Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 26.1.b
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Administration Guide

    Home 26.1.b Administration Guide

    Communication control

    Communication control

    EDR communication control provides visibility into any communicating application in your organization, enabling you to control which applications can communicate.

    After EDR installation, the system automatically maps all applications in your network that communicate externally. After that, you then decide which of these applications to allow to communicate externally when used by a legitimate user in your organization (allowlist). After the allowlist of communicating applications is defined, only applications in the allowlist can communicate externally. If an attacker abuses an application in the allowlist, EDR’s patented technology (Exfiltration and Ransomware prevention policies) blocks the communication and displays a security event in the Incidents tab.

    EDR Communication Control uses a set of policies that contain recommendations about whether an application should be approved or denied of communication. These policies can be configured as a next-generation firewall in order to automatically block communications of potentially unwanted applications. For example, applications with a known bad reputation or that are distributed by questionable vendors.

    Moreover, EDR Communication Control provides data and tools for efficient vulnerability assessment and control. Virtual patching is made possible with Communication Control policies that can be configured to automatically block connections from vulnerable applications.

    You can also configure host firewall policies to control incoming and outgoing in network traffic to protect endpoints against unwanted connections based on remote addresses, protocols, or applications in use to reflect the organization’s network policies.

    EDR’s Communication Control mechanism provides the following key advantages:

    Mechanism

    Description
    Realtime Proactive Risk Mitigation Attack surface reduction using risk-based proactive policies that are based on application CVE and rating data.
    Avoids Productivity Inhibitors Non-authorized applications can still execute. Only their outgoing communication is prevented.
    Manageability Reduces the scope of the problem, which means that Security/IT needs to handle only applications that communicate externally.
    Frictionless Application Control Reduces users’ requests from Security/IT to approve applications.

    The COMMUNICATION CONTROL tab contains the following pages:

    Previous
    Next

    Communication control

    Communication control

    EDR communication control provides visibility into any communicating application in your organization, enabling you to control which applications can communicate.

    After EDR installation, the system automatically maps all applications in your network that communicate externally. After that, you then decide which of these applications to allow to communicate externally when used by a legitimate user in your organization (allowlist). After the allowlist of communicating applications is defined, only applications in the allowlist can communicate externally. If an attacker abuses an application in the allowlist, EDR’s patented technology (Exfiltration and Ransomware prevention policies) blocks the communication and displays a security event in the Incidents tab.

    EDR Communication Control uses a set of policies that contain recommendations about whether an application should be approved or denied of communication. These policies can be configured as a next-generation firewall in order to automatically block communications of potentially unwanted applications. For example, applications with a known bad reputation or that are distributed by questionable vendors.

    Moreover, EDR Communication Control provides data and tools for efficient vulnerability assessment and control. Virtual patching is made possible with Communication Control policies that can be configured to automatically block connections from vulnerable applications.

    You can also configure host firewall policies to control incoming and outgoing in network traffic to protect endpoints against unwanted connections based on remote addresses, protocols, or applications in use to reflect the organization’s network policies.

    EDR’s Communication Control mechanism provides the following key advantages:

    Mechanism

    Description
    Realtime Proactive Risk Mitigation Attack surface reduction using risk-based proactive policies that are based on application CVE and rating data.
    Avoids Productivity Inhibitors Non-authorized applications can still execute. Only their outgoing communication is prevented.
    Manageability Reduces the scope of the problem, which means that Security/IT needs to handle only applications that communicate externally.
    Frictionless Application Control Reduces users’ requests from Security/IT to approve applications.

    The COMMUNICATION CONTROL tab contains the following pages:

    Previous
    Next