Skip to content Skip to navigation Skip to footer

概述

FortiDeceptor 為 Fortinet SecOps 平台的一環,能偵測並回應網路上的攻擊,例如遭竊的憑證使用、橫向移動、中間人攻擊和勒索軟體。新增 FortiDeceptor 作為網路安全策略的一部分,幫助將您的防禦從被動轉變為主動,並利用內容相關情報分層進行入侵的偵測。

早期的準確攻擊偵測(無誤判)可縮短攻擊者的停留時間

FortiDeceptor 透過與您環境中分佈的各種誘騙資產互動,誘導攻擊者在偵察階段早期暴露自己。該平台會根據與攻擊者和惡意軟體的即時互動,產生高度真實的警示,並提供攻擊活動分析和攻擊隔離。這有助於減輕 SOC 團隊因誤報所造成的負擔。FortiDeceptor 還可關聯事件和行銷活動,並收集 IOC 和 TTP,讓 SOC 團隊制定更加明智快速的決策。

立即觀看
FortiDeceptor UI

在網路內攻擊擴散前自動加以遏止

當攻擊者與誘騙資產互動時,例如端點上的假檔案,或者惡意軟體嘗試加密假檔案時,FortiDeceptor 可以透過自動隔離任何遭入侵的端點讓攻擊無效。如此可防止攻擊擴散,並阻止與 C&C 伺服器通訊。這可使用 FortiDeceptor 內建的自動攻擊隔離功能完成,也可以透過向 SIEM/SOAR 傳送警示以獲得協調回應來完成。

動態防護會隨著威脅等級增加而擴展

為對抗新興威脅和漏洞,FortiDeceptor 可根據新發現的漏洞或可疑活動,按需建立欺騙誘餌,從而為 OT/IoT/IT 環境提供自動化的動態保護。此外,FortiDeceptor 提供了 SOAR 行動手冊用於按需部署誘騙資產,以回應網路中的可疑活動,其回應能力超出 SOAR 證據和自動化的主機隔離行動手冊。

功能與優點

動態誘騙平台,廣泛支援 IT/OT/IoT 環境,可轉移攻擊者對敏感資產的注意力,讓防禦者獲得優勢。

可視性與加速回應

與 Fortinet 安全織網和第三方安全控制(SIEM、SOAR、EDR、沙箱)整合

內部威脅偵測

減少停留時間和誤報,偵測早期偵察和橫向移動以誤導攻擊

取證與威脅情報

即時擷取和分析攻擊活動,提供詳細的取證,並收集 IOC 和 TTP

隔離/未隔離攻擊

可將受感染端點從生產網路中隔離

針對 OT/IOT/IOMT 進行最佳化

以線上/氣隙隔離(離線)模式運作,並提供加固版本

輕鬆部署與維護

自動部署與資產相符的誘餌,不會影響穩定性和效能

FortiDeceptor 使用案例

Detection
動態誘騙
透過被動足跡實現網路可視性和入侵偵測。對自身無法提供遙測功能的資產進行威脅偵測。
Malware Protection
勒索軟體緩解
對勒索軟體攻擊的早期偵測及回應。誤導惡意軟體對假檔案進行加密,觸發對受感染端點的自動封鎖。
Hybrid Workforce
橫向移動偵測
在探索階段早期偵測攻擊者,並誤導其對誘餌執行橫向移動,使其遠離真實資產。
icon threat hunting
威脅獵捕
啟用網路內威脅偵測、追蹤攻擊來源、觀察攻擊者以收集 TTP、提供情報,進而快速作出回應。
Secure Worker
IT/OT/IOT/IOMT 的安全性
包含 SCADA 系統在內的廣泛誘餌,可使用 IoT 感應器,且能夠上傳您自己的誘餌。

企業分析師驗證

ESG FortiDeceptor 演示報告
Fortinet SecOps Fabric 的 ESG 經濟驗證
Cover of ESG report titled Active Defense and Deception Technology: The Time is Now! Written by John Olsik, distinguished analyst and fellow, and published June 2023
主動防禦和欺敵技術:現在正是時候!
威脅偵測與回應等安全營運要求每年持續提高,挑戰越來越嚴峻。根據 TechTarget 企業策略小組的經濟驗證報告,識別威脅平均需要 168 小時或更長的時間,其中還有許多威脅從未被偵測到。因此,資安長應該考慮使用欺敵技術來改善威脅偵測和回應。FortiDeceptor 等現代欺敵技術將欺敵技術的歷史價值與易用性、自動化和可執行情報相結合,形成一種主動防禦。對資安人員,以及技能有限的組織和合併 IT 與 OT 的組織來說,這些優勢尤其重要。
檢視報告 »
ESG Economic Validation: The Quantified Benefits of Fortinet Security Operations Solutions. Improved security team operational efficiency and reduced risk to the organization, each by up to 99%. Written by Aviv Kaufmann, Practice Director and Principal Economic Validation Analyst at Enterprise Strategy Group. July 2023
Fortinet 安全營運解決方案的量化優勢
隨著企業不斷發展,新技術也隨之興起,網路罪犯引入了更複雜的攻擊,資安領導者及其團隊在保護組織網路方面也面臨著各種挑戰。企業策略團隊發佈的新報告詳細介紹了使用 Fortinet 安全營運解決方案的優勢,包括提高營運效率和更有效的風險管理。
下載報告 »

案例研究

Laguna Woods Village
Laguna Woods Village
FortiGuard Incident Response Helps Large Planned Community Recover from Ransomware
Chandler Unified School District
Chandler Unified School District
Proactively Protecting a Large School District and Its Ever-Growing Attack Surface
IT Solutions Partner
IT Solutions Partner
IT Solutions Provider Chooses FortiDeceptor to Detect and Block In-Network Attacks
Regional Hospital System
Regional Hospital System
FortiDeceptor Delivers Breach Protection for Critical Healthcare Services

型號與規格

FortiDeceptor 目的是為了在攻擊鏈早期誘騙、暴露和消除內外部威脅,並主動封鎖這些威脅,以免發生任何重大損害。它可作為硬體和虛擬設備使用,並提供加固版本,非常適合嚴苛的環境。

導覽:

硬體設備

形式
Desktop - fanless
最大 VLAN 數
48
介面總數
6x 1GbE RJ-45 ports
預設 RAID 層級
No
電源供應器
24Vdc - 48Vdc input
形式
1 RU Rackmount
最大 VLAN 數
128
介面總數
4 x GE (RJ45), 4 x GE (SFP)
預設 RAID 層級
1
電源供應器
Dual PSU optional

虛擬機

FortiDeceptor 的虛擬設備可以部署在 VMware 和 KVM 平台上。

最大 VLAN 數
128
連接埠
6 virtual network interfaces

資源

分析報告
部落格
資料表
播客
解決方案簡介
影片
白皮書
Deceive By Design: How To Protect Critical Infrastructure With Deception Technology
Deceive By Design: How To Protect Critical Infrastructure With Deception Technology »

Moshe Ben Simon makes the case and provides examples of how deception technologies can be used in OT systems. This can delay the attacker and give the defender more time to detect and respond to the attack before the attacker succeeds. Deception also provides a high fidelity signal since no one should access the deception device or system.

Security Automation Summit: How To Use Deception Technology To Protect Your OT/ IT Networks
Security Automation Summit: How To Use Deception Technology To Protect Your OT/ IT Networks »

In operational technology environments, safety and continuity are crucial considerations—but traditional security controls simply won’t protect OT infrastructure, much of which wasn't designed to combat today’s fast-evolving threats. With air gaps between IT and OT decreasing and OT/IT devices often deployed in the same segment, bad actors have increased opportunities to move laterally across IT/OT infrastructures.

How to Use Fortinet FortiDeceptor to Protect OT/IT Networks
How to Use Fortinet FortiDeceptor to Protect OT/IT Networks »

FortiDeceptor, Fortinet’s innovative, non-intrusive, agentless OT/IT/IoT deception solution is a force multiplier to current security defenses, providing early detection and response to active in-network threats. The FortiDeceptor decoys generate high-fidelity, intelligence-based alerts that result in an automated incident response to help stop zero-day attacks. In this session, VP Product Management, FortiDeceptor, Moshe Ben Simon, provides valuable tips and insights on how to use deception for early breach detection and protection against cyber threats across the IT/OT environment.

Deception Technology for IT/OT/IoT Environments
Deception Technology for IT/OT/IoT Environments »

Fortinet's FortiDeceptor is a Distributed Deception Platform (DDP), simulating various types of IT, OT, ICS, and IoT decoys, as well as critical applications (e.g. ERP/SAP, etc.).

A New Breach Protection Approach with FortiDeceptor
A New Breach Protection Approach with FortiDeceptor »

Verizon's 2018 DBIR reports two-thirds of breaches come from external attacks while the remaining are from insider threats. FortiDeceptor is built to deceive and redirect both external and internal attacks to a network of decoys. It exposes these reconnaissance attacks and eliminates them, disrupting the entire kill chain before it even begins.

免費產品演示

現今的針對性攻擊可能來自組織的外部或內部。進階威脅欺騙是在攻擊能完成其完整生命週期之前提供早期偵測及回應的關鍵。此功能完整的 FortiDeceptor 演示為使用者提供了集中管理誘餌和引誘的體驗,具有針對威脅活動的可執行可視性,並能夠輕鬆地與 FortiGates 整合以阻止這些攻擊。