Fortinet FortiEDR Review

It does not block/delete entire executables, instead it blocks malicious functions

What is most valuable?

NGAV and EDR features are outstanding.

How has it helped my organization?

We saw Lockey very early on and caught it via behavioral signatures on the traditional AV. We already had parts of the payload downloaded because the traditional AV behavioral signatures were not blocking everything. We had removed the endpoint from the network to investigate and realized the standard AV would have failed. Adding enSilo blocked Lockey immediately and allow no parts of it through. We have found errors in other applications and used enSilo findings to improve the operation of our systems. enSilo also provides a forensic service, which we have leveraged to validate files are malicious or not.

One of the key features to enSilo is it does not block/delete entire executables. Instead, it blocks malicious functions. This allows users to be unaffected if the file is useful but has bad components. FoxIt is a good example of this. Not a malicious tool but has vulnerable behaviors that enSilo can block.

What needs improvement?

The engineering team continues to add useful features, like the ability to search for files and hashes across the environment. At the moment, I am very happy with the product. Not a deal killer, but making the portal mobile friendly would be helpful when I am out of office.

For how long have I used the solution?

Almost two years.

What was my experience with deployment of the solution?

Endpoint agent is incredibly small (<2MB), so it is very easy to deploy.

What do I think about the stability of the solution?

Product has been rock solid from its earliest versions until now. Seems the engineers do a good amount of QA and testing, so they do not release half-baked software.

What do I think about the scalability of the solution?

Recently tripled our deployment size over a weekend without issue.

How are customer service and technical support?

Customer Service:

enSilo team is super responsive. From the tier 1 support to the advanced malware researchers, they all understand customer service. I have been called and emailed at 1AM with high-risk events, and also when I reach out at 2PM, they respond just as fast.

Technical Support:

The team is not hesitant to escalate an issue to development/engineering. Unlike a lot of companies, they are quick to modify the application to fix an issue.

Which solution did I use previously and why did I switch?

Used Tanium and other EDR/Forensics tools at previous employers. Those tools are great at managing overwhelming information but do not necessarily help with visualizing real threats occurring in the environment. enSilo quickly provides a visualization of what has happened and where the malicious behavior occurred. You can then dive down to a full memory dump without having to dig through other useless screens.

How was the initial setup?

The management is cloud-based so it was easy to just install agents and go after opening a firewall to our dedicated IP.

What about the implementation team?

In-house. No real need to go external.

What was our ROI?

I avoid this question with security tools as there is no real return on this, just a lowered burden to manage risk. I will say the tool requires maybe 2 hours of actual focus a week, so much less noise than other tools. enSilo also reduces our risk more than any other tool we have (firewall, web filter, email filter, etc.). From that perspective, we get the most risk reduction with the least burden from enSilo.

What's my experience with pricing, setup cost, and licensing?

I know it is tough to get big budget additions up front, but I highly recommend deploying environment wide and adding the forensic service. Prioritize your most at risk assets, e.g., users with unrestricted browsing or access to sensitive data.

Which other solutions did I evaluate?


Carbon Black - Too much noise and time to configure policy. Also, it had too many disparate components to manage/up-sell.

Tanium - Would not talk to us, because we are under 5000 endpoints.

Cylance - Not mature enough at the time of our initial purchase in early 2016.

Confer - Lots of promise, but got purchased by Carbon Black.

What other advice do I have?

Check it out, it is definitely worth your time. They have a unique approach and will let you sleep at night.

Which version of this solution are you currently using?

**Disclosure: I am a real user, and this review is based on my own experience and opinions.
More Fortinet FortiEDR reviews from users
...who compared it with SentinelOne
Find out what your peers are saying about Fortinet, SentinelOne, CrowdStrike and others in Endpoint Detection and Response (EDR). Updated: June 2021.
521,690 professionals have used our research since 2012.
Add a Comment
ITCS user