What’s new in FortiDeceptor 4.3.0
The following is a list of new features and enhancements in 4.3.0. For details, see the FortiDeceptor Administration Guide in the Fortinet Document Library.
Network Asset Discovery Module:
- FortiDeceptor expands the network asset discovery module with 11 new OT protocols and one IT protocol.
- The following OT protocols were added: S7comm plus, FINS, ATG, Kamstrup, Moxa, IEC104, FL-net, GE-EGD, GE-SRTP, Triconex, PCOM and IT protocol (DHCP).
- The new Asset Discovery generates the asset inventory using passive network sniffing for network threat visibility and decoy deployment automation.
Incident Alerts Reporting:
- FortiDeceptor 4.3.0 supports MITRE ICS framework, both as an independent menu and also inside the incident alert itself, to provide better visibility to incident alerts in the ICS network.
- MITRE ATT&CK for ICS is a collection of behaviors that adversaries have exhibited while carrying out attacks against industrial control system networks.
New IT Decoys:
- Linux is a core platform in the new data center, and to better mimic the network infrastructure, we have expanded the FortiDeceptor offering and added a new Linux Decoy, Ubuntu 18.0.4.
New Application & Services Decoys:
IT Sensitive applications are always targets for threat actors and APT. Deception application decoys are a key component for detecting attacks against critical applications. The following Application Decoys were added:
-
Tomcat Decoy:
- As part of the last attacks against log4j and other java frameworks, we added the Tomcat service as a decoy.
- The Tomcat decoy is based on a real Tomcat installation.
- As part of the last attacks against log4j and other java frameworks, we added the Tomcat service as a decoy.
-
MySQL Decoy:
- MySQL is one of the most popular database platforms and a target for data exfiltration attacks.
- The MySQL decoy is based on real MySQL installation.
New OT Decoys:
FortiDeceptor 4.3.0 expands the OT decoys offering by adding:
- The GE IP Series 90-30 family of controllers, I/O systems, and specialty modules that are designed to meet the demands of flexible industrial control.
- The popular MOXA product allows for converting serial protocol to Ethernet IP.
FortiDeceptor 4.3.0 expands the OT Management Decoy by adding:
- ScadaBR is a SCADA system with applications that allows you to create interactive screens, also called Human Machine Interface (HMI), for your automation.
New IoT Decoys:
FortiDeceptor 4.3.0 expands the IoT decoys offering by adding:
- New VOIP server using SIP protocol
- New broker server using the MQTT protocol
- New XMPP server using XMPP protocol
Deception Tokens:
- Expanded the HONYDOC deception token Support by adding Excel files.
New Fabric Integrations:
- CheckPoint Firewall: Added integration between FortiDeceptor and CheckPoint FW, allowing a threat mitigation response automation to isolate an infected machine from the network by adding a dynamic blocking rule.
- Expanded the SYSLOG protocol by adding several new parameters such as:
- Decoy Group
- Decoy type
- MITRE ICS Tactics
General:
-
The FortiDeceptor GUI now matches FortiGate's look and feel using the Neutrino Framework.
-
FortiDeceptor 4.3.0 adds support for:
- Automated push token for 2FA authentication.
- The temperature monitor in SNMP service for the FDR-100G model.
- A test command in the CLI to verify the deployment network.