Lately, we’ve talked a little about the differences between Endpoint Protection and EDR. Now, let’s dig in to Fortinet’s contribution to the cause, called FortiEDR. By the way, Fortinet FortiEDR used to be called enSilo. And, you can learn way more about FortiEDR by reaching out to us here!
What is EDR?
EDR, or Endpoint Detection and Response, is sort of an outgrowth of Endpoint Protection. EP is a reactive, defensive product. As such, it includes antivirus, anti-malware and data encryption. In addition, it boasts personal firewalls, intrusion prevention and data loss prevention. Most of EP’s features are signature-based. In other words, they identify threats based on a huge, constantly updated “fingerprint” database of known threats.
Of course, Endpoint Detection and Response certainly has elements of next-gen antivirus. But, it boasts additional abilities as well. For example, you can also expect real-time anomaly detection and alerting, forensic analysis and endpoint remediation capabilities.
EDR records every execution, modification, registry change, and network connection across an entire organization. As a result, it improves threat visibility beyond the scope of EP.
The benefits of proactively searching an organization for hidden threats before they cause damage are easy to see. For example, it helps to greatly reduce both mean time to detect and mean time to respond to threats. Also, it’s a lot easier to defend your organization’s assets and reputation when you are constantly uncovering security events and highlighting gaps in threat coverage.
So, EDR is sort of like a detective, whereas EP is like an armed guard patrolling your wall. In other words, EP is a front-line, brute force defense defense effectively blocking known threats. EDR is the next layer of security. It provides additional tools to hunt for threats. Plus, it forensically analyzes intrusions and respond swiftly and effectively to attacks.
On to FortiEDR
So, the first thing about FortiEDR to note is that it’s very easy to set up an get running. FortiEDR is very straightforward and easy to maintain. Especially compared to some of it’s competitors. You probably won’t need a lot of IT expertise to configure this. Also, the reporting is good and designed in a way that even a newcomer can use it easily.
FortiEDR can run constantly, 24/7. It is quite stable. Plus, it is very easily scalable from small to quite large organizations.
The security component and the firewall response are good. It detects all sorts of anomalies. Plus, it monitors any installations that might be happening. It checks the process, keeps an eye on it, and lets us know how it’s working.
One of the more valuable features is that it notifies you of any suspicious file on any PC. If any execution or installation or anything is happening, it just alerts you. Not only that, it also blocks the execution until you allow it. You just check whether the execution is legitimate or not. Then, approve it or keep it blocked. This is a nice, reassuring bit of control. The ability to get forensic details, and also memory exfiltration are very handy. They enable the user to analyze the data separately after an incident.
FortiEDR divides up it’s capabilities into Pre-Infection and Post-Infection features. The Pre-Infection suite is sub-divided into Discover and Predict, and Prevent. Summarily, this ‘realm’ of FortiEDR discovers and controls rogue devices, tracks applications, and mitigates vulnerabilities. And, it even protects disconnected endpoints, among other things.
The Post-Infection set includes the ability to detect and defuse fileless malware and other advanced bad guys real-time. It stops breaches as they happen, and prevents ransomware encryption. In addition, it also carries a host of remediation abilities, including the FortiResponder Managed Detection and Response service. That is, if you want that.
The FortiResponder Managed Detection and Response service provides 24×7 continuous threat monitoring, alert triage, and incident handling by experienced analysts. And it really does bring peace of mind knowing that highly trained experts review and analyze every alert. Subsequently, they take actions to keep customers secure. And, they provide detailed recommendations on remediation and next steps for responders and IT administrators.
In summary, FortiEDR settles right in to the Fortinet Security Fabric alongside it’s ‘co-workers’ such as FortiGate, FortiNAC, FortiSandbox, etc. in keeping your network happy and undisturbed. And, it does so with characteristic, above-average transparency and simplicity. It is well-positioned to take on the growing field of competitors in EDR given Fortinet’s gearhead-pure, security-first heritage.
Cool FortiEDR Features
– Superb ease of setup and use
– Highly and easily scaleable
– System vulnerability mitigation
– Rogue device detection and control
– Detailed memory exfiltration