Abstract

Huawei Technologies commissioned Tolly to evaluate Huawei HiSec Endpoint against Fortinet FortiEDR. The main focus of the project was to compare the two endpoint security platforms across the NIST IPDRR framework—Identify, Protect, Detect, Respond, and Recover—while also examining unified-agent architecture, endpoint visibility, malware defense, response depth, and recovery effectiveness.  

This document is a summary of the full, 80-page report. The full report is Tolly document #225143.

Tolly’s summary positions Huawei HiSec Endpoint as a broader endpoint security platform with integrated EDR, NAC, and ZTNA functions, while FortiEDR is presented as a more limited EDR tool that relies on separate products for NAC and zero-trust access. In the Identify category, Huawei supported multiple deployment methods including email to multiple recipients, shared links, and domain-controller distribution. It also supported endpoint registration, proactive asset discovery, and 19 compliance check items, including automatic repair for six items and configurable compliance check intervals down to one minute. FortiEDR did not support endpoint registration, proactive asset identification, or compliance checks in the tested scenarios.  

In protection and detection, Huawei showed broader policy coverage and stronger malware results. Huawei supported host firewall controls, unusual-login detection, anti-tampering for critical files, real-time kernel-level file backup, and flexible blacklist and whitelist policies. In malware testing using recent abuse.ch samples, Huawei achieved a 96.71% overall detection rate versus 61.49% for FortiEDR. Huawei’s category results were 100% for ransomware, 92.78% for info-stealers, 91.15% for cryptojacking Trojans, 95.20% for remote control Trojans, 97.00% for malicious PowerShell scripts, 100% for macro viruses, and 92.90% for phishing samples. The corresponding FortiEDR results were 85.60%, 28.33%, 43.36%, 72.40%, 2.60%, 99.60%, and 66.86%.  

The report also highlights Huawei’s stronger dynamic detection and response depth. According to the summary tables, Huawei detected web attacks, privilege escalation, persistence techniques, brute-force attacks, PsExec-based lateral movement, phishing websites, and a broader range of remote-control and info-stealing behaviors. Huawei also supported graph-database-based threat hunting with Cypher queries and one-click restoration of up to 100 attack hops, while FortiEDR was limited to one-hop tracing. In recovery, Huawei supported full restoration of ransomware-encrypted files in the tested cases, restoration of falsely isolated files, and automatic repair of macro-virus-infected files. Overall, the report concludes that Huawei HiSec Endpoint delivered broader functionality, higher malware detection rates, deeper attack visibility, and stronger recovery and unified-agent integration than Fortinet FortiEDR in the evaluated scenarios.