Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Release Notes

    Home FortiDeceptor 5.0.0 Release Notes
    5.0.0
    6.2.1
    6.2.0
    6.1.1
    6.1.0
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.3.3
    5.3.2
    5.3.1
    5.3.0
    5.2.2
    5.2.1
    5.2.0
    5.1.0
    5.0.0
    4.3.0
    4.2.0
    4.1.1
    4.1.0
    4.0.2
    4.0.1
    4.0.0
    3.3.3
    3.3.2
    3.3.1
    3.3.0
    3.2.2
    3.2.1
    3.2.0
    3.1.1
    3.1.0
    3.0.2
    3.0.1
    3.0.0
    2.1.0
    2.0.0
    1.1.0
    1.0.1

    What’s new in FortiDeceptor 5.0.0

    What’s new in FortiDeceptor 5.0.0

    The following is a list of new features and enhancements in 5.0.0. For details, see the FortiDeceptor Administration Guide in the Fortinet Document Library.

    FortiDeceptor Manager API:

    An API (Application Programming Interface) is a set of defined interfaces to accomplish a task, such as retrieving or modifying data. FortiDeceptor provides a Representational State Transfer (REST) API for interaction with system components. Programs communicate with the REST API over HTTP, the same protocol your web browser uses to interact with web pages.

    The REST-API authentication is based on a token generated by the FortiDeceptor.

    The FortiDeceptor API allows the following capabilities:

    • Get the decoy deployment template list.
    • Deploy decoys based on the decoy template configuration and the deployment network configuration (both STATIC and DHCP IP)
    • Get a decoy deployment status
    • Allow to stop/start the deployed decoys
    • Get incident alerts based on filter requests like time range (last minutes/hours/days) / service name/decoy name.
    Network Asset Discovery Module:

    FortiDeceptor expands the network Asset Discovery module with nine new OT protocols and one IT protocol.

    For the OT protocols, we have added Beckhoff (AMS/ADS), Saia-Burgess Controls (Ether-S-I/O), Mitsubishi (Melsec), Rockwell-AB (PCCC), Phoenix (PCworx), EtherCAT, HART-IP and Proconos.

    The new asset discovery generates the asset inventory using passive network sniffing for network threat visibility and decoy deployment automation.

    Incident Alerts Reporting:

    The MITRE ICS framework support has been improved by allowing it to be enabled from the GUI instead of the CLI. The MITRE Techniques and Techniques explanation was also added to the GUI.

    MITRE ATT&CK for ICS is a collection of behaviors that adversaries have exhibited while carrying out attacks against industrial control system networks.

    New IT Decoys:

    Linux is a core platform in the new data center. To better mimic the network infrastructure, we have expanded the FortiDeceptor offering by adding a New Linux Decoy, Red hat Enterprise Linux 7.9, through the custom decoy feature.

    Application Improvement & New Decoy Services:

    IT Sensitive applications are always targets for threat actors and APT. Deception application Decoys are a key component for detecting attacks against critical applications.

    Application Decoys improvement:

    • Tomcat Decoy:
      • Supports custom SSL certificate for Tomcat decoy
    • Linux Decoy:
      • Improved the SSH service to accept customized banners.
    • Expanded the Decoy services by adding the following:
      • New Radius service on Linux Decoys. RADIUS (Remote Authentication Dial-In User Service) is a client-server protocol and software that enables remote access servers to communicate with a central server to authenticate users and authorize their access to the requested system or service.
      • New SMTP service for Linux and Windows decoy. SMTP stands for Simple Mail Transfer Protocol, an application used by mail servers to send, receive, and/or relay outgoing mail between email senders and receivers.
    New OT Decoys:

    Expanded the new OT decoys by adding the following:

    • The Phoenix Contact AXC 1050 PLC Controller. The AXC 1050 is The AXC 1050 modular small-scale controller for the Axioline I/O system With 2 Ethernet interfaces and programming capabilities according to IEC 61131-3.
    • The SIEMENS S7-1500 PLC Controller Decoy. The SIMATIC S7-1500 controller features a modular design and is also approved for protection class IP20 and designed for installation in a control cabinet.
    Deception Tokens:

    New AWS deception keys were added to monitor lateral movement in the cloud environments based on stolen credentials. FortiDeceptor will generate fake AWS keys that will get deployed on real endpoints and servers and, in parallel, will monitor the AWS environment for malicious access.

    New Fabric Integrations:

    A/D Mitigation connector: Add integration between FortiDeceptor and Microsoft A/D for threat mitigation based on a compromised identity. FortiDeceptor will block user identity (username) at the A/D level based on malicious threat actor detection.

    General:
    • Added support to edit the deployment network configuration when used by a network decoy.
    • Added the option to have multiple super admins in addition to the built-in super-admin profile.
    • Added a new logging system to support debugging option (diagnose command) in the CLI to allow debugging the specified daemon/feature and adding them to Syslog to view them in the GUI.
    • Added a new diagnose option for the FortiDeceptor proxy configuration to allow debugging a failed connection. This option is available in the test-network command.
    • Implement a new FortiDeceptor GUI front-end framework to standardize and simplify GUI components.
    • Improved the email rules to support more fields for mail alert customization.
    • Added the FortiAuthenticator option similar to Radius for FortiDeceptor GUI access authentication.
    Previous
    Next

    What’s new in FortiDeceptor 5.0.0

    What’s new in FortiDeceptor 5.0.0

    The following is a list of new features and enhancements in 5.0.0. For details, see the FortiDeceptor Administration Guide in the Fortinet Document Library.

    FortiDeceptor Manager API:

    An API (Application Programming Interface) is a set of defined interfaces to accomplish a task, such as retrieving or modifying data. FortiDeceptor provides a Representational State Transfer (REST) API for interaction with system components. Programs communicate with the REST API over HTTP, the same protocol your web browser uses to interact with web pages.

    The REST-API authentication is based on a token generated by the FortiDeceptor.

    The FortiDeceptor API allows the following capabilities:

    • Get the decoy deployment template list.
    • Deploy decoys based on the decoy template configuration and the deployment network configuration (both STATIC and DHCP IP)
    • Get a decoy deployment status
    • Allow to stop/start the deployed decoys
    • Get incident alerts based on filter requests like time range (last minutes/hours/days) / service name/decoy name.
    Network Asset Discovery Module:

    FortiDeceptor expands the network Asset Discovery module with nine new OT protocols and one IT protocol.

    For the OT protocols, we have added Beckhoff (AMS/ADS), Saia-Burgess Controls (Ether-S-I/O), Mitsubishi (Melsec), Rockwell-AB (PCCC), Phoenix (PCworx), EtherCAT, HART-IP and Proconos.

    The new asset discovery generates the asset inventory using passive network sniffing for network threat visibility and decoy deployment automation.

    Incident Alerts Reporting:

    The MITRE ICS framework support has been improved by allowing it to be enabled from the GUI instead of the CLI. The MITRE Techniques and Techniques explanation was also added to the GUI.

    MITRE ATT&CK for ICS is a collection of behaviors that adversaries have exhibited while carrying out attacks against industrial control system networks.

    New IT Decoys:

    Linux is a core platform in the new data center. To better mimic the network infrastructure, we have expanded the FortiDeceptor offering by adding a New Linux Decoy, Red hat Enterprise Linux 7.9, through the custom decoy feature.

    Application Improvement & New Decoy Services:

    IT Sensitive applications are always targets for threat actors and APT. Deception application Decoys are a key component for detecting attacks against critical applications.

    Application Decoys improvement:

    • Tomcat Decoy:
      • Supports custom SSL certificate for Tomcat decoy
    • Linux Decoy:
      • Improved the SSH service to accept customized banners.
    • Expanded the Decoy services by adding the following:
      • New Radius service on Linux Decoys. RADIUS (Remote Authentication Dial-In User Service) is a client-server protocol and software that enables remote access servers to communicate with a central server to authenticate users and authorize their access to the requested system or service.
      • New SMTP service for Linux and Windows decoy. SMTP stands for Simple Mail Transfer Protocol, an application used by mail servers to send, receive, and/or relay outgoing mail between email senders and receivers.
    New OT Decoys:

    Expanded the new OT decoys by adding the following:

    • The Phoenix Contact AXC 1050 PLC Controller. The AXC 1050 is The AXC 1050 modular small-scale controller for the Axioline I/O system With 2 Ethernet interfaces and programming capabilities according to IEC 61131-3.
    • The SIEMENS S7-1500 PLC Controller Decoy. The SIMATIC S7-1500 controller features a modular design and is also approved for protection class IP20 and designed for installation in a control cabinet.
    Deception Tokens:

    New AWS deception keys were added to monitor lateral movement in the cloud environments based on stolen credentials. FortiDeceptor will generate fake AWS keys that will get deployed on real endpoints and servers and, in parallel, will monitor the AWS environment for malicious access.

    New Fabric Integrations:

    A/D Mitigation connector: Add integration between FortiDeceptor and Microsoft A/D for threat mitigation based on a compromised identity. FortiDeceptor will block user identity (username) at the A/D level based on malicious threat actor detection.

    General:
    • Added support to edit the deployment network configuration when used by a network decoy.
    • Added the option to have multiple super admins in addition to the built-in super-admin profile.
    • Added a new logging system to support debugging option (diagnose command) in the CLI to allow debugging the specified daemon/feature and adding them to Syslog to view them in the GUI.
    • Added a new diagnose option for the FortiDeceptor proxy configuration to allow debugging a failed connection. This option is available in the test-network command.
    • Implement a new FortiDeceptor GUI front-end framework to standardize and simplify GUI components.
    • Improved the email rules to support more fields for mail alert customization.
    • Added the FortiAuthenticator option similar to Radius for FortiDeceptor GUI access authentication.
    Previous
    Next