Fortinet FortiEDR Reviews

We use FortiEDR for EDR on our internal environment, which includes about 2,900 endpoints.  

I like FortiClient EMS. FortiEDR has a lot of great features like lockdown mode, remote wipes, and encryption. I can set malware outbreak policies and controls for detecting abnormalities. I can also simulate phishing attacks. 

The EDR console should have more extensive reporting. You shouldn't need to purchase FortiAnalyzer. It should be included in the EDR part. The security adviser cloud platform could be improved with more options for exclusive or intensive rules for devices. 

I have used FortiEDR for about 10 years.

I rate FortiEDR a 10 out of 10 for stability. 

I rate FortiEDR a six out of ten for scalability. It's scalable if you add on more product sets, but it isn't scalable by itself. You can add Fortinet solutions like FortiManager and FortiClient Configurator to improve the scalability. We have clients of all sizes. Around 40 percent are small businesses, 40 percent are medium-sized companies, and 20 percent are large enterprises. 

I rate Fortinet support a 10 out of 10. They have a strong team, and tickets are addressed quickly once they're logged on the portal. 

Positive

I rate FortiEDR an eight out of ten for ease of setup. The console is easy to set up, and there are ample tutorials on YouTube about how to do it. A 10-year-old could probably configure it accurately. 

FortiEDR is typically deployed on-prem for top SMB clients and multinational enterprises. We may use it on the cloud for our smaller clients. The deployment process involves scoping, due diligence, configuration, and testing. We have a detailed internal process at my company. Deployment requires two staff members. 

I rate FortiEDR an eight out of ten for affordability. 

I rate FortiEDR an eight out of ten. I give FortiEDR a high mark because it's well-priced for its features. It's a better value than other tools, such as Microsoft Defender. 

My advice to potential users is to understand your precise requirements and know that there are limitations around iOS and Linux. Before deploying, you should ensure that FortiEDR best fits your current environment. 

The implementation that we have is on one municipality in Serbia with, for example, 300 plus users. It was the FortiGate F200 EDR solution with an appliance and the necessary one-year support.

The best features depends on the customer. Our primary goal is to our customers. Mostly our customers use this as an endpoint solution for the workstations and really find it quite effective.

The stability is very good. 

It is scalable. 

The solution is pretty straightforward to set up.

We'd like to see more one-to-one product presentations for the distribution channels. You must know the technical issues and technical possibilities of this solution very well. It would be nice to have some sort of help to explain the potential of the product.

I've been using the solution for approximately three years. 

The solution is stable and reliable. There are no bugs or glitches. It doesn't crash or freeze.

The scalability is okay. If you want to expand on some other products in the Fortinet Portfolio, it is very, very easy. For example, we're also using Fortinet's FortiNAC solution for IoT platforms or IoT devices. 

We have 500 users that use this solution daily.

We haven't really dealt with technical support.

We do have EDR solutions from other companies as well. 

We are a technical crew. Therefore, we had nice training, and everything worked quite well. We are satisfied with the process. It's not too difficult. That said, you must have knowledge of the product if you want to do an implementation for this kind of device. On a scale of one to ten, it's a seven. It's okay.

The pricing is pretty reasonable. I would rate it four out of five in terms of affordability.

We are a Fortinet partner. We are a system integrator company. We have some projects that use FortiGate products. We are a company that does business only in the public sector, in the government sector. We don't do corporate.

I'd advise those new to the solution to go one step at a time and not immediately try to tackle all of the features at once. As you grow, you can keep adding on and begin to implement other services. 

I'd rate the solution nine out of ten.

Our primary use cases for Fortinet FortiEDR are cash registers and endpoint, and point of sales.

The reason we originally started with FortiClient with one of our clients in the first place was that they were able to have legacy cash registers, a really old technology, which we had to get to run in a small resource space, and FortiClient, which was the predecessor, allowed us to literally pick and choose what features we wanted in the client and reduce its size, which you couldn't do with any other types of clients that were out there. That's how we started with that.

It is mostly on premise and any cloud services that we use are directly from Fortinet themselves. I would call that public cloud. We do run some of the customer's environment in private cloud, basically co-location. This has provided the services back to their dataset. I am talking about Fortinet's cloud for the public. For the private stuff it was basically out at Q9, which is the co-location provider.

Fortinet FortiEDR has the ability to customize the footprint of the client or the agents on the device and on the endpoint.

The features that I have found most valuable are the ability to customize it and to reduce its size. It lets you run in a very small window in terms of memory and resources on legacy cash registers. The customer has literally about 800 cash registers. That was the use case for Fortinet FortiEDR - to get that down into a tiny space. The only way to do that was to use this product because it had that ability to unbundle services that were a surplus.

In terms of what could be improved, I would say everything with Fortinet having to do with their cloud services. They need to invest more in their internal infrastructure that they are running in the cloud. One of the things I find with their cloud environment compared to others' is that they go cheap on the equipment. So it causes some performance degradation.

A classic example of that would be products like FortiMail where you're basically acting as a mail relay. So say you're on a support call and I'm sending you a mail with document that you expect to come to you immediately, or within 30 - 60 seconds, could take up to 45 minutes because of the load on the cloud services. This can result in trouble tickets and other customer side issue.

In the next release I would like to see more investment in their cloud services. Additionally, they definitely need better integration into their FortiSIEM and FortiSOAR solutions.

They should continue to improve that and possibly include a managed threat hunting feature, an MDR solution.

I'm a Fortinet Gold Reseller but primarily we're a consulting company, not a product company. We tend to be agnostic with the one caveat being Fortinet, and only because I was the first guy in Canada to get certified in that, and also the first guy to sell it. There is a personal preference there. But I'm looking deeper into more enterprise security solutions that are SASE and endpoints and EDR, XDR, MDR, all that kind of stuff.

We've done work primarily with FortiGate deployments, but we've also done multiple SD-WAN projects and we've worked with FortiEDR, which is similar to their version of EDR. We've worked with FortiClient before that. As far as FortiCloud goes, we've worked with FortiMail in the cloud, we've worked with FortiManager in the cloud, but we haven't gone into CASB stuff yet.

We also do some Fortinet managed services in our customer base. So I have worked with Fortinet since 2004, 2005.

Fortinet FortiEDR has only been out for a couple of years. We've been working with it for a couple of months, primarily migrating a customer from FortiClient to FortiEDR.

We haven't done full scale deployments of FortiEDR yet, it's still fairly new.

In terms of stability, EDR is a pretty decent solution, but it's not best of breed. One of the challenges with Fortinet, and all of these vendors, is that they are doing acquisitions and doing things to retrofit into their environment, but there's a dependency on legacy or other features that Fortinet has, and Prisma from Palo Alto has. They have their own products, which are how their system is designed. It's really a suite of products. Fortinet is now FortiFabric, with Palo Alto it's Prisma, Prisma Cloud and XSOAR and all that stuff.

All these types of companies are not as flexible. I think in the future, people are not going to be interested in having these huge complex suites of products in order to take advantage of integration.

If you look at a true SASE solution, for example Zscaler, it's a product on its own. And it typically integrates with industry best of breed products first. So Zscaler would work with CrowdStrike or Microsoft Defender before it's going to work with an integrated solution like Palo Alto or Fortinet.

I'm finding more and more that these companies, Palo Alto, Fortinet, Check Point, Juniper, are all doing well right now. But I think in the next year to two, you're going to see a transition away from that type of technology.

It is actually one of Fortinet's big selling points that they're not maintenance heavy and they've got their gang leveraging all the other components. It actually updates itself automatically if you choose. And it has the ability, using FortiManager and other products, where you can push out policies very easily across multiple appliances, although that requires proper design and architecture from the beginning to make sure that you've got cookie cutter configurations across your enterprise.

Scalability is Fortinet's sweet spot, even though they're heavily focused trying to sell into enterprise, their sweet spot is still mid-size, SMB, customers.

Those products work well in an environment which is below 3000 users. It also works well in in terms of large enterprises, like a bank.

I don't see EDR really expanding. Fortinet Firewalls is another story. Firewalls can scale up to very large enterprises, including Telcos, but I don't see the EDR product deployed in those environments.

Their support is getting better.

Right now it is not that good. Fortinet was never big on technical support. I think they went by the theory that if it was hard to write, it should be hard to understand. Their technical support is getting better, but if you compare it to Cisco, it's not as good and it never was. It is one of their weak points. Its response time is not bad, but the attitude of the people on the phone is. It's the amount of information they ask for to do an RMA, for example. They can be very challenging to work for. That's an opportunity for managed security providers, because if you confront them, and take it away from the customer, it makes the customer's experience much better. So a bad support center is good for an MSSP.

The initial setup is complex compared to stuff like CrowdStrike or other products where you can just sign up and download and it, and it works.

It's a little bit more complex with FortiEDR because you're dealing with the setup and management of it, whereas in products like CrowdStrike, it's pretty automatic and it's just a question of a radio button to turn on or turn off additional features that you may want.

For example, going EDR to XDR or going EDR to MDR in CrowdStrike, you can do that in Fortinet but you have to implement FortiSOAR and all this other stuff.

Initially the setup took us a while, simply because we had to mess around with the client. We are talking weeks because we had to test and make sure that there were no performance issues and no interruptions in the flow of data, etc...

That took us probably five, six weeks to get up in a POC type environment. Once we got that, it's cookie cutter. You have an image that you deploy that already has that compiled in it, and it works pretty easily.

Fortinet FortiEDR is priced pretty competitively if you compare it to other companies that are in the same boat, like Palo Alto, who have similar product suites. It is reasonable. In the industry, they call Fortinet the Chevy of Perimeter Security and Palo Alto the Cadillac. I think that's undeserved. I think Fortinet is actually, in the long run, a better product, but it has that reputation because of their pricing. Palo Alto, right off the bat, charged a much higher premium, which created the illusion that you're getting a better product. Palo Alto products are brutally expensive.

But that's the way Palo Alto works and it works for them. Although, I've heard rumors that they're changing their channel model where they're going after enterprise customers directly, rather than forcing it through the channel. Fortinet is a 100% channel, Palo Alto is not. And that's affecting them. If you look at stock prices and earnings, Fortinet is actually doing better.

With any of these products, you need to step back and look at where the wave of technology is going in the security posture. I think that you need to step back and say, "Here's my current situation, what's the best solution two to three years from now?" If you look at that, I don't see Fortinet or Palo Alto or any of those traditional product vendors being the future state.

These companies are like system integrators. A lot of system integrators went out of business mostly because they couldn't make the paradigm shift from a product led business to a service led business. I see the same type of thing happening in the traditional Perimeter Security companies, that are not designed from the ground up. They make an acquisition of a product and they try to integrate it into their business model, and to leverage all their other products in a suite. That's not the way the industry is going.

On a scale of one to ten, I would rate Fortinet FortiEDR somewhere around a six.

It goes back to what I said that I don't think it's got a huge future. If you compare it to CrowdStrike or those type of products, it is very similar to Palo Alto's Cortex, they didn't even come out with an an EDR solution, they went directly to an XDR solution. What is XDR penetration? About 2% of the market right now. It's just not a fit to the future. That's why I give it a six.

We use it for endpoint security. We were searching if it could replace our old EDR solution. 

We use it for everything now. We no longer have another security solution except from the Microsoft 365 package.

Fortinet FortiEDR handles our main endpoint security.

We have FortiEDR installed on all our systems. This protects them from any threats.

This solution has improved our endpoint security posture. Before this, we didn't have any EDR solution, just standard endpoint security. 

Now, with FortiEDR's behavior analysis and comprehensive threat detection, we definitely have better protection.

We chose FortiEDR because we were looking for a robust EDR solution. One thing that appealed to us was the potential integration with our FortiGate firewalls. 

We hoped to mitigate threats and stop the traffic by having the firewall and EDR work together, but this wasn't straightforward out-of-the-box. It needs specific configuration which hasn't been done yet. That was a bit unexpected.

I would like to improve the integration process because a big selling point was the ease of integration within the Fortinet ecosystem. I would expect more built-in collaboration to allow for easier threat mitigation across Fortinet systems.

The strength of FortiEDR lies in its overall ability to protect us from new threats. We have encountered issues with it as well.

We've had a lot of false positives; things incorrectly flagged that require manual configuration to allow. Even worse, after we allow a legitimate program, it sometimes gets flagged again after an update. This has caused a lot of extra work for my team. I would like to see improved heuristics so the system better understands what's legitimate and doesn't keep blocking it after minor updates.

I have been using it for a year. We use the latest version in my company. 

I would rate the stability a six out of ten. 

We've had some erroneous warnings that didn't make sense. It gives me the impression of a product that still has some issues to resolve. 

Additionally, there are three main areas of concern:

1. The product itself seems to have some unresolved issues.
2. The integration with the rest of the Fortinet ecosystem could be better. It feels standalone rather than part of an integrated solution.
3. The high level of maintenance required due to the heuristics, or lack thereof. We keep seeing the same warnings and blockages even after updates. We need to constantly be on top of it, allowing traffic repeatedly.

So, all those factors impact the overall stability. There's room for improvement, especially considering it's a newer version.

I would rate the scalability an eight out of ten. 

It's installed on everyone's devices, so it's protecting users during working hours. Think of it as active for five days a week. We use it to its maximum capacity. 

We have around 500 end users.

We work through our supplier for support. We've shared our findings and issues, and there was some initial back-and-forth to find the root cause. There wasn't a clear, immediate answer or solution. They opened tickets with Fortinet, so it feels like the whole process is still evolving.

Neutral

We had traditional endpoint security, but this is our first EDR solution.

We didn't have any major problems during the installation while in monitoring mode. Issues arose, causing a lot of overhead, when we enabled the prevention mode and started seeing those false positives.

If we're looking strictly at the setup, there weren't any problems. I'd rate my experience with it an eight out of ten, with ten being easy and one being difficult to set up. 

The implementation itself was fine, but we experienced a lot of frustration due to the overhead of those false positives. We had to dedicate someone to constantly monitor and allow legitimate traffic. This created a negative experience with FortiEDR.

The deployment involved installing it on all our endpoint user devices. One person handled the deployment. 

We use it on the cloud. Since it's a managed service, the provider handles the systems where it's installed. We install the client on our users' devices.

We have one person dedicated to maintaining, but I'd like to have less overhead. There's too much time spent handling these findings. We'll be working with the service provider to try to reduce that.

We license it per employee, so as long as the employee count remains the same, the licensing won't change. We have it installed on every device.

We got a good deal on licensing, so it is in the competitive range.

I would rate the pricing a seven out of ten, with ten being expensive, and one being cheap. 

The pricing is fixed. However, we had larger configuration costs associated with the implementation.

We considered CrowdStrike and Microsoft Defender. Cost was a factor, and we were interested in the potential integration with FortiGate firewalls. However, that integration didn't work out as smoothly as expected.

Definitely have a small testing environment and not just monitor mode. Include a limited network so you can see how it reacts in full prevention mode to assess the potential impact of false positives. 

Also, if you are interested in integration with FortiGate firewalls, carefully investigate how that collaboration will be achieved.

Overall, I would rate the solution a six out of ten.

We are using the AirGap edition. The solution is used for threat hunting. Some things are aligned to update the database to keep up with the vulnerabilities and threats on the internet.

I get alerts when scripts are detected in the environment. I can immediately stop the process. I can see which processes are running and immediately allow, stop, or reverse the damage.

The solution is not user-friendly. It is a bit hard for me. We must have the knowledge needed to find the threats using the product. We must know how to navigate and investigate using the tool. I think the usage is limited for AirGap users. We cannot use AI. Keeping up with the agent updates is a little bit difficult. Fortinet must make agent updates easier.

I run the solution on-premise. One of the VMs needs a lot of memory. It takes a lot of resources off of my VMware. I know I need resources to run threat hunting. The vendor advised me to go to the cloud. However, it's not up to me to go to the cloud. I need my CEO’s approval.

I have been using the solution for three years.

I have directly contacted the engineering staff. When I open a ticket, I can contact support immediately. The team helps me with my problems.

Positive

The solution is not expensive. However, CrowdStrike is more expensive.

CrowdStrike is much more advanced than FortiEDR. CrowdStrike is fully on the cloud and has AI features. I think it has a SOC team, too. The user interface is great. According to the reviewers, CrowdStrike is the number one tool for cybersecurity. I am evaluating CrowdStrike so that we can move to CrowdStrike in the future.

The solution provides online training that we can use to learn how to use the product. My recommendation depends on an organization's budget. However, I will recommend CrowdStrike more than Fortinet. Overall, I rate the product a seven out of ten.

It's a kind of virus defense that is looking to the future and not to the past.

The main thing is that I feel safe. Because the processes that have been used to get a handle on the attackers are much better than other competitors.

The solution is very secure compared to other vendors.

The only minor concern is occasional interference with desired programs, although it's a necessary trade-off. Otherwise, I have no suggestions for improvement.

Another area of improvement is support. It could be faster. 

In future releases, maybe some extra features could be added to make it better, and maybe the events and history could be made a little bit clearer.

We've been using it for four to five years now.

It is a stable solution. 

It is a scalable solution. There are around 6o end users using this solution. It is easy to scale. 

The customer service and support are quite okay. It could be better. 

Positive

I have used ESET. ESET is an old-style defense that has less problems with new programs, but it's not as secure as Fortinet.

We currently use both ESET and Fortinet. We have some places, especially for developers, that can't use FortiEDR because it's too restrictive.

Installation is straightforward.

The initial installation on the server side takes a bit of time, but if we consider the overall process, it could take about a week.

We require two people for deployment. The maintenance is easy. 

The pricing model is okay. It's not cheap, but it's not expensive either. It's a customized price. It's a yearly license. There are no extra costs. 

I would definitely recommend the solution. 

Overall, I would rate the solution a nine out of ten because but the only concerns I have are that it can sometimes have problems with new programs, and the support could be a bit faster.

We use Fortinet firewalls for perimeter security at six to seven of our locations.

It provides extreme perimeter security, especially for VPN and application profiles, and seamless security monitoring through FortiAnalyzer.

As a firewall the solution is great, we never had any issues.

We saw time to value within three to four months of the firewall deployment.

Fortinet FortiEDR's firewalling, rule creation, monitoring, and inspection profiles are great.

Integration with Azure and SaaS provisioning tools could improve Fortinet FortiEDR.

I have been using Fortinet FortiEDR for almost five years.

The stability is generally good. We had one problem once, but otherwise, it has been good.

I don't think Fortinet FortiEDR is scalable with other vendors and new cloud provisionings, such as Azure or other cloud providers. I need to evaluate it further.

Technical support is good, but there are sometimes problems with reachability.

Neutral

I used Check Point and Cisco firewalls in my previous companies. At my current company, we use Fortinet, which I find to be a good firewall.

The initial deployment was complex, but that is expected in any firewall environment.

We use a migrator for the implementation and they were good.

We have seen a return on investment over the past four years. We can be assured of the perimeter security system's stability and ability to sustain itself in good conditions.

I'm not familiar with pricing, but it looks a bit costly compared to other vendors.

Fortinet FortiEDR was installed before I joined my organization but it was a good choice.

I give Fortinet FortiEDR an eight out of ten.

We are looking for max solutions from vendors. We may look at VPN solutions as well.

Attending RSA is an opportunity to network and compare products from vendors around the world which are interesting.

Attending RSA gives us the opportunity to compare products and understand the latest technology. This is something that is really valuable.

We use FortiAI, FortiSIEM, and FortiEDR.

Fortinet helped us scale large-scale deals with clients because of its strong offerings.

Fortinet is very straightforward to use. I have access to a lot of technical resources, and I have been able to use them effectively.

Fortinet has helped free up around 20 percent of our staff's time to help us out.

We saw time to value within two weeks of implementing the solution, which strengthened our use cases.

I would say FortiSIEM, is a good alternative to Splunk.

The focus area for analytics is to tie it into the firewall components within SD-WAN.

ZTNA can improve latency. I believe that a lot of the focus is on SD-WAN.

I have been using Fortinet FortiEDR for four years.

I rate Fortinet's stability a ten out of ten.

I rate Fortinet's scalability a nine out of ten.

Fortinet's technical support is top-notch. They have a partner manager, technical account reps, and a lot of ongoing community activities to ensure that people stay up-to-date on the latest information.

Positive

The initial setup requires a lot of communication with the business to gather and clarify requirements.

We worked with Fortinet to implement the solution, and then our team of technical staff deployed it.

We have seen a return on investment. Teams are being hired and staffed to meet the demand of having Fortinet implemented on our client projects.

The pricing is typical for enterprises and fairly priced. Deals are negotiated with an account manager.

We evaluated Palo Alto Networks. However, we felt that they did not have the entire suite of analytics that I was looking for. Fortinet, on the other hand, seems to have a more diversified offering in this area.

I give Fortinet FortiEDR a nine out of ten.

The RSA conference helps me stay up-to-date on technology. It also helps me think differently about my use cases. Sometimes, a feature is supported, but other times, vendors may not have it. There may be a reason why they're not doing things the way they say they will.

Attending RSA has an impact on our organization's cybersecurity purchases. In fact, some of the vendors I spoke to told me that a group had already scheduled a meeting with us, which I was unaware of.