skip to main content
Close Icon We use cookies to improve your website experience.  To learn about our use of cookies and how you can manage your cookie settings, please see our Cookie Policy.  By continuing to use the website, you consent to our use of cookies.


Fortinet is beefing up its capabilities in endpoint security with the acquisition of enSilo, a specialist developer in that segment, whose Endpoint Security Platform offers pre- and post-infection protection. Omdia sees Fortinet bolstering its overall portfolio and enhancing the appeal of the Fortinet Security Fabric, rather than aiming to raise its profile in the endpoint market, where there are too many players, paving the way for such acquisitions. At this year’s edition of the RSA Conference, Omdia had already identified a trend in cybersecurity toward consolidation and integration, of which this acquisition is further evidence.

enSilo raises Fortinet’s game in endpoint security

Fortinet already has an endpoint product called FortiClient, which is traditional endpoint protection (EPP) software that deploys on the endpoint and connects to the Fortinet Security Fabric for detection of zero-day malware, botnets, and vulnerabilities. It also enables quarantining and investigation.

The enSilo acquisition will significantly expand Fortinet’s endpoint offerings. The San Francisco-based vendor, which was founded in 2014, claimed in 2007 to be the first vendor to combine EPP with endpoint detection and response (EDR) capabilities in a single product, a combination most major endpoint vendors have since announced or released.

Fortinet hasn’t released the terms for this deal, but it has a history of purchasing companies that have gone as far as they can on their own and getting them for a friendly price. This acquisition also thrusts Fortinet into a more competitive position with Symantec, a vendor Fortinet has previously partnered closely with (the two have invested in tightly integrating their endpoint and network security technologies, respectively). With Symantec’s enterprise division set to be acquired by Broadcom, buying enSilo could be a sign that Fortinet no longer sees a Broadcom-owned Symantec as a reliable or desirable technology partner.

The enSilo solution provides a spectrum of capabilities:

  • Prediction, including vulnerability assessment and proactive attack surface reduction

  • Prevention, using next-gen antivirus (NGAV) techniques (not relying on signatures, and application control)

  • Detection and blocking of malware that has bypassed the NGAV

  • Containment to protect from data tampering or exfiltration

  • Orchestration of response actions

  • Investigation (forensics on single or multiple infected endpoints)

  • Remediation, with the potential to automate remedial actions performed manually on a single device to cover an entire estate.

The lightweight enSilo agent (60MB of RAM and sub-1% of CPU cycles, according to the vendor), will now presumably be integrated into or merged with the existing FortiClient offering. Omdia suspects Fortinet will emphasize the value of deploying its entire "platform" of network, cloud, mail, and endpoint security products, rather than seeking to compete more aggressively in the standalone endpoint market. This would fit into another market trend: the emergence of “xDR” technology offerings, which include detection and response capabilities across all these parts of an enterprise infrastructure.

The acquisition is also the latest in a trend for some of the multitude of endpoint-only security vendors to be acquired by companies with broader portfolios. Several acquisitions have occurred this year. VMware bought Carbon Black, HP acquired Bromium, and Elastic snapped up Endgame, while late in 2018, BlackBerry announced a deal to acquire Cylance. This speaks to the reality that there have long been simply too many enterprise endpoint security vendors, affording broader players the opportunity to expand their portfolio and offer a security suite for customers that want to reduce the number of management consoles and provider relationships they are running.


Further reading

“VMware's logical acquisition of Carbon Black expands an illogical Dell security portfolio”, INT005-000030 (August 2019)

“Trend Micro starts to flesh out its XDR story”, INT005-000026 (August 2019)

“Palo Alto Networks Cortex XDR spans endpoint, network, and the cloud for detection and response”, INT003-000351 (April 2019)

“Securing mobility is BlackBerry's motto as everything gets connected,” GLB007-000221 (March 2019)


Rik Turner, Principal Analyst, Infrastructure Solutions

[email protected]