Fortinet black logo

Release Notes

Home FortiDeceptor 5.3.0 Release Notes
5.3.0
5.3.0
5.2.0
5.1.0
5.0.0
4.3.0
4.2.0
4.1.1
4.1.0
4.0.2
4.0.1
4.0.0
3.3.3
3.3.2
3.3.1
3.3.0
3.2.2
3.2.1
3.2.0
3.1.1
3.1.0
3.0.2
3.0.1
3.0.0
2.1.0
2.0.0
1.1.0
1.0.1

What’s new in FortiDeceptor 5.3.0

What’s new in FortiDeceptor 5.3.0

The following is a list of new features and enhancements in 5.3.0. For details, see the FortiDeceptor Administration Guide in the Fortinet Document Library.

New IT Decoys:
  • NGINX is a popular software for web serving, reverse proxying, caching, load balancing, media streaming, and more. This web server is always a target for threat actors and APT when Deception applications are a key component for detecting attacks against critical applications.
  • EV CPOs (Charge Point Operator) provide the charging network infrastructure, managing the backend technologies as well as the communications between the backend system and the chargers to deliver reliable and consistent electric vehicle charging. Cyber attackers could disable Electric Vehicles (EV) Charge Point (CP) and cause a service disruption. Using Deception Decoys running EV CPO software will provide early breach detection capability with a passive footprint inside the critical infrastructure.
  • We expanded the support of the Decoy customization feature with more Linux OSs like Ubuntu V.20.04.
  • We expanded the Outbreak vulnerability and added Adobe ColdFusion Deserialization of Untrusted Data Vulnerabilities.
  • We improved the custom decoy feature to support Domain Controller installation customization based on Windows Server 2019 decoy.
New Virtual Appliance:
  • A new FortiDeceptor Edge virtual appliance (FDCVME) allows you to deploy a remote lightweight appliance and run decoys directly from the FortiDeceptor central manager over a propriety Layer2 tunnel. This new technology simplifies remote site deployment that does not require a massive deception deployment.
  • We improved the FortiDeceptor KVM virtual appliance deployment and installation.
OT decoys:
  • We improved the OT Profinet protocol to handle PROFINET DCP packets used for Discovery and basic Configuration Protocol over MultiCast packets. We added the option for users to turn the Profinet reconnaissance detection on/off.
New IoT decoys:

We expanded the IoT decoys offering by adding a MicroTik router decoy. In the last two years, the MicroTik router was a target of cyber attacks, for example, the botnet Meris, which was behind some of the biggest DDoS attacks in 2021. Using a MicroTik router decoy can provide an early breach detection to any cyber attack using known/unknown exploits.

New Deception Token:
  • We improved the A/D deception token for better deployment and added more detection capabilities.
General:
  • We expanded the scalability of FortiDeceptor Central Manager to support more than 200 remote appliances under a single Central Manager.
  • We expanded the FortiDeceptor Central Manager deployment support, and now you can deploy FortiDeceptor Central Manager over the public cloud, supporting Azure, AWS, and GCP.
  • We expanded the networking configuration and allow the end user to configure overlapping VLAN/Subnet on different physical interfaces in a standalone appliance or managed by a Central Manager.
  • We increased the FDC Web-UI login "lock out" from 3 to 5 login attempts with the wrong password.
  • FortiDeceptor UI migration to the Neutrino framework covers modules like incident campaign, incident table, Fabric/Quarantine, safelist, and Fabric/IOC Export.
Previous
Next

What’s new in FortiDeceptor 5.3.0

The following is a list of new features and enhancements in 5.3.0. For details, see the FortiDeceptor Administration Guide in the Fortinet Document Library.

New IT Decoys:
  • NGINX is a popular software for web serving, reverse proxying, caching, load balancing, media streaming, and more. This web server is always a target for threat actors and APT when Deception applications are a key component for detecting attacks against critical applications.
  • EV CPOs (Charge Point Operator) provide the charging network infrastructure, managing the backend technologies as well as the communications between the backend system and the chargers to deliver reliable and consistent electric vehicle charging. Cyber attackers could disable Electric Vehicles (EV) Charge Point (CP) and cause a service disruption. Using Deception Decoys running EV CPO software will provide early breach detection capability with a passive footprint inside the critical infrastructure.
  • We expanded the support of the Decoy customization feature with more Linux OSs like Ubuntu V.20.04.
  • We expanded the Outbreak vulnerability and added Adobe ColdFusion Deserialization of Untrusted Data Vulnerabilities.
  • We improved the custom decoy feature to support Domain Controller installation customization based on Windows Server 2019 decoy.
New Virtual Appliance:
  • A new FortiDeceptor Edge virtual appliance (FDCVME) allows you to deploy a remote lightweight appliance and run decoys directly from the FortiDeceptor central manager over a propriety Layer2 tunnel. This new technology simplifies remote site deployment that does not require a massive deception deployment.
  • We improved the FortiDeceptor KVM virtual appliance deployment and installation.
OT decoys:
  • We improved the OT Profinet protocol to handle PROFINET DCP packets used for Discovery and basic Configuration Protocol over MultiCast packets. We added the option for users to turn the Profinet reconnaissance detection on/off.
New IoT decoys:

We expanded the IoT decoys offering by adding a MicroTik router decoy. In the last two years, the MicroTik router was a target of cyber attacks, for example, the botnet Meris, which was behind some of the biggest DDoS attacks in 2021. Using a MicroTik router decoy can provide an early breach detection to any cyber attack using known/unknown exploits.

New Deception Token:
  • We improved the A/D deception token for better deployment and added more detection capabilities.
General:
  • We expanded the scalability of FortiDeceptor Central Manager to support more than 200 remote appliances under a single Central Manager.
  • We expanded the FortiDeceptor Central Manager deployment support, and now you can deploy FortiDeceptor Central Manager over the public cloud, supporting Azure, AWS, and GCP.
  • We expanded the networking configuration and allow the end user to configure overlapping VLAN/Subnet on different physical interfaces in a standalone appliance or managed by a Central Manager.
  • We increased the FDC Web-UI login "lock out" from 3 to 5 login attempts with the wrong password.
  • FortiDeceptor UI migration to the Neutrino framework covers modules like incident campaign, incident table, Fabric/Quarantine, safelist, and Fabric/IOC Export.
Previous
Next