What’s new in FortiDeceptor 5.1.0
The following is a list of new features and enhancements in 5.1.0. For details, see the FortiDeceptor Administration Guide in the Fortinet Document Library.
New IT Decoys:
-
Windows 11 is the latest major release of Microsoft. We have expanded the FortiDeceptor offering and added support for Windows 11 when using the custom decoy module.
-
MacOS is a Unix operating system developed and marketed by Apple. To mimic the endpoint infrastructure better, we have expanded the FortiDeceptor offering to include a New MacOS Decoy.
Outbreak vulnerability emulation profiles:
-
We have expanded the outbreak vulnerability emulation profiles and added several more such as CenOS Web Panel (CVE-2022-44877), Cacti (CVE-2022-46169), IBM Aspera Faspex (CVE-2022-47986), ABB TotalFlow (CVE-2022-0902).
New Application & Services Decoys:
IT Financial Sensitive applications are always targets for threat actors and APT. Deception application decoys are a key component for detecting attacks against critical applications. The following new Application Decoys were added:
SWIFT Lite 2 Decoy:
-
As part of the latest attacks against SWIFT systems, we have added the SWIFT Lite 2 as a decoy.
-
The SWIFT messaging network is a component of the global payments system. SWIFT carries the messages containing the payment instructions between financial institutions involved in a transaction.
-
The SWIFT Lite 2 decoy is based on a Windows-based decoy.
SWIFT VPN Decoy:
- SWIFT VPN delivers secure and reliable connectivity to Swift based on SRX345 VPN.
- The SWIFT VPN is based on FortiDeceptor emulation technology.
New OT Decoys:
The following OT decoys were added in FortiDeceptor 5.1.0:
-
Emerson iPro by Dixell is a programmable controller powered at 24Vac/dc and uses a high-speed performance 32-bit microprocessor.
-
C-more HMI is Touch Screens designed to interchange and display graphics, animation, and data to and from a PLC.
-
Schneider Electric Modicon M241 is a Programmable Logic Controller for performance-demanding applications
New Telco Decoys:
The following IoT decoys were added in FortiDeceptor 5.1.0:
- New 4G/5G decoy using NextEPC software that includes the Mobility Management Entity (MME), Serving Gateway (SGW), Packet Data Network Gateway (PGW), Home Subscriber Server (HSS), and Policy and Charging Rules Functions (PCRF).
- Added three new protocols: SCTP, GTP-C, and GTP-U.
FortiDeceptor Attack Detection Exchange Program:
Malicious actors often use the same techniques to attack similar organizations. By knowing in advance how attackers operate, you can take proactive steps to avoid a breach. The Attack Detection Exchange Program makes it easy and secure for FortiDeceptor users to anonymously exchange valuable intelligence on the latest attacks.
Current customers can enable the Attack Detection Exchange in the FortiDeceptor GUI under System > Settings.
New Fabric Integrations:
- Aruba ClearPass: Add integration between FortiDeceptor and Aruba ClearPass NAC, allowing a threat mitigation response automation to isolate an infected machine from the network by blocking the port access or moving it to isolated VLANs.
- FortiSandbox Cloud: Expand the existing integration between FortiDeceptor and FortiSandbox to support the FortiSandbox cloud to execute an in-depth malware analysis for malware detected by the FortiDeceptor decoys.
- AWS deception token:Expand the existing integration with the AWS platform to detect cloud access using fake AWS keys. We have added integration with the IAM credential reports to identify the incidents and cover more attack vectors.
General:
-
We expanded the support of monitoring the behaviors for administrators by user-configured minutes.
-
We expanded the support of the incident report email and the ability to add a report schedule.
-
The FortiDeceptor Linux Kernel is upgraded to 5.15.82.
-
We improved the FortiDeceptor AWS and FortiSIEM connector performance for threat mitigation response.
-
We Implemented a new GUI front-end framework to standardize and simplify GUI components.
-
We added logic to purge the unsupported deception OS scadav1 if the platform is not using it.
-
We added support of SMB share name customization for Windows/Linux decoys.
-
We added a new option for NBNS to switch the backend to use the user input hostname without randomized change.
-
We added support for Custom Decoy and Token for the French Windows edition (Server 2016 and 10).