Fortinet black logo

Release Notes

Home FortiDeceptor 3.3.0 Release Notes

What’s new in FortiDeceptor 3.3.0

3.3.0
5.3.0
5.2.0
5.1.0
5.0.0
4.3.0
4.2.0
4.1.1
4.1.0
4.0.2
4.0.1
4.0.0
3.3.3
3.3.2
3.3.1
3.3.0
3.2.2
3.2.1
3.2.0
3.1.1
3.1.0
3.0.2
3.0.1
3.0.0
2.1.0
2.0.0
1.1.0
1.0.1
Copy Link
Copy Doc ID 1ffd2727-602f-11eb-b9ad-00505692583a:47810
Download PDF

What’s new in FortiDeceptor 3.3.0

The following is a list of new features and enhancements in 3.3.0. For details, see the FortiDeceptor Administration Guide in the Fortinet Document Library.

Central Management platform

The new Central Management platform lets you centrally deploy, configure, and manage remote appliances across any IT/OT network. This single console for a distributed network that provides real-time visibility on your deception deployment includes alerting, event analysis, security reports, and logging.

More application decoys

IT- and IoT/OT-sensitive applications are always targets for threat actors and APT. Deception application decoys are a key component for detecting attacks against critical applications. This version add the following new application decoys:

  • ERP Decoy hosts a web-based CRM (Customer Relationship Management platform) application.
  • POS Decoy hosts a web-based POS (Point-Of-Sale software) application that allows your business to accept customer payments and keep track of sales.
  • GIT Decoy hosts a web-based GIT (an open source distributed version control system) application to address attacks like the Solarwinds supply-chain.
  • Medical Decoy hosts several medical application, services, and medical devices such as:
    • A web-based PACS (Picture Archiving and Communication System for medical records) server.
    • DICOM (Digital Imaging and Communications in Medicine) server for storing and transmitting medical images; and is also part of the PACS application integration.
    • Wireless Syringe Device emulation, which emulates the Medfusion 4000 Wireless Syringe device.
  • SCADA Decoy (SCADAV2):
    • You can choose SCADA decoy-based profiles where you can customize the IT/OT protocols parameters.
    • New OT Decoys like Rockwell PLC and BACNET management server.
    • Software upgrade and code modification to existing OT Decoys.
      Note

      SCADAV1 still exists and can be used as part of the SCADA license.

More deception lures

  • Cache Credentials Lure (HoneyToken) is a fake username and password injected into a real endpoint memory to deceive attackers while using password dump tools for lateral movement. For example, tools like mimikatz and others.
  • Add fake ARP entries to a real endpoint to deceive a threat actor into engaging with a decoy instead of a real asset.
  • SMB lure improvement to detect ransomware attacks using a network drive based on a UNC share configuration.

Fabric pairing

You can add FortiDeceptor as a Security Fabric device on the FortiGate network topology map. FortiDeceptor will show the system info, status, and deception servers list in FortiGate.

HTTP and HTTPS service

HTTP and HTTPS services added to support web-based application decoys to detect web-application attacks more effectively.

MAC address modification

You can modify the MAC address in the decoy Deployment Wizard to improve the decoy authenticity footprint on the network.

Subnet support in Safe List

You can configure network subnet range as a Safe List configuration to have more flexibility in reducing false positive alerts from legitimate systems.

FDS update download

FDS update uses the new method by Verify FDS server with CA2 certificate and downloads packages over HTTPS protocol.

Previous
Next

What’s new in FortiDeceptor 3.3.0

The following is a list of new features and enhancements in 3.3.0. For details, see the FortiDeceptor Administration Guide in the Fortinet Document Library.

Central Management platform

The new Central Management platform lets you centrally deploy, configure, and manage remote appliances across any IT/OT network. This single console for a distributed network that provides real-time visibility on your deception deployment includes alerting, event analysis, security reports, and logging.

More application decoys

IT- and IoT/OT-sensitive applications are always targets for threat actors and APT. Deception application decoys are a key component for detecting attacks against critical applications. This version add the following new application decoys:

  • ERP Decoy hosts a web-based CRM (Customer Relationship Management platform) application.
  • POS Decoy hosts a web-based POS (Point-Of-Sale software) application that allows your business to accept customer payments and keep track of sales.
  • GIT Decoy hosts a web-based GIT (an open source distributed version control system) application to address attacks like the Solarwinds supply-chain.
  • Medical Decoy hosts several medical application, services, and medical devices such as:
    • A web-based PACS (Picture Archiving and Communication System for medical records) server.
    • DICOM (Digital Imaging and Communications in Medicine) server for storing and transmitting medical images; and is also part of the PACS application integration.
    • Wireless Syringe Device emulation, which emulates the Medfusion 4000 Wireless Syringe device.
  • SCADA Decoy (SCADAV2):
    • You can choose SCADA decoy-based profiles where you can customize the IT/OT protocols parameters.
    • New OT Decoys like Rockwell PLC and BACNET management server.
    • Software upgrade and code modification to existing OT Decoys.
      Note

      SCADAV1 still exists and can be used as part of the SCADA license.

More deception lures

  • Cache Credentials Lure (HoneyToken) is a fake username and password injected into a real endpoint memory to deceive attackers while using password dump tools for lateral movement. For example, tools like mimikatz and others.
  • Add fake ARP entries to a real endpoint to deceive a threat actor into engaging with a decoy instead of a real asset.
  • SMB lure improvement to detect ransomware attacks using a network drive based on a UNC share configuration.

Fabric pairing

You can add FortiDeceptor as a Security Fabric device on the FortiGate network topology map. FortiDeceptor will show the system info, status, and deception servers list in FortiGate.

HTTP and HTTPS service

HTTP and HTTPS services added to support web-based application decoys to detect web-application attacks more effectively.

MAC address modification

You can modify the MAC address in the decoy Deployment Wizard to improve the decoy authenticity footprint on the network.

Subnet support in Safe List

You can configure network subnet range as a Safe List configuration to have more flexibility in reducing false positive alerts from legitimate systems.

FDS update download

FDS update uses the new method by Verify FDS server with CA2 certificate and downloads packages over HTTPS protocol.

Previous
Next