作为 Fortinet SecOps 平台重要组件之一,FortiDeceptor 可快速检测并响应各类网内攻击,如:凭据窃取、威胁横向移动、中间人攻击和勒索软件攻击。部署 FortiDeceptor 并集成至现有网络安全策略,组织可利用丰富的上下文情报实现基于入侵的分层检测,助力组织从传统被动式防御转变为主动式防御模式。
|
FortiDeceptor 借助分布于整个网络环境的大量欺骗资产,诱骗攻击者在侦察阶段早期即自行暴露。此外,该解决方案还可根据系统与攻击者和恶意软件的实时互动,为用户生成高保真告警,提供攻击活动分析,并进行攻击隔离。这些举措均有助于减轻大量告警误报对 SOC 团队造成的繁重任务负担。FortiDeceptor提供灵活的部署选项:SaaS(云托管)、本地部署(硬件/虚拟机)和公有云(AWS、Azure、GCP)。
立即观看
FortiDeceptor-as-a-Service(作为服务提供的欺骗解决方案)是一款基于SaaS的欺骗方案,能够检测并应对网络内部攻击,例如被盗凭证使用、横向移动、中间人攻击(MITM)以及勒索软件攻击。利用组织的可用IP地址,诱饵程序在位于Fortinet私有云中的FortiDeceptor-as-a-Service平台上运行。诱饵仅利用未使用的IP地址,不会影响网络可用性。当自动化/人工攻击者与诱饵互动时,他们已处于网络外部,无法造成进一步损害。
下载解决方案简报
|
当攻击者企图窃取终端上的虚假文件等欺骗资产时,或当恶意软件企图加密虚假文件时,FortiDeceptor 均可自动隔离任意被入侵终端,及时遏制攻击行为。这可阻止攻击扩散,并切断与C&C服务器的通信。借助 FortiDeceptor 内置攻击自动隔离功能,或向 SIEM/SOAR 发送告警进行协同响应,均可实现此类防护。
马上观看
为应对新兴威胁与漏洞,FortiDeceptor可基于新发现的漏洞或可疑活动即时创建诱饵系统,在运营技术/物联网/信息技术环境中提供自动化动态防护。除了由 SOAR 提供对目标主机进行自动隔离的丰富 Playbook 外,FortiDeceptor 还支持按需部署欺骗资产的 SOAR Playbook,以快速响应网络中潜伏的可疑活动。
动态欺骗防护平台可将攻击者诱离敏感资产,全面保护 IT/OT/IoT 环境,助力防御者抢占先机。
可见性 & 加速响应
与 Fortinet Security Fabric 和第三方安全控制组件(SIEM、SOAR、EDR、沙箱)广泛集成
内部威胁检测
减少攻击者停留时间和告警误报,有效检测早期侦查和横向移动,实现迷惑各类攻击的目的
取证 & 威胁情报
实时捕获和分析攻击活动,提供详细的取证信息,收集入侵指标(IOC)和攻击者使用的战术、技术和程序(TTP)
隔离/解除隔离攻击
自动将受感染终端与生产网络快速隔离
针对OT/IoT网络进行优化
广泛的诱饵包括监控和数据采集系统、物联网传感器,此外您还可以上传自己的诱饵。
轻松部署 & 维护
自动部署与资产相匹配的诱饵,丝毫不影响运行稳定性和性能表现
FortiDeceptor 旨在帮助用户在攻击杀伤链早期欺骗、暴露和消除各类内外部威胁,并在攻击者造成严重破坏前主动拦截威胁。FortiDeceptor 支持硬件和虚拟机两种部署模式,并提供适用于恶劣环境的加固版可供用户选购。
View by:
外形 |
台式机 - 无风扇 |
最大 VLAN 数 |
48 |
接口总数 |
6个1GbE RJ-45端口 |
默认 RAID 等级 |
否 |
适用电源 |
24V直流 - 48V直流输入 |
外形 |
1RU机架安装 |
最大 VLAN 数 |
128 |
接口总数 |
4 个千兆以太网(RJ45),4 个千兆以太网(SFP) |
默认 RAID 等级 |
1 |
适用电源 |
可选双电源供应器 |
Improved Security Team Operational Efficiency and Reduced Risk to the Organization, Each by Up to 99%
Security operations requirements, like threat detection and response, continue to grow more challenging each year. According an Economic Validation report from TechTarget’s Enterprise Strategy Group, it can take 168 hours or more, on average, to identify threats, while many threats are never detected.1 Therefore, CISOs should consider deception technology for improving threat detection and response. Modern deception technology like FortiDeceptor combines the historical value of deception technology with ease of use, automation, and actionable intelligence—creating an active defense. These benefits are especially important for organizations with limited security staff and skills and those merging IT and OT.
Deception can provide value across the attack chain by not only deceiving adversaries, but also detecting, enabling forensics data, or even helping with real-time mitigation.
Protecting business-critical data is becoming increasingly complex—and by extension, increasingly relevant for today's organizations. One critical element of this evolution is their increasing reliance on, and hyperconnectivity across foundational technologies such as data centers, cloud platforms, SaaS applications, and broadly adopted software vendors like Microsoft and SAP.
Deception technology should be fully integrated with NGFW, NAC, SIEM, Sandbox, SOAR, and EDR solutions to automate the mitigation response based on ransomware detection. By combining deception technology with a comprehensive security platform, organizations will be able to detect and respond to attacks, such as ransomware, long before they can achieve their malicious goals.
FortiDeceptor is a simple-to-use, non-intrusive solution that provides early detection of threats that target OT and IT environments. By deploying decoys and honeytokens, FortiDeceptor automates the containment of cyberattacks before serious damage occurs.
With FortiDeceptor-as-a-Service, you can leverage advanced deception technologies to deceive attackers into engaging with fake assets, data, and applications.
Moshe Ben Simon makes the case and provides examples of how deception technologies can be used in OT systems. This can delay the attacker and give the defender more time to detect and respond to the attack before the attacker succeeds. Deception also provides a high fidelity signal since no one should access the deception device or system.
In operational technology environments, safety and continuity are crucial considerations—but traditional security controls simply won’t protect OT infrastructure, much of which wasn't designed to combat today’s fast-evolving threats. With air gaps between IT and OT decreasing and OT/IT devices often deployed in the same segment, bad actors have increased opportunities to move laterally across IT/OT infrastructures.
FortiDeceptor, Fortinet’s innovative, non-intrusive, agentless OT/IT/IoT deception solution is a force multiplier to current security defenses, providing early detection and response to active in-network threats. The FortiDeceptor decoys generate high-fidelity, intelligence-based alerts that result in an automated incident response to help stop zero-day attacks. In this session, VP Product Management, FortiDeceptor, Moshe Ben Simon, provides valuable tips and insights on how to use deception for early breach detection and protection against cyber threats across the IT/OT environment.
Fortinet's FortiDeceptor is a Distributed Deception Platform (DDP), simulating various types of IT, OT, ICS, and IoT decoys, as well as critical applications (e.g. ERP/SAP, etc.).
Verizon's 2018 DBIR reports two-thirds of breaches come from external attacks while the remaining are from insider threats. FortiDeceptor is built to deceive and redirect both external and internal attacks to a network of decoys. It exposes these reconnaissance attacks and eliminates them, disrupting the entire kill chain before it even begins.
