Endpoint Security Solutions with FortiEDR

Advanced attacks can take just minutes, if not seconds, to compromise the endpoints. First-generation endpoint detection and response (EDR) security tools simply cannot keep pace. They require manual triage and responses that are not only too slow for fast moving threats but they also generate a huge volume of indicators that burden already overstretched cyber security teams. Further, legacy EDR security tools drive up the cost of security operations and can slow network processes and capabilities, negatively impacting business.

As one of the most innovative endpoint security solutions, FortiEDR delivers real-time visibility, analysis, protection and remediation for endpoints. It proactively reduces the attack surface, prevents malware infection, detects and defuses potential threats in real time, and can automate response and remediation procedures with customizable playbooks. FortiEDR helps organizations identify and stop breaches in real-time automatically and efficiently, without overwhelming security teams with a slew of false alarms or disrupting business operations.

How FortiEDR Bolsters Endpoint Security

FortiEDR is a next-generation endpoint protection solution that packs a broad set of prevention, detection, and response capabilities into a lightweight footprint that is easy to deploy, even on devices with limited system resources. Key capabilities of FortiEDR include discovery and risk mitigation, next-generation antivirus (NGAV), behavior-based detection, real-time blocking, automated incident response, forensic investigation, threat hunting, and virtual patching capabilities. FortiEDR leverages the Fortinet Security Fabric architecture and integrates with Security Fabric components such as FortiGate, FortiNAC, FortiSandbox, and FortiSIEM.

FortiEDR Feature Summary

Benefits

Protection

With FortiEDR, you get proactive, real-time, automated endpoint protection with the orchestrated incident response across platforms. It stops the breach with real-time postinfection blocking to protect data from exfiltration and ransomware encryption.

Management

FortiEDR delivers a single unified console with an intuitive interface. The cloud-managed platform closes the loop and automates mundane endpoint security tasks so your people do not have to.

Scalability

With a native cloud infrastructure and a small footprint, FortiEDR can be deployed quickly and scale up to protect hundreds of thousand endpoints.

Flexibility

FortiEDR can address an array of enterprise use cases. The cloud management platform can be deployed on-premise in an air-gapped environment, or on a secure cloud instance. Endpoints are protected both on- and off-line.

Cost

Eliminate post-breach operational expenses and breach damage to the organization, all for a low, predictable cost and capped TCO.

FortiEDR Components

The FortiEDR platform is comprised of the following components: FortiEDR Collector, FortiEDR Core, FortiEDR Aggregator, FortiEDR Central Manager, FortiEDR Cloud Service

How Does FortiEDR Work?

1. The FortiEDR Collector Collects OS Metadata: A FortiEDR Collector runs on each communicating device in the organization and transparently collects OS metadata on the computing device.
2. Communicating Device Makes a Connection Establishment Request: When any connection establishment request is made on a device, the FortiEDR Collector sends a snapshot of the OS connection establishment to the FortiEDR Core, enriched with the collected OS metadata. Meanwhile, FortiEDR does not allow the connection request to be established.
3. The FortiEDR Core Identifies Malicious Requests: Using FortiEDR’s patented technology, the FortiEDR Core analyzes the collected OS metadata and enforces the policies.
4. Pass or Block: Only legitimate connections are allowed outbound communication. Malicious outbound connection attempts are blocked.
5. Event Generation: Each FortiEDR policy violation generates a realtime security event (alert) that is packaged with an abundance of device metadata describing the internals of the operating system leading up to the malicious connection establishment request. This security event is triggered by the FortiEDR Core and is viewable in the FortiEDR Central Manager console. FortiEDR can also send email alerts and/or be integrated with any standard Security Information and Event Management (SIEM) solution via Syslog.
6. Forensic Analysis: The Forensic Analysis add-on enables the security team to use the various options provided by the FortiEDR Central Manager console to delve deeply into the actual security event and the internal stack data that led up to it.

SPECIFICATIONS

Management, architecture, and platform support

A single, integrated management console provides prevention, detection, and incident response capabilities. Extended REST APIs are available to support any console action and beyond.

Offline protection

Protection and detection happen on the endpoint, protecting disconnected endpoints.

Native cloud infrastructure

FortiEDR features multi-tenant management in the cloud. The solution can be deployed as a cloud-native, hybrid, or on-premises. It also supports air-gapped environments.

Lightweight endpoint agent

FortiEDR utilizes less than 1% CPU, up to 120 MB of RAM, 20 MB of disk space, and generates minimal network traffic.

Supported operating systems

FortiEDR supports Windows, MacOS, and Linux operating systems, and offers offline protection.

• Windows (both 32-bit and 64-bit versions) XP SP2/SP3, 7, 8, 8.1 and 10
• Windows Server 2003 R2 SP2, 2008 R1 SP2, 2008 R2 SP2, 2012, 2012 R2, 2016 and 2019
• MacOS Versions: Yosemite (10.10), El Capitan (10.11), Sierra (10.12), High Sierra (10.13), Mojave (10.14) and Catalina (10.15)
• Linux Versions: RedHat Enterprise Linux and CentOS 6.8, 6.9, 6.10, 7.2, 7.3, 7.4, 7.5, 7.6 and 7.7 and Ubuntu LTS 16.04.5, 16.04.6, 18.04.1 and 18.04.2 server, 64-bit
• Virtual Desktop Infrastructure (VDI) environments in VMware and Citrix. VDI Environments: VMware Horizons 6 and 7, and Citrix XenDesktop 7.

Typical Use Cases for FortiEDR