Fortinet black logo

Release Notes

Home FortiDeceptor 5.2.0 Release Notes
5.2.0
5.3.0
5.2.0
5.1.0
5.0.0
4.3.0
4.2.0
4.1.1
4.1.0
4.0.2
4.0.1
4.0.0
3.3.3
3.3.2
3.3.1
3.3.0
3.2.2
3.2.1
3.2.0
3.1.1
3.1.0
3.0.2
3.0.1
3.0.0
2.1.0
2.0.0
1.1.0
1.0.1

What’s new in FortiDeceptor 5.2.0

What’s new in FortiDeceptor 5.2.0

The following is a list of new features and enhancements in 5.2.0. For details, see the FortiDeceptor Administration Guide in the Fortinet Document Library.

New IT Decoys:
  • Citrix enables users to work from remote locations and allows them to access applications, desktops, and resources through virtualized software. The Citrix platform can act as a VPN gateway deployed in the DMZ; therefore, it is a target for threat actors willing to penetrate internal networks. We expand the FortiDeceptor detection offering and added a New Citrix Decoy to mitigate these attacks.
  • We expanded the support of the Decoy customization feature with Windows Server 2022.
  • We expanded the Outbreak vulnerability emulation and allow the upload of the emulation packages via the web interface for networks without internet connectivity (Air-gap networks).
  • We Improved the Win10 Decoy OS and upgraded from IoT Enterprise 2015 LTSB to IoT Enterprise 2021 LTSC ESD.
New Application & Services Decoys:
  • Webmin is a web-based server management control panel for Unix-like systems. Webmin allows users to configure operating system internals, such as users, disk quotas, services, configuration files, etc. The Webmin is a target for threat actors to gain unauthorized access or execute arbitrary code. We expanded the FortiDeceptor offering and add a New Webmin Decoy.
  • We expanded the Linux Mysql and Tomcat Decoys with SSH service.
  • We expanded the TCP LISTENER feature and added the option to have a banner for the TCP port listener service.
New OT Decoys:
  • We expanded the OT decoys offering by adding a Lantronix XPORT device Decoy. XPort is a compact, integrated solution to web-enable virtually any device with serial capability.
New IoT decoys:
  • We expanded the IoT decoys offering by adding an HP switch Decoy to detect threat actors that execute network attackers in the reconnaissance phase.
New Deception Token:
  • We added a new AZURE deception keys to monitor lateral movement in the cloud environments based on stolen credentials. FortiDeceptor will generate fake AZURE keys that will get deployed on real endpoints and servers and, in parallel, will monitor the AZURE environment for malicious access.
New Fabric Integrations:
  • Sentinel One EDR: Added integration between FortiDeceptor and Sentinel One EDR, allowing a threat mitigation response automation to isolate an infected machine from the network.

  • Forensics acquisition: Added a forensic artifacts collector that can be used remotely against a live host that attack the Decoy to collect a Digital Forensics Artifacts for future incident response investigation.

New Security Decoys:
  • The new credentials theft protection Decoy is an expansion to the current SSL-VPN decoy, allowing you to deploy the SSL-VPN decoy in the DMZ and get alerts only against VPN login with a legitimate user credential that exists in the network. ( FortiDeceptor will leverage the A/D connector to retrieve the username list from the A/D server to validate using a legit user credential.)

    This innovation allows you to expose the Decoy to the internet network while filtering all the scanning noise and focusing on VPN access attempts using a legitimate user credential in your network.

General:
  • We added a CLI command to allow FortiDeceptor users to change their own password.
  • We added AMD CPU support for a FortiDeceptor KVM version.
  • We added a configurable limitation option for the asset discovery export report and the total nodes on the deployment map for a better visibility view.
  • We added the option to allow users to modify the FortiDeceptor hostname on the system settings page.
  • We added the option to allow users to download the lure resource content under the lure resource page.
  • We added the untag/tag interface option instead of using VLAN ID 0 under the deployment network configuration menu.
  • We expanded the SYSLOG capability and added the option to use a secure Syslog encryption Support.
  • We expanded the FortiDeceptor WEB-UI user's login by adding SAML support.
  • We improved the web CLI terminal to re-use the FortiDeceptor WEB-UI login session to avoid typing the login credentials again.
  • We improved the custom alert rules and allow the end user to add a network IP range instead of individual attacker IP.
  • We improved the email alert type by allowing multiple selections for alert type in custom alert rules.
  • We improved the public REST API to provide the Decoys service list.
Previous
Next

What’s new in FortiDeceptor 5.2.0

The following is a list of new features and enhancements in 5.2.0. For details, see the FortiDeceptor Administration Guide in the Fortinet Document Library.

New IT Decoys:
  • Citrix enables users to work from remote locations and allows them to access applications, desktops, and resources through virtualized software. The Citrix platform can act as a VPN gateway deployed in the DMZ; therefore, it is a target for threat actors willing to penetrate internal networks. We expand the FortiDeceptor detection offering and added a New Citrix Decoy to mitigate these attacks.
  • We expanded the support of the Decoy customization feature with Windows Server 2022.
  • We expanded the Outbreak vulnerability emulation and allow the upload of the emulation packages via the web interface for networks without internet connectivity (Air-gap networks).
  • We Improved the Win10 Decoy OS and upgraded from IoT Enterprise 2015 LTSB to IoT Enterprise 2021 LTSC ESD.
New Application & Services Decoys:
  • Webmin is a web-based server management control panel for Unix-like systems. Webmin allows users to configure operating system internals, such as users, disk quotas, services, configuration files, etc. The Webmin is a target for threat actors to gain unauthorized access or execute arbitrary code. We expanded the FortiDeceptor offering and add a New Webmin Decoy.
  • We expanded the Linux Mysql and Tomcat Decoys with SSH service.
  • We expanded the TCP LISTENER feature and added the option to have a banner for the TCP port listener service.
New OT Decoys:
  • We expanded the OT decoys offering by adding a Lantronix XPORT device Decoy. XPort is a compact, integrated solution to web-enable virtually any device with serial capability.
New IoT decoys:
  • We expanded the IoT decoys offering by adding an HP switch Decoy to detect threat actors that execute network attackers in the reconnaissance phase.
New Deception Token:
  • We added a new AZURE deception keys to monitor lateral movement in the cloud environments based on stolen credentials. FortiDeceptor will generate fake AZURE keys that will get deployed on real endpoints and servers and, in parallel, will monitor the AZURE environment for malicious access.
New Fabric Integrations:
  • Sentinel One EDR: Added integration between FortiDeceptor and Sentinel One EDR, allowing a threat mitigation response automation to isolate an infected machine from the network.

  • Forensics acquisition: Added a forensic artifacts collector that can be used remotely against a live host that attack the Decoy to collect a Digital Forensics Artifacts for future incident response investigation.

New Security Decoys:
  • The new credentials theft protection Decoy is an expansion to the current SSL-VPN decoy, allowing you to deploy the SSL-VPN decoy in the DMZ and get alerts only against VPN login with a legitimate user credential that exists in the network. ( FortiDeceptor will leverage the A/D connector to retrieve the username list from the A/D server to validate using a legit user credential.)

    This innovation allows you to expose the Decoy to the internet network while filtering all the scanning noise and focusing on VPN access attempts using a legitimate user credential in your network.

General:
  • We added a CLI command to allow FortiDeceptor users to change their own password.
  • We added AMD CPU support for a FortiDeceptor KVM version.
  • We added a configurable limitation option for the asset discovery export report and the total nodes on the deployment map for a better visibility view.
  • We added the option to allow users to modify the FortiDeceptor hostname on the system settings page.
  • We added the option to allow users to download the lure resource content under the lure resource page.
  • We added the untag/tag interface option instead of using VLAN ID 0 under the deployment network configuration menu.
  • We expanded the SYSLOG capability and added the option to use a secure Syslog encryption Support.
  • We expanded the FortiDeceptor WEB-UI user's login by adding SAML support.
  • We improved the web CLI terminal to re-use the FortiDeceptor WEB-UI login session to avoid typing the login credentials again.
  • We improved the custom alert rules and allow the end user to add a network IP range instead of individual attacker IP.
  • We improved the email alert type by allowing multiple selections for alert type in custom alert rules.
  • We improved the public REST API to provide the Decoys service list.
Previous
Next