Attack Chain Visualization
Advanced Incident Forensics
MITRE Tagging
Malicious Web Filtering
Repsond - Endpoint Detection and Response
Continuous Recording and Analysis
Threat Hunting Enablement
AI-based Behavior Tagging
IOC Ingestion and Search
AI-powered Investigation
Security Fabric Integration
3rd Party Integration
Automated Remediation
Automated Incident Response Framework
Secured Remote Shell
XDR - eXtended Detection and Response
eXtended Detection Across Security Fabric
eXtended Detection Across AWS Guard-Duty
eXtended Detection Across Google SCC
MDR - Managed Service Options
High Fidelity Alert Triage	Managed EDR	Managed EDR	Managed XDR
Extended Alert Triage		Managed EDR	Managed XDR
Containment and Remediation Guidance		Managed EDR	Managed XDR
Alerting and Reporting		Managed EDR	Managed XDR
Correlated Security Fabric Alert Triage			Managed XDR
Additional Services
24x7 Support	Included	Included	Included
Deployment	Cloud	On-premise Internet access enabled	Cloud

Services:

Use FortiEDR managed EDR (MDR), Incident Response, JumpStart, and Best Practices Services to manage, respond, set up, or tune the EDR Solution for your organization.

JumpStart Services

Fortinet JumpStart Services assesses a customer’s existing security posture and partners with them to create a customized security implementation plan to ensure successful and proactive:

Architecture and planning
Deployment and installation
Environment tuning
Prevention mode migration
Project management
Training

FortiResponder Managed Detection and Response Service (MDR)

Fortinet supplement your SOC team, acting as senior SOC analysts by providing:

24x7 threat monitoring and response
Alert triage and response
Guided remediation instructions with remote remediation and rollback
Recommended course of action per classified event based on risk profile
Environment management and MDR
Quarterly security environment review

FortiResponder Forensics and Incident Response Service

We assist with the analysis, response, containment, and remediation of security incidents to reduce the time to resolution, limiting the overall impact to an organization. FortiResponder Forensics and Incident Response Service can also help organizations that have not deployed FortiEDR for specific incident or breach investigation.

FortiEDR Best Practice Service

Fortinet experts will provide advice and guidance as the customer deploys the product throughout their organization. This advice/guidance will cover:

Prerequisites and preparation
Architecture and planning
Deployment and optimization
Closeout and basic training

Software Specifications:

Management, architecture, and platform support - A single, integrated management console provides prevention, detection, and incident response capabilities. Extended REST APIs are available to support any console action and beyond.
Offline protection - Protection and detection happen on the endpoint, protecting disconnected endpoints.
Native cloud infrastructure - FortiEDR features multi-tenant management in the cloud. The solution can be deployed as a cloud-native, hybrid, or on-premises. It also supports air-gapped environments.
Lightweight endpoint agent - FortiEDR utilizes less than 1% CPU, up to 120 MB of RAM, 20 MB of disk space, and generates minimal network traffic.

FortiEDR supports Windows, Google Cloud, macOS, and Linux operating systems, and offers offline protection.

Windows Versions: XP SP2/SP3, 7, 8, 8.1, 10, and 11 (32-bit and 64-bit versions)
Windows Server Versions: 2003 SP2, R2 SP2, 2008 SP2, 2008 R2 SP1, 2012, 2012 R2, 2016, 2019, and 2022
Google Cloud Versions: Compute Engine Deployments and Procurement
macOS Versions: El Capitan (10.11), Sierra (10.12), High Sierra (10.13), Mojave (10.14), Catalina (10.15), Big Sur (11.x), and Monterey (12.x)
Linux Versions: RedHat Enterprise Linux and CentOS 6.x, 7.x, and 8.x, Ubuntu LTS 16.04.x, 18.04.x, 20.04.x server, 64 bit only Oracle Linux 6.x+, 7.7+, and 8.2+, Amazon Linux AMI 2 SuSE SLES 15.1
VDI Environments Versions: VMware Horizons 6 and 7 and Citrix XenDesktop 7

Use Cases:

With contextual incident response playbooks, security teams can customize and automate incident investigation and response per classification and target host, optimizing security operations. Security teams can deploy some or all of the key use cases for Fortinet's EDR Solution -- FortiEDR.

Real-Time Breach Protection

In the event of a security incident, FortiEDR can protect data on compromised devices and defuse threats in real time to prevent data exfiltration, and ransomware protect against ransomware. Further, automated capabilities will roll back any malicious changes.

Attack Surface Reduction

Security teams can discover and proactively control rogue devices, IoT devices, and applications, along with their respective vulnerabilities across the system or applications—in real time.

Optimize Incident Response

With pre-canned playbook-based incident response, create customized incident response processes based on asset value, endpoint groups, and incident classification, enabling contextual-based incident response. Our MDR team can supplement your SOC as well.

Secure Operational Technology

FortiEDR is the only endpoint security solution with EDR that ensures high availability for OT systems even in the midst of a security incident or breach. It prevents, detects, and defuses threats while keeping machines online across multiple operating systems.

Secure POS System

Payment Card Industry Data Security Standard (PCI DSS) certified, FortiEDR prevents data exfiltration in the event of system compromise. It delivers virtual patching to shield POS systems from vulnerabilities in between scheduled maintenance windows.

Documentation:

Download the Fortinet FortiEDR Datasheet (PDF).

Download the Ordering Guide (PDF).

Fortinet FortiEDR Advanced, automated endpoint protection, detection, and response