Skip to content Skip to navigation Skip to footer


FortiNDR enables full-lifecycle network protection, detection, and response. It leverages AI, ML, behavioral, and human analysis to analyze network traffic so security teams can spot attacker behavior and remediate the threat. FortiNDR provides network-traffic and file-based analysis, root-cause identification, scope of incidents, and the tools to remediate incidents quickly.

Clear Advantage Over Adversaries

To counter the sophistication of today’s cyberthreats and the volume of network activity where attackers can hide, Fortinet leverages artificial intelligence to reduce the time-intensive tasks a SOC analyst needs to perform. A machine learning (ML) model works to understand normal network activity and identifies deviations. It classifies code associated with abnormal traffic and performs an outbreak search to scope potential incidents. When integrated with other tools across the Fortinet Security Fabric, FortiNDR can initiate automatic responses to improve SOC efficiency.

Watch Now

Virtual and Human Security Analysis for Faster Response

FortiNDR includes our Virtual Security Analyst that can identify malicious network activity and files, resulting in real-time identification of advanced threats, including zero-day attacks. FortiNDR Cloud combines ML/AI with human analysis and expertise to improve your security posture and reduce false positives.

Seasoned, advanced threat researchers from FortiGuard Labs monitor cybercriminal activity, perform reverse engineering, and continuously update detection rules against adversary behavior. This first-hand knowledge provides practical AI/ML observations and human-based analysis before and during high-pressure incidents.

Features and Benefits

FortiNDR detects threats that may slip past traditional security solutions by using ML and AI, combined with FortiGuard Labs threat intelligence, updates, and expertise.

Faster Incident Detection

ML, DL, and other advanced analytics assess the “big data” of network activity

Efficient Investigations

Automated threat hunting, streamlined workflows, playbooks accelerate in-house team triage

Accelerated Threat Response

Dynamic threat intelligence sharing enables automated and coordinated action

Proven AI

10+ years of experience applying AI to threat data yields supervised & unsupervised detection models

Historical Network Visibility

Up to 365-day retention of enriched network metadata facilitates thorough investigations

Open Platform Approach

Integration with the Fabric and APIs for third parties ensures fit within security infrastructure

FortiNDR Use Cases

icon ai analytics
Monitor and profile traffic using ML models and other analytics from FortiGuard Labs to identify potential intrusions.
icon threat hunting
Proactively search network metadata for signs and scope of cyber intrusion.
Analyze unknown code, inline or out-of-band, to classify against 20+ attack classes using more than 6 billion file attributes.

Enterprise Analyst Validation

ESG Economic Validation on Fortinet SecOps Fabric
ESG Economic Validation: The Quantified Benefits of Fortinet Security Operations Solutions. Improved security team operational efficiency and reduced risk to the organization, each by up to 99%. Written by Aviv Kaufmann, Practice Director and Principal Economic Validation Analyst at Enterprise Strategy Group. July 2023
The Quantified Benefits of Fortinet Security Operations Solutions
As enterprises evolve, new technologies emerge, and cybercriminals introduce more sophisticated attacks, security leaders and their teams face a variety of challenges in securing the organization’s networks. This new report published by Enterprise Strategy Group details the benefits of using Fortinet Security Operations solutions, including improved operational efficiency and more effective risk management.
Download Report »

FortiGuard AI-Powered Security Services

FortiGuard Labs - Fortinet’s elite cybersecurity threat intelligence and research organization comprised of experienced threat hunters, researchers, analysts, engineers, and data scientists - develops and enhances FortiGuard AI-powered Security Services as well as provides valuable expert help through FortiGuard Expert-driven Security Services.

Feature Comparison

Organizations can choose a self-contained, on-premises deployment powered by our Virtual Security Analyst with FortiNDR, or a guided SaaS with FortiNDR Cloud maintained by FortiGuard advanced threat experts.

Features FortiNDR (HW/VM) FortiNDR Cloud
Deployment On-prem SaaS
Security Analyst Virtual Security Analyst™ Guided-SaaS with TSM (Technical Success Manager)
Data Storage Location On-prem Cloud-based (US)
Data Retention Throughput/Disk-dependent 365 days
Investigation/Threat Hunting Outbreak search Guided playbooks and parallel hunting
NetFlow/IPFIX support Yes​ --
High Throughput Malware Scan / NFS Scanning Yes
ANN1 with On-prem learning
Hash lookup
MITRE ATT&CK Framework Mapping Malware mapped to MITRE ATT&CK Framework Detections mapped to MITRE ATT&CK framework
Response Integration Fortinet Security Fabric
Third-party API (Rest)
MetaStream with Signals
Sensors Hardware - FortiNDR-3500F​
Hardware - FortiNDR-1000F
VM16/VM32 (ESXi/KVM)​
Hardware - FortiNDRCloud-900F (Large sensor)​
Hardware - FortiNDRCloud-500F (Small sensor)​
Virtual sensors (AWS/Azure/ESXi/KVM)​
FortiGuard Labs Threat Research

1. Artificial Neural Networks

FortiCare Support & Professional Services

Fortinet is dedicated to helping our customers succeed, and every year FortiCare services help thousands of organizations get the most from their investments in Fortinet's products and services. To achieve this, FortiCare follows the life-cycle approach and provides unique services to help our customers in their success journeys.

Technical Support Services

Technical Support Services

Various per-device options are available for efficient operations. FortiCare Elite option provides a 15-minute response time for critical products.



Premium RMA options are available across the product family for expedited replacement of defective hardware to meet your availability objectives.

Free Product Demo

FortiNDR represents the future of AI-driven breach protection technology, designed for short-staffed SOC teams to defend against threats. A trained Virtual Security Analyst™ helps identify, classify, and respond to threats. FortiNDR employs deep neural networks based on advanced AI and artificial neural network to provide sub-second investigation.