Authorised Fortinet Partner · Endpoint DLP & Insider Risk
Endpoint DLP Insider Risk Management Data Lineage GenAI & Shadow-AI MITRE Insider Threat TTP FortiAI-augmented

FortiDLP in India — endpoint DLP, insider risk, and GenAI data protection

Stop sensitive data leaving your organisation — whether by USB, personal email, cloud drive, or GenAI prompt. FortiDLP pairs a lightweight Windows / macOS / Linux agent with a cloud-native console, embedded machine learning, Microsoft 365 / Google Workspace / Box drive connectors, and FortiAI-augmented insider-risk case management — deployed and tuned by an authorised Fortinet partner in India.

Get a sized FortiDLP quote → See the capabilities
3 tiers
Core · Advanced · Managed
Cloud SaaS
Windows / macOS / Linux
MITRE TTP
Insider Threat-mapped
INR Billing
Authorised Fortinet partner

FortiDLP at a glance

Cloud-native endpoint data loss prevention and insider risk management. A lightweight Windows / macOS / Linux agent paired with a SaaS console. Machine learning runs on the endpoint to baseline individual user behavior. Sensitive data is detected, classified, and prevented from leaving the organisation — across endpoints, cloud drives, SaaS applications, and GenAI tools.

Reference card

What it covers
Endpoint Data Loss Prevention, Insider Risk Management, GenAI and SaaS data security, Data Lineage and Origin tracking, and risk-informed user education — in one agent and one console.
How it deploys
Cloud-native SaaS console. Agents on Windows, macOS, and Linux desktops. Cloud-drive connectors for Microsoft 365 (OneDrive / SharePoint), Google Workspace (Drive), and Box. Evidence Store supports on-prem object storage for forensic artifacts.
License tiers
Core covers endpoint DLP. Advanced adds Insider Risk Management with ML behavioral detection, MITRE-mapped Sequence Detection, screen-capture forensics, and cloud-drive connectors. Advanced with Managed Service adds Fortinet-managed operations. Advanced with Premium Hosting is for KSA only — not required for India.
Endpoint bands
100–499, 500–1,999, 2,000–9,999, 10,000+. Minimum Order Quantity is 100 endpoints.
SKU pattern
FC{N}-10-DLPEP-{plan}-02-DD where N = endpoint band (2 / 3 / 4 / 5) and plan = 1097 Core, 1098 Advanced, 1099 Advanced + Managed, 1174 Advanced + Premium Hosting. Best Practice Service (BPS) consultation is mandatory for first-year customers: FC{1-3}-10-DLBPS-310-02-DD.
Detection framework
Detections are mapped to the MITRE Center for Threat-Informed Defense Insider Threat TTP Knowledge Base — the insider-threat-specific catalogue, complementary to classic MITRE ATT&CK.
Integrations
SIEM: FortiSIEM, Splunk, Microsoft Sentinel. SOAR: FortiSOAR plus third-party. Messaging: Microsoft Teams and Slack for user nudges and analyst alerts. Sensitivity labels: Microsoft Purview, Google, Box.
Indian compliance
Templates and audit trails for DPDPA 2023, CERT-In 180-day log retention, RBI Cyber Security Framework, SEBI CSCRF, ISO 27001:2022, PCI DSS, HIPAA, NIST CSF 2.0, GDPR, and CCPA.
Roadmap
Fortinet announced FortiEndpoint at Accelerate 2026 — a future single-agent consolidation of ZTNA, SASE, EPP, EDR, and DLP. FortiDLP remains independently licensable; existing licences will migrate.

Platform capabilities

FortiDLP enforces data security at the moment of access — inline, on the endpoint, regardless of network connection. The cloud console is available within minutes; the embedded machine learning establishes a behavioural baseline within the first two to four weeks, before any static policy is authored.

Capability

Endpoint DLP — inline content inspection

Real-time content inspection at the moment of data access. Covers web (browsers), email (Outlook), printers, clipboard, removable storage (USB), and applications. Risk-adaptive policy actions — log, nudge, block, screen-capture, file copy, kill process, isolate endpoint, or lock device. Works on and off network; no cloud round-trip needed for the decision.

Capability

Data Origin + Data Lineage

Tags every file with its origin (Salesforce, Workday, source repo, SharePoint site, M&A folder). Tracks the entire journey across the endpoint — download → manipulation (rename, recompress, re-encode) → exfiltration. Analysts viewing a single DLP alert see the file's full history. Policies can fire based on whether data left via a corporate vs personal account.

Capability

Insider Risk Management — ML behavioral detection

Machine learning runs on the agent (not in the cloud) and baselines each individual user's normal behavior. Novel or anomalous interactions surface as risk-scored signals. The Insider Risk Sequence Detection engine chains Collection + Defense Evasion + Exfiltration actions into one prioritised incident. Advanced tier.

Capability

MITRE Insider Threat TTP mapping

Every detection auto-mapped to the MITRE Center for Threat-Informed Defense Insider Threat TTP Knowledge Base. Analysts get tactic / technique context per alert and can pivot to the cross-organisation MITRE library for response patterns. Advanced tier.

Capability

GenAI + shadow-AI data security

Discovers AI / GenAI tools in use (ChatGPT, Gemini, Claude, Copilot, ~40+ others), risk-scores each, inspects prompts and uploads in real time, and blocks or warns on sensitive content. Distinguishes corporate vs personal credentials. Treats GenAI exfiltration as a first-class data flow rather than a SaaS curiosity.

Capability

Cloud-drive coverage (M365 / Google / Box)

Connectors for Microsoft 365 (OneDrive + SharePoint), Google Drive (Workspace), and Box. Captures activity on unmanaged devices too — a contractor signing in from a personal laptop is still observed. Supports Microsoft Purview, Google, and Box classification labels natively. Advanced tier.

Capability

Risk-informed user education

Real-time nudges at the moment of risky behavior — endpoint dialog, Microsoft Teams message, Slack message, or email. Customisable per-policy. Response telemetry captures whether the user acknowledged, justified, or proceeded. Builds a measurable security-culture signal rather than the false-positive noise of legacy DLP.

Capability

FortiAI-augmented case management

Incidents auto-summarised by FortiAI. Case management is integrated with FortiAI for automated contextualisation of activities — reducing the time analysts spend writing up cases. Requires a separate FortiAI token licence.

FortiDLP license matrix

Core is the endpoint-DLP foundation. Advanced adds Insider Risk Management and enterprise cloud-drive connectors. Advanced with Managed Service adds Fortinet-led 24×7 operations.

Capability Core Advanced Advanced + Managed
Data Loss Prevention
Device Control (USB + removable media)
Inline DLP — web, email, printers, clipboard, removable media
Visibility event streams (USB, browsers, email, print)
GenAI + SaaS application inventory with risk analytics
Real-time content inspection (on and off network)
Data Origin + Data Lineage tracking
Customisable endpoint employee coaching
Global data-privacy + regulatory-compliance policy library
Microsoft Purview sensitivity-label support
Evidence Store — file, clipboard, GenAI prompt forensics
Investigation event search + activity timeline
Incident management with 1-year data retention
Insider Risk Management
Telemetry-rich activity event streams (endpoints + cloud drives)
Machine-learning-powered behavioural detections
MITRE-mapped insider-threat detection library
Insider risk Data Exfiltration Sequence Detection
Endpoint isolate + lock device actions
Evidence Store — screen-capture forensics
Case management (FortiAI-augmented¹)
Enterprise SaaS Integration
Microsoft Office 365 connector (OneDrive + SharePoint)
Google Workspace connector (Drive)
Box Drive connector
Employee coaching via Slack and Teams
M365 (Purview) / Google / Box classification-label support
Real-time file-sharing controls
Managed Service overlay
Console configuration + change management
Monthly risk reports + analyst review
DLP policy optimisation
Incident monitoring assistance
Annual product configuration review

¹ FortiAI features require a separate FortiAI token licence (priced and quoted separately).

FortiDLP SKUs

One-year subscription with FortiCare Premium included. Minimum order quantity is 100 endpoints. SKUs are uniform across the Indian channel.

Tier 100–499 500–1,999 2,000–9,999 10,000+
CoreFC2-10-DLPEP-1097-02-DDFC3-10-DLPEP-1097-02-DDFC4-10-DLPEP-1097-02-DDFC5-10-DLPEP-1097-02-DD
AdvancedFC2-10-DLPEP-1098-02-DDFC3-10-DLPEP-1098-02-DDFC4-10-DLPEP-1098-02-DDFC5-10-DLPEP-1098-02-DD
Advanced + Managed ServiceFC2-10-DLPEP-1099-02-DDFC3-10-DLPEP-1099-02-DDFC4-10-DLPEP-1099-02-DDFC5-10-DLPEP-1099-02-DD
Advanced + Premium Hosting (KSA)FC2-10-DLPEP-1174-02-DDFC3-10-DLPEP-1174-02-DDFC4-10-DLPEP-1174-02-DDFC5-10-DLPEP-1174-02-DD

First-year Best Practice Service is mandatory. Every new FortiDLP customer takes either the BPS consultation or the Managed Service in year one.

BPS endpoint band SKU
Up to 999FC1-10-DLBPS-310-02-DD
1,000 – 9,999FC2-10-DLBPS-310-02-DD
10,000+FC3-10-DLBPS-310-02-DD

INR pricing depends on endpoint count, term length (1, 3, or 5 years), Managed-Service inclusion, and any FortiAI token requirement. Request a quote below — turnaround is two hours during IST business hours.

Use cases in Indian enterprise

Eight common deployment patterns. Each shapes the policy library, rollout sequence, and Managed Service decision differently.

Use case

BFSI · Customer-data exfiltration

Banks, NBFCs and capital-markets entities under RBI CSF and SEBI CSCRF. Customer KYC, account-master, and trading-position data must not leave the corporate boundary in personal email or USB sticks. FortiDLP enforces Data-Origin policies on Salesforce / core-banking exports, blocks risky USB writes, and surfaces the analyst-ready audit trail for regulator review.

Use case

Healthcare + life sciences · PHI protection

Hospitals, diagnostic chains, pharma R&D under DPDPA-as-Significant-Data-Fiduciary controls. PHI in lab systems, EMRs, and pharma research repositories cannot flow to personal Gmail or shadow AI. FortiDLP's Data Origin tags lab + pharma exports; Insider Risk Sequence Detection catches the resignation-window IP exfiltration pattern.

Use case

Manufacturing · IP + drawing protection

Engineering CAD files, BOMs, process documents. Most leakage happens at the engineer-resignation window. FortiDLP's ML baselines each engineer's normal behavior — when sudden high-volume USB / cloud-drive / personal-email egress activity starts, the Sequence Detection engine fires a risk-scored incident before the laptop walks out the door.

Use case

Source-code protection · SaaS startups + product cos

Engineering teams downloading from GitHub Enterprise or GitLab cannot push to personal repos. FortiDLP tags repo downloads with Data Origin, enforces policy on whether an upload destination is corporate or personal, and screen-captures the activity for forensics. Particularly effective for product companies treating source as crown-jewel IP.

Use case

GenAI / Copilot rollout · prompt-risk control

Companies rolling out Microsoft 365 Copilot or letting employees use ChatGPT / Gemini / Claude need real-time visibility into what data is being typed into prompts. FortiDLP's GenAI inventory + real-time prompt inspection blocks Aadhaar / PAN / credit-card / source-code uploads, nudges users to sanctioned tools, and logs every AI interaction to the Evidence Store.

Use case

M&A / data-room hygiene

During M&A both buy-side and sell-side teams handle massively sensitive data inside a small window. FortiDLP's Data Lineage tracks each diligence document from its origin through every manipulation; Sequence Detection catches unusual exfiltration patterns; Case Management produces audit-ready forensics for post-close investigation.

Use case

Government + PSU · CERT-In + sovereign data

Government departments, PSUs, and CERT-In-regulated entities need 180-day audit-log retention plus DPDPA controls. FortiDLP's 1-year incident retention exceeds CERT-In's minimum; Evidence Store can be self-hosted for data sovereignty; FortiSIEM / Sentinel integration feeds the wider SOC.

Use case

Contractor + extended-workforce protection

Consultants, contractors, and temp staff with corporate data access but on unmanaged personal devices. Cloud-drive connectors observe their activity inside M365 / Google / Box regardless of device posture, while real-time file-sharing controls prevent external-share violations during their access window.

Indian regulator coverage

Six frameworks Indian enterprises live under, and the FortiDLP controls that satisfy each.

DPDPA 2023

Digital Personal Data Protection Act

DPDP Rule 6 requires "reasonable security safeguards" — encryption, access control, logging, retention, technical & organisational measures, and processor contracts. FortiDLP's built-in data-minimisation (pseudonymisation, localised forensics storage) supports the privacy-by-design clause; Insider Risk + audit trail satisfies the logging clause; sensitivity labels + Data Lineage support the technical-measures clause for Significant Data Fiduciaries.

→ Compliance policy library (PII templates) + Data Lineage + Insider Risk Audit

CERT-In Directions

180-day log retention + 6-hour breach reporting

CERT-In requires 180-day retention of logs and 6-hour breach reporting. FortiDLP's 1-year incident retention exceeds the bar comfortably. Evidence Store on-prem support keeps sovereign-data customers happy. FortiSIEM / Microsoft Sentinel / Splunk integration feeds the reporting workflow.

→ 1-year incident retention + on-prem Evidence Store + SIEM integration

RBI CSF

Reserve Bank of India Cyber Security Framework

RBI CSF Annexures 1 and 2 mandate baseline controls for banks and NBFCs — including data loss prevention, insider-threat monitoring, and access logging. FortiDLP's Insider Risk Sequence Detection + Real-time content inspection covers the data-leak-prevention and insider-threat-monitoring clauses; Case Management produces audit-ready evidence packs.

→ Insider Risk Sequence Detection + Endpoint + Cloud-drive coverage

SEBI CSCRF

Cyber Security & Cyber Resilience Framework

SEBI CSCRF (effective 2026) requires SEBI-regulated entities to implement defined cyber-resilience controls. FortiDLP's endpoint + cloud-drive controls + 1-year audit retention map to the data-protection and forensics control families. Microsoft Purview classification-label support means existing SEBI-mandated data classifications carry across.

→ Endpoint DLP + Evidence Store + Purview label support

ISO 27001:2022

ISMS — international baseline

ISO 27001:2022 Annex A.5 (Organisational), A.8 (Technological) and parts of A.6 (People) control families. FortiDLP's out-of-the-box policy templates cover A.8.10 (information deletion), A.8.11 (data masking), A.8.12 (data leakage prevention) directly; the Insider Risk workflow supports A.6.8 (information security event reporting).

→ Policy template library + ML behavioural detections

NIST CSF 2.0

Govern, Identify, Protect, Detect, Respond, Recover

For Indian subsidiaries of US or global parents: FortiDLP's capabilities map across Identify (data inventory + lineage), Protect (real-time content inspection, USB control, sensitivity labels), and Detect (Insider Risk Sequence Detection, MITRE TTP mapping). Respond / Recover extend through FortiSOAR + Sentinel integration.

→ Multi-function across Identify / Protect / Detect

FortiDLP vs Microsoft Purview · Forcepoint · Symantec

The four products that dominate enterprise DLP shortlists in 2026, on the dimensions that decide procurement. Full feature-by-feature analysis sits in our 2026 DLP comparison.

Dimension FortiDLP Microsoft Purview DLP Forcepoint DLP Symantec DLP (Broadcom)
Deployment model Cloud SaaS console + agent Native M365 — no separate console On-prem + hybrid + cloud On-prem heritage; hybrid available
Time to first value Minutes (cloud-native, ML on agent) Days (M365-resident) Weeks to months (classification-heavy) Months (rules-heavy)
Coverage scope Endpoint + cloud drives + SaaS + GenAI M365 (Exchange/SharePoint/OneDrive/Teams) + endpoint Endpoint + network + cloud + email Endpoint + network + cloud + storage + email
Insider Risk Management depth Strong — Sequence Detection, MITRE TTP mapping Purview IRM is separate; less behavioural-ML focus Add-on; weaker than DLP Available; rules-heavy
Data Origin + Data Lineage ✓ native Partial (M365-bound)
GenAI / shadow-AI inventory ✓ native via DSPM for AI (E5 / BP add-on) Partial Partial
ML location On agent (offline-capable) Cloud-side Cloud-side Cloud-side / hybrid
India deployment fit Cloud SaaS — global PoP, no India-specific concerns India data residency via M365 region Self-hosted possible Self-hosted possible

How Ogma deploys FortiDLP

Pilot ships in two weeks. Full tenant rollout completes in six to ten weeks depending on user count and cloud-drive scope. Fortinet BPS guidance is supplemented with Ogma-specific tuning playbooks for Indian data classes (Aadhaar, PAN, CIN, GSTIN).

01

Sizing & licensing decision

Workshop with IT, Security, and (where relevant) HR and Legal. Inputs: user count, sensitive-data classes (Aadhaar, PAN, source code, customer master, M&A docs), regulators that apply, current tooling overlap. Output: tier recommendation (Core vs Advanced vs Advanced+Managed), endpoint-band SKU, BPS vs Managed Service, INR quote.

02

Tenant + agent rollout

Cloud tenant provisioned in < 1 day. Agents deployed via SCCM / Intune / JAMF / Ansible — silent install on Windows / macOS / Linux. Cloud-drive connectors (M365 / Google / Box) plumbed in. Default observe-mode policies active immediately so day-one visibility is established.

03

Baseline + tuning (observe-mode)

Two to four weeks of observe-only running. Embedded ML baselines each user's behavior; Data Origin tags learnt automatically from observed flows. False-positive review weekly. Compliance templates customised to your exact data classes (Aadhaar, PAN, CIN, GSTIN, customer master, etc.).

04

Enforcement rollout

Phase 1: enforce on a pilot business unit. Phase 2: tenant-wide enforcement with user-justification fallback for borderline cases. Phase 3: Sequence Detection + Insider Risk active. Real-time nudges via Slack / Teams configured for high-volume policies.

05

Managed operations

Optional. 24×7 SOC monitoring of high-severity DLP and insider-risk incidents, monthly tuning, quarterly compliance evidence pack production, FortiSOAR playbook automation, and integration with your wider Security Fabric (FortiSIEM / Sentinel / Defender XDR).

Why buy FortiDLP through Ogma

Authorised Fortinet partner. NSE-certified engineering bench. INR billing with GST invoicing. Managed-services team that runs the platform end-to-end if you choose not to staff it internally.

Authorised Fortinet partner

Direct Fortinet engineering escalation paths, pre-release feature access, and the same team for licensing, deployment and ongoing operations. No handoffs between sales and delivery.

INR billing, GST invoiced

INR-denominated quotes with applicable GST and CSP-discount routing. No FX exposure on annual renewals. Consolidated invoice covers FortiDLP + FortiCare + BPS + any FortiAI token additions.

Tuned, not just turned on

Most failed DLP projects are mis-tuned. Our observe-mode phase runs for 2–4 weeks before enforce — false-positive rates typically under 5% by the time policies start blocking. We carry over your existing Microsoft Purview classifications so you don't re-classify from scratch.

Cross-vendor SOC integration

FortiDLP alerts feed into the same Sentinel / FortiSIEM / Splunk you already run. We build the data-connector pipeline, write the FortiSOAR playbooks, and run the SOC. A DLP signal, an EDR alert, and a Fortinet firewall block surface as one investigation, not three.

Get a sized FortiDLP quote

Share your endpoint count, current Microsoft 365 / Google Workspace footprint, and applicable regulators. You receive the recommended tier, an INR quote with GST, a BPS-versus-Managed-Service breakdown, and a rollout plan — within two hours during IST business hours.

Pricing inquiry

Get a tailored quote in 2 hours for FortiDLP — Endpoint DLP & Insider Risk

Senior engineers size and price this for your environment. No call required — we'll email the formal quote within 2 business hours.

Term
Authorised partner. Sales response in 2 business hrs.

Frequently asked questions

FortiDLP is Fortinet's endpoint-resident, behavior-first data loss prevention and insider risk management product, built on technology Fortinet acquired from Next DLP in August 2024. It is completely different from the basic content-scan DLP feature available on FortiGate firewalls. FortiGate DLP inspects traffic at the network boundary; FortiDLP runs an intelligent agent on each Windows / macOS / Linux endpoint, baselines individual user behavior with embedded machine learning, applies Data Origin and Data Lineage tracking, integrates with Microsoft 365 / Google Workspace / Box cloud drives, and produces MITRE-mapped insider-risk-scored incidents. Most enterprises run both — FortiGate for network DLP, FortiDLP for endpoint and cloud-drive DLP.

Initially yes; increasingly no. The October 2024 release was the Next DLP product integrated into the Fortinet Security Fabric with FortiAI augmentation. Since then Fortinet has added FortiSIEM / FortiSOAR / FortiSASE integration paths, Microsoft Purview sensitivity-label support, and the FortiAI-augmented case management workflow. The January 2026 data sheet describes a product with more depth than the standalone Next DLP that Fortinet acquired. The longer-term plan is the FortiEndpoint single-agent consolidation announced at Accelerate 2026, which will merge FortiDLP into one endpoint agent alongside ZTNA / SASE / EPP / EDR.

Three questions decide. (1) Do you need Insider Risk Management — ML behavioral detection, Sequence Detection, screen-capture forensics? If yes, you need Advanced. (2) Do you need cloud-drive coverage for OneDrive / SharePoint / Google Drive / Box? If yes, you need Advanced. (3) Do you have an in-house security team to run the platform? If no, take Advanced + Managed Service. Most Indian enterprise buyers end up on Advanced or Advanced + Managed. Core is for organisations that only need classical endpoint DLP and will run it themselves.

Pricing is per-endpoint per-year, varies by tier (Core / Advanced / Advanced+Managed) and endpoint band (100-499, 500-1999, 2000-9999, 10000+), and is quoted in INR through the Fortinet Indian channel with applicable GST. The Best Practice Service (BPS) consultation is mandatory for first-year customers and is a separate line item — typically a few percent of the FortiDLP subscription value. We do not publish list pricing because the right number depends on your endpoint count, term length (1 / 3 / 5 years), and Managed-Service inclusion. Use the form on this page to get a sized INR quote within 2 hours.

Microsoft Purview DLP is M365-native and excellent inside the Microsoft estate — Exchange, SharePoint, OneDrive, Teams. It is bundled in M365 E5 or as a standalone licence from $12/user/month. FortiDLP is OS-native (Windows / macOS / Linux endpoint), extends beyond Microsoft into Google Workspace, Box, and any SaaS or GenAI tool the user touches, and applies machine learning at the endpoint rather than in the cloud. Many Indian enterprises run both — Purview governs M365 collaboration, FortiDLP governs endpoint behavior and shadow-AI risk across the wider estate. We cover the full comparison in our FortiDLP vs Purview vs Forcepoint vs Symantec — 2026 comparison blog post.

Yes. The FortiDLP agent inspects content and enforces policy regardless of network connectivity. Machine learning runs on the agent itself, so a user on a flight or in a remote field office is still protected — including for GenAI prompts typed into ChatGPT or files copied to USB. The cloud console receives enriched events when the device next connects.

Windows (Windows 10, 11, Windows Server desktop SKUs), macOS, and Linux desktop distributions. There is no mobile (iOS / Android) agent — mobile DLP requires Microsoft Intune, MAM, or a CASB pattern instead.

On the device itself, no — there is no FortiDLP agent on personal devices. But cloud-drive connectors (Microsoft 365, Google Workspace, Box) cover activity against your corporate cloud drives regardless of which device the user is on. A contractor logging into your SharePoint from a personal laptop is still observed by the M365 connector, and file-sharing controls + sensitivity-label respect still apply.

No. This is one of the key design differences from cloud-only DLP. Content inspection, classification, and behavioral analysis all run on the endpoint. The cloud console receives enriched event metadata — what classification was applied, what action was taken — not the raw business data being analysed. This helps with bandwidth, latency, and India / DPDPA data-residency posture.

The console runs on Fortinet's global PoP network. For most Indian customers this is fine — content data never leaves the endpoint, only enriched events do. For regulated tenants needing strict in-region console hosting (e.g. KSA), Fortinet offers the Advanced with Premium Hosting SKU (FC{N}-10-DLPEP-1174-02-DD), but India does not currently require this. The Evidence Store (forensic captures — file copies, clipboard, screen captures) supports bring-your-own on-prem object storage for customers with the strictest data-sovereignty requirements.

Cleanly. FortiDLP events surface in FortiSIEM via the native connector and can be correlated with FortiGate, FortiEDR, and FortiSASE events. FortiSOAR playbooks can orchestrate response — e.g. on an Insider Risk high-severity incident, automatically isolate the endpoint via FortiEDR, alert the SOC via Teams, and create a CRM-side case for HR. FortiAI provides the case-summarisation layer (separate token licence). The future-state FortiEndpoint consolidation (announced at Accelerate 2026) will merge all of these into a single endpoint agent.

Out-of-the-box connectors for Microsoft Sentinel and Splunk. SOAR integrations beyond FortiSOAR are supported through standard SIEM-out / webhook patterns. For user-coaching workflows, native integrations exist for Microsoft Teams and Slack — your help-desk / security-ops team can field nudges and justifications through the messaging tool they already use.

For new customers in year one, yes — Fortinet requires either the BPS consultation or the Managed Service. The reason: most DLP failures come from rushed deployments without proper baselining. BPS includes Fortinet-led setup, best-practice advisory, checkpoint meetings, and console configuration assistance. After year one, BPS is optional and renewals are flexible. Ogma typically supplements Fortinet BPS with our own tuning work — particularly around Indian-specific data classes (Aadhaar, PAN, CIN, GSTIN patterns that aren't in the global default library).

At Accelerate 2026 (March 2026), Fortinet announced FortiEndpoint — a future single-agent product that will consolidate ZTNA, SASE-side endpoint controls, EPP, EDR, and DLP into one lightweight agent with a unified console. FortiDLP is one of the products being merged. No formal GA date yet — H2 2026 is the expected window. For customers buying FortiDLP today, this is positive (clearer licensing migration path, not rip-and-replace) but does not affect current deployments. We will migrate existing FortiDLP licences when the consolidation lands.

Further FortiDLP reading

Engineer-depth feature analysis and a competitive comparison against the three other DLP products dominating 2026 shortlists.

Feature deep-dive · 2026

FortiDLP — Complete Feature Walkthrough + 12 Real-World Use Cases

Every FortiDLP feature explained at engineer depth, with 12 sector-specific use cases drawn from real Indian deployments — BFSI, healthcare, manufacturing, source-code protection, GenAI rollout, M&A, government, contractor workforce.

Competitive comparison · 2026

FortiDLP vs Microsoft Purview vs Forcepoint vs Symantec — 2026

Feature-by-feature comparison across all four products, with decision framework, pricing model differences, deployment-time analysis, and a recommendation flow keyed to common buyer profiles.

Ready to deploy FortiDLP?

Tell us your endpoint count, current M365 / Google footprint, and the regulators you live under — we send back a sized INR quote with GST, a BPS-vs-Managed-Service comparison, and a tuned rollout plan. Within 2 hours during IST business hours.

Get a sized FortiDLP quote →