hero generic foreground blank

Network Detection and Response for OT


Mission-critical infrastructure and air-gapped environments need to meet additional confidentiality and compliance requirements. FortiNDR can operate in an isolated environment, ensuring secure operations while providing full visibility into IT/OT network traffic. The solution automates investigation efforts through AI-driven network-traffic and file-based analysis, providing real-time identification of advanced threats, including persistent threats that may be lingering in your network.

Agentless Network Traffic Analysis

FortiNDR analyzes network traffic across complex industrial environments including OT and critical infrastructure. It identifies malicious network activity and files across 65+ different OT-specific network protocols and applications, for example, Modbus TCP, BACnet, OPC. It includes more than 3,000 unique application control signatures within these protocols, enabling real-time identification of advanced threats, including insider and zero-day threats, improving incident response capabilities. 

Diagram illustrating how FortiNDR analyzes network traffic across networks in OT environments.

Virtual Security Analyst (VSA)


The FortiNDR VSA leverages AI, ML, and artificial neural networks (ANN) to detect and analyze cyberthreats targeting complex industrial networks. To save the SOC analyst time and provide high-fidelity alerts, the VSA conducts an analysis using both a Portable Executable (PE) and text-based engine to de-obfuscate the malware. The code blocks are then analyzed and classified using the ANN for the most accurate and timely threat detection and response.



FortiNDR for OT

FortiNDR identifies known and unknown threats across the Purdue model leveraging 65+ OT protocols and 3,000+ app signatures.

Learn More

Find solution guides, eBooks, data sheets, analyst reports, and more.

Features and Benefits

FortiNDR leverages AI/ML, behavioral, and human analysis to analyze network traffic, including encrypted traffic, to detect malicious behavior while reducing false positives.

AI-Powered Rapid Analysis

FortiNDR uses AI and ML, trained on OT-specific malware, to detect malicious network activity and files. Incident response capabilities are bolstered with real-time advanced threat identification, including insider threats and zero-day attacks. Security teams can also use ML features to baseline and profile traffic in both IT and OT networks and detect anomalies, highlighting suspicious traffic.

65+ Protocols and Applications for OT Networks

FortiNDR combines application control and IPS signatures that are developed specifically for OT, enabling rapid detection and protection against network-level threats. FortiNDR applies ML and AI to identify malicious activity across 65+ different OT-specific network protocols including Modbus TCP, BACnet, and OPC.

3,000+ Unique App Control Signatures

FortiNDR monitors more than 3,000 unique application control signatures. This aids in the analysis of known and unknown threats across OT and IT environments, without the need for endpoint agents.

Complete Network Visibility

FortiNDR offers security teams centralized management with flexible deployment options. FortiNDR can be deployed in a hub-and-spoke model with a single centralized management appliance and multiple sensors. Or, individually managed devices can be deployed across the environment. These deployment models ensure FortiNDR can monitor network traffic across the entire network infrastructure. 

Orchestrated Response

Through integrations with Fortinet Security Fabric tools such as FortiGate Next-Generation Firewalls, FortiNAC network access control, FortiSIEM security information and event management, and FortiSOAR security orchestration, automation, and response, FortiNDR alerts can trigger automated mitigation actions on affected endpoints. In-depth reporting is also available via FortiAnalyzer.