FortiDeceptor 偵測並回應網路內攻擊,例如遭竊的憑證使用、橫向移動、中間人和勒索軟體。新增 FortiDeceptor 作為網路安全策略的一部分,幫助將您的防禦從被動轉變為主動,並利用內容相關情報分層進行入侵的偵測。
|
FortiDeceptor 透過與您環境中分佈的各種誘騙資產互動,誘導攻擊者在偵察階段早期暴露自己。該平台會根據與攻擊者和惡意軟體的即時互動,產生高度真實的警示,並提供攻擊活動分析和攻擊隔離。這有助於減輕 SOC 團隊因誤報所造成的負擔。FortiDeceptor 還可關聯事件和行銷活動,並收集 IOC 和 TTP,讓 SOC 團隊制定更加明智快速的決策。
立即觀看
當攻擊者與誘騙資產互動時,例如端點上的假檔案,或者惡意軟體嘗試加密假檔案時,FortiDeceptor 可以透過自動隔離任何遭入侵的端點讓攻擊無效。如此可防止攻擊擴散,並阻止與 C&C 伺服器通訊。這可使用 FortiDeceptor 內建的自動攻擊隔離功能完成,也可以透過向 SIEM/SOAR 傳送警示以獲得協調回應來完成。
為對抗新興威脅和漏洞,FortiDeceptor 可根據新發現的漏洞或可疑活動,按需建立欺騙誘餌,從而為 OT/IoT/IT 環境提供自動化的動態保護。此外,FortiDeceptor 提供了 SOAR 行動手冊用於按需部署誘騙資產,以回應網路中的可疑活動,其回應能力超出 SOAR 證據和自動化的主機隔離行動手冊。
動態誘騙平台,廣泛支援 IT/OT/IoT 環境,可轉移攻擊者對敏感資產的注意力,讓防禦者獲得優勢。
可視性與加速回應
與 Fortinet Security Fabric 和第三方安全控制(SIEM、SOAR、EDR、沙箱)整合
內部威脅偵測
減少停留時間和誤報,偵測早期偵察和橫向移動以誤導攻擊
取證與威脅情報
即時擷取和分析攻擊活動,提供詳細的取證,並收集 IOC 和 TTP
隔離/未隔離攻擊
可將受感染端點從生產網路中隔離
針對 OT/IOT/IOMT 進行最佳化
以線上/氣隙隔離(離線)模式運作,並提供加固版本
輕鬆部署與維護
利用 ML 輕鬆部署、管理和維護,以自動自訂、部署和管理誘餌資產
FortiGuard Labs 是 Fortinet 的精英網路安全威脅情報和研究機構,由經驗豐富的威脅獵人、研究人員、分析師、工程師和資料科學家組成,其目的在於開發和增強 FortiGuard AI 驅動的安全服務,並透過 FortiGuard 專家驅動的安全服務提供有價值的專家協助。
"我們在公司的總部和全國許多分支機構使用 FortiGate。對於主要處理敏感客戶資料的公司,我們需要確保我們的網路受到可用的最佳防火牆解決方案的保護(這也要感謝 Gartner 評論)。"
"我們決定將包括 FortiGate 60E 在內的完整 Fortinet 網路堆疊部署到我們所有 90 多個零售點。我們進一步以 HA 對的形式將 FortiGate 200E 部署到所有資料中心位置。這些 UTM 設備是我用過的最好的、功能最豐富的。"
「我們實施該解決方案的經歷非常令人滿意。我們選擇 Fortinet 是因為價格和簡單性,我們已經得到了我們想要的。"
「非常易於實施和設定,尤其是如果您的網路中已有其他 Fortinet 產品,它們都與單一「Security Fabric」結合,並對您網路中的所有網路裝置和事件提供了一個很完整的概述。而且這些產品的價格也很實惠」
「FortiGate NGFW 是我們 IT 基礎設施的主要防護裝置。所有網路都會經過它。它可以輕鬆處理我們所有的流量。現在,大多數員工都在家工作,因此 VPN 受到嚴重打擊,但這對 FortiGate 來說不是問題。」
FortiDeceptor 目的是為了在攻擊鏈早期誘騙、暴露和消除內外部威脅,並主動封鎖這些威脅,以免發生任何重大損害。它可作為硬體和虛擬設備使用,並提供加固版本,非常適合嚴苛的環境。
導覽:
形式 |
Desktop - fanless |
最大 VLAN 數 |
48 |
介面總數 |
6x 1GbE RJ-45 ports |
預設 RAID 層級 |
No |
電源供應器 |
24Vdc - 48Vdc input |
形式 |
1 RU Rackmount |
最大 VLAN 數 |
128 |
介面總數 |
4 x GE (RJ45), 4 x GE (SFP) |
預設 RAID 層級 |
1 |
電源供應器 |
Dual PSU optional |
FortiDeceptor 的虛擬設備可以部署在 VMware 和 KVM 平台上。
最大 VLAN 數 |
128 |
連接埠 |
6 virtual network interfaces |
Security operations requirements, like threat detection and response, continue to grow more challenging each year. According an Economic Validation report from TechTarget’s Enterprise Strategy Group, it can take 168 hours or more, on average, to identify threats, while many threats are never detected.1 Therefore, CISOs should consider deception technology for improving threat detection and response. Modern deception technology like FortiDeceptor combines the historical value of deception technology with ease of use, automation, and actionable intelligence—creating an active defense. These benefits are especially important for organizations with limited security staff and skills and those merging IT and OT.
Improved Security Team Operational Efficiency and Reduced Risk to the Organization, Each by Up to 99%
Deception can provide value across the attack chain by not only deceiving adversaries, but also detecting, enabling forensics data, or even helping with real-time mitigation.
Protecting business-critical data is becoming increasingly complex—and by extension, increasingly relevant for today's organizations. One critical element of this evolution is their increasing reliance on, and hyperconnectivity across foundational technologies such as data centers, cloud platforms, SaaS applications, and broadly adopted software vendors like Microsoft and SAP.
Deception technology should be fully integrated with NGFW, NAC, SIEM, Sandbox, SOAR, and EDR solutions to automate the mitigation response based on ransomware detection. By combining deception technology with a comprehensive security platform, organizations will be able to detect and respond to attacks, such as ransomware, long before they can achieve their malicious goals.
FortiDeceptor provides simple-to-use, unintrusive, network-based early detection of threats that target OT and IT environments. Through the deployment of decoys and honeytokens, FortiDeceptor automates the containment of cyberattacks before serious damage occurs.
Whether a security breach happens due to an external or internal attack, it can take months for an organization to discover the breach and begin remediation.
Moshe Ben Simon makes the case and provides examples of how deception technologies can be used in OT systems. This can delay the attacker and give the defender more time to detect and respond to the attack before the attacker succeeds. Deception also provides a high fidelity signal since no one should access the deception device or system.
In operational technology environments, safety and continuity are crucial considerations—but traditional security controls simply won’t protect OT infrastructure, much of which wasn't designed to combat today’s fast-evolving threats. With air gaps between IT and OT decreasing and OT/IT devices often deployed in the same segment, bad actors have increased opportunities to move laterally across IT/OT infrastructures.
FortiDeceptor, Fortinet’s innovative, non-intrusive, agentless OT/IT/IoT deception solution is a force multiplier to current security defenses, providing early detection and response to active in-network threats. The FortiDeceptor decoys generate high-fidelity, intelligence-based alerts that result in an automated incident response to help stop zero-day attacks. In this session, VP Product Management, FortiDeceptor, Moshe Ben Simon, provides valuable tips and insights on how to use deception for early breach detection and protection against cyber threats across the IT/OT environment.
Fortinet's FortiDeceptor is a Distributed Deception Platform (DDP), simulating various types of IT, OT, ICS, and IoT decoys, as well as critical applications (e.g. ERP/SAP, etc.).
Verizon's 2018 DBIR reports two-thirds of breaches come from external attacks while the remaining are from insider threats. FortiDeceptor is built to deceive and redirect both external and internal attacks to a network of decoys. It exposes these reconnaissance attacks and eliminates them, disrupting the entire kill chain before it even begins.
