What is FortiEDR?
EDR, or Endpoint Detection and Response, is sort of an outgrowth of Endpoint Protection. EP is a reactive, defensive product. As such, it includes antivirus, anti-malware and data encryption. In addition, it boasts personal firewalls, intrusion prevention and data loss prevention. Most of EP’s features are signature-based. Fortinet FortiEDR is more than that.
Of course, Fortinet FortiEDR certainly has elements of next-gen antivirus. But, it boasts additional abilities as well. For example, you can also expect real-time anomaly detection and alerting, forensic analysis and endpoint remediation capabilities.
Fortinet FortiEDR records every execution, modification, registry change, and network connection across an entire organization. As a result, it improves threat visibility beyond the scope of EP.
One of the more valuable features is that it notifies you of any suspicious file on any PC. If any execution or installation or anything is happening, it just alerts you. Not only that, it also blocks the execution until you allow it. You just check whether the execution is legitimate or not. Then, approve it or keep it blocked. This is a nice, reassuring bit of control. The ability to get forensic details, and also memory exfiltration are very handy. They enable the user to analyze the data separately after an incident.
FortiEDR divides up it’s capabilities into Pre-Infection and Post-Infection features. The Pre-Infection suite is sub-divided into Discover and Predict, and Prevent. Summarily, this ‘realm’ of FortiEDR discovers and controls rogue devices, tracks applications, and mitigates vulnerabilities. And, it even protects disconnected endpoints, among other things.
The Post-Infection set includes the ability to detect and defuse fileless malware and other advanced bad guys real-time. It stops breaches as they happen, and prevents ransomware encryption. In addition, it also carries a host of remediation abilities, including the FortiResponder Managed Detection and Response service. That is, if you want that.
The FortiResponder Managed Detection and Response service provides 24×7 continuous threat monitoring, alert triage, and incident handling by experienced analysts. And it really does bring peace of mind knowing that highly trained experts review and analyze every alert. Subsequently, they take actions to keep customers secure. And, they provide detailed recommendations on remediation and next steps for responders and IT administrators.
What about MDR?
Managed Detection and Response goes by slightly different names depending on the vendor, but it usually uses man and machine. MDR ( or MTR, or whatever) leverages machine-learning and expert analysis for improved threat hunting and detection. It also has a managed service component. In other words, you have more outside expertise at your disposal.
You’ll also get things like Activity Reporting. This enables you to prioritize threats that have come in, and responses that were taken. And, you’ll be able to determine the difference between legitimate behavior and the tactics and procedures used by attackers. Because most successful attacks rely on the execution of a process that can appear legitimate to monitoring tools.
Fortinet FortiEDR key features
- Highly and easily scaleable
- Superb ease of setup and use
- System vulnerability mitigation
- Rogue device detection and control
- Detailed memory exfiltration