Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY 6.1.0
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Release Notes

    Home FortiDeceptor 6.1.0 Release Notes
    6.1.0
    6.2.1
    6.2.0
    6.1.1
    6.1.0
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.3.3
    5.3.2
    5.3.1
    5.3.0
    5.2.2
    5.2.1
    5.2.0
    5.1.0
    5.0.0
    4.3.0
    4.2.0
    4.1.1
    4.1.0
    4.0.2
    4.0.1
    4.0.0
    3.3.3
    3.3.2
    3.3.1
    3.3.0
    3.2.2
    3.2.1
    3.2.0
    3.1.1
    3.1.0
    3.0.2
    3.0.1
    3.0.0
    2.1.0
    2.0.0
    1.1.0
    1.0.1

    What’s new in FortiDeceptor 6.1.0

    What’s new in FortiDeceptor 6.1.0

    The following is a list of new features and enhancements in 6.1.0. For details, see the FortiDeceptor Administration Guide in the Fortinet Document Library.

    New Decoys & Capabilities

    • Windows Decoy: We have added corresponding documents and data on the Windows system and services to mimic the real system used for Windows-based Decoy, and avoid the threat actor fingerprinting the compromised asset as a decoy.
    • Linux Decoy: We added corresponding documents and data on the Linux system, as well as services to mimic the real system used for Windows-based Decoy, and avoid the threat actor fingerprinting the compromised asset as a decoy.
    • The new Credentials Theft Protection Decoy has been expanded by adding the CITRIX gateway decoy, allowing you to deploy the CITRIX gateway decoy in the DMZ and get alerts only against VPN login with a legitimate user credential in the network. (FortiDeceptor will leverage the A/D connector to retrieve the username list from the A/D server and validate it using a legitimate user credential.) This innovation allows you to expose the Decoy to the internet network while filtering all the scanning noise and focusing on VPN access attempts using a legitimate user credential in your network.

    • We have improved the ability to add decoys to a Windows Domain network and allowed the addition of the pre-template Windows 10 decoy template.

    • Deception Lure expands the attack surface and maximizes the deception coverage. We have improved the lure resource feature to allow end users to specify the services for customization of the uploaded lure resources.

    • We have expanded the Outbreak vulnerability and added the following vulnerabilities:

      • Mitel MiCollab Unauthorized Access Attack

      • Palo Alto Networks PAN-OS Management Interface Vulnerabilities

      • Apache Struts 2 Remote Code Execution

      • Palo Alto Networks Expedition Missing Authentication Vulnerability

    • We have added support for LDAP service events for decoys that are part of the Active Directory Domain. LDAP (Lightweight Directory Access Protocol) is a network protocol for accessing and managing directory services. For example, LDAP injection is a type of attack that targets vulnerabilities in implementations of the LDAP.

    • We improved the decoy configuration and template by allowing the end-user to delete a specific decoy (IP address) from a decoy VM with multiple network interfaces (IP address) without deleting the entire decoy VM.

    • FortiDeceptor expands the network Asset Discovery module with nine new OT protocols and one IT protocol. For the OT protocols, we have added Saia-Burgess Controls/Ether-S-Bus (sbus), Tridium/Niagara Fox, IEC 61850 MMS, FF-HSE, Opensafety-UDP, Opensafety-Powerlink, and Telnet. The new asset discovery generates the asset inventory using passive network sniffing for network threat visibility and decoy deployment automation.

    Deception Tokens

    • FortiDeceptor integration with FortiClient (EMS) for Deception tokens deployment will allow a more flexible way to deploy the Deception tokens, including devices outside the internal network.
    • In addition, the integration with FortiClient (EMS) will allow to quarantine /un-quarantine a threat actor that the FortiDeceptor detects.

    FortiDeceptor Integration

    • FortiDeceptor integration connector works with Splunk to update the "watch list" with deception credentials that were deployed in real-time across the real endpoints and servers. The integration also automatically identifies if a threat actor uses deception credentials across the network by checking the real-time Splunk logs.
    • We improved the integration between FortiDeceptor and Cisco ISE (NAC solution) that allows the endpoint quarantine by MAC address to support ANC-POLICY instead of EPS-STATUS because of the change in the Cisco ISE technology from version 1.4.
    • We improved the FortiDeceptor Quarantine integration with Checkpoint and added support for cloud management and local appliances.

    General

    • We added support for customized profiles for fabric and SAML SSO users to add more flexibility to the end-user access to the FortiDeceptor Web management console.
    • We added support for the reserved subnet for decoy deployment customization to avoid network overlapping with customer network VLANs.
    • We added a configuration backup and restore securely with encryption, based on a user-provided password and random salt. The backup will cover network definition, lure resources, decoy tokens, decoy templates, deployed decoys (without booting them up, triggering the download first upon recovery), safe list, fabric connectors configuration, network settings, and system settings.
    • We expanded the FortiDeceptor API by adding the option to collect forensic data from a particular IP without a security event, allowing a more flexible mode to use the forensics tools by SOC and incident response teams.
    • We added the option to export Decoy Status via API and XSL/CSV file via GUI.
    • We continue to work on the GUI migration and improving the menu Dashboard and the custom Decoy Image menu with a neutrino component.
    • We implemented a new dashboard widget to display the traffic statistics data for each physical interface.
    • We improved the Decoy Deployment wizard and allowed the end user to provide different input for the domain account to allow the Decoy to join the domain
    Previous
    Next

    What’s new in FortiDeceptor 6.1.0

    What’s new in FortiDeceptor 6.1.0

    The following is a list of new features and enhancements in 6.1.0. For details, see the FortiDeceptor Administration Guide in the Fortinet Document Library.

    New Decoys & Capabilities

    • Windows Decoy: We have added corresponding documents and data on the Windows system and services to mimic the real system used for Windows-based Decoy, and avoid the threat actor fingerprinting the compromised asset as a decoy.
    • Linux Decoy: We added corresponding documents and data on the Linux system, as well as services to mimic the real system used for Windows-based Decoy, and avoid the threat actor fingerprinting the compromised asset as a decoy.
    • The new Credentials Theft Protection Decoy has been expanded by adding the CITRIX gateway decoy, allowing you to deploy the CITRIX gateway decoy in the DMZ and get alerts only against VPN login with a legitimate user credential in the network. (FortiDeceptor will leverage the A/D connector to retrieve the username list from the A/D server and validate it using a legitimate user credential.) This innovation allows you to expose the Decoy to the internet network while filtering all the scanning noise and focusing on VPN access attempts using a legitimate user credential in your network.

    • We have improved the ability to add decoys to a Windows Domain network and allowed the addition of the pre-template Windows 10 decoy template.

    • Deception Lure expands the attack surface and maximizes the deception coverage. We have improved the lure resource feature to allow end users to specify the services for customization of the uploaded lure resources.

    • We have expanded the Outbreak vulnerability and added the following vulnerabilities:

      • Mitel MiCollab Unauthorized Access Attack

      • Palo Alto Networks PAN-OS Management Interface Vulnerabilities

      • Apache Struts 2 Remote Code Execution

      • Palo Alto Networks Expedition Missing Authentication Vulnerability

    • We have added support for LDAP service events for decoys that are part of the Active Directory Domain. LDAP (Lightweight Directory Access Protocol) is a network protocol for accessing and managing directory services. For example, LDAP injection is a type of attack that targets vulnerabilities in implementations of the LDAP.

    • We improved the decoy configuration and template by allowing the end-user to delete a specific decoy (IP address) from a decoy VM with multiple network interfaces (IP address) without deleting the entire decoy VM.

    • FortiDeceptor expands the network Asset Discovery module with nine new OT protocols and one IT protocol. For the OT protocols, we have added Saia-Burgess Controls/Ether-S-Bus (sbus), Tridium/Niagara Fox, IEC 61850 MMS, FF-HSE, Opensafety-UDP, Opensafety-Powerlink, and Telnet. The new asset discovery generates the asset inventory using passive network sniffing for network threat visibility and decoy deployment automation.

    Deception Tokens

    • FortiDeceptor integration with FortiClient (EMS) for Deception tokens deployment will allow a more flexible way to deploy the Deception tokens, including devices outside the internal network.
    • In addition, the integration with FortiClient (EMS) will allow to quarantine /un-quarantine a threat actor that the FortiDeceptor detects.

    FortiDeceptor Integration

    • FortiDeceptor integration connector works with Splunk to update the "watch list" with deception credentials that were deployed in real-time across the real endpoints and servers. The integration also automatically identifies if a threat actor uses deception credentials across the network by checking the real-time Splunk logs.
    • We improved the integration between FortiDeceptor and Cisco ISE (NAC solution) that allows the endpoint quarantine by MAC address to support ANC-POLICY instead of EPS-STATUS because of the change in the Cisco ISE technology from version 1.4.
    • We improved the FortiDeceptor Quarantine integration with Checkpoint and added support for cloud management and local appliances.

    General

    • We added support for customized profiles for fabric and SAML SSO users to add more flexibility to the end-user access to the FortiDeceptor Web management console.
    • We added support for the reserved subnet for decoy deployment customization to avoid network overlapping with customer network VLANs.
    • We added a configuration backup and restore securely with encryption, based on a user-provided password and random salt. The backup will cover network definition, lure resources, decoy tokens, decoy templates, deployed decoys (without booting them up, triggering the download first upon recovery), safe list, fabric connectors configuration, network settings, and system settings.
    • We expanded the FortiDeceptor API by adding the option to collect forensic data from a particular IP without a security event, allowing a more flexible mode to use the forensics tools by SOC and incident response teams.
    • We added the option to export Decoy Status via API and XSL/CSV file via GUI.
    • We continue to work on the GUI migration and improving the menu Dashboard and the custom Decoy Image menu with a neutrino component.
    • We implemented a new dashboard widget to display the traffic statistics data for each physical interface.
    • We improved the Decoy Deployment wizard and allowed the end user to provide different input for the domain account to allow the Decoy to join the domain
    Previous
    Next