Data Sheet

FortiGuard Managed
Detection and Response
Service

Highlights

n Accelerate SOC
Maturity
n Scale the existing Continuous Threat Detection and Analysis
SOC
Fortinet boasts one of the largest security research and analyst teams in the industry with over
n Reduce analyst 215 expert researchers and analysts around the world. For many years our dedicated experts
burnout have continuously been on the lookout for breaking threats and new tactics, techniques, and
procedures of the threat actors—studying every critical area of the threat landscape including
malware, botnets, mobile, and zero-day vulnerabilities. Leveraging that vast experience and
expertise, Fortinet is offering to its customers a Managed Detection and Response (MDR)
Service. This 24/7 service provides organizations with continuous monitoring, alert triage,
threat hunting, and incident handling by our team of experienced analysts and the FortiEDR
Platform.

An add-on service to FortiEDR, FortiGuard Managed Detection and Response Service

focuses on monitoring the alerts and suspicious threats detected by FortiEDR. The goal is to
ensure all customer alerts are acknowledged and addressed accordingly. This team of threat
experts reviews and analyzes every alert, proactively hunts threats, and takes actions on
behalf of customers to ensure they are protected according to their risk profile. Additionally,
the FortiGuard team provides guidance and next steps to incident responders and IT
administrators. The following is a list of activities delivered as part of the MDR service.

1
FortiGuard Managed Detection and Response Service Data Sheet

Features
Our team of experts will work around the clock to monitor and hunt for threats and analyze
events that may have entered your environment, leveraging alerts from the FortiEDR Platform.
Activities include but are not limited to:

• Analyzing malware both static and dynamic

• Analyzing memory for malicious processes
• Identifying potential vulnerable and unwanted programs
• Environment tuning—setting micro exceptions for clean applications
• Retrieval and analysis of additional forensic artifacts such as Windows Event Log Records,
AmCache File, Host File, Scheduled Task Log File, and Browsers Artifacts

Benefits
Organizations needing to accelerate their SOC maturity benefit from the combination of
advanced endpoint security delivered through FortiEDR and FortiGuard Managed Detection
and Response Service; they get 24x7 coverage and the ability to scale existing SOC resources.
In doing so, they can better respond to threats, operationalize incident response processes,
and avoid alert fatigue without worrying about missed detection.

These services lend bench strength to the SOC team, enabling junior SOC personnel to take
on more sophisticated tasks so that organizations can do more with the talent they already
have in place, addressing threats and bad actors. In addition, daily coverage from an external
provider gives overextended security teams an essential backup, enabling them to scale while
reducing mean time to detect and respond.

• Accelerate SOC Maturity

• Scale the Existing SOC
• Reduce Analyst Burnout

Eligibility and Purchasing

The service is available for purchase by authorized Fortinet resellers and distributors globally.
The service is delivered to the customer or end-user of Fortinet products as referenced in the
purchase order placed with Fortinet by a customer or Fortinet authorized partner or distributor.

The service may be purchased through FortiEDR bundles. The service is priced per endpoint
for the entire endpoint estate protected by FortiEDR.

2
FortiGuard Managed Detection and Response Service Data Sheet

Highlights
Containment and Remediation
Once a compromised host(s) has been identified, the FortiGuard team will provide the initial
tactical containment options with the goal of isolating the threat without impacting business
operations. These options leveraging the FortiEDR technology can include:

• Stopping a process from writing to the disk

• Blocking communications to another device
Some of these containment options may already be automated through our technology IR
playbooks. If not, the team can assist with additional configurations with playbooks as well as
group and security policies. In addition, based on our threat analysis we will provide guidance
for remediation steps, which can include both tactical and strategic steps. Some short-term
options that can be both manual and automated are:

• Terminating a process
• Removal of a file
• Removing persistency from the registry

Reporting and Alerting

Our team will ensure you have the right information to make educated decisions about
security issues we discover. Every security event that is triggered by our FortiEDR technology
is handled within 24 hours. If the issue is critical, we will respond appropriately. Once the
event is analyzed, the team will send an incident email notification explaining the threat and
recommendations for review and remediation steps.

Customers may also escalate a request for more information or guidance about an incident
or event through email. Our team of experts are available 24/7 to assist with those requests.
Depending on the criticality, the communications can be via phone or web conference call.

As the engagement progresses, customers may want to know more about their environment
regarding the platform health and specific threats or trends. Annually our consulting solution
architects and our FortiGuard team will provide an environment assessment which can include:

• Device coverage and FortiEDR license usage

• FortiEDR platform health
• Malware and vulnerable or unwanted program findings
• Overall threat trends and recommendations
• Process questions and issues
• Address remediation issues as needed
• Address training requirements as needed

Training
As part of the onboarding process, our team of experts will conduct an initial training focused
on how to review and analyze events within the FortiEDR Platform.

3
Fortinet Corporate Social Responsibility Policy
Fortinet is committed to driving progress and sustainability for all through cybersecurity, with respect for human rights and
ethical business practices, making possible a digital world you can always trust. You represent and warrant to Fortinet that
you will not use Fortinet’s products and services to engage in, or support in any way, violations or abuses of human rights,
includingthose involving illegal censorship, surveillance, dete ntion, or excessive use of force. Users of Fortinet products are
required to comply with the Fortinet EULA and report any suspected violations of the EULA via the procedures outlined in the
Fortinet Whistleblower Policy.

www.fortinet.com

Copyright © 2024 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product
or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other
conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s Chief Legal Officer, with a purchaser
that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any
such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise
revise this publication without notice, and the most current version of the publication shall be applicable.

February 1, 2024

FMDR-DAT-R02-20240201