Fortinet FortiGuard MDR
MDR powered by the world's largest firewall install base and FortiGuard Labs threat intelligence
- Service
- MDR
- Response
- Contain threats
Best for
Organizations already running FortiGate firewalls wanting native MDRUsually replaces
Third-party MDR layered on top of Fortinet productsCheck first
MDR service is tightly coupled to the Fortinet ecosystem — limited support for non-Fortinet EDR or SIEMCoverage
Covers
- FortiGuard Labs threat intelligence from 500+ researchers analyzing global threat data
- Native integration across the Fortinet Security Fabric (FortiGate, FortiEDR, FortiNDR, FortiSOAR)
- Automated containment and remediation through FortiSOAR playbooks
Pros and limits
Works well
- Seamless add-on for the 700,000+ organizations already using FortiGate firewalls
- FortiGuard Labs employs 500+ threat researchers providing proprietary intelligence
- Strong OT/ICS and IoT coverage through native Fortinet industrial integrations
Watch out for
- Organizations running CrowdStrike, SentinelOne, or other third-party EDR will not get full value
- Less flexibility for multi-vendor environments compared to open XDR providers
- Shared SOC model means no dedicated or named analyst team assigned to your account
Pricing
- Starting price
- ~$3-8/endpoint/month
- Billing model
- Per-endpoint, Tiered
- Minimum contract
- 12 months
- Proof of concept
- Available
- Onboarding
- 7-14 days
Pricing varies by FortiGate deployment size and selected MDR tier. Significant discounts for existing Fortinet customers bundling MDR as an add-on subscription.
Connects with
- SIEM
- FortiSIEM, FortiAnalyzer
- EDR / Endpoint
- FortiEDR (native)
- Cloud
- AWS, Azure, GCP
- Other
- FortiGate, FortiNDR, FortiSOAR, FortiMail
Questions
Does Fortinet FortiGuard MDR work with non-Fortinet security tools?
FortiGuard MDR is designed to operate within the Fortinet Security Fabric. It works best with FortiGate, FortiEDR, FortiSIEM, and FortiNDR. While some third-party log ingestion is possible through FortiSIEM, the MDR service does not natively monitor non-Fortinet EDR agents or third-party firewalls.
How much does Fortinet FortiGuard MDR cost?
Pricing typically ranges from $3-8 per endpoint per month depending on the MDR tier and environment size. Existing FortiGate customers often receive bundled pricing that can significantly reduce the per-endpoint cost compared to adding a third-party MDR provider.
What is the difference between FortiGuard MDR and FortiEDR?
FortiEDR is the endpoint detection and response agent that provides automated threat prevention and detection on endpoints. FortiGuard MDR adds a human-operated 24/7 monitoring and response layer on top of FortiEDR and other Fortinet products, with FortiGuard Labs analysts actively investigating and responding to threats.