Call a Specialist Today! (02) 9388 1741
Free Delivery! Free Delivery!

Fortinet FortiEDR
Advanced, automated endpoint protection, detection, and response


FortiEDR identifies and stops breaches in real time automatically and efficiently with a lightweight agent. Part of the Fortinet Security Operations platform, it proactively shrinks the attack surface, prevents malware infection, detects and defuses potential threats immediately, and automates response and remediation procedures with customizable playbooks across legacy and current operating systems.


FortiEDR Product Details

Endpoint Detection and Response (EDR) subscription bundles are available for different use cases, depending on the customer needs, other Fortinet Security Fabric products deployed, as well as managed service options.



FortiEDR Advanced Endpoint Protection


FortiEDR safeguards your digital landscape with evasion-resistant, real-time protection, automated incident response, and comprehensive security capabilities tailored to enhance your cybersecurity posture for workstations, servers, and cloud workloads. Reduce the attack surface and leverage out-of-the-box policies that are tightly mapped to the MITRE ATT&CK framework so security teams can respond to a multitude of advanced tactics, techniques, and procedures found in attacks such as ransomware.


The FortiEDR Collector in Action

See how the FortiEDR collector agent is installed on communicating devices in organizations for protection. Installation is swift and doesn't necessitate a reboot. FortiEDR has a minimal impact on devices, retaining limited metadata and using compression to minimize network traffic, CPU usage, memory, and disk space. See an immediate return on investment by freeing up compute resources from other EDR products. FortiEDR can be deployed rapidly with an optional logging and simulation mode while interoperating with other solutions.


Automating Response to Complex Threats

See how FortiEDR, the foundation of FortiXDR, automates incident response with customizable playbooks. Learn how it categorizes events to initiate actions such as notifications, domain blocks, device isolation, and more. Observe as the system shifts from simulation to protection mode, effectively managing malware threats by deleting files, resetting passwords, and blocking IP addresses. This demonstration is shown on both Windows and Linux devices, showcasing its comprehensive capabilities.


Security Fabric Integration

FortiEDR leverages the Fortinet Security Fabric architecture and integrates with many Security Fabric components including FortiGate, FortiSandbox, and FortiSIEM.

  • FortiGate
    The FortiEDR connector enables the sharing of endpoint threat intelligence and application information with FortiGate. FortiEDR management can instruct enhanced response actions for FortiGate, such as suspending or blocking an IP address following an infiltration attack.
  • FortiNAC
    FortiEDR shares endpoint threat intelligence and discovered assets with FortiNAC. With syslog sharing, FortiEDR management can instruct enhanced response actions for FortiNAC, such as isolating a device.
  • FortiSandbox 
    FortiEDR native integration with FortiSandbox automatically submits files to the sandbox in the cloud, supporting real-time event analysis and classification. Additionally, it also shares threat intelligence with FortiSandbox.
  • FortiSIEM 
    FortiEDR sends events and alerts to FortiSIEM for threat analysis and forensic investigation. FortiSIEM can also utilize JSON and REST APIs to further integrate with FortiEDR.
  • FortiGuard Labs
    FortiEDR native integration with FortiGuard Labs allows up-to-date intelligence, supporting real-time incident classification to enable accurate incident response playbook activation.
Fabric Integration

EDR Solution Features and Benefits



DISCOVER AND CONTROL

Discover and control rogue devices and applications based on risk mitigation policies.



DETECT AND DEFUSE IN REAL TIME

Automatically detect and defuse potential threats in real time—even on compromised devices.


AUTOMATIC INCIDENT RESPONSE

Use customizable contextual incident response playbooks that automate incident response.



DRIVE IDENTITY-BASED RESPONSE

Integrate identity tools to enhance threat detection, response, and investigation capabilities.



GAIN EFFICIENT SECURITY OPERATIONS

Eliminate alert fatigue and optimize operations with customizable incident response processes.


ENABLE FULL FEATURE PARITY

Support legacy systems like XP or Server 2003 and get full feature parity.


Bundles:

Endpoint Detection and Response (EDR) subscription bundles are available for different use cases, depending on the customer needs, other Fortinet Security Fabric products deployed, as well as managed service options. The following table summarizes the most common and recommended options:

  Discover and Protect Discover, Protect, and Respond Discover, Protect, and Respond with XDR
Discover - IT Hygiene
Asset Discovery
Asset Assessment
Attack Surface Reduction
Application Control
USB Control
Protect - Endpoint Protection
NGAV (pre-execution)
Post-execution Protection
Sandbox Analysis
Cloud Threat Intelligence
Attack Chain Visualization
Advanced Incident Forensics
MITRE Tagging
Endpoint Detection and Response
AI-powered Investigation
Security Fabric Integration
Third-Party Integration
Automated Remediation and IR Framework
Secured Remote Shell
Continuous Recording and Analysis  
Threat Hunting Enablement  
AI-based Behavior Tagging  
IOC Ingestion and Search  
XDR - eXtended Detection and Response
eXtended Detection Across Security Fabric    
eXtended Detection Across AWS Guard-Duty    
eXtended Detection Across Google SCC    
MDR - Managed Service Options
High Fidelity Alert Triage Managed EDR Managed EDR Managed XDR
Extended Alert Triage   Managed EDR Managed XDR
Containment and Remediation Guidance   Managed EDR Managed XDR
Alerting and Reporting   Managed EDR Managed XDR
Correlated Security Fabric Alert Triage     Managed XDR
Additional Services
24x7 Support Included Included Included
Cloud Deployment Supported Supported Supported
On-premise Internet access enabled Supported
SOCaaS Included

Sample Bundles

Bundle EPP/EDR-BASIC EDR-COMPLETE XDR
25-pack FC1-10-FEDR1-350-01-DD FC1-10-FEDR1-348-01-DD FC1-10-FEDR1-394-01-DD
500-pack FC2-10-FEDR1-350-01-DD FC2-10-FEDR1-348-01-DD FC2-10-FEDR1-394-01-DD
2,000-pack FC3-10-FEDR1-350-01-DD FC3-10-FEDR1-348-01-DD FC3-10-FEDR1-394-01-DD
10,000-pack FC4-10-FEDR1-350-01-DD FC4-10-FEDR1-348-01-DD FC4-10-FEDR1-394-01-DD

Sample Bundles – Managed

Bundle Managed EPP/EDR-BASIC Managed EDR-COMPLETE Managed XDR
25-pack FC1-10-FEDR1-391-01-DD FC1-10-FEDR1-349-01-DD FC1-10-FEDR1-597-01-DD
500-pack FC2-10-FEDR1-391-01-DD FC2-10-FEDR1-349-01-DD FC2-10-FEDR1-597-01-DD
2,000-pack FC3-10-FEDR1-391-01-DD FC3-10-FEDR1-349-01-DD FC3-10-FEDR1-597-01-DD
10,000-pack FC4-10-FEDR1-391-01-DD FC4-10-FEDR1-349-01-DD FC4-10-FEDR1-597-01-DD

Services:

FortiEDR Deployment Best Practices Services (BPS)

This deployment service delivers expert assistance to ensure a successful deployment. These services include architecture and planning, configuration, installation, playbook set up, environment tuning, and training.

FortiGuard Managed Detection (MDR) and Response Service

The FortiGuard Managed Detection and Response (MDR) Service provides customers with 24x7 continuous threat monitoring, alert triage, and incident handling by experienced analysts and the platform. Customers gain peace of mind knowing that highly trained experts review and analyze every alert, take actions to keep customers secure, and provide detailed recommendations on remediation and next steps for incident responders and IT administrators. The FortiResponder MDR Service helps scale existing operations and further enhances SOC maturity.


Additional Services SKU License Services
Cloud Storage Disk Expansion (512 GB storage) FC-10-FEDR1-1112-01-DD Disk Expansion (512 GB storage)
FortiCare Best Practices Onboarding Service (mandatory for onboarding customers) FC0-10-EDBPS-310-02-DD Up to 500 endpoints
FC1-10-EDBPS-310-02-DD 501 to 1,000 endpoints
FC2-10-EDBPS-310-02-DD 1,001 to 3,000 endpoints
FC3-10-EDBPS-310-02-DD 3,001 to 10,000 endpoints
FC5-10-EDBPS-310-02-DD 10,001 to 30,000 endpoints
FP-10-EDR-PS (per day) 30,001 or more endpoints
Professional Services FP-10-FTEDR-000-00-00 FortiEDR Professional Service
FP-10-EDR-PS FortiEDR Day
FP-10-PS-TRAINING Incident Response Training
FP-10-EDR-FRNSCS Forensics and IR Consultancy
Training Services FT-EDR Classroom - Virtual ILT
FT-EDR-LAB Lab Access - Standard NSE Training Lab Environment
NSE-EX-SPL5 NSE5 Exam Voucher

Software Specifications:

  • Management, architecture, and platform support - A single, integrated management console provides prevention, detection, and incident response capabilities. Extended REST APIs are available to support any console action and beyond.
  • Offline protection - Protection and detection happen on the endpoint, protecting disconnected endpoints.
  • Native cloud infrastructure - FortiEDR features multi-tenant management in the cloud. The solution can be deployed as a cloud-native, hybrid, or on-premises. It also supports air-gapped environments.
  • Lightweight endpoint agent - FortiEDR utilizes less than 1% CPU, up to 120 MB of RAM, 20 MB of disk space, and generates minimal network traffic.

FortiEDR supports Windows, Google Cloud, macOS, and Linux operating systems, and offers offline protection.

  • Cloud management – FortiEDR features multi-tenant management in the cloud. The EDR solution can be deployed as a cloud-native, hybrid, or on-premises.
  • Offline protection – Protection and detection happen directly on the endpoint, securing disconnected devices.
  • Windows Versions: XP SP2/SP3, 7, 8, 8.1, 10, and 11 (32-bit and 64-bit versions)
  • Windows Server Versions: 2003 SP2, R2 SP2, 2008 SP2, 2008 R2 SP1, 2012, 2012 R2, 2016, 2019, 2022, and 2025
  • Google Cloud Versions: Compute Engine Deployments and Procurement
  • macOS Versions: El Capitan (10.11), Sierra (10.12), High Sierra (10.13), Mojave (10.14), Catalina (10.15), Big Sur (11.x), Monterey (12.x), Ventura (13.x), Sonoma (14.x), and Sequoia (15.x)
  • Linux Versions: RedHat Enterprise Linux and CentOS 6.x, 7.x, and 8.x; Ubuntu LTS 16.04.x, 18.04.x, 20.04.x server; 64-bit only Oracle Linux 6.x+, 7.7+, and 8.2+; Amazon Linux AMI 2; SuSE SLES 15.1
  • VDI Environments Versions: VMware Horizons 6 and 7, Citrix XenDesktop 7
  • Mobile Versions: Android 9.0 and above, iOS 15.0 and above

Use Cases:

With contextual incident response playbooks, security teams can customize and automate incident investigation and response per classification and target host, optimizing security operations. Security teams can deploy some or all of the key use cases for Fortinet's EDR Solution -- FortiEDR.


Real-Time Breach Protection

During a security incident, FortiEDR can prevent data exfiltration and protect against ransomware. It will also roll back malicious changes.


Attack Surface Reduction

FortiEDR can discover and control rogue devices, IoT devices, and applications, plus their respective vulnerabilities in real time.


Optimize Incident Response

Precanned playbook-based incident response enables customized processes based on asset value, endpoint groups, and incident classification.


OT Protection

FortiEDR ensures high availability for OT systems even during a security incident or breach.


POS System Security

FortiEDR prevents data exfiltration in the event of system compromise. It delivers virtual patching to shield POS systems from vulnerabilities.


Fabric Connectivity

FortiEDR integrates with the Fortinet Security Fabric for shared intelligence and incident response from identity, firewalls, email, and more.


Documentation:

Download the Fortinet FortiEDR Datasheet (PDF).

It appears you don't have a PDF plugin for this browser. No biggie... you can click here to download the PDF file.

Download the Ordering Guide (PDF).