Improve EDR problems and endpoint protection and integration-Realize advanced protection and response automation

　Fortnet Japan announced on May 26 that it will launch "Fortiedr", which automates advanced threats and response of endpoints in the Japanese market.

　EPP (EndPoint Protection Platform: EDR (EndPoint Detection and Response: Endpoint Threatening and Response) Integrates two functions, and using AI (machine learning), etc.It also provides advanced automation functions that can avoid the issue of "large amounts of alerts" which are the issues of.In addition to "hybrid configuration" by combining a lightweight agent installed on the endpoint and an EDR server that runs on the cloud side, "cloud only" and "complete offline" are also possible.

当初別々のベンダーによって独立したソリューションとして生み出されたEDRとEPPがそれぞれに発展を遂げ、FortiEDRで統合されるに至ったという ※クリックすると拡大画像が見られます FortiEDRの主な機能。「感染前」がEPPの機能、「感染後」がEDRの機能と考えれば良い ※クリックすると拡大画像が見られます

　Makiko Yamada, a product marketing manager, explains that the point of FortiedR is "EDR solution that solves the problems / issues of the first -generation EDR tools and realizes" more advanced protection "and" response automation ".did.The EPP function is the core of the NGAV (Next Generation Anti-Virus) function that utilizes machine learning, and realizes "discovery and prediction" and "protection" before malware infection.

　The NGAV function is implemented at the kernel level, and it supports not only malware written as files on the disk, but also malware detection such as fileless that is developed only on memory.In addition, the EDR function offers a real -time endpoint protection function after malware infection through the EPP.Functions such as "detection" (real -time threat detection), "invalidation" (information leakage / preventing disappearance), "response and survey" (fully visualized attacks), and "Restoration and rollback" (recovery) are implemented.I will.

　In collaboration with "security fabric", which has been provided by the company for a long time, for example, when the Malware has tried to communicate with the external C & C (command & control) server with the EDR function,It is also possible to share this information with FortiGate and block communication to the IP address.

　The assumed user image is a company with an employee of 1,000 to hundreds of thousands, which also supports medium -sized organizations with about 500 endpoints, such as manufacturing, important infrastructure (oil and gas), retail, hospitality, etc.It is said that it is possible, financial institutions, medical institutions, and governments.

　Subsequent, System Engineer Takahisa Miyabayashi said that the challenges of user companies that can be solved by FortiedR are "possible to operate flexibly regardless of the existence or absence of SOC", "minimize damage", and "understand vulnerabilities".I mentioned it.Conventional EDR products tended to generate large amounts of alerts, and there was a problem that companies / organizations without a SOC and other organizations could not be used sufficiently, but for the Fortiedr, we will strengthen detection accuracy and users.The customizable playbook function and the MDR (Managed Detection and Response) service provided by options can be the optimal operation regardless of the existence or absence of SoC.

FortiEDRで解決できる、ユーザー企業が直面する主な3つの課題およびFortiEDRでの解決手法 ※クリックすると拡大画像が見られます

　In addition, since the flow from detection to correspondence is highly automated, suspicious behavior can be blocked before malware infection is taken without time.Regarding vulnerabilities, we manage vulnerabilities in detail for each application. For example, web browsers, etc., are prohibited from communication if they are vulnerable, and if they have already been supported, they can control them.That said.

　With the evolution of malware itself and the advancement of the attack method, the limits of the method of "detecting and removing malware before infection" have been aimed at by conventional virus software.Although new detection methods such as the use of machine learning have become widespread, it is inevitable that measures that are infected are needed as long as the detection is not possible to zero.

　Against this background, EDR was noticed, but in the conventional existing EDR solution that the company calls the "first generation", it rely on human resources to examine and analyze the results of detection, so the operation load is high.It was a difficult system.For FortiedR, which has been solved by the introduction of advanced automation methods, the company does not use the "second generation" at all, but the pride is that "generations are different from conventional products."The direction of the fusion of EPP and EDR seems to have a great merit for users, and it is a product that is looking forward to the reaction of the market in the future.

FortiEDRの特徴となる主要なテクノロジー ※クリックすると拡大画像が見られます