Fortinet - What is actually... FortiEDR?
Fortinet
Due to ever-increasing digitalisation, there are more and more computers in companies, public authorities and educational institutions. This not only increases the risk that an infected system will compromise the entire network, but also the confusion. In addition, one rarely has an IT department that can constantly react directly to every incident. Automation is needed.
This is where FortiEDR can relieve and support your IT team.
Advanced attacks can take minutes, if not seconds, to compromise endpoints. First-generation endpoint detection and response (EDR) tools simply can't keep up. They require manual assessments and actions that are not only too slow for fast-moving threats, but also generate a huge amount of indicators that put additional strain on already overburdened security teams. In addition, outdated EDR tools drive up the cost of security operations and can slow down processes, negatively impacting the business.
FortiEDR provides advanced real-time threat protection for endpoints both before and after infection. It proactively reduces the attack surface, prevents malware infections, detects and mitigates potential threats in real-time, and can automate response and remediation actions with customisable playbooks. FortiEDR helps organisations stop security breaches automatically and efficiently in real time without overwhelming security teams with a flood of false positives or disrupting business operations.
FortiEDR provides automated, real-time endpoint protection with orchestrated incident response across all communications devices - including workstations and servers running current and legacy operating systems, as well as production and OT systems - in a single integrated platform, with flexible deployment options and predictable operational costs.
Proactive Risk Mitigation & Real-Time IoT Security
Enables proactive attack surface mitigation, including vulnerability assessment and proactive mitigation-based policies that enable communication controls for any discovered application with vulnerabilities.
Protection against infections
Provides the first layer of defence through a purpose-built, next-generation machine learning-based anti-virus engine (NGAV) at the kernel level that prevents infection from file-based malware.
Post-infection protection
FortiEDR is the only solution that detects and stops advanced attacks in real-time, even if the endpoint has already been compromised. No security breaches, no data loss, no problem. FortiEDR eliminates dwell time and provides a range of automated Endpoint Detection and Response (EDR) capabilities to detect, mitigate, investigate, respond and remediate incidents.
Features
Detect and Predict
FortiEDR provides the most advanced automated policy control for attack surfaces with vulnerability assessments and detection, enabling security teams to:
- Detect and control rogue devices (e.g. unprotected or unmanaged devices) and IoT devices.
- Track applications and assessments
- Discover and mitigate system and application vulnerabilities with virtual patching
- Reduce the attack surface with risk-based proactive policies
Prevent
FortiEDR uses a machine-learning antivirus engine to stop malware before it executes. This cross-operating system NGAV capability is configurable and built into the single, lightweight agent, allowing users to assign anti-malware protection to each endpoint group without the need for additional installation.
- Enabling machine learning and kernel-based NGAV.
- Enrich results with real-time threat data from a continuously updated cloud database
- Protection for unconnected endpoints with offline protection
- USB device control
Detect and Defuse
FortiEDR detects and defuses fileless malware and other advanced attacks in real-time to protect data and prevent security breaches. Once FortiEDR detects suspicious process flows and behaviours, it immediately defuses the potential threats by blocking outbound communication and file system access from those processes if and when desired. These steps prevent data exfiltration, command-and-control (C&C) communications, file manipulation and ransomware encryption. At the same time, the FortiEDR backend continues to collect additional evidence, enrich event data and classify incidents for application of a potential automated incident response playbook policy. FortiEDR stops data breaches and ransomware damage in real time, automatically enabling business continuity even on already compromised devices.
- Leverage OS-centric detection that is highly accurate at detecting stealthily introduced attacks, including memory-based and "live off the land" attacks.
- Stop attacks in real time and eliminate threat dwell time§Achieve full log history analysis.
- Prevent ransomware encryption and file/registration adaptation§Continuously validate threat classification
- Improve signal-to-noise ratio and prevent alert fatigue
Respond and remediate
Orchestrate incident response workflows using customised playbooks with cross-environmental insights. Streamline incident response and remediation processes, manually or automatically roll back malicious changes made by already contained threats - on a single device or on devices across the environment.
- Automate incident classification and improve signal-to-warning ratio§Standardise incident response procedures with playbook automation.
- Optimise security resources by automating incident response actions such as removing files, stopping malicious processes, undoing permanent changes, notifying users, quarantining applications and devices, and opening tickets.
- Enable context-based incident response using incident classification and attack objects (e.g. endpoint groups).
- Complete visibility into the attack chain and malicious changes with patented code tracing.
- Automated clean-up and undo of malicious changes while preserving system uptime.
- Optional Managed Detection and Response (MDR) service
Investigate and detect malware
FortiEDR automatically enriches data with detailed pre- and post-infection malware information to perform forensics on infiltrated endpoints. Its unique guided interface provides helpful guidance, best practices and suggests next logical steps for security analysts.
- Automate investigation with minimal disruption to end users
- Automatic mitigation and blocking of threats, allowing security analysts to investigate in their own time
- Patented code tracing technology provides full attack chain and stack visibility, pointing to the critical clue even when the device is offline.
- Memory snapshots of in-memory attacks for memory-based threat hunting.
- User interface displays clear explanations of why the event is flagged as suspicious or malicious, lists the corresponding MITRE attack framework, and displays logical next steps for forensic investigation
If you are interested in a Fortinet security solution, we are happy to offer a free initial consultation or even request a trial for you. Feel free to contact us via phone, email or our contact form.