Fortinet Endpoint Detection and Response (EDR) in real time.
EDR is the behaviour or process analysis on the client according to the zero-trust approach. However, Fortinet interprets "endpoints" more broadly and means not only classic end devices (laptops or mobile phones) but also IoT devices and even server systems (Linux, Windows or macOS).
As a kernel-based solution, FortiEDR analyses in real time according to defined rules directly on the client, so that each process is checked before it is executed.
Shadow copies, hard disc scans, system restores or a continuous client Internet connection are obsolete with EDR from Fortinet.
As part of the fabric, integration into all AI-supported Fortinet security solutions, such as the sandbox or log file analysis tool, is provided via a console.
FortiEDR: Complete pre- and post-infection protection for your clients
- If an anomaly against the set of rules is detected and blocked on an endpoint, the system creates an event and forwards it to the AI-supported FortiGuard cloud services for reclassification or reduction of false positive alarms.
- The first step is to establish the visibility of all applications and their CVEs on the endpoint. The subsequent reputation check of target addresses allows or prevents communication without stopping the actual execution of the specialised application. App blocklisting is also possible with FortiEDR.
- MTD in real time, e.g. against data manipulation, encryption or slow-cooking attacks.
- Machine-learning and kernel-based. Hard disc scans and constant internet connections are no longer necessary.
- Automated escalation processes including ready-to-use playbooks for FortiGate, FortiManager, FortiNAC, FortiAnalyzer, FortiEMS, Active Directory, Palo Alto, Cisco or Check Point. Python-based customising is possible.
Process and behaviour analysis
Reduction of attack surfaces through "virtual patching"
Patented behavioural analysis at process level
Next-Generation-Anti-Virus
Incident Response and Integration via playbooks
What else sets FortiEDR apart:
Prevention of device classes
- For example, depending on the client, USB devices can be prohibited or only authorised on the basis of serial numbers. Ideal for machine patching when working in external networks at the same time.
Remote-Work-Security
- As FortiEDR checks and tests on the endpoint itself, the system works independently of perimeter firewalls. This is particularly relevant, e.g. for work mobile phones that often log into other people's WLANs.
GDPR-Compliance
- In terms of data protection, Fortinet EDR only processes metadata without storage. As SaaS provision, data processing takes place in EU data centres in accordance with the C5 and ISO 27001 standard and with encrypted traffic.
Automatic resource conservation
- Client offboarding after 30 days of inactivity. If the client then goes online again, the licence is automatically reactivated. A useful feature, especially for large numbers of employees.
High-performance lightweight agent
- Only approx. 250 MB of RAM is required.
FortiEDR to suit your use case.
The large backend is located in the cloud with remote on-prem app proxies. This is ideal if you have selected clients that should not be connected to the internet.
Here, only the backend requires an Internet connection to the FortiGuard services, but not the clients. This deployment is ideal, e.g. for KRITIS providers or the OT sector.
Test FortiEDR free of charge:
The experts at Nomios realise your managed POC in close cooperation with Fortinet.
We focus on individual challenges - especially in the OT or KRITIS environment - and then provide you with your free test environment for up to 60 days.
Ready to talk?
Are you looking for pricing details, technical information, support or a custom quote? Our team of experts in Dortmund is ready to assist you.
