Fortinet black logo

Administration Guide

Home FortiEDR/XDR 5.2.0 Administration Guide

Application communication control - how does it work?

5.2.0
6.2.0
6.0.0
5.2.1
5.2.0
5.1.0
5.0.0
4.2.0
4.1.1
4.1.0
Copy Link
Copy Doc ID 30b84173-e130-11ec-bb32-fa163e15d75b:548058
Download PDF

Application communication control - how does it work?

FortiEDR provides visibility into any communicating application in your organization, enabling you to control which applications can communicate.

After FortiEDR installation, the system automatically maps all applications in your network that communicate externally. After that, you then decide which of these applications to allow to communicate externally when used by a legitimate user in your organization (allowlist). After the allowlist of communicating applications is defined, only applications in the allowlist can communicate externally. If an attacker abuses an application in the allowlist, FortiEDR’s patented technology (Exfiltration and Ransomware prevention policies) blocks the communication and displays a security event in the EVENTS tab.

FortiEDR Communication Control uses a set of policies that contain recommendations about whether an application should be approved or denied of communication.

These policies can be configured as a next-generation firewall in order to automatically block communications of potentially unwanted applications. For example, applications with a known bad reputation or that are distributed by questionable vendors.

Moreover, FortiEDR Communication Control provides data and tools for efficient vulnerability assessment and control. Virtual patching is made possible with Communication Control policies that can be configured to automatically block connections from vulnerable applications.

FortiEDR’s Communication Control mechanism provides the following key advantages:

Mechanism

Description
Realtime Proactive Risk Mitigation Attack surface reduction using risk-based proactive policies that are based on application CVE and rating data.
Avoids Productivity Inhibitors Non-authorized applications can still execute. Only their outgoing communication is prevented.
Manageability Reduces the scope of the problem, which means that Security/IT needs to handle only applications that communicate externally.
Frictionless Application Control Reduces users’ requests from Security/IT to approve applications.
Previous
Next

Application communication control - how does it work?

FortiEDR provides visibility into any communicating application in your organization, enabling you to control which applications can communicate.

After FortiEDR installation, the system automatically maps all applications in your network that communicate externally. After that, you then decide which of these applications to allow to communicate externally when used by a legitimate user in your organization (allowlist). After the allowlist of communicating applications is defined, only applications in the allowlist can communicate externally. If an attacker abuses an application in the allowlist, FortiEDR’s patented technology (Exfiltration and Ransomware prevention policies) blocks the communication and displays a security event in the EVENTS tab.

FortiEDR Communication Control uses a set of policies that contain recommendations about whether an application should be approved or denied of communication.

These policies can be configured as a next-generation firewall in order to automatically block communications of potentially unwanted applications. For example, applications with a known bad reputation or that are distributed by questionable vendors.

Moreover, FortiEDR Communication Control provides data and tools for efficient vulnerability assessment and control. Virtual patching is made possible with Communication Control policies that can be configured to automatically block connections from vulnerable applications.

FortiEDR’s Communication Control mechanism provides the following key advantages:

Mechanism

Description
Realtime Proactive Risk Mitigation Attack surface reduction using risk-based proactive policies that are based on application CVE and rating data.
Avoids Productivity Inhibitors Non-authorized applications can still execute. Only their outgoing communication is prevented.
Manageability Reduces the scope of the problem, which means that Security/IT needs to handle only applications that communicate externally.
Frictionless Application Control Reduces users’ requests from Security/IT to approve applications.
Previous
Next