FortiDeceptor 检测并响应网络内攻击,例如:使用被盗凭据、横向移动、中间人和勒索软件。将 FortiDeceptor 添加到网络安全策略中,有助于将防御从被动转向主动,利用上下文情报将基于入侵的检测分层。
|
FortiDeceptor 借助分布在整个环境中的各种欺骗资产,诱使攻击者在侦察阶段尽早暴露。该平台根据与攻击者和恶意软件的实时互动生成高保真警报,提供攻击活动分析和攻击隔离。这有助于减轻误报对 SOC 团队造成的负担。FortiDeceptor 还关联了事件和活动,收集了 IOC 和 TTP,使 SOC 团队能够更快做出更明智的决策。
立即观看
当攻击者盗取欺骗资产时,例如端点上的假文件,或者当恶意软件企图加密假文件时,FortiDeceptor 可以通过自动隔离任何被泄露的端点来抵消攻击。这可以防止攻击传播并停止与 C&C 服务器的通信。为此,可以借助 FortiDeceptor 的内置自动攻击隔离功能,也可以通过向 SIEM/SOAR 发送警报进行统筹响应。
为了应对新出现的威胁和漏洞,FortiDeceptor 可以根据新发现的漏洞或可疑活动按需创建欺骗诱饵,从而在 OT/IoT/IT 环境中提供自动化动态防护。此外,FortiDeceptor 的响应能力超越了 SOAR 证据丰富和自动主机隔离程序,通过提供 SOAR 程序来按需部署欺骗资产,以响应网络中的可疑活动。
在对 IT/OT/IoT 环境的广泛支持下,动态欺骗平台将攻击者从敏感资产中转移出来,让防御方占据优势。
可见性和加速响应
与 Fortinet Security Fabric 安全架构和第三方安全控制(SIEM、SOAR、EDR、沙盒)集成
内部威胁检测
减少停留时间和误报,检测早期侦查和横向移动,以误导攻击
取证和威胁情报
实时捕获和分析攻击活动,提供详细的取证,收集 IOC 和 TTP
已隔离/未隔离攻击
受感染的端点可以与生产网络隔离开来
针对 OT/IOT/IOMT 优化
在联机/物理隔离 (脱机) 模式下运行,并提供加固版本
易于部署和维护
使用 ML 易于部署、管理和维护,可自动定制、部署和管理诱饵资产
FortiGuard Labs - Fortinet 的精英网络安全威胁情报和研究机构由经验丰富的威胁猎手、研究人员、分析师、工程师和数据科学家组成,负责开发和增强 FortiGuard AI 驱动的安全服务,并通过 FortiGuard 专家驱动的安全服务提供宝贵的专业帮助。
"我们在公司的总部和全国许多分支机构使用 FortiGate。作为主要处理敏感客户数据的公司,我们需要确保网络受到最佳防火墙解决方案的保护(也要感谢 Gartner 的评论)。"
"我们决定将包括 FortiGate 60E 在内的整个 Fortinet 网络堆栈部署到全部 90 多个零售点中。我们进一步还会将 HA 对中的 FortiGate 200E 部署到所有数据中心。这些统一威胁管理 (UTM) 设备是我用过的最好、功能最丰富的设备之一。"
“解决方案的实施体验非常令人满意。我们与 Fortinet 合作,追求价格和简单性,并得到了我们所期望的结果。"
"实施和配置非常容易,尤其是如果您的网络中已经有其他 Fortinet 产品,它们都绑定在同一个"Security Fabric 安全架构"上,并提供了网络中所有网络设备和事件的良好概述。此外,该产品的价格也非常优惠。"
"FortiGate NGFW 是我们 IT 基础设施的主要守护者。所有网络都需要通过它。它可以轻松地处理所有流量。现在,大多数员工都在家办公,因此 VPN 受到的打击非常严重,但这对于 FortiGate 来说不是问题。"
FortiDeceptor 旨在于在攻击杀伤链中及早欺骗、暴露和消除内外部威胁,并在发生任何重大损害之前主动阻止这些威胁。它可作为硬件和虚拟设备使用,也有十分适合恶劣环境的加固版本。
View by:
外形规格 |
Desktop - fanless |
最大 VLAN |
48 |
总接口 |
6x 1GbE RJ-45 ports |
默认 RAID 级别 |
No |
电源单元 |
24Vdc - 48Vdc input |
外形规格 |
1 RU Rackmount |
最大 VLAN |
128 |
总接口 |
4 x GE (RJ45), 4 x GE (SFP) |
默认 RAID 级别 |
1 |
电源单元 |
Dual PSU optional |
FortiDeceptor 虚拟设备可以部署在 VMware 和 KVM 平台上。
最大 VLAN |
128 |
端口 |
6 virtual network interfaces |
Security operations requirements, like threat detection and response, continue to grow more challenging each year. According an Economic Validation report from TechTarget’s Enterprise Strategy Group, it can take 168 hours or more, on average, to identify threats, while many threats are never detected.1 Therefore, CISOs should consider deception technology for improving threat detection and response. Modern deception technology like FortiDeceptor combines the historical value of deception technology with ease of use, automation, and actionable intelligence—creating an active defense. These benefits are especially important for organizations with limited security staff and skills and those merging IT and OT.
Improved Security Team Operational Efficiency and Reduced Risk to the Organization, Each by Up to 99%
Deception can provide value across the attack chain by not only deceiving adversaries, but also detecting, enabling forensics data, or even helping with real-time mitigation.
Protecting business-critical data is becoming increasingly complex—and by extension, increasingly relevant for today's organizations. One critical element of this evolution is their increasing reliance on, and hyperconnectivity across foundational technologies such as data centers, cloud platforms, SaaS applications, and broadly adopted software vendors like Microsoft and SAP.
Deception technology should be fully integrated with NGFW, NAC, SIEM, Sandbox, SOAR, and EDR solutions to automate the mitigation response based on ransomware detection. By combining deception technology with a comprehensive security platform, organizations will be able to detect and respond to attacks, such as ransomware, long before they can achieve their malicious goals.
FortiDeceptor provides simple-to-use, unintrusive, network-based early detection of threats that target OT and IT environments. Through the deployment of decoys and honeytokens, FortiDeceptor automates the containment of cyberattacks before serious damage occurs.
Moshe Ben Simon makes the case and provides examples of how deception technologies can be used in OT systems. This can delay the attacker and give the defender more time to detect and respond to the attack before the attacker succeeds. Deception also provides a high fidelity signal since no one should access the deception device or system.
In operational technology environments, safety and continuity are crucial considerations—but traditional security controls simply won’t protect OT infrastructure, much of which wasn't designed to combat today’s fast-evolving threats. With air gaps between IT and OT decreasing and OT/IT devices often deployed in the same segment, bad actors have increased opportunities to move laterally across IT/OT infrastructures.
FortiDeceptor, Fortinet’s innovative, non-intrusive, agentless OT/IT/IoT deception solution is a force multiplier to current security defenses, providing early detection and response to active in-network threats. The FortiDeceptor decoys generate high-fidelity, intelligence-based alerts that result in an automated incident response to help stop zero-day attacks. In this session, VP Product Management, FortiDeceptor, Moshe Ben Simon, provides valuable tips and insights on how to use deception for early breach detection and protection against cyber threats across the IT/OT environment.
Fortinet's FortiDeceptor is a Distributed Deception Platform (DDP), simulating various types of IT, OT, ICS, and IoT decoys, as well as critical applications (e.g. ERP/SAP, etc.).
Verizon's 2018 DBIR reports two-thirds of breaches come from external attacks while the remaining are from insider threats. FortiDeceptor is built to deceive and redirect both external and internal attacks to a network of decoys. It exposes these reconnaissance attacks and eliminates them, disrupting the entire kill chain before it even begins.
