EDR, or Endpoint Detection and Response, is a huge, new deal these days.We’ve talked about it before, but we will be taking another look at Fortinet’s contribution to the category. It’s called FortiEDR.
What is EDR?
EDR, or Endpoint Detection and Response, sort of an outgrowth of Endpoint Protection. EP is a reactive, defensive product that includes antivirus, anti-malware, data encryption, personal firewalls, intrusion prevention and data loss prevention. Most of EP’s features are signature-based.
Endpoint Detection and Response certainly has elements of next-gen antivirus. But, it boasts additional abilities, as well, For example, you can also expect real-time anomaly detection and alerting, forensic analysis and endpoint remediation capabilities.
By recording every execution and modification, every registry change, and network connection across an entire organization, EDR improves threat visibility beyond the scope of Endpoint Protection.
EDR is sort of like a detective whereas EP is like an armed guard patrolling your wall. EP is a front-line, brute force defense defense, effective at blocking known threats. EDR is the next layer of security, providing additional tools to hunt for threats. It forensically analyzes intrusions and respond swiftly and effectively to attacks.
What sets Fortinet FortiEDR apart?
FortiEDR is the only EDR solution that provides both pre- and post-infection protection. With fast moving threats like ransomware, detection just isn’t enough. You need real-time protection to stop the attack and automated actions to prevent it from spreading and clean-up any damage. FortiEDR does this in some amazing ways.
First, they have a patented code-tracing technology that track OS activities in details and identify the suspicious behaviors including in-memory attacks
FortiEDR then halts the attack in real-time, without disturbing the user, before it can do harm and block malicious actions. It stops the attack from ‘phoning home’ and communicating with the attacker, thereby blocking encryption. It also sets up automated responses such as terminating processes that trigger the attack and rolls the system back to a safe state prior to any damage.
It detects all sorts of anomalies. Plus, it monitors any installations that might be happening, checks the process, keeps an eye on it, and lets us know how it’s working.
One of the more valuable features is that it notifies you of any suspicious file on any PC. If any execution or installation or anything is happening, it just alerts you. But not only that, it also blocks the execution until you allow it. You just check whether the execution is legitimate or not, and then approve it or keep it blocked. This is a nice, and reassuring bit of control. The ability to get forensic details, and also memory exfiltration are also very handy, enabling the user to analyze the data separately after an incident.
Yet More Features
FortiEDR divides up it’ capabilities into Pre-Infection and Post-Infection features. The Pre-Infection suite is sub-divided into Discover and Predict, and Prevent. It discovers and controls rogue devices, tracks applications, mitigates system vulnerabilities, and even protects disconnected endpoints, among other things.
The Post-Infection set includes the ability to detect and defuse fileless malware and other advanced bad guys real-time, stop breaches as they happen, and prevents ransomware encryption. It also carries a host of remediation abilities, and even the FortiResponder Managed Detection and Response service, if you want that.
Another thing about FortiEDR to note is, that it’s very easy to set up an get running. FortiEDR is very straightforward and easy to maintain. Especially compared to some of it’s competitors.You probably won’t need a lot of IT expertise to configure this. Also, the reporting is good and designed in a way that even a newcomer can use it easily.
FortiEDR can run constantly, 24/7. It is quite stable. Plus, it is very easy to scale to any size. It settles right in to the Fortinet Security Fabric alongside it’s ‘co-workers’ such as FortiGate, FortiNAC, FortiSandbox, etc in keeping your network happy and undisturbed. And it does so with characteristic, and above-average transparency and simplicity. It is well-positioned to take on the growing field of competitors in EDR given Fortinet’s gearhead-pure, security-first heritage.
|FortiEDR Cool Features|
|Superb ease of setup and use|
|Highly and easily scaleable|
|System vulnerability mitigation|
|Rogue device detection and control|
|Detailed memory exfiltration|