We’re closing out our endpoint security series with a name that may be more familiar to some than the previous two solutions: Fortinet’s FortiEDR.
Fortinet strengthened their position as an EDR provider in 2019 when they acquired enSilo, an existing endpoint security platform. EnSilo’s endpoint solution was already viewed as a strong option for many organizations, and the additional integrations into the Fortinet security fabric enhanced its ability to provide real-time incident response and automated protection against threats, both pre and post attack execution.
Fortinet has built their name on cost effective, easy to use, and most importantly secure solutions. FortiEDR continues this trend with their second generation EDR platform that boasts instantaneous detection, blocking, and containment without disrupting the endpoint. Full attack forensic capabilities, sandboxing, automated roll-back, and automated controls help eliminate unpatched vulnerabilities.
These features are important for organizations looking to protect against malware that can spread quickly, such as Ransomware . For example, the Notpetya attack in 2017 spread through a large Ukrainian bank and brought down their network in only 45 seconds. FortiEDR’s ability to detect, block, and contain an attack instantly can prevent entire networks from being shut down. A single minute can be the difference between a successful remediation with no interruptions, and a total business shutdown, so instant response is essential. While traditional antivirus solutions can create alert fatigue, FortiEDR minimizes alerts by fine tuning the incident response process and utilizing playbook-based responses. Playbooks are an automated and customizable series of incident response actions such as removing files, terminating malicious processes, reversing persistent changes, notifying users, isolating applications and devices, and opening tickets.
According to a pre-pandemic Fortinet survey of security professionals, over 90% of respondents preferred to reimage infected endpoints instead of attempting remediation. Now with almost 80% of employees working remotely, reimaging has become a much more difficult task. Remediation has always been frustrating and manual for traditional EPP/Antivirus programs. This is why 30% of Enterprises have already deployed an EDR solution and another 45% are either currently engaged in an EDR project or are interested in deploying EDR in the near future. FortiEDR’s roll-back feature provides security team’s similar peace of mind that comes from reimaging without the hassle and time required for both the desktop engineers and the end user.
Another advantage of FortiEDR is the integration with the rest of the Fortinet security fabric. FortiEDR can share endpoint threat intelligence and application information with and push actions to FortiGate firewalls. By utilizing syslog sharing, FortiNAC can be used to isolate devices in response to an incident. FortiEDR can also send files to the FortiSandbox in the cloud to support real-time threat analysis and classification.
Like the other major players in this space, Fortinet also has a managed EDR offering with FortiResponder Managed Detection and Response (MDR). This service includes 24x7 threat monitoring, alert triage, and incident handling.
Adding FortiEDR to an existing FortiGate infrastructure creates an expanded and integrate security system that protects endpoints no matter where they are. Aside from the benefits of using FortiEDR with your existing Fortinet investments, this technology is one of the more complete solutions on the market and should be considered for any EDR deployment.
While our endpoint security series has likely given you a better idea of the endpoint landscape, the challenge is figuring out which technology is right for your organization. Vandis’ team of security engineers are available to provide you with the guidance needed to identify which solution will meet your current and future needs.
Fill out the form below if you are interested in setting up a conversation with a Vandis security expert to discuss your endpoint protection needs.