The role of the FortiDeceptor lure package is to add breadcrumbs on real endpoints and servers, and redirect an attacker to engage with a decoy instead of a real asset. Deception lures are typically distributed within real endpoints and servers on the network to expand the deception surface.
Effective deception lure technology should support the following:
- Deploy deception lure data and configurations where attackers collect information.
- Deception lure location must be invisible to end users, and doesn’t affect endpoint functionality.
- Deception lure is accessible with user level permissions so that attackers can access it early on and get detected. This saves the privileged escalation attack time.
The current FortiDeceptor token packages are:
When the FortiDeceptor token package is installed on a real Windows, Linux, or MAC endpoint, it increases the deception surface and redirects an attacker to engage with a decoy instead of a real asset.