We are pleased to announce the 5.1 release of FortiEDR. It keeps our Linux capability in lock step with Windows, both of which now offer even more robust threat hunting. Enhancements include Event Tracing for Windows (ETW), which enriches threat hunting telemetry collection by identifying behaviors. This provides FortiEDR users a fast, reliable, and versatile set of event tracing and logging features that are raised by user-mode applications and kernel-mode drivers.

Outside of threat hunting, we made quality of life improvements for our administrators. We added application deny enhancements with Application Control. Now administrators have further flexibility when adding applications to deny/blocklists, along with tightly configuring communication rules on specific applications. It can also be used selectively on end-user systems with sensitive information or higher threat exposure.

Lastly, we supplemented this release with further granularity to exclude files and folders from being inspected and avoid potential intercompatibility issues derived by other endpoint security tools for example.

According to John Maddison, Fortinet’s CMO and Executive Vice President of Products, “FortiEDR has been one of the most important, and fastest growing, products in our broad portfolio this past year.  It’s fundamentally a behavior-based approach to endpoint prevention, detection and response and has been an essential security tool given the accelerating stream of new ransomware and other advanced threats. This release of FortiEDR 5.1 gives the customer more telemetry for faster, more efficient, and more intuitive threat hunting through improved search functionality to help them make better decisions along with improvements to reduce the attack surface.

For more information on EDR technologies and how they can benefit organizations with overburdened IT and security/SOC staff, I invite you to read the white paper written by ESG The Need for Speed:

Second Generation EDR.