Fortinet, Inc.
FACILITATING IDENTIFICATION OF COMPROMISED DEVICES BY NETWORK ACCESS CONTROL (NAC) OR UNIFIED THREAT MANAGEMENT (UTM) SECURITY SERVICES BY LEVERAGING CONTEXT FROM AN ENDPOINT DETECTION AND RESPONSE (EDR) AGENT

Abstract:

Systems and methods are provided for synergistically combining network security technologies to detect compromised devices. According to one embodiment, an endpoint detection and response (EDR) agent of multiple endpoint security agents running on an endpoint device detects an incident. A security incident alert is generated by the EDR agent by proactively collecting data regarding the incident. Identification of a device coupled to a private network as potentially being compromised by a security service of a Managed Security Service Provider (MSSP) protecting the private network is facilitated by the EDR agent transmitting the security incident alert to the security service via a security agent of the multiple endpoint security agents corresponding to the security service.