Fortinet FortiEDR Reviews

We use this product to deploy to all the clients we have to monitor any kind of suspicious activities occurring on the end points besides antivirus. This will kind of automate their response basically with the EDR. I'm a security analyst and we are customers of Fortinet. 

Since we've had this solution we've been able to monitor different hosts of services and different devices effectively. We can also automate to save a lot of time instead of doing things manually.

The most valuable features would be the ability to get forensics details and also memory exfiltration so we can analyze them separately after an incident.

Detections could definitely be improved. It's still detecting some things that it shouldn't be like Microsoft Intune and 365 devices as well.

I'd like to see an improvement in the reporting. There are currently no reporting capabilities so I would definitely want to see that.

I've been using this solution for 18 months. 

The solution is stable.

We haven't had issues with scalability and we have over 5,000 endpoints. In the security team we have four people who use the solution daily. The others use it in case of emergency.

The initial setup was very straightforward. 

This is definitely a good product and will make your life easier. 

I would rate this solution a seven out of 10. 

The ease of deployment and configuration is valuable. It's very easy compared to other vendors like Sophos. Sophos' configuration is complex. Fortinet is a lot easier to understand. You don't need a lot of admin knowledge to do the configuration. 

The security is also very good and the firewall response is good. 

Clients want to be in a hybrid mix and match mode. The security needs to be relevant in that way as well. It has to be online, on the cloud and on-premises. This is the customer's mindset. They don't want to go for user applications on the cloud. They think it will fail and the data will be inaccessible. They don't want to go to the cloud platform. The security should be strong for the cloud. Some applications are on-prem and some are on the cloud. Fortinet should also have strong security for the cloud. There should be more security for the cloud. 

I have been using FortiEDR for the last year. 

It runs constantly, 24/7. It is quite stable. We haven't had any stability issues. 

It is scalable. It is good for both small and large companies. Security has to be strong, it should be at the same standard. It's suitable for all business sizes. 

We haven't needed to contact support for EDR. 

The deployment can be done in one week. We have configured it within a week. It takes generally three people to set it up. I supervise the team. 

There are no additional costs. 

As of now, it's very good. We don't have a lot of challenges. The EDR concept is new to the market. It doesn't have a lot of competition. As of now, we don't have a lot of user input. If it's on the market for a few more years, I'm sure people will have more feedback.

We do our own documentation and share the whitepapers with our clients. I don't find Fortinet to be a difficult tool. The reporting is good and designed in a way that even a newcomer can use it easily. As of now those clients who have migrated from other security vendors don't have a lot of challenges. The clients appreciate the technology and report that they have tangible benefits.

I would rate it a nine out of ten. All of the requirements are addressed nicely and the security is covered. It has everything it needs. 

The solution is used by a small organization of around 500 end users to provide online courses to their students.

Fortinet FortiEDR's scalability is quite good, and you can add licenses to the solution.

Fortinet FortiEDR should include some of the new features and better pricing. The solution should address emerging threats like SQL injection. It would be good if the solution detects ransomware files.

We have implemented Fortinet FortiEDR for our clients, and they have been using it for the last two to three years.

Fortinet FortiEDR is a stable solution. Our client has been running it successfully for the last three years.

The solution's technical support is good and fast.

The solution's initial setup is very straightforward.

The solution was deployed within a week.

Fortinet FortiEDR has a yearly subscription. The solution's pricing should be improved because other players in the market are coming up with competitive prices.

Two to three people are required to deploy Fortinet FortiEDR.

Overall, I rate Fortinet FortiEDR an eight out of ten.

It is mostly used according to client’s need. 

I believe that easy deployment is primarily used to facilitate client learning. Additionally, when it comes to EDR, there are more tools available to assist with client work. 

We've encountered challenges during API deployment, occasionally resulting in unstable environments. Deployment can be a bit tricky at times. In terms of pricing, EDR tends to be more costly than FortiClient. In some cases, we opt for FortiClient because clients may not have the resources or time to invest in EDR.

I have experience with Fortinet FortiEDR. 

It is a stable solution.

It is a scalable solution.

The customer service is very good.

Positive

The initial setup is pretty easy and I would rate it an eight out of ten. 

It is expensive and I would rate it an eight out of ten.

I would overall rate it an eight out of ten. 

It is stable and scalable.

Comparatively, it works fine, but the amount of usage, the number of details we get, or the number of options that can be tweaked is limited in comparison to that with other EDR solutions. The ability to make certain changes or investigate is also limited.

Also, the investigation and the details, which I would get when I'm looking into it, and the ways I could configure or white list or black list a few things are also limited. It is not up to an extent where it can give me granular options to do that.

I've been using it for about a year.

The stability is pretty good.

It is scalable.

For some organizations, FortiEDR is good enough, but for others, it's not. It depends on the organization's infrastructure.

I would rate Fortinet FortiEDR at six on a scale from one to ten.

For FortiDR, it serves as an add-on to the firewalls and the SD-WAN solution that I am already using from Fortinet. Basically, it is an additional layer on top of my existing network environment. 

Initially, when I started, I bought FortiGate from Fortinet. After that, I implemented tools like webmail. Then, after maybe six months to a year, I decided to switch from my existing EDR to other vendor solutions, like Kaspersky, Trend Micro, or Broadcom, and eventually switched to Fortinet since it's interoperable with the firewall I am already using. 

The EDR became the next step in implementing Fortinet solutions for me.

The data collected from the endpoint where the EDR is installed is highly valuable for me. The firewall and FortiEDR Analyzer use this data for analytics, collecting it from the endpoint. This data allows for comprehensive analysis and better security measures. The collection and analysis of data are essential features that enhance its functionality significantly within my network.

This is a question for the partners who implement and install it. I am not involved in the implementation process, so I cannot suggest improvements. As mentioned, this is a query for my presales team, not me. I am part of the security team lead, focusing mainly on sales. 

Regarding the product, Fortinet could consider reducing the minimum order quantity for EDR, currently set at 500 pieces. In smaller markets like Serbia, Bosnia, Montenegro, and Slovenia, it can be challenging to find customers with 500 endpoints. My suggestion to Fortinet would be to lower this minimum order quantity to one.

I have been working with it since September 2016. It is approaching nine years now as of September this year, although it may not be successful.

I encountered a situation at a radio and television station in Serbia. When I implemented FortiEDR, it identified Cisco AnyConnect VPN as malicious data, which led to the VPN being cut off. Consequently, people could not work remotely from home. If they enabled FortiEDR, it severed the connection since it flagged Cisco AnyConnect as malicious and fraudulent, disrupting the VPN tunnel to the headquarters. After that, I stopped scanning the Cisco AnyConnect and switched to Fortinet VPN. 

Everything worked fine afterward. However, if a customer prefers not to switch from another VPN solution, FortiEDR might still see it as an issue and detect it as potentially malicious, causing problems in the working environment.

It is very easy to scale and is highly scalable due to being a Fortinet product. When implemented in a Fortinet environment with an existing firewall, FortiAnalyzer, and FortiManager, it is straightforward to install and scale by adding more EDR for endpoints.

Their performance is decent, though not excellent. Response times can sometimes be slow. When I request technical support, the response time can vary, sometimes taking up to ten to fourteen hours. That's acceptable. However, for setting up some proper solutions for issues at the customer site, it can take about one week. This duration is excessive.

Negative

It's reasonably priced compared to other vendors' similar products.

I would rate the overall solution as nine out of ten.