Fortinet black logo

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Related Videos

sidebar video

Deploy FortiDeceptor's Linux Decoy & Incident View

  • 894 views
  • 3 years ago
sidebar video

FortiDeceptor SCADA Decoy Demonstration

  • 1,322 views
  • 3 years ago
sidebar video

FortiDeceptor ARAE & Fabric Integration in Action

  • 679 views
  • 3 years ago
sidebar video

FortiDeceptor 3.3 Ransomware Detection

  • 931 views
  • 2 years ago
sidebar video

Deception Technology - FortiDeceptor for IoT/OT Networks

  • 364 views
  • 1 years ago

Administration Guide

Download PDF
Copy Doc ID 34d5f787-ded3-11ed-8e6d-fa163e15d75b:304013
Copy Link

Introduction

FortiDeceptor creates a network of Decoy VMs to lure attackers and monitor their activities on the network. When attackers attack Decoy VMs, their actions are analyzed to protect the network.

Key features of FortiDeceptor include:

  • Deception OS: Windows, Linux, SCADA OS, IoT OS, VoIP OS, ERP OS, Medical OS, SSL-VPN OS, or POS OS images are available to create Decoy VMs.
  • Decoy VMs: Decoy VMs that behave like real network assets can be deployed via FortiDeceptor.
  • Deception Lures: Deception Lures are services, applications, or users added to a Decoy VM to simulate a real user environment.
  • FortiDeceptor token package: Install a FortiDeceptor token package to add breadcrumbs on real endpoints and lure an attacker to a Decoy VM. Tokens are normally distributed within the real endpoints and other IT assets on the network to maximize the deception surface. Use tokens to influence attackers' lateral movements and activities. Examples of what you can use in a token include: cached credentials, database connections, network share, data files, and configuration files.
  • Monitor the hacker's actions: Monitor Incidents, Events, and Campaign.
    • An Event represents a single action. For example, a login-logout event on a victim host.
    • An Incident represents all actions on all actions taken by a hacker on a single decoy/victim host. Examples include, a login-logout, file system change, a registry modification, and a website visit on a single victim host.
    • A Campaign represents the hacker's lateral movement. All related Incidents are a Campaign. For example, an hacker logs on to a system using the credentials found on another system.
  • Log Events: Log all FortiDeceptor system events.

Previous

Related Videos

sidebar video

Deploy FortiDeceptor's Linux Decoy & Incident View

  • 894 views
  • 3 years ago
sidebar video

FortiDeceptor SCADA Decoy Demonstration

  • 1,322 views
  • 3 years ago
sidebar video

FortiDeceptor ARAE & Fabric Integration in Action

  • 679 views
  • 3 years ago
sidebar video

FortiDeceptor 3.3 Ransomware Detection

  • 931 views
  • 2 years ago
sidebar video

Deception Technology - FortiDeceptor for IoT/OT Networks

  • 364 views
  • 1 years ago

Introduction

FortiDeceptor creates a network of Decoy VMs to lure attackers and monitor their activities on the network. When attackers attack Decoy VMs, their actions are analyzed to protect the network.

Key features of FortiDeceptor include:

  • Deception OS: Windows, Linux, SCADA OS, IoT OS, VoIP OS, ERP OS, Medical OS, SSL-VPN OS, or POS OS images are available to create Decoy VMs.
  • Decoy VMs: Decoy VMs that behave like real network assets can be deployed via FortiDeceptor.
  • Deception Lures: Deception Lures are services, applications, or users added to a Decoy VM to simulate a real user environment.
  • FortiDeceptor token package: Install a FortiDeceptor token package to add breadcrumbs on real endpoints and lure an attacker to a Decoy VM. Tokens are normally distributed within the real endpoints and other IT assets on the network to maximize the deception surface. Use tokens to influence attackers' lateral movements and activities. Examples of what you can use in a token include: cached credentials, database connections, network share, data files, and configuration files.
  • Monitor the hacker's actions: Monitor Incidents, Events, and Campaign.
    • An Event represents a single action. For example, a login-logout event on a victim host.
    • An Incident represents all actions on all actions taken by a hacker on a single decoy/victim host. Examples include, a login-logout, file system change, a registry modification, and a website visit on a single victim host.
    • A Campaign represents the hacker's lateral movement. All related Incidents are a Campaign. For example, an hacker logs on to a system using the credentials found on another system.
  • Log Events: Log all FortiDeceptor system events.

Previous