DATA SHEET

FortiEDR™
Real-Time Endpoint Protection, Detection and Automated Response

FortiEDR delivers real-time, automated endpoint protection

with the orchestrated incident response across any
communication device — including workstations and
servers with current and legacy operating systems as well
as manufacturing and OT systems — all in a single
integrated platform, with flexible deployment options and a
predictable operating cost.

Real-Time Proactive Risk Mitigation & IoT

Supported Platforms
Security
§ Windows XP SP2/SP3,7, 8.x and
Enables proactive reduction of the attack surface,
10.x, Windows Server 2003 R2,
including vulnerability assessment and proactive risk
2008 R1, 2008 R2, 2012, 2012 R2,
mitigation-based policies that enable communication 2016, 2019
controls of any discovered application with
§ macOS Yosemite (10.10), El
vulnerabilities.
Capitan (10.11), Sierra (10.12),
High Sierra (10.13), Mojave (10.14),
Pre-Infection Protection
Catalina (10.15)
Provides the first layer of defense via a custom- built, § VDI Environments: VMware
kernel-level Next Generation machine-learning-based Horizons 6 and Citrix XenDesktop/
Anti-Virus (NGAV) engine that prevents infection from XenApp
file-based malware. § Red Hat Enterprise Linux 6.8, 6.9,
6.10 and 7.x
Post-Infection Protection
§ CentOS 6.8, 6.9, 6.10 and 7.x
FortiEDR is the only solution that detects and stops § Ubuntu 16.04, 18.04
advanced attacks in real-time, even when the endpoint
has been compromised. No breaches, no data loss,
no problem. FortiEDR eliminates dwell time and
provides a suite of automated Endpoint Detection and
Response (EDR) features to detect, defuse,
investigate, respond and remediate incidents.
DATA SHEET | FortiEDR™

Highlights

Comprehensive Endpoint Security Platform

FortiEDR is the only endpoint security solution built from the ground
up to detect advanced threats and stop breaches and ransomware
damage in real-time even on an already compromised device,
allowing you to respond and remediate incidents automatically
to protect data, ensure system uptime, and preserve business
continuity. FortiEDR defends everything from workstations and
servers with current and legacy operating systems to POS and
manufacturing controllers. Build with native cloud infrastructure,
FortiEDR can be deployed in the cloud, on-premise in an air-
gapped environment and as a hybrid deployment.

Benefits

FortiEDR automates security processes and provides real-time protection post-infection without alert fatigue or dwell time.

Protection Scalability
With FortiEDR, you get proactive, real-time, automated endpoint With a native cloud infrastructure and a small footprint, FortiEDR
protection with the orchestrated incident response across can be deployed quickly and scale up to protect hundreds of
platforms. It stops the breach with real-time post-infection blocking thousand endpoints.
to protect data from exfiltration and ransomware encryption.
Flexibility
Management FortiEDR can address an array of enterprise use cases. The cloud
FortiEDR delivers a single unified console with an intuitive interface. management platform can be deployed on-premise in an air-
The cloud-managed platform closes the loop and automates gapped environment, or on a secure cloud instance. Endpoints are
mundane endpoint security tasks so your people do not have to. protected both on- and off-line.

Cost
Eliminate post-breach operational expenses and breach damage to
the organization, all for a low, predictable cost and capped TCO.

2
 DATA SHEET | FortiEDR™

Features

PRE-INFECTION POST-INFECTION

Discover & Respond & Remediate & Roll

Prevent Detect Defuse
Predict Investigate Back

Discover and Predict allowing business continuity even on already compromised devices.
FortiEDR delivers the most advanced automated attack surface
§ Leverage OS-centric detection, highly accurate in detecting
policy control with vulnerability assessments and discovery that
stealthy infiltrated attacks, including memory-based and “living
allows security teams to:
off the land” attacks
§ Discover and control rogue devices (e.g., unprotected or § Stop breaches in real-time and eliminate threat dwell time
unmanaged devices) and IoT devices § Achieve analysis of entire log history
§ Track applications and ratings § Prevent ransomware encryption, and file/registry tempering
§ Discover and mitigate system and application vulnerabilities with § Continuously validate the classification of threats
virtual patching § Enhance signal to noise ratio and eliminate alert fatigue
§ Reduce the attack surface with risk-based proactive policies

Respond and Remediate

Prevent Orchestrate incident response operations using tailor-made
FortiEDR uses a machine learning antivirus engine to stop malware playbooks with cross-environment insights. Streamline incident
pre-execution. This cross-OS NGAV capability is configurable response and remediation processes, manually or automatically roll
and comes built into the single, lightweight agent, allowing users back malicious changes done by already contained threats—on a
to assign anti-malware protection to any endpoint group without single device or devices across the environment.
requiring additional installation. § Automate incident classification and enhance the signal-to-alert
§ Enable machine learning, kernel-based NGAV ratio
§ Enrich findings with real-time threat intelligence feeds from a § Standardize incident response procedures with playbook
continuously updated cloud database automation
§ Protect disconnected endpoints with offline protection § Optimize security resources by automating incident response
§ USB device control actions such as removing files, terminating malicious processes,
reversing persistent changes, notifying users, isolating
applications and devices, and opening tickets
Detect and Defuse § Enable contextual-based incident response using incident
FortiEDR detects and defuses file-less malware and other
classification and the subjects of the attacks, (e.g., endpoint
advanced attacks in real-time to protect data and prevent
groups)
breaches. As soon as FortiEDR detects suspicious process flows
§ Gain full visibility of the attack chain and malicious changes with
and behaviors, it immediately defuses the potential threats by
patented code tracing
blocking outbound communications and access to the file system
§ Automate cleanup and roll back malicious changes while
from those processes if and once requested. These steps prevent
preserving system uptime
data exfiltration, command and control (C&C) communications, file
§ Optional managed detection and response (MDR) service
tampering, and ransomware encryption. At the same time FortiEDR
backend continues to gather additional evidence, enrich event
data and classify the incidents for a potential automated incident
response playbook policy to apply. FortiEDR surgically stops
data breach and ransomware damage in real-time, automatically

3
DATA SHEET | FortiEDR™

Features

Investigate and Hunt

FortiEDR automatically enriches data with detailed information
on malware both pre- and post-infection to conduct forensics on
infiltrated endpoints. Its unique guided interface provides helpful
guidance, best practices and suggests the next logical steps for
security analysts.

§ Automate investigation with minimal interruption to end-users

§ Automatically defuse and block threats, allowing security
analysts to hunt on their own time
§ Patented Code-tracing technology delivers full attack chain
and stack visibility which points to the smoking gun even if the
device is offline
§ Preserve memory snapshots of in-memory attacks for
memory-based threat hunting
§ Guide interface displays clear explanations why the event is
Guide interface displays clear explanations why the event is flagged as suspicious or
flagged as suspicious or malicious, lists corresponding MITRE malicious, lists corresponding MITRE attack framework, as well as logical next step
for forensic investigation
attack framework, as well as logical next step for forensic
investigation

Security Fabric Integration

such as suspending or blocking an IP address following an
infiltration attack.

FortiNAC
FortiEDR shares endpoint threat intelligence and discovered assets
with FortiNAC. With Syslog sharing, FortiEDR management can
instruct enhanced response actions for FortiNAC, such as isolating
a device.

FortiSandbox
FortiEDR native integration with FortiSandbox automatically submits
files to the sandbox in the cloud, supporting real-time event analysis
and classification. Additionally, it also shares threat intelligence with
FortiSandbox.

FortiSIEM
FortiEDR sends events and alerts to FortiSIEM for threat analysis
FortiEDR leverages the Fortinet Security Fabric architecture and and forensic investigation. FortiSIEM includes a designated parser
integrates with many Security Fabric components including for FortiEDR OOTB and can also utilize JSON and REST APIs to
FortiGate, FortiNAC, FortiSandbox, and FortiSIEM. further integrate with FortiEDR.

FortiGate FortiGuard Labs

The FortiEDR connector enables the sharing of endpoint threat FortiEDR native integration with FortiGuard Labs allows up-to-date
intelligence and application information with FortiGate. FortiEDR intelligence, supporting real-time incident classification to enable
management can instruct enhanced response actions for FortiGate, accurate incident response playbook activation.

4
 DATA SHEET | FortiEDR™

Services

FortiEDR Deployment Services monitoring, alert triage, and incident handling by experienced
The deployment services deliver expert assistance to ensure analysts and the platform. Customers gain peace of mind
knowing that highly trained experts review and analyze every alert,
a successful deployment. Including architecture and planning,
take actions to keep customers secure, and provide detailed
configuration, installation, playbook set up, environment tuning, and
recommendations on remediation and next steps for incident
training.
responders and IT administrators. The FortiResponder MDR
Service helps scale existing operations and further enhances SOC
FortiResponder Managed Detection (MDR) maturity.
and Response Service
The FortiResponder Managed Detection and Response (MDR)
Service provides customers with 24x7 continuous threat

Specification

Management, architecture, and platform support

A single, integrated management console provides prevention, detection, and incident response capabilities. Extended REST APIs are
available to support any console action and beyond.

§ Offline protection - Protection and detection happen on the endpoint, protecting disconnected endpoints.
§ Native cloud infrastructure - FortiEDR features multi-tenant management in the cloud. The solution can be deployed as a cloud-native,
hybrid, or on-premises. It also supports air-gapped environments.
§ Lightweight endpoint agent - FortiEDR utilizes less than 1% CPU, up to 120 MB of RAM, 20 MB of disk space, and generates minimal
network traffic.

FortiEDR supports Windows, macOS, and Linux operating systems, and offers offline protection.

§ Windows (both 32-bit and 64-bit versions) XP SP2/SP3, 7, 8, 8.1 and 10

§ Windows Server 2003 R2 SP2, 2008 R1 SP2, 2008 R2, 2012, 2012 R2, 2016 and 2019
§ macOS Versions: Yosemite (10.10), El Capitan (10.11), Sierra (10.12), High Sierra (10.13), Mojave (10.14) and Catalina (10.15)
§ Linux Versions: RedHat Enterprise Linux and CentOS 6.8, 6.9, 6.10, 7.2, 7.3, 7.4, 7.5, 7.6 and 7.7 and Ubuntu LTS 16.04.5, 16.04.6,
§ 18.04.1 and 18.04.2 server, 64-bit
§ Virtual Desktop Infrastructure (VDI) environments in VMware and Citrix. VDI Environments: VMware Horizons 6 and 7, and Citrix
XenDesktop 7

www.fortinet.com

Copyright © 2019 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law
trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results
may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to
the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event,
only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests.
Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version
of the publication shall be applicable. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without
notice, and the most current version of the publication shall be applicable.
FST-PROD-DS-FSA FSA-DAT-R35-201909