Fortinet black logo

Release Notes

Home FortiDeceptor 4.3.0 Release Notes
4.3.0
5.3.0
5.2.0
5.1.0
5.0.0
4.3.0
4.2.0
4.1.1
4.1.0
4.0.2
4.0.1
4.0.0
3.3.3
3.3.2
3.3.1
3.3.0
3.2.2
3.2.1
3.2.0
3.1.1
3.1.0
3.0.2
3.0.1
3.0.0
2.1.0
2.0.0
1.1.0
1.0.1

What’s new in FortiDeceptor 4.3.0

What’s new in FortiDeceptor 4.3.0

The following is a list of new features and enhancements in 4.3.0. For details, see the FortiDeceptor Administration Guide in the Fortinet Document Library.

Network Asset Discovery Module:
  • FortiDeceptor expands the network asset discovery module with 11 new OT protocols and one IT protocol.
  • The following OT protocols were added: S7comm plus, FINS, ATG, Kamstrup, Moxa, IEC104, FL-net, GE-EGD, GE-SRTP, Triconex, PCOM and IT protocol (DHCP).
  • The new Asset Discovery generates the asset inventory using passive network sniffing for network threat visibility and decoy deployment automation.
Incident Alerts Reporting:
  • FortiDeceptor 4.3.0 supports MITRE ICS framework, both as an independent menu and also inside the incident alert itself, to provide better visibility to incident alerts in the ICS network.
  • MITRE ATT&CK for ICS is a collection of behaviors that adversaries have exhibited while carrying out attacks against industrial control system networks.
New IT Decoys:
  • Linux is a core platform in the new data center, and to better mimic the network infrastructure, we have expanded the FortiDeceptor offering and added a new Linux Decoy, Ubuntu 18.0.4.
New Application & Services Decoys:

IT Sensitive applications are always targets for threat actors and APT. Deception application decoys are a key component for detecting attacks against critical applications. The following Application Decoys were added:

  • Tomcat Decoy:
    • As part of the last attacks against log4j and other java frameworks, we added the Tomcat service as a decoy.
      • The Tomcat decoy is based on a real Tomcat installation.
  • MySQL Decoy:
    • MySQL is one of the most popular database platforms and a target for data exfiltration attacks.
    • The MySQL decoy is based on real MySQL installation.
New OT Decoys:

FortiDeceptor 4.3.0 expands the OT decoys offering by adding:

  • The GE IP Series 90-30 family of controllers, I/O systems, and specialty modules that are designed to meet the demands of flexible industrial control.
  • The popular MOXA product allows for converting serial protocol to Ethernet IP.

FortiDeceptor 4.3.0 expands the OT Management Decoy by adding:

  • ScadaBR is a SCADA system with applications that allows you to create interactive screens, also called Human Machine Interface (HMI), for your automation.
New IoT Decoys:

FortiDeceptor 4.3.0 expands the IoT decoys offering by adding:

  • New VOIP server using SIP protocol
  • New broker server using the MQTT protocol
  • New XMPP server using XMPP protocol
Deception Tokens:
  • Expanded the HONYDOC deception token Support by adding Excel files.
New Fabric Integrations:
  • CheckPoint Firewall: Added integration between FortiDeceptor and CheckPoint FW, allowing a threat mitigation response automation to isolate an infected machine from the network by adding a dynamic blocking rule.
  • Expanded the SYSLOG protocol by adding several new parameters such as:
    • Decoy Group
    • Decoy type
    • MITRE ICS Tactics
General:

  • The FortiDeceptor GUI now matches FortiGate's look and feel using the Neutrino Framework.

  • FortiDeceptor 4.3.0 adds support for:
    • Automated push token for 2FA authentication.
    • The temperature monitor in SNMP service for the FDR-100G model.
    • A test command in the CLI to verify the deployment network.
Previous
Next

What’s new in FortiDeceptor 4.3.0

The following is a list of new features and enhancements in 4.3.0. For details, see the FortiDeceptor Administration Guide in the Fortinet Document Library.

Network Asset Discovery Module:
  • FortiDeceptor expands the network asset discovery module with 11 new OT protocols and one IT protocol.
  • The following OT protocols were added: S7comm plus, FINS, ATG, Kamstrup, Moxa, IEC104, FL-net, GE-EGD, GE-SRTP, Triconex, PCOM and IT protocol (DHCP).
  • The new Asset Discovery generates the asset inventory using passive network sniffing for network threat visibility and decoy deployment automation.
Incident Alerts Reporting:
  • FortiDeceptor 4.3.0 supports MITRE ICS framework, both as an independent menu and also inside the incident alert itself, to provide better visibility to incident alerts in the ICS network.
  • MITRE ATT&CK for ICS is a collection of behaviors that adversaries have exhibited while carrying out attacks against industrial control system networks.
New IT Decoys:
  • Linux is a core platform in the new data center, and to better mimic the network infrastructure, we have expanded the FortiDeceptor offering and added a new Linux Decoy, Ubuntu 18.0.4.
New Application & Services Decoys:

IT Sensitive applications are always targets for threat actors and APT. Deception application decoys are a key component for detecting attacks against critical applications. The following Application Decoys were added:

  • Tomcat Decoy:
    • As part of the last attacks against log4j and other java frameworks, we added the Tomcat service as a decoy.
      • The Tomcat decoy is based on a real Tomcat installation.
  • MySQL Decoy:
    • MySQL is one of the most popular database platforms and a target for data exfiltration attacks.
    • The MySQL decoy is based on real MySQL installation.
New OT Decoys:

FortiDeceptor 4.3.0 expands the OT decoys offering by adding:

  • The GE IP Series 90-30 family of controllers, I/O systems, and specialty modules that are designed to meet the demands of flexible industrial control.
  • The popular MOXA product allows for converting serial protocol to Ethernet IP.

FortiDeceptor 4.3.0 expands the OT Management Decoy by adding:

  • ScadaBR is a SCADA system with applications that allows you to create interactive screens, also called Human Machine Interface (HMI), for your automation.
New IoT Decoys:

FortiDeceptor 4.3.0 expands the IoT decoys offering by adding:

  • New VOIP server using SIP protocol
  • New broker server using the MQTT protocol
  • New XMPP server using XMPP protocol
Deception Tokens:
  • Expanded the HONYDOC deception token Support by adding Excel files.
New Fabric Integrations:
  • CheckPoint Firewall: Added integration between FortiDeceptor and CheckPoint FW, allowing a threat mitigation response automation to isolate an infected machine from the network by adding a dynamic blocking rule.
  • Expanded the SYSLOG protocol by adding several new parameters such as:
    • Decoy Group
    • Decoy type
    • MITRE ICS Tactics
General:

  • The FortiDeceptor GUI now matches FortiGate's look and feel using the Neutrino Framework.

  • FortiDeceptor 4.3.0 adds support for:
    • Automated push token for 2FA authentication.
    • The temperature monitor in SNMP service for the FDR-100G model.
    • A test command in the CLI to verify the deployment network.
Previous
Next