Skip to content Skip to navigation Skip to footer

概述

作为 Fortinet SecOps 平台重要组件之一,FortiDeceptor 可快速检测并响应各类网内攻击,如:凭据窃取、威胁横向移动、中间人攻击和勒索软件攻击。部署 FortiDeceptor 并集成至现有网络安全策略,组织可利用丰富的上下文情报实现基于入侵的分层检测,助力组织从传统被动式防御转变为主动式防御模式。

早期准确检测(无误报)缩短攻击者停留时间

FortiDeceptor 借助分布于整个网络环境的大量欺骗资产,诱骗攻击者在侦察阶段早期即自行暴露。此外,该解决方案还可根据系统与攻击者和恶意软件的实时互动,为用户生成高保真告警,提供攻击活动分析,并进行攻击隔离。这些举措均有助于减轻大量告警误报对 SOC 团队造成的繁重任务负担。FortiDeceptor 还支持关联安全事件和攻击活动,收集入侵指标(IOC)和攻击者使用的战术、技术和程序(TTP),赋能 SOC 团队更快做出更明智的决策。

立即观看
FortiDeceptor 用户界面

攻击网内传播前自动遏制

当攻击者企图窃取终端上的虚假文件等欺骗资产时,或当恶意软件企图加密虚假文件时,FortiDeceptor 均可自动隔离任意被入侵终端,及时遏制攻击行为。这一举措可防止攻击横向传播,并切断其与 C&C 服务器的通信。借助 FortiDeceptor 内置攻击自动隔离功能,或向 SIEM/SOAR 发送告警进行协同响应,均可实现此类防护。

随威胁等级提升实现防护动态扩展

为有效应对不断涌现的新型威胁和漏洞,FortiDeceptor 可根据新发现漏洞或可疑活动按需创建欺骗诱饵,跨 OT/IoT/IT 环境实现自动化动态防护。除了由 SOAR 提供对目标主机进行自动隔离的丰富 Playbook 外,FortiDeceptor 还支持按需部署欺骗资产的 SOAR Playbook,以快速响应网络中潜伏的可疑活动。

功能与优势

动态欺骗防护平台可将攻击者诱离敏感资产,全面保护 IT/OT/IoT 环境,助力防御者抢占先机。

可见性和加速响应

与 Fortinet Security Fabric 和第三方安全控制组件(SIEM、SOAR、EDR、沙箱)广泛集成

内部威胁检测

减少攻击者停留时间和告警误报,有效检测早期侦查和横向移动,实现迷惑各类攻击的目的

取证和威胁情报

实时捕获和分析攻击活动,提供详细的取证信息,收集入侵指标(IOC)和攻击者使用的战术、技术和程序(TTP)

已隔离/未隔离攻击

自动将受感染终端与生产网络快速隔离

OT/IOT/IOMT 环境优化部署

在联网/物理隔离 (脱机) 模式下均可正常运行,并提供适用于恶劣环境的加固版本

易于部署和维护

自动部署与资产相匹配的诱饵,丝毫不影响运行稳定性和性能表现

FortiDeceptor 应用场景

Detection
动态欺骗
利用攻击者行踪实现网络可见性和漏洞检测。针对无法自行提供遥测结果的资产进行威胁检测。
Malware Protection
勒索软件缓解
及早检测和响应勒索软件攻击。诱导恶意软件加密假文件,触发被感染终端自动防御策略。
Hybrid Workforce
横向移动检测
在发现阶段及早检测攻击者,并将横向活动诱骗至高度仿真的诱饵资产,使其远离真实资产。
icon threat hunting
威胁猎捕
高效检测网内威胁,跟踪攻击源,观察攻击者并收集其使用的战术、技术和程序(TTP),提供威胁情报实现快速响应。
Secure Worker
IT/OT/IOT/IOMT 环境安全性
提供 SCADA 系统、物联网传感器等广泛仿真诱饵,支持自定义诱饵上传。

企业分析师权威验证

ESG FortiDeceptor 报告展示
Fortinet SecOps Fabric ESG 经济验证
Cover of ESG report titled Active Defense and Deception Technology: The Time is Now! Written by John Olsik, distinguished analyst and fellow, and published June 2023
主动防御和欺骗防护技术:正当其时!
威胁检测和响应等安全运营要求正变得越来越具有挑战性。据 TechTarget 企业战略小组(ESG)的经济验证报告显示,成功识别威胁平均耗时 168 小时或更长时间,而与此同时,许多威胁却从未被检测到。因此,首席信息安全官(CISO)应考虑采用诱捕技术提升组织的威胁检测和响应能力。FortiDeceptor 商用蜜罐解决方案既具备诱捕技术的传统优势,又具备易用性、自动化和可操作威胁情报等创新优势,二者结合共筑主动防御。这些优势对于安全人员和技能水平有限以及希望构建 IT 与 OT 融合的组织而言尤为重要。
查看报告 »
ESG Economic Validation: The Quantified Benefits of Fortinet Security Operations Solutions. Improved security team operational efficiency and reduced risk to the organization, each by up to 99%. Written by Aviv Kaufmann, Practice Director and Principal Economic Validation Analyst at Enterprise Strategy Group. July 2023
Fortinet 安全运营解决方案量化优势
随着企业的不断发展、新技术的不断涌现以及网络犯罪分子持续引入更多复杂攻击,安全领导者及其团队在保护组织网络方面面临重重挑战。企业战略组(Enterprise Strategy Group)研究团队在最新发布的报告中,详细介绍了企业部署 Fortinet 安全运营解决方案后可获得诸多优势,包括提高运营效率和构建更有效的风险管理体系。
下载报告 »

案例研究

Laguna Woods Village
Laguna Woods Village
FortiGuard Incident Response Helps Large Planned Community Recover from Ransomware
Chandler Unified School District
Chandler Unified School District
Proactively Protecting a Large School District and Its Ever-Growing Attack Surface
IT Solutions Partner
IT Solutions Partner
IT Solutions Provider Chooses FortiDeceptor to Detect and Block In-Network Attacks
Regional Hospital System
Regional Hospital System
FortiDeceptor Delivers Breach Protection for Critical Healthcare Services

型号与规格

FortiDeceptor 旨在帮助用户在攻击杀伤链早期欺骗、暴露和消除各类内外部威胁,并在攻击者造成严重破坏前主动拦截威胁。FortiDeceptor 支持硬件和虚拟机两种部署模式,并提供适用于恶劣环境的加固版可供用户选购。

View by:

硬件设备

外形
Desktop - fanless
最大 VLAN 数
48
接口总数
6x 1GbE RJ-45 ports
默认 RAID 等级
No
适用电源
24Vdc - 48Vdc input
外形
1 RU Rackmount
最大 VLAN 数
128
接口总数
4 x GE (RJ45), 4 x GE (SFP)
默认 RAID 等级
1
适用电源
Dual PSU optional

虚拟机

FortiDeceptor 虚拟设备支持 VMware 和 KVM 平台部署。

最大 VLAN 数
128
端口
6 virtual network interfaces

资源

分析报告
博客
技术参数表
播客
解决方案简报
视频
白皮书
Deceive By Design: How To Protect Critical Infrastructure With Deception Technology
Deceive By Design: How To Protect Critical Infrastructure With Deception Technology »

Moshe Ben Simon makes the case and provides examples of how deception technologies can be used in OT systems. This can delay the attacker and give the defender more time to detect and respond to the attack before the attacker succeeds. Deception also provides a high fidelity signal since no one should access the deception device or system.

Security Automation Summit: How To Use Deception Technology To Protect Your OT/ IT Networks
Security Automation Summit: How To Use Deception Technology To Protect Your OT/ IT Networks »

In operational technology environments, safety and continuity are crucial considerations—but traditional security controls simply won’t protect OT infrastructure, much of which wasn't designed to combat today’s fast-evolving threats. With air gaps between IT and OT decreasing and OT/IT devices often deployed in the same segment, bad actors have increased opportunities to move laterally across IT/OT infrastructures.

How to Use Fortinet FortiDeceptor to Protect OT/IT Networks
How to Use Fortinet FortiDeceptor to Protect OT/IT Networks »

FortiDeceptor, Fortinet’s innovative, non-intrusive, agentless OT/IT/IoT deception solution is a force multiplier to current security defenses, providing early detection and response to active in-network threats. The FortiDeceptor decoys generate high-fidelity, intelligence-based alerts that result in an automated incident response to help stop zero-day attacks. In this session, VP Product Management, FortiDeceptor, Moshe Ben Simon, provides valuable tips and insights on how to use deception for early breach detection and protection against cyber threats across the IT/OT environment.

Deception Technology for IT/OT/IoT Environments
Deception Technology for IT/OT/IoT Environments »

Fortinet's FortiDeceptor is a Distributed Deception Platform (DDP), simulating various types of IT, OT, ICS, and IoT decoys, as well as critical applications (e.g. ERP/SAP, etc.).

A New Breach Protection Approach with FortiDeceptor
A New Breach Protection Approach with FortiDeceptor »

Verizon's 2018 DBIR reports two-thirds of breaches come from external attacks while the remaining are from insider threats. FortiDeceptor is built to deceive and redirect both external and internal attacks to a network of decoys. It exposes these reconnaissance attacks and eliminates them, disrupting the entire kill chain before it even begins.

免费产品演示

当下,针对性攻击可能源自组织外部,也可能来自组织内部。执行高级威胁诱捕,是在整个攻击生命周期结束之前开展早期检测和响应的关键举措。完整的 FortiDeceptor 产品功能演示提供可操作的威胁活动可见性,丰富用户的诱饵集中管理体验。此外,还支持轻松集成 FortiGate,高效拦截各类攻击。