早期的準確攻擊偵測(無誤判)可縮短攻擊者的停留時間
FortiDeceptor 透過與您環境中分佈的各種誘騙資產互動,誘導攻擊者在偵察階段早期暴露自己。該平台會根據與攻擊者和惡意軟體的即時互動,產生高度真實的警示,並提供攻擊活動分析和攻擊隔離。這有助於減輕 SOC 團隊因誤報所造成的負擔。FortiDeceptor 還可關聯事件和行銷活動,並收集 IOC 和 TTP,讓 SOC 團隊制定更加明智快速的決策。
立即觀看FortiDeceptor 為 Fortinet SecOps 平台的一環,能偵測並回應網路上的攻擊,例如遭竊的憑證使用、橫向移動、中間人攻擊和勒索軟體。新增 FortiDeceptor 作為網路安全策略的一部分,幫助將您的防禦從被動轉變為主動,並利用內容相關情報分層進行入侵的偵測。
FortiDeceptor 透過與您環境中分佈的各種誘騙資產互動,誘導攻擊者在偵察階段早期暴露自己。該平台會根據與攻擊者和惡意軟體的即時互動,產生高度真實的警示,並提供攻擊活動分析和攻擊隔離。這有助於減輕 SOC 團隊因誤報所造成的負擔。FortiDeceptor 還可關聯事件和行銷活動,並收集 IOC 和 TTP,讓 SOC 團隊制定更加明智快速的決策。
立即觀看當攻擊者與誘騙資產互動時,例如端點上的假檔案,或者惡意軟體嘗試加密假檔案時,FortiDeceptor 可以透過自動隔離任何遭入侵的端點讓攻擊無效。如此可防止攻擊擴散,並阻止與 C&C 伺服器通訊。這可使用 FortiDeceptor 內建的自動攻擊隔離功能完成,也可以透過向 SIEM/SOAR 傳送警示以獲得協調回應來完成。
為對抗新興威脅和漏洞,FortiDeceptor 可根據新發現的漏洞或可疑活動,按需建立欺騙誘餌,從而為 OT/IoT/IT 環境提供自動化的動態保護。此外,FortiDeceptor 提供了 SOAR 行動手冊用於按需部署誘騙資產,以回應網路中的可疑活動,其回應能力超出 SOAR 證據和自動化的主機隔離行動手冊。
動態誘騙平台,廣泛支援 IT/OT/IoT 環境,可轉移攻擊者對敏感資產的注意力,讓防禦者獲得優勢。
可視性與加速回應
與 Fortinet 安全織網和第三方安全控制(SIEM、SOAR、EDR、沙箱)整合
內部威脅偵測
減少停留時間和誤報,偵測早期偵察和橫向移動以誤導攻擊
取證與威脅情報
即時擷取和分析攻擊活動,提供詳細的取證,並收集 IOC 和 TTP
隔離/未隔離攻擊
可將受感染端點從生產網路中隔離
針對 OT/IOT/IOMT 進行最佳化
以線上/氣隙隔離(離線)模式運作,並提供加固版本
輕鬆部署與維護
自動部署與資產相符的誘餌,不會影響穩定性和效能
FortiDeceptor 目的是為了在攻擊鏈早期誘騙、暴露和消除內外部威脅,並主動封鎖這些威脅,以免發生任何重大損害。它可作為硬體和虛擬設備使用,並提供加固版本,非常適合嚴苛的環境。
導覽:
形式 |
Desktop - fanless |
最大 VLAN 數 |
48 |
介面總數 |
6x 1GbE RJ-45 ports |
預設 RAID 層級 |
No |
電源供應器 |
24Vdc - 48Vdc input |
形式 |
1 RU Rackmount |
最大 VLAN 數 |
128 |
介面總數 |
4 x GE (RJ45), 4 x GE (SFP) |
預設 RAID 層級 |
1 |
電源供應器 |
Dual PSU optional |
FortiDeceptor 的虛擬設備可以部署在 VMware 和 KVM 平台上。
最大 VLAN 數 |
128 |
連接埠 |
6 virtual network interfaces |
Security operations requirements, like threat detection and response, continue to grow more challenging each year. According an Economic Validation report from TechTarget’s Enterprise Strategy Group, it can take 168 hours or more, on average, to identify threats, while many threats are never detected.1 Therefore, CISOs should consider deception technology for improving threat detection and response. Modern deception technology like FortiDeceptor combines the historical value of deception technology with ease of use, automation, and actionable intelligence—creating an active defense. These benefits are especially important for organizations with limited security staff and skills and those merging IT and OT.
Improved Security Team Operational Efficiency and Reduced Risk to the Organization, Each by Up to 99%
Deception can provide value across the attack chain by not only deceiving adversaries, but also detecting, enabling forensics data, or even helping with real-time mitigation.
Protecting business-critical data is becoming increasingly complex—and by extension, increasingly relevant for today's organizations. One critical element of this evolution is their increasing reliance on, and hyperconnectivity across foundational technologies such as data centers, cloud platforms, SaaS applications, and broadly adopted software vendors like Microsoft and SAP.
Deception technology should be fully integrated with NGFW, NAC, SIEM, Sandbox, SOAR, and EDR solutions to automate the mitigation response based on ransomware detection. By combining deception technology with a comprehensive security platform, organizations will be able to detect and respond to attacks, such as ransomware, long before they can achieve their malicious goals.
FortiDeceptor provides simple-to-use, unintrusive, network-based early detection of threats that target OT and IT environments. Through the deployment of decoys and honeytokens, FortiDeceptor automates the containment of cyberattacks before serious damage occurs.
Whether a security breach happens due to an external or internal attack, it can take months for an organization to discover the breach and begin remediation.
Moshe Ben Simon makes the case and provides examples of how deception technologies can be used in OT systems. This can delay the attacker and give the defender more time to detect and respond to the attack before the attacker succeeds. Deception also provides a high fidelity signal since no one should access the deception device or system.
In operational technology environments, safety and continuity are crucial considerations—but traditional security controls simply won’t protect OT infrastructure, much of which wasn't designed to combat today’s fast-evolving threats. With air gaps between IT and OT decreasing and OT/IT devices often deployed in the same segment, bad actors have increased opportunities to move laterally across IT/OT infrastructures.
FortiDeceptor, Fortinet’s innovative, non-intrusive, agentless OT/IT/IoT deception solution is a force multiplier to current security defenses, providing early detection and response to active in-network threats. The FortiDeceptor decoys generate high-fidelity, intelligence-based alerts that result in an automated incident response to help stop zero-day attacks. In this session, VP Product Management, FortiDeceptor, Moshe Ben Simon, provides valuable tips and insights on how to use deception for early breach detection and protection against cyber threats across the IT/OT environment.
Fortinet's FortiDeceptor is a Distributed Deception Platform (DDP), simulating various types of IT, OT, ICS, and IoT decoys, as well as critical applications (e.g. ERP/SAP, etc.).
Verizon's 2018 DBIR reports two-thirds of breaches come from external attacks while the remaining are from insider threats. FortiDeceptor is built to deceive and redirect both external and internal attacks to a network of decoys. It exposes these reconnaissance attacks and eliminates them, disrupting the entire kill chain before it even begins.