Fortinet FortiEDR Reviews

We use it for endpoint security. We were searching if it could replace our old EDR solution. 

We use it for everything now. We no longer have another security solution except from the Microsoft 365 package.

Fortinet FortiEDR handles our main endpoint security.

We have FortiEDR installed on all our systems. This protects them from any threats.

This solution has improved our endpoint security posture. Before this, we didn't have any EDR solution, just standard endpoint security. 

Now, with FortiEDR's behavior analysis and comprehensive threat detection, we definitely have better protection.

We chose FortiEDR because we were looking for a robust EDR solution. One thing that appealed to us was the potential integration with our FortiGate firewalls. 

We hoped to mitigate threats and stop the traffic by having the firewall and EDR work together, but this wasn't straightforward out-of-the-box. It needs specific configuration which hasn't been done yet. That was a bit unexpected.

I would like to improve the integration process because a big selling point was the ease of integration within the Fortinet ecosystem. I would expect more built-in collaboration to allow for easier threat mitigation across Fortinet systems.

The strength of FortiEDR lies in its overall ability to protect us from new threats. We have encountered issues with it as well.

We've had a lot of false positives; things incorrectly flagged that require manual configuration to allow. Even worse, after we allow a legitimate program, it sometimes gets flagged again after an update. This has caused a lot of extra work for my team. I would like to see improved heuristics so the system better understands what's legitimate and doesn't keep blocking it after minor updates.

I have been using it for a year. We use the latest version in my company. 

I would rate the stability a six out of ten. 

We've had some erroneous warnings that didn't make sense. It gives me the impression of a product that still has some issues to resolve. 

Additionally, there are three main areas of concern:

1. The product itself seems to have some unresolved issues.
2. The integration with the rest of the Fortinet ecosystem could be better. It feels standalone rather than part of an integrated solution.
3. The high level of maintenance required due to the heuristics, or lack thereof. We keep seeing the same warnings and blockages even after updates. We need to constantly be on top of it, allowing traffic repeatedly.

So, all those factors impact the overall stability. There's room for improvement, especially considering it's a newer version.

I would rate the scalability an eight out of ten. 

It's installed on everyone's devices, so it's protecting users during working hours. Think of it as active for five days a week. We use it to its maximum capacity. 

We have around 500 end users.

We work through our supplier for support. We've shared our findings and issues, and there was some initial back-and-forth to find the root cause. There wasn't a clear, immediate answer or solution. They opened tickets with Fortinet, so it feels like the whole process is still evolving.

Neutral

We had traditional endpoint security, but this is our first EDR solution.

We didn't have any major problems during the installation while in monitoring mode. Issues arose, causing a lot of overhead, when we enabled the prevention mode and started seeing those false positives.

If we're looking strictly at the setup, there weren't any problems. I'd rate my experience with it an eight out of ten, with ten being easy and one being difficult to set up. 

The implementation itself was fine, but we experienced a lot of frustration due to the overhead of those false positives. We had to dedicate someone to constantly monitor and allow legitimate traffic. This created a negative experience with FortiEDR.

The deployment involved installing it on all our endpoint user devices. One person handled the deployment. 

We use it on the cloud. Since it's a managed service, the provider handles the systems where it's installed. We install the client on our users' devices.

We have one person dedicated to maintaining, but I'd like to have less overhead. There's too much time spent handling these findings. We'll be working with the service provider to try to reduce that.

We license it per employee, so as long as the employee count remains the same, the licensing won't change. We have it installed on every device.

We got a good deal on licensing, so it is in the competitive range.

I would rate the pricing a seven out of ten, with ten being expensive, and one being cheap. 

The pricing is fixed. However, we had larger configuration costs associated with the implementation.

We considered CrowdStrike and Microsoft Defender. Cost was a factor, and we were interested in the potential integration with FortiGate firewalls. However, that integration didn't work out as smoothly as expected.

Definitely have a small testing environment and not just monitor mode. Include a limited network so you can see how it reacts in full prevention mode to assess the potential impact of false positives. 

Also, if you are interested in integration with FortiGate firewalls, carefully investigate how that collaboration will be achieved.

Overall, I would rate the solution a six out of ten.

We had a ransomware attack in 2017, and that's when we went with enSilo, which is now called FortiEDR. It helps us to detect the hash files and all that. So far, it's really good. It detects any kind of anomaly. If any installation is happening, it checks the process and everything else and lets us know how it works.

It notifies us if there's any suspicious file on any PC. If any execution or similar kind of thing is happening, it just alerts us. It doesn't only alert. It also blocks the execution until we allow it. We check whether the execution is legitimate or not, and then approve it or keep it blocked. This gives us a little bit of control over this mechanism.

Fortinet FortiEDR is also very straightforward and easy to maintain.

They can include the automation for the realtime updates. We have a network infrastructure with remote sites. Whenever they send updates, they are not automated. We have to go into the console and push those updates. I wish it was more automated. The update file is currently around 31 MB. It could be smaller.

I have been using this solution for three years.

It is really good.

It is scalable. Currently, around 1500 users are using it.

The support has gone down a little bit since Fortinet acquired enSilo. Earlier, because they were a small company, they used to pay more attention to the customers and proactively contact us for certain things, like product updates. The support structure has now changed. Now, it's a big umbrella. Fortinet is a big fish, so they can't contact you as much because they have more clients. As enSilo, it was a smaller footprint, and it was kind of personalized support.

The initial setup was simple. The deployment time depends on how big the implementation is. Ours is a big organization. It took us a week to deploy to our systems, and that's obviously because we were pushing those agents. Some of our sites are so remote that they can only have 1MB lines. So, when you push the agent, it obviously takes time.

We have a small team of only seven people for implementation. One dev person deals with it.

Overall, we are quite happy with this product. It basically works the way we want it since we have installed it. It's as per expectations. 

I would rate Fortinet FortiEDR a nine out of ten. 

We had some customers looking for an EDR solution for their endpoint devices based on their company's security posture and standing. So Fortinet FortiEDR was recommended to them.

Fortinet FortiEDR made our clients feel secure and more at ease, knowing that they had an EDR solution that would close the gap in their security posture. Our clients are happy with the solution.

The solution's installation from a central installation server could be improved because the engineers had a little bit of trouble getting it installed from a central location.

Once it was up and running, customers didn't have any complaints about the product's stability.

Fortinet FortiEDR's scalability is okay, and we like the product.

I rate Fortinet FortiEDR a six out of ten for the ease of its initial setup. The engineers had some trouble setting up the solution, and they had to contact Fortinet to get some help.

Overall, I rate Fortinet FortiEDR a seven out of ten.

The competition of Fortinet FortiEDR is with CrowdStrike in Sri Lanka, especially if I consider the banking and BFSI sectors, where most of the network areas are handled by Fortinet. With Fortinet FortiEDR, the customers get security and endpoint security for their networks. My company deals with Fortinet FortiEDR for our customers.

With Fortinet FortiEDR, the console is available with the product through the vendor network, which takes care of the security part while offering firewall functionalities. The product offers everything in the same console. With Fortinet, The customers do not face any issues when using other resources in the tool since they don't have to handle the consoles separately. With Fortinet, one person or one resource can handle two consoles together.

Right now, my company focuses on the on-premises version of the product since the cloud competencies offered by the tool are comparatively a bit less. I think cloud security and SASE are areas of concern in the product where improvements are required. The tool's cloud version has to be improved in terms of the security it offers.

I have been using Fortinet FortiEDR for a year. My company functions as a reseller of the product.

Fortinet FortiEDR experiences a good journey in Sri Lanka if you consider the prices it offers and the competitive nature with Check Point and other vendors. Fortinet FortiEDR enjoys a good journey in Sri Lanka when compared to the other vendors. There is no need to convince the customer that Fortinet FortiEDR is good, as they already know about the advantages of the tool. Customers know about the other products in the market and know how the other tools are when compared to Fortinet FortiEDR. In general, customers have knowledge about Fortinet FortiEDR and the other products in the market. I have no complaints about the product since I don't find any disadvantages when it comes to Fortinet FortiEDR.

My company deals with around ten customers of the product that deals in the software industry. There are some customers of my company from the banking and finance sectors who prefer the product's on-premises version.

My company's engineers contact Fortinet FortiEDR's support team. When my company undertakes the process of customer onboarding, our technical team ensures that they directly handle the customer for a year with the help of support from Fortinet's team. As per my knowledge, Fortinet offers good support compared to the other vendors in the market.

The product's initial setup phase is very easy.

The solution is deployed on an on-premises model.

The time required to deploy the solution depends on the needs of our company's customers. My company's engineers handle the product's deployment area. It takes around a month to deploy the solution.

Fortinet FortiEDR is available at a very competitive price compared to the other products in the market. Customers also know about the prices of the Other products in the market, and they are aware that Fortinet FortiEDR's prices are cost-effective.

I recommend the product to those who plan to use it, but I will definitely ask them about the network security platforms they use in their environment. I would definitely recommend Fortinet FortiEDR to those who already have Fortinet products in their environment.

The integration with other Fortinet solutions has not impacted our company's security strategy.

Considering the list of complaints that my company has received regarding the product from our customers, I rate the overall product an eight out of ten.

We use FortiEDR to detect malicious activities that primarily occur on the endpoints. For example, it can catch a server downloading malicious software or a user accidentally accessing a harmful URL. Three or four engineers manage the solution.

The console is easy to read. I also like the scanning part and the ability to move assets from one to the other.

FortiEDR could add a separate scanning dashboard. In incident management, we prefer to remove the endpoint system from the environment and scan the system. We typically use Symantec for that, but if we want to use FortiEDR for that, then we need a scanning tab to clarify things. 

If I'm scanning assets from the backend, I should be able to tell from my end if any malicious files were installed onto the server. It may be any server like Windows Server or the operating system for an endpoint laptop or desktop. 

We deployed FortiEDR around eight or nine months ago.

I rate FortiEDR 10 out of 10 for stability. 

Fortinet support is excellent. I don't deal with the Fortinet firewall, but a few of my colleagues are on the firewall team, and they say their T1 or P2 calls are handled smoothly.

Setting up FortiEDR isn't difficult. 

I rate FortiEDR 10 out of 10. I say go for it. 

NGAV and EDR features are outstanding.

We saw Lockey very early on and caught it via behavioral signatures on the traditional AV. We already had parts of the payload downloaded because the traditional AV behavioral signatures were not blocking everything. We had removed the endpoint from the network to investigate and realized the standard AV would have failed. Adding enSilo blocked Lockey immediately and allow no parts of it through. We have found errors in other applications and used enSilo findings to improve the operation of our systems. enSilo also provides a forensic service, which we have leveraged to validate files are malicious or not.

One of the key features to enSilo is it does not block/delete entire executables. Instead, it blocks malicious functions. This allows users to be unaffected if the file is useful but has bad components. FoxIt is a good example of this. Not a malicious tool but has vulnerable behaviors that enSilo can block.

The engineering team continues to add useful features, like the ability to search for files and hashes across the environment. At the moment, I am very happy with the product. Not a deal killer, but making the portal mobile friendly would be helpful when I am out of office.

Almost two years.

Endpoint agent is incredibly small (<2MB), so it is very easy to deploy.

Product has been rock solid from its earliest versions until now. Seems the engineers do a good amount of QA and testing, so they do not release half-baked software.

Recently tripled our deployment size over a weekend without issue.

enSilo team is super responsive. From the tier 1 support to the advanced malware researchers, they all understand customer service. I have been called and emailed at 1AM with high-risk events, and also when I reach out at 2PM, they respond just as fast.

The team is not hesitant to escalate an issue to development/engineering. Unlike a lot of companies, they are quick to modify the application to fix an issue.

Used Tanium and other EDR/Forensics tools at previous employers. Those tools are great at managing overwhelming information but do not necessarily help with visualizing real threats occurring in the environment. enSilo quickly provides a visualization of what has happened and where the malicious behavior occurred. You can then dive down to a full memory dump without having to dig through other useless screens.

The management is cloud-based so it was easy to just install agents and go after opening a firewall to our dedicated IP.

In-house. No real need to go external.

I avoid this question with security tools as there is no real return on this, just a lowered burden to manage risk. I will say the tool requires maybe 2 hours of actual focus a week, so much less noise than other tools. enSilo also reduces our risk more than any other tool we have (firewall, web filter, email filter, etc.). From that perspective, we get the most risk reduction with the least burden from enSilo.

I know it is tough to get big budget additions up front, but I highly recommend deploying environment wide and adding the forensic service. Prioritize your most at risk assets, e.g., users with unrestricted browsing or access to sensitive data.

Yes:

Carbon Black - Too much noise and time to configure policy. Also, it had too many disparate components to manage/up-sell.

Tanium - Would not talk to us, because we are under 5000 endpoints.

Cylance - Not mature enough at the time of our initial purchase in early 2016.

Confer - Lots of promise, but got purchased by Carbon Black.

Check it out, it is definitely worth your time. They have a unique approach and will let you sleep at night.

After experiencing issues with ransomware, the company decided to implement technology that could enhance endpoint protection. As a result, we partnered with Fortinet and chose to use FortiEDR in our environment. FortiEDR helps block USB devices, protects specific applications, prevents unauthorized software installations, and controls lateral movement within the network. This allows us to maintain greater control over third-party devices and software within our IT infrastructure.

We have a specific policy to protect most of the software our employees use on EvoraMet, whether cloud-based or installed on Microsoft machines. We enforce a security rule where any software with a security score lower than three is blocked within the network. Employees who request access to such software can open a ticket. We'll then conduct a review to determine if allowing the software or if it should remain blocked is necessary. This policy helps us maintain a secure environment by controlling the use of low-rated software.

The best feature is FortiEDR's integration with the operating system kernel. In our case, we're using it on endpoints running Microsoft Windows 11, and this integration provides enhanced protection. FortiEDR safeguards all applications, scripts, and behaviors on the machine by embedding with the OS. The key modules we rely on include Execution Prevention, Exfiltration Prevention, and Ransomware Prevention. These are the most critical protections for our devices.

The control of scripts could be improved because you use Microsoft Active Directory and unnecessary scripts to keep the roles updated with company policies. We have some filters to block potential malicious scripts on the Roast. It blocks USB devices, like storage or other devices that the company does not allow, from trying to present some malware, etc.

I have been using Fortinet FortiEDR for six to eight months. We are a partner of Fortinet.

The installation process on the host is straightforward, though Fortinet could improve it, such as allowing email distribution lists. We work around this by providing the software and installation password to the IT team, who then deploy it on the machines.

Our company has around forty employees, and they travel, the deployment generally takes about five days to complete.

Security is implemented in layers. Protecting our endpoints is essential because we relied on a Microsoft solution that didn't provide centralized management or visibility into our network's behavior. It's important to have full control over the network, like FortiGate and wireless controllers, at the endpoint level.

Overall, I rate the solution an eight out of ten.

We would have used this solution for endpoint detection EDR, which we don't currently have. We wanted to see how it works with the discovery of the history of some things that might come up.

The dashboard is easy to follow and use. 

The deployment and uninstalling were easy.

I like the detailed information about the path of a file that might be suspicious. Being able to check that out was easy to follow.

Exceptions are easy to create and the interface is easy to follow with a nice appearance.

The SIEM could be improved. I would have liked to see that you could access the same SIEM or Fortinet EDR dashboard from the same login, but I heard that they were different, which was a bit of a letdown.

I used this solution for a month to do a PoC.

I was using the latest version.

It's a stable solution. It would fit our organization's needs.

We are currently using Cylance.

The initial setup was straightforward. There were no complexities.

The deployment didn't take long at all. It took more time to create a Cylance install and push-out to the network to do anything. It didn't really take that much time. It was no problem.

There are no issues with the pricing.

We were using a demo for both Fortinet FortiEDR and SentinelOne. We were doing PoC on both to see which one we wanted to use.

We wanted to see the differences between them and Cylance.

I would rate Fortinet FortiEDR an eight out of ten.