FortiDeceptor 可诱骗攻击者自行暴露身份,实现对复杂人为攻击和自动攻击的早期检测和自动隔离
作为 Fortinet SecOps 平台重要组件之一,FortiDeceptor 可快速检测并响应各类网内攻击,如:凭据窃取、威胁横向移动、中间人攻击和勒索软件攻击。部署 FortiDeceptor 并集成至现有网络安全策略,组织可利用丰富的上下文情报实现基于入侵的分层检测,助力组织从传统被动式防御转变为主动式防御模式。
|
FortiDeceptor 借助分布于整个网络环境的大量欺骗资产,诱骗攻击者在侦察阶段早期即自行暴露。此外,该解决方案还可根据系统与攻击者和恶意软件的实时互动,为用户生成高保真告警,提供攻击活动分析,并进行攻击隔离。这些举措均有助于减轻大量告警误报对 SOC 团队造成的繁重任务负担。FortiDeceptor 还支持关联安全事件和攻击活动,收集入侵指标(IOC)和攻击者使用的战术、技术和程序(TTP),赋能 SOC 团队更快做出更明智的决策。
立即观看
当攻击者企图窃取终端上的虚假文件等欺骗资产时,或当恶意软件企图加密虚假文件时,FortiDeceptor 均可自动隔离任意被入侵终端,及时遏制攻击行为。这一举措可防止攻击横向传播,并切断其与 C&C 服务器的通信。借助 FortiDeceptor 内置攻击自动隔离功能,或向 SIEM/SOAR 发送告警进行协同响应,均可实现此类防护。
为有效应对不断涌现的新型威胁和漏洞,FortiDeceptor 可根据新发现漏洞或可疑活动按需创建欺骗诱饵,跨 OT/IoT/IT 环境实现自动化动态防护。除了由 SOAR 提供对目标主机进行自动隔离的丰富 Playbook 外,FortiDeceptor 还支持按需部署欺骗资产的 SOAR Playbook,以快速响应网络中潜伏的可疑活动。
动态欺骗防护平台可将攻击者诱离敏感资产,全面保护 IT/OT/IoT 环境,助力防御者抢占先机。
可见性和加速响应
与 Fortinet Security Fabric 和第三方安全控制组件(SIEM、SOAR、EDR、沙箱)广泛集成
内部威胁检测
减少攻击者停留时间和告警误报,有效检测早期侦查和横向移动,实现迷惑各类攻击的目的
取证和威胁情报
实时捕获和分析攻击活动,提供详细的取证信息,收集入侵指标(IOC)和攻击者使用的战术、技术和程序(TTP)
已隔离/未隔离攻击
自动将受感染终端与生产网络快速隔离
OT/IOT/IOMT 环境优化部署
在联网/物理隔离 (脱机) 模式下均可正常运行,并提供适用于恶劣环境的加固版本
易于部署和维护
自动部署与资产相匹配的诱饵,丝毫不影响运行稳定性和性能表现
FortiDeceptor 旨在帮助用户在攻击杀伤链早期欺骗、暴露和消除各类内外部威胁,并在攻击者造成严重破坏前主动拦截威胁。FortiDeceptor 支持硬件和虚拟机两种部署模式,并提供适用于恶劣环境的加固版可供用户选购。
View by:
外形 |
Desktop - fanless |
最大 VLAN 数 |
48 |
接口总数 |
6x 1GbE RJ-45 ports |
默认 RAID 等级 |
No |
适用电源 |
24Vdc - 48Vdc input |
外形 |
1 RU Rackmount |
最大 VLAN 数 |
128 |
接口总数 |
4 x GE (RJ45), 4 x GE (SFP) |
默认 RAID 等级 |
1 |
适用电源 |
Dual PSU optional |
FortiDeceptor 虚拟设备支持 VMware 和 KVM 平台部署。
最大 VLAN 数 |
128 |
端口 |
6 virtual network interfaces |
Security operations requirements, like threat detection and response, continue to grow more challenging each year. According an Economic Validation report from TechTarget’s Enterprise Strategy Group, it can take 168 hours or more, on average, to identify threats, while many threats are never detected.1 Therefore, CISOs should consider deception technology for improving threat detection and response. Modern deception technology like FortiDeceptor combines the historical value of deception technology with ease of use, automation, and actionable intelligence—creating an active defense. These benefits are especially important for organizations with limited security staff and skills and those merging IT and OT.
Improved Security Team Operational Efficiency and Reduced Risk to the Organization, Each by Up to 99%
Deception can provide value across the attack chain by not only deceiving adversaries, but also detecting, enabling forensics data, or even helping with real-time mitigation.
Protecting business-critical data is becoming increasingly complex—and by extension, increasingly relevant for today's organizations. One critical element of this evolution is their increasing reliance on, and hyperconnectivity across foundational technologies such as data centers, cloud platforms, SaaS applications, and broadly adopted software vendors like Microsoft and SAP.
Deception technology should be fully integrated with NGFW, NAC, SIEM, Sandbox, SOAR, and EDR solutions to automate the mitigation response based on ransomware detection. By combining deception technology with a comprehensive security platform, organizations will be able to detect and respond to attacks, such as ransomware, long before they can achieve their malicious goals.
FortiDeceptor provides simple-to-use, unintrusive, network-based early detection of threats that target OT and IT environments. Through the deployment of decoys and honeytokens, FortiDeceptor automates the containment of cyberattacks before serious damage occurs.
Moshe Ben Simon makes the case and provides examples of how deception technologies can be used in OT systems. This can delay the attacker and give the defender more time to detect and respond to the attack before the attacker succeeds. Deception also provides a high fidelity signal since no one should access the deception device or system.
In operational technology environments, safety and continuity are crucial considerations—but traditional security controls simply won’t protect OT infrastructure, much of which wasn't designed to combat today’s fast-evolving threats. With air gaps between IT and OT decreasing and OT/IT devices often deployed in the same segment, bad actors have increased opportunities to move laterally across IT/OT infrastructures.
FortiDeceptor, Fortinet’s innovative, non-intrusive, agentless OT/IT/IoT deception solution is a force multiplier to current security defenses, providing early detection and response to active in-network threats. The FortiDeceptor decoys generate high-fidelity, intelligence-based alerts that result in an automated incident response to help stop zero-day attacks. In this session, VP Product Management, FortiDeceptor, Moshe Ben Simon, provides valuable tips and insights on how to use deception for early breach detection and protection against cyber threats across the IT/OT environment.
Fortinet's FortiDeceptor is a Distributed Deception Platform (DDP), simulating various types of IT, OT, ICS, and IoT decoys, as well as critical applications (e.g. ERP/SAP, etc.).
Verizon's 2018 DBIR reports two-thirds of breaches come from external attacks while the remaining are from insider threats. FortiDeceptor is built to deceive and redirect both external and internal attacks to a network of decoys. It exposes these reconnaissance attacks and eliminates them, disrupting the entire kill chain before it even begins.
