Fortinet white logo
Fortinet white logo

What’s new in FortiDeceptor 4.1.0

What’s new in FortiDeceptor 4.1.0

The following is a list of new features and enhancements in 4.1.0. For details, see the FortiDeceptor Administration Guide in the Fortinet Document Library.

Incident Alerts Reporting & Email Alerts:
  • FortiDeceptor manager email module will allow you to send incident alerts using email:
    • To several recipients
    • Based on a specific incident alerts parameter

    • Based on several incident alerts parameters

  • FortiDeceptor manager will allows you to export incident alerts to a CSV format as an additional option to the current PDF.

New Infrastructure Decoys:

The massive migration in recent years by organizations to move networks, servers, applications, and data into the cloud expand the attack surface. A full-stack deception solution requires providing network visibility coverage for hybrid networks. FortiDeceptor Cloud appliance will support all the three major public clouds:

  • AWS

  • AZURE

  • GCP

New IT & Application Decoys:

IT Sensitive applications are always targets for threat actors and APT. Deception application Decoys are a key component for detecting attacks against critical applications. The following bew Application Decoys were added:

  • SAP Decoys that emulate the essential components of SAP that are exposed to end-users and represent the SAP attack surface. SAP decoys:

    • SAP Router decoy

    • SAP Dispatcher decoy

    • SAP ICM (WebUI/HANA) decoy

  • Linux Decoy:

    • Linux is a core platform in the new data center. To better mimic the network infrastructure, we expanded the FortiDeceptor offering and added a New Linux Decoy, CentOS 7.9.

    • In addition, the kernel module for Linux decoy was improved to monitor the file operations and dump the changed files.

New IoT/OT Application Decoys:
  • New IoT decoys:

    • Expanded the printer decoy by adding more printer vendors likes Brother MFC and Lexmark.

    • Expanded the network IoT decoy by adding a TPLink WIFI router modem.

  • New SCADA decoy (SCADAV3):

    • The ever-growing number of smart sensors is driving the increased focus on cybersecurity for smart buildings. We expanded the BMS decoys and added more sensors from the leading vendor Tridium, Niagara AX Station and Niagara4 Station decoys as part of our deception offering.

    • A new OT Decoy emulates an uninterruptable power supply (UPS) unit, Liebert Spruce UPS.

    • Expanded the Rockwell OT Decoy by adding two more decoys, Rockwell 1769-L16ER/B LOGIX5316ER and Rockwell 1769-L35E Ethernet Port.

    • Expanded the Schneider Electric OT Decoy by adding another decoy, PowerLogic ION7650.

New Deception Tokens
  • An ODBC driver uses Microsoft's Open Database Connectivity (ODBC) interface that allows applications to access data in database management systems (DBMS) using SQL as a standard for accessing the data. The ODBC Lure will add a fake DB connector that will deceive the threat actor into engaging with an IT decoy running a fake SQL DB instance.

  • The new SAP Token adds a fake "SAP Logon" file under the SAP

New Fabric Integrations:
  • An ODBC driver uses Microsoft's Open Database Connectivity (ODBC) interface that allows applications to access data in database management systems (DBMS) using SQL as a standard for accessing the data. The ODBC Lure will add a fake DB connector that will deceive the threat actor into engaging with an IT decoy running a fake SQL DB instance.

  • New SAP Token that will add a fake "SAP Logon" file under the SAP software installation directory contains fake SAP information regarding SAP application servers and SAP router. This fake information will deceive the threat actor into engaging with SAP decoys running fake SAP components.

Decoy Fingerprint detection

A threat actor that will use ICMP protocol (ping) for active reconnaissance that is not supposed to trigger any security alerts will be detected by the FortiDeceptor decoys that will detect ICMP protocol (ping) active probing.

Network segmentation protection:

A threat actor that engages with a decoy with several network segment connections might use the decoy interfaces to move between the network VLANs. The network connection management will enforce a policy route engine that allows the threat actor to access (inbound/outbound) only the network used to connect with the decoy. For the rest of the decoy networks, we will allow ping only.

Data-purge improvement:

Data purge has been improved and now supports periodic data purges in addition to the current manual mode. This feature avaiable from the CLI.

FortiDeceptor Virtual Appliance health-check:

FortiDeceptor Virtual Appliance requires six network interfaces to operate correctly. The new health check logic will alert the you if the FortiDeceptor Virtual Appliance has less than six interfaces.

What’s new in FortiDeceptor 4.1.0

What’s new in FortiDeceptor 4.1.0

The following is a list of new features and enhancements in 4.1.0. For details, see the FortiDeceptor Administration Guide in the Fortinet Document Library.

Incident Alerts Reporting & Email Alerts:
  • FortiDeceptor manager email module will allow you to send incident alerts using email:
    • To several recipients
    • Based on a specific incident alerts parameter

    • Based on several incident alerts parameters

  • FortiDeceptor manager will allows you to export incident alerts to a CSV format as an additional option to the current PDF.

New Infrastructure Decoys:

The massive migration in recent years by organizations to move networks, servers, applications, and data into the cloud expand the attack surface. A full-stack deception solution requires providing network visibility coverage for hybrid networks. FortiDeceptor Cloud appliance will support all the three major public clouds:

  • AWS

  • AZURE

  • GCP

New IT & Application Decoys:

IT Sensitive applications are always targets for threat actors and APT. Deception application Decoys are a key component for detecting attacks against critical applications. The following bew Application Decoys were added:

  • SAP Decoys that emulate the essential components of SAP that are exposed to end-users and represent the SAP attack surface. SAP decoys:

    • SAP Router decoy

    • SAP Dispatcher decoy

    • SAP ICM (WebUI/HANA) decoy

  • Linux Decoy:

    • Linux is a core platform in the new data center. To better mimic the network infrastructure, we expanded the FortiDeceptor offering and added a New Linux Decoy, CentOS 7.9.

    • In addition, the kernel module for Linux decoy was improved to monitor the file operations and dump the changed files.

New IoT/OT Application Decoys:
  • New IoT decoys:

    • Expanded the printer decoy by adding more printer vendors likes Brother MFC and Lexmark.

    • Expanded the network IoT decoy by adding a TPLink WIFI router modem.

  • New SCADA decoy (SCADAV3):

    • The ever-growing number of smart sensors is driving the increased focus on cybersecurity for smart buildings. We expanded the BMS decoys and added more sensors from the leading vendor Tridium, Niagara AX Station and Niagara4 Station decoys as part of our deception offering.

    • A new OT Decoy emulates an uninterruptable power supply (UPS) unit, Liebert Spruce UPS.

    • Expanded the Rockwell OT Decoy by adding two more decoys, Rockwell 1769-L16ER/B LOGIX5316ER and Rockwell 1769-L35E Ethernet Port.

    • Expanded the Schneider Electric OT Decoy by adding another decoy, PowerLogic ION7650.

New Deception Tokens
  • An ODBC driver uses Microsoft's Open Database Connectivity (ODBC) interface that allows applications to access data in database management systems (DBMS) using SQL as a standard for accessing the data. The ODBC Lure will add a fake DB connector that will deceive the threat actor into engaging with an IT decoy running a fake SQL DB instance.

  • The new SAP Token adds a fake "SAP Logon" file under the SAP

New Fabric Integrations:
  • An ODBC driver uses Microsoft's Open Database Connectivity (ODBC) interface that allows applications to access data in database management systems (DBMS) using SQL as a standard for accessing the data. The ODBC Lure will add a fake DB connector that will deceive the threat actor into engaging with an IT decoy running a fake SQL DB instance.

  • New SAP Token that will add a fake "SAP Logon" file under the SAP software installation directory contains fake SAP information regarding SAP application servers and SAP router. This fake information will deceive the threat actor into engaging with SAP decoys running fake SAP components.

Decoy Fingerprint detection

A threat actor that will use ICMP protocol (ping) for active reconnaissance that is not supposed to trigger any security alerts will be detected by the FortiDeceptor decoys that will detect ICMP protocol (ping) active probing.

Network segmentation protection:

A threat actor that engages with a decoy with several network segment connections might use the decoy interfaces to move between the network VLANs. The network connection management will enforce a policy route engine that allows the threat actor to access (inbound/outbound) only the network used to connect with the decoy. For the rest of the decoy networks, we will allow ping only.

Data-purge improvement:

Data purge has been improved and now supports periodic data purges in addition to the current manual mode. This feature avaiable from the CLI.

FortiDeceptor Virtual Appliance health-check:

FortiDeceptor Virtual Appliance requires six network interfaces to operate correctly. The new health check logic will alert the you if the FortiDeceptor Virtual Appliance has less than six interfaces.