What needs improvement with Fortinet FortiEDR?

The control of scripts could be improved because you use Microsoft Active Directory and unnecessary scripts to keep the roles updated with company policies. We have some filters to block potential malicious scripts on the Roast. It blocks USB devices, like storage or other devices that the company does not allow, from trying to present some malware, etc.

Navigation and setting up policies or putting in exceptions are not easy with Fortinet FortiEDR. The solution is not very user-friendly because adding exceptions or policies involves many steps. The solution's ease of access and user interface could be improved. The UI looks like what people used ten years ago and has an old look and feel.

The platform could be improved by enhancing network visibility and reducing the frequency of false positives. Leveraging AI for more accurate threat detection could also significantly improve its effectiveness.

The solution provider should focus more on the intelligence aspects of the product. The Fortinet FortiEDR provider should also analyze what other vendors are offering, but it shouldn't be limited to firewalls. Similar to other competitors, Fortinet FortiEDR is also pushing towards platform options, but that isn't working out well for them on the customer's end, and they need to evaluate whether there is a prospect. This solution is mostly used by small and medium enterprise vendors. Therefore, the solution needs to focus on basic Endpoint DLP protection, controlling USBs, and a single dashboard.

The solution is not user-friendly. It is a bit hard for me. We must have the knowledge needed to find the threats using the product. We must know how to navigate and investigate using the tool. I think the usage is limited for AirGap users. We cannot use AI. Keeping up with the agent updates is a little bit difficult. Fortinet must make agent updates easier. I run the solution on-premise. One of the VMs needs a lot of memory. It takes a lot of resources off of my VMware. I know I need resources to run threat hunting. The vendor advised me to go to the cloud. However, it's not up to me to go to the cloud. I need my CEO’s approval.

I would like to improve the integration process because a big selling point was the ease of integration within the Fortinet ecosystem. I would expect more built-in collaboration to allow for easier threat mitigation across Fortinet systems. The strength of FortiEDR lies in its overall ability to protect us from new threats. We have encountered issues with it as well. We've had a lot of false positives; things incorrectly flagged that require manual configuration to allow. Even worse, after we allow a legitimate program, it sometimes gets flagged again after an update. This has caused a lot of extra work for my team. I would like to see improved heuristics so the system better understands what's legitimate and doesn't keep blocking it after minor updates.

Right now, my company focuses on the on-premises version of the product since the cloud competencies offered by the tool are comparatively a bit less. I think cloud security and SASE are areas of concern in the product where improvements are required. The tool's cloud version has to be improved in terms of the security it offers.

There's room for improvement in the quick response time and technical support for integration issues, especially when dealing with multiple vendors. Delays in resolving integration challenges can impact project timelines and collaboration efforts, as experienced during our partnership with a fintech company. While the EDR's mitigation and tracking capabilities are commendable, there are concerns regarding vulnerability detection and database updates. In comparison to Trend Micro, our EDR solution seems to lag in addressing new vulnerabilities, necessitating workaround strategies to minimize risks. Therefore, enhancing real-time vulnerability detection capabilities is essential to maintain competitiveness and ensure user security.

We've encountered challenges during API deployment, occasionally resulting in unstable environments. Deployment can be a bit tricky at times. In terms of pricing, EDR tends to be more costly than FortiClient. In some cases, we opt for FortiClient because clients may not have the resources or time to invest in EDR.

I haven't seen the use of AI in the solution. In the future, I am interested to see the use of AI in Fortinet FortiEDR.

The solution's installation from a central installation server could be improved because the engineers had a little bit of trouble getting it installed from a central location.

Our problem with the EDR platform is that another company manages it. We don't manage it. We give them the infrastructure, and they give us the information in return as a service. Once, we had an event that was locked and blocked, but information about it came to us two or three days later. That isn't the way it should be. We see blocked functions and events but don't get information about them. You ask why something doesn't work before checking and seeing that EDR has blocked an event, but why is it blocked? This information is not accessible by our company as we are customers. We want a solution that works in our network and only in our network. We have to have all the information, such as what happened, when it happened, and why it happened, and that information should be provided at the moment, not two days later.

The EDR console should have more extensive reporting. You shouldn't need to purchase FortiAnalyzer. It should be included in the EDR part. The security adviser cloud platform could be improved with more options for exclusive or intensive rules for devices.

To improve Fortinet, we need to see more features and technology areas at the endpoint level introduced.

Integration with Azure and SaaS provisioning tools could improve Fortinet FortiEDR.

ZTNA can improve latency. I believe that a lot of the focus is on SD-WAN.

FortiEDR can be improved by providing more detailed reporting.

I've never tried the solution in mixed environments. I'm not sure if it would work well in an environment with Palo Alto or Cisco. The support needs improvement. It is not a good product for smaller organizations or organizations under 500 endpoints. Having a fully integrated team would be nice. Recently, we had to use a third-party team.

The stability could be better. The scalability could be improved a bit. We find the solution to be a bit expensive.

When the Fortinet FortiEDR is enabled sometimes our applications stop. The solution causes our applications to crash. There is room for better integration to prevent stability. The exception handling for the on-prem version has a cap compared to the cloud version and can be improved.

FortiEDR could add a separate scanning dashboard. In incident management, we prefer to remove the endpoint system from the environment and scan the system. We typically use Symantec for that, but if we want to use FortiEDR for that, then we need a scanning tab to clarify things. If I'm scanning assets from the backend, I should be able to tell from my end if any malicious files were installed onto the server. It may be any server like Windows Server or the operating system for an endpoint laptop or desktop.

We'd like to be able to put this on our mobile devices and make secure connections to our network. It would be great if we could bring this product in a single MDM application for mobiles, Androids, and for IOSs. It's complicated to administer so I'd like one application for all these things.

In terms of what could be improved, I would say everything with Fortinet having to do with their cloud services. They need to invest more in their internal infrastructure that they are running in the cloud. One of the things I find with their cloud environment compared to others' is that they go cheap on the equipment. So it causes some performance degradation. A classic example of that would be products like FortiMail where you're basically acting as a mail relay. So say you're on a support call and I'm sending you a mail with document that you expect to come to you immediately, or within 30 - 60 seconds, could take up to 45 minutes because of the load on the cloud services. This can result in trouble tickets and other customer side issue. In the next release I would like to see more investment in their cloud services. Additionally, they definitely need better integration into their FortiSIEM and FortiSOAR solutions. They should continue to improve that and possibly include a managed threat hunting feature, an MDR solution.

Comparatively, it works fine, but the amount of usage, the number of details we get, or the number of options that can be tweaked is limited in comparison to that with other EDR solutions. The ability to make certain changes or investigate is also limited. Also, the investigation and the details, which I would get when I'm looking into it, and the ways I could configure or white list or black list a few things are also limited. It is not up to an extent where it can give me granular options to do that.

The SIEM could be improved. I would have liked to see that you could access the same SIEM or Fortinet EDR dashboard from the same login, but I heard that they were different, which was a bit of a letdown.

Detections could definitely be improved. It's still detecting some things that it shouldn't be like Microsoft Intune and 365 devices as well. I'd like to see an improvement in the reporting. There are currently no reporting capabilities so I would definitely want to see that.

They can include the automation for the realtime updates. We have a network infrastructure with remote sites. Whenever they send updates, they are not automated. We have to go into the console and push those updates. I wish it was more automated. The update file is currently around 31 MB. It could be smaller.

Clients want to be in a hybrid mix and match mode. The security needs to be relevant in that way as well. It has to be online, on the cloud and on-premises. This is the customer's mindset. They don't want to go for user applications on the cloud. They think it will fail and the data will be inaccessible. They don't want to go to the cloud platform. The security should be strong for the cloud. Some applications are on-prem and some are on the cloud. Fortinet should also have strong security for the cloud. There should be more security for the cloud.