SoraYazılım
English
Custom software solutions from Türkiye
Fortinet · Network Security and SD-WAN

FortiEDR / FortiXDR

Endpoint Detection & Response and extended detection/response.

Request a quoteFAQ
Quick answer

FortiEDR is Fortinet's EDR product using a patented post-infection protection technology. It combines behavioral analysis, automated forensics and kill-chain visualization. FortiXDR extends this with email + network + cloud telemetry correlation.

FortiEDR (formerly enSilo) is the Israeli EDR product Fortinet acquired in 2019. Its patented post-infection protection technology blocks malicious processes' system calls in real time, effectively reducing their impact to zero — its defining differentiator versus classic EDR.

FortiXDR integrates FortiEDR + FortiAnalyzer + FortiSandbox + email telemetry within the Security Fabric, providing automated response playbooks and MITRE ATT&CK mapping.

Also available as a managed MDR service — Fortinet's 24/7 SOC team delivers threat hunting and incident response.

Key features

What it offers

  • Post-infection protection (automatic blocking)
  • Forensic timeline and threat hunting
  • Cloud sandbox integration
  • Fabric XDR with FortiAnalyzer
  • Managed MDR option
  • MITRE ATT&CK mapping
  • Windows, macOS, Linux support
  • Automatic kill chain visualization
Tech Summary

Important technical data

Platforms
Windows 7+, macOS 10.13+, Linux, Server
Agent size
~80 MB disk
Management
FortiEDR Console (SaaS or on-prem)
Licensing
Per device, annual
MDR option
Fortinet MDR 24/7 SOC
Sandbox
FortiSandbox integration
Use Cases

When would you choose this product?

Finance

Bank branch endpoints

A bank applies FortiEDR post-infection protection across 5,000 branch endpoints; ransomware attempts are stopped within seconds.

Manufacturing

Manufacturing PCs and OT endpoints

A manufacturer uses FortiEDR to keep aging, unpatched Windows OT endpoints under behavioral protection.

Government

24/7 monitoring with managed MDR

A government organization without a SOC of its own uses Fortinet MDR for 24/7 threat hunting and incident response; 15-minute SLA.

Healthcare

Hospital admission terminals

Hospital admission terminals run FortiEDR with application whitelisting + post-infection protection; only the HBYS application is allowed to run.

Who is it for?

Organizations with mature SOC teams; or those purchasing managed MDR service.

Frequently Asked Questions

Frequently asked questions

What does post-infection protection mean?
Technology that blocks malicious processes after they execute, before any impact occurs. FortiEDR inspects critical system calls — outbound network, file system writes, process injection — in real time.
Can it be installed alongside FortiClient?
Yes. Most organizations deploy FortiClient (EPP + ZTNA) + FortiEDR (advanced EDR) together. Both agents coexist on the same endpoint without conflict.
What sets it apart from other EDRs?
Patented post-infection technology; high detection + low false-positive scores in MITRE ATT&CK Evaluations; native correlation with the Fortinet Security Fabric. Also preferred as a standalone EDR.
What's the license model?
Per device, annual. Discover, Protect and Respond tiers exist; the top tier includes automated response + threat hunting. Typical ~$60–100/device/year.
Does it work in cloud environments?
Yes. Runs on AWS, Azure and GCP VMs and on Kubernetes nodes. Operates at the host level (not inside containers).
How does the forensic timeline work?
For every event, all process, file, registry, network and module activities are stored second by second. When an event is detected, a 360° attack visualization is produced and root-cause analysis becomes possible.
Where does it sit in MITRE ATT&CK Evaluations?
FortiEDR has scored high detection (Detection ≥ 90%) with low false positives over the past 3 years. Leader in the Carbanak+FIN7 and Turla rounds.
Is there an on-prem console option?
Yes. If your data policy disallows the cloud console, an on-prem FortiEDR Manager can be deployed. Management and telemetry stay local.
Is Windows 7 supported?
Yes. Windows 7 SP1+ is supported. Behavioral protection is particularly valuable on aging, unpatchable OS instances.
How does the Fortinet MDR service work?
Fortinet's global SOC (FortiGuard SOC) watches your FortiEDR alerts 24/7; for critical events the response SLA is 15 minutes. Monthly security reports + threat-hunting hours are included.
Vendor's official product page

Opens the vendor's original technical documentation and product page in a new tab.

FortinetFortiEDR / FortiXDR
From the same brand

Fortinet family — other products

FortiGate NGFW

AI-driven Next-Gen Firewall family (40F → 7081F).

Details

FortiSASE

Cloud-delivered Secure Access Service Edge for hybrid workers.

Details

FortiClient (ZTNA + EPP)

One agent for VPN, ZTNA, EDR and compliance.

Details

FortiAP (Wi-Fi 6/6E/7)

Enterprise wireless access points orchestrated by FortiGate.

Details
Comparable Solutions

Similar solutions from other brands

Trend Micro

Apex One

AI-driven enterprise endpoint protection (EPP + EDR).

DetailsBitdefender

GravityZone XDR

XDR unifying endpoint, network, identity and cloud telemetry.

DetailsFortinet

FortiClient (ZTNA + EPP)

One agent for VPN, ZTNA, EDR and compliance.

Details
Related Services

Services we deliver alongside this product

devops-altyapi

FortiEDR / FortiXDR licensing + deployment + support

Sora Yazılım handles licensing, deployment, training and ongoing management — all from a single team.

Request a quoteFortinet