Fortinet FortiDeceptor 100G
A Non-Intrusive, Agentless Deception Solution to
Detect and Stop Active In-Network Attacks
Click here to jump to more pricing!
Overview:
FortiDeceptor is Fortinet’s non-intrusive, agentless deception platform that puts the power back into the hand of defenders, with the ability to deceive attackers into engaging with fake assets and ultimately revealing themselves.
A force multiplier to current security defenses, FortiDeceptor combines the concept of honeypot with threat analytics and threat mitigation capabilities. This is achieved by distributing a layer of deception assets across the network—decoys and tokens, such as fake keys and files on endpoints and servers—and creating a system of traps that look and operate like any other real asset across IT, OT, and IoT networks, intended to deceive, detect, and isolate known and unknown human and automated attacks.
With FortiDeceptor, instead of waiting for the threat actor to make a mistake and then detect their presence, you can now embrace an active defense approach where any step the attacker takes—whether they try to escalate privileges or run malware—becomes an opportunity for you to detect them.
Early Threat Detection, Minimal Network Impact
FortiDeceptor works by deploying and running decoys from the FortiDeceptor console using available IP addresses. As decoys leverage unused IP addresses across the different network segments, they do not impact network availability and, to the attacker, they seem like an integral part on your network. These IP addresses do not correspond to any real host or device on the network.
The FortiDeceptor platform consists of several deception components that together provide an authentic and scalable layer of deception assets that are identical to other assets across your network. These decoys are fake assets, such as industrial control systems, medical devices, ATMs, tank gauges, POS devices, IoT devices, network infrastructure, and more, that run real operating systems and services and generate fake but limited traffic to lure attackers to them, diverting them away from sensitive assets. FortiDeceptor provides an extensive inventory of decoys. You can also ‘bring your own decoys’ and upload your own golden images.
To expand the deception layer event further, FortiDeceptor places breadcrumbs (or tokens) on real endpoints and servers. These are fake documents, files, or fake credentials, that attackers look to leverage to move laterally or encrypt. The breadcrumbs, which are indistinguishable from real files and credentials, are designed to deceive the attacker or malware to laterally move to the decoy. FortiDeceptor immediately detects any use of fake credentials, generates alerts, and automatically isolates the endpoint using built-in endpoint isolation capabilities or security orchestration, automation, and response (SOAR) playbooks.
Accelerated Incident Response
The solution generates high-fidelity, zero false-positive alerts, providing security teams with a unique advantage over malicious activity, and unparalleled visibility to detect and stop attacks, credential thefts, lateral movement, and malware activity. It also provides compensating security control when patching or when other security controls aren’t an option. A good example of this is in OT environments where patches aren’t available; even when patches are available, the time and effort required for maintenance is arduous.
Once a malware or human attacker engages with a fake or a decoy asset, an alert is generated and sent to security information and event management (SIEM), SOAR, or any threat intelligence platform you’re using. The decoy then starts capturing and analyzing the activities in real time and generates threat intelligence using eight built-in intelligence engines for detailed and accurate analysis.
FortiDeceptor does not require highly skilled security analysts to deploy or manage the solution. It centralizes and automates the entire process—from deception deployment to evidence analytics to quarantined and unquarantined attacks to the implementation of dynamic protection layers.
Protection Against Evolving Threats
To combat emerging threats, FortiDeceptor enables on-demand creation of deception decoys based on newly discovered vulnerabilities or suspicious activity, providing automated, dynamic protection across IT, OT, and IoT environments
- Implement zero-day protection: Attackers often target vulnerable assets first. With FortiDeceptor’s advanced outbreak feature, you can now purposefully deploy decoys with recently disclosed vulnerabilities to attract, automatically detect, and quarantine malicious activities early in the kill chain. When a vulnerability is reported by FortiGuard Labs, the vulnerability emulator is automatically pushed as a feed to the outbreak decoy without requiring a software update.
- Rapid threat hunting to identify indicators of compromise (IOCs): FortiDeceptor’s integration with SOAR provides on-demand deception asset deployment, triggered by SOAR playbooks to help hunt and quarantine any malicious activity. When suspicious activity is detected, a SOAR playbook can automatically initiate the deployment of decoys and tokens in that specific segment to help detect an attack and capture intel.
In addition, FortiDeceptor offers integrations with leading security tools, as well as with the Fortinet Security Fabric, providing orchestrated threat mitigation and enriched attack intelligence
Deception for OT and IoT environments
OT environments are diverse, with numerous, multi-vendor devices and systems often designed without built-in security. Hardening mostly legacy systems via monitoring agents or security patching to mitigate risks is not always an option due to continuity, costs, patch availability, and more. FortiDeceptor’s decoys simulate various types of IT, OT, ICS, and IoT devices, as well as critical applications such as SAP and ERP that can be deployed across all levels of the Purdue model.
FortiDeceptor works by automatically running active and passive asset discovery, creating asset inventory, and recommending optimized decoy placement across the IT and OT network. It can operate in online or air-gapped modes, and is also available as an industrially-hardened rugged appliance: the FortiDeceptor Rugged 100G, designed specifically for harsh industrial environments.
Feature Benefits
- Provide actionable insights, increase SOC effectiveness
- Extend support to challenging areas (IoT and OT environments)
- Provide early, substantiated warning (no false-positives)
- Scale automatically as the risk level increases
- Detect new or unknown threats and malicious insiders
Benefits:
Accurate, Early Detection and Fast Response
- Reduces dwell time and false-positives
- Detects early reconnaissance and lateral movements
- Built-in, automated attack quarantine capabilities stop attacks before they spread
- Automatically scales as risk level rises
- Helps mitigate ransomware by leading malware to encrypt fake files, triggering automatic blocking of the infected endpoint
- Automatically deploys vulnerable decoys based on FortiGuard Labs latest outbreak alerts
- Integrates with the Fortinet Security Fabric and third-party security controls
Enrich Actionable Insights, Increase SOC Effectiveness
- Generates high-fidelity, actionable alerts based on real-time interactions with adversaries
- Correlates malicious activities using eight different forensic engines to help analysts investigate, gather forensic evidence, monitor, and automatically stop attacks in progress
- Closes visibility gaps with in-progress attack intel and detailed forensics
- Provides attack replays and attack visualizations
- Low-friction deployment and maintenance via automation
Extend Support to Challenging Areas
- Optimized OT, IoT, and IoMT decoys designed to expose and block threats to industrial systems, IoT, and IoMT devices
- Agentless and non-intrusive, with zero impact on mission-critical operations
- Ease of installation (one-day operation) and use; does not require any network topology changes
- Detects threats to assets that cannot provide their own telemetry
- Available across every attack surface, including on-premise, cloud, and IT, OT, IoT, and IoMT environments
- Operates in both online and air-gapped modes
Specifications:
FORTIDECEPTOR 100G |
||
---|---|---|
Capacity and Performance |
||
Size RAM |
DDR4-2400 48 GB ECC RDIMM (16GBx1 + 32GBx1) |
|
On Board Flash |
16GB (M.2 2242) |
|
Decoy VM Support |
Combination of Windows 7, Windows 10, Windows 10 (customizable BYOL), Windows Server 2016 and 2019 (customizable BYOL), Linux, VPN Server, Medical (PACS, Infusion pump), POS, ERP, IoT (Router, Printer and Camera), SAP and/or SCADA, up to 8 Deception VMs and 48 VLANs, Outbreak,VOIP, TOMCAT, ESXi, Elastic-Search |
|
Decoy Services |
SSL VPN, SSH, SAMBA, SMB, RDP, HTTP/S, SQL, GIT, DICOM, Telnet, FTP, TFTP, SNMP, MODBUS, S7COMM, BACNET, IPMI, TRICONEX, GUARDIAN-AST, IEC104, EtherNet/IP, DNP3, JET-DIRECT, RTSP, UPnP, CDP and TCP port listener, SMTP, RADIUS, Mysql, MQTT, SIP, XMPP |
|
Deception VMs Shipped |
Deceptor Bundle Contract included license for Deception Decoys, Deception Lure plus FortiGuard Services Subscriptions (AREA, AV, IPS, and Web Filtering).1 VLAN unit price, minimum order of 2 VLAN |
|
Hardware Specifications |
||
Form Factor |
Desktop - fanless |
|
Total Interfaces |
6x 1GbE RJ-45 ports |
|
Storage Capacity |
2.5 inch SATA SSD 1TB (1TBx1) |
|
Usable Storage (After RAID) |
2GB USB DOM, SATA-DOM or M.2 (SATA) |
|
Removable Hard Drives |
No |
|
RAID 1 |
No |
|
Default RAID Level |
No |
|
Power Supply |
Powered by External DC Power Adapter, 100-240V, 1.8A, 50-60Hz |
|
Dimensions |
||
Height x Width x Length (inches) |
3.85 x 10.82 x 8.86 |
|
Height x Width x Length (cm) |
98 x 275 x 225 |
|
Weight |
16.63 lbs (5.73 kg) |
|
Environments |
||
AC Power Supply |
N/A |
|
DC Power Supply |
Input: 24-48Vdc 3.45-1.77A |
|
Power Consumption (Max / Average) |
+24V (66.11W), +48V (73.92W)/ +24V (54.1W), +48V (60.5W) |
|
Maximum Current |
+24V (3.45A), +48V (1.77A) |
|
Heat Dissipation |
+24V (259.69 BTU/h), +48V (286.34 BTU/h) |
|
Operating Temperature |
32°F to 104°F (0°C to 40°C) |
|
Storage Temperature |
-40°F to 158°F (-40°C to 70°C) |
|
Humidity |
5% to 95% (non-condensing) |
|
Operating Altitude |
Up to 13 123 ft (4000 m) |
|
IP Rating |
IP40 |
|
Compliance |
||
Safety Certifications |
Onboard flash is 8GB Safety Certifications – FCC, ICES, CE, RCM, VCCI class A CB: Low Voltage Directive (LVD) 2014/35/EU IEC 62368-1 2nd Edition IEC 62368-1 3rd Edition UL/CSA: UL 62368-1 3rd Edition |
Documentation:
Download the FortiDeceptor Data Sheet (PDF).
Pricing Notes:
- All prices displayed are Ex-VAT. 20% VAT is added during the checkout process.
- Hardware plus 24x7 FortiCare, FortiGuard Threat Intelligence and Custom VM Bundle (maximum allowed Custom VMs)
Hardware Unit, 24x7 FortiCare Support, Advanced Hardware Replacement (NBD), Firmware and General Upgrades (FortiSandbox engine), FortiGuard AV, IPS, Web Filtering, File Query plus subscription for maximum allowed custom sandbox VMs. Does not include Windows or MS Office licenses i.e. BYOL - Hardware plus 24x7 FortiCare, FortiGuard Threat Intelligence and Licensed VM Bundle (maximum allowed Licensed VM)
Hardware Unit, 24x7 FortiCare Support, Advanced Hardware Replacement (NBD), Firmware and General Upgrades (FortiSandbox engine), FortiGuard AV, IPS, Web Filtering, File Query plus maximum allowed Licensed Sandbox VMs including the necessary Windows and MS Office licenses - 24x7 FortiCare plus FortiGuard Threat Intelligence
24x7 FortiCare Support, Advanced Hardware Replacement (NBD), Firmware and General Upgrades (FortiSandbox engine), and FortiGuard AV, IPS, Web Filtering, File Query - 24x7 FortiCare, FortiGuard Threat Intelligence and Custom VM Bundle (maximum allowed Custom VMs)
24x7 FortiCare Support, Advanced Hardware Replacement (NBD), Firmware and General Upgrades (FortiSandbox engine), FortiGuard AV, IPS, Web Filtering, File Query plus subscription for maximum allowed custom sandbox VMs. Does not include Windows or MS Office licenses i.e. BYOL - Prices are for one year of Premium RMA support. Usual discounts can be applied.
- Annual contracts only. No multi-year SKUs are available for these services.
- Contact Fortinet Renewals team for upgrade quotations for existing FortiCare contracts.
- Pricing and product availability subject to change without notice.