Skip to content Skip to navigation Skip to footer

Overview

FortiDeceptor, part of Fortinet SecOps Platform, detects and responds to in-network attacks such as stolen credential usage, lateral movement, man-in-the-middle, and ransomware. Adding FortiDeceptor as part of your cybersecurity strategy helps shift your defenses from reactive to proactive with intrusion-based detection layered with contextual intelligence.

Reduce dwell time with early, accurate attack detection (no false positives)

FortiDeceptor lures attackers into revealing themselves early at the reconnaissance stage by engaging with a wide range of deception assets distributed throughout your environment. The platform generates high-fidelity alerts based on real-time engagement with attackers and malware, providing attack activity analysis and attack isolation. This helps alleviate the burden on SOC teams inundated with false-positive alerts. FortiDeceptor offers flexible deployment options: SaaS (cloud-hosted), on-premises (HW/VM), and public cloud (AWS, Azure, GCP).

Watch Now
FortiDeceptor as a service helps overcome common challenges, such as detecting ransomware attacks and zero-day threats, delivering pre-breach warnings, protecting unpatched legacy OT/IoT systems, etc.

Divert attacks outside your network and keep it safe with FortiDeceptor-as-a-Service

FortiDeceptor-as-a-Service, a SaaS-based deception solution, detects and responds to in-network attacks, such as stolen credential usage, lateral movement, man-in-the-middle (MITM), and ransomware. Using an organization’s available IP addresses, decoys run in the FortiDeceptor-as-a-Service platform residing in the Fortinet private cloud. Decoys leverage only unused IP addresses, and do not impact network availability. When an automated/human attacker engages with a decoy, they are already outside your network, and cannot cause any further damage.

Download Solution Brief

Automatically contain in-network attacks before they spread

When an attacker engages with deception assets, for example, fake files on an endpoint, or if malware tries to encrypt fake file, FortiDeceptor can neutralize the attack by automatically isolating any compromised endpoint. This prevents the attack from spreading and stops communication with a C&C server. This can be done using FortiDeceptor’s built-in, automated attack quarantine capabilities or by sending an alert to SIEM/SOAR for an orchestrated response.

Watch Now
fortideceptor ui

Scale up dynamic protection as the threat level increases

To combat emerging threats and vulnerabilities, FortiDeceptor enables on-demand creation of deception decoys based on newly discovered vulnerabilities or suspicious activity, providing automated, dynamic protection across OT/IoT/IT environments. Further, FortiDeceptor response capabilities go beyond SOAR evidence enrichment and automated host quarantine playbooks, by providing a SOAR playbook for on-demand deployment of deception assets in response to suspicious activity in your network.

Features and Benefits

Dynamic deception platform, with extensive support for IT/OT/IoT environments, diverts attackers from sensitive assets to shift the balance to the defender’s advantage.

Visibility & accelerated response

Integrates with Fortinet Security Fabric and third-party security controls (SIEM, SOAR, EDR, sandbox)

Insider threat detection

Reduces dwell time and false positives, detects early recon & lateral movement to misdirect attacks

Forensics & threat intelligence

Captures and analyzes attack activities in real time, provides detailed forensics, collects IOCs & TTPs

Quarantined/unquarantined attacks

Infected endpoints can be quarantined away from the production network

Optimized for OT/IoT Networks

Extensive decoys include SCADA systems, IoT sensors, plus you can upload your own decoys

Easy deployment & maintenance

Asset-match decoys are automatically deployed with no impact on stability and performance

FortiDeceptor Use Cases

Detection
Dynamic deception
Network visibility and breach detection via passive footprint. Detects threats to assets that cannot provide their own telemetry.
Malware Protection
Ransomware mitigation
Early detection and response to ransomware attacks. Misleads malware to encrypt fake files, triggering automatic blocking of the infected endpoint.
icon lateral movement detection
Lateral movement detection
Detects attackers early in the discovery phase and misdirects lateral activities to the decoy and away from real assets.
icon active directory deception
Active directory deception
Provides Active Directory decoys and tokens to detect threats targeting AD.
icon ot
Security for IT/OT/IoT/IoMT
Extensive decoys including SCADA systems, IoT sensors are available, plus the ability to upload your own decoys.
icon detect insider
Layer 2 attack detection
Detects MITM attacks, NBNSSpoofSpotter, NBT-NS, mDNS, LLMNR spoofing, using both active and passive methods.

Enterprise Analyst Validation

ESG FortiDeceptor Showcase Report
ESG Economic Validation on Fortinet SecOps Fabric
Cover of ESG report titled Active Defense and Deception Technology: The Time is Now! Written by John Olsik, distinguished analyst and fellow, and published June 2023
Active Defense and Deception Technology: The Time is Now!
Security operations requirements, like threat detection and response, continue to grow more challenging each year. According to an Economic Validation report from TechTarget’s Enterprise Strategy Group, it can take 168 hours or more, on average, to identify threats, while many threats are never detected. Therefore, CISOs should consider deception technology for improving threat detection and response. Modern deception technology like FortiDeceptor combines the historical value of deception technology with ease of use, automation, and actionable intelligence—creating an active defense. These benefits are especially important for organizations with limited security staff and skills and those merging IT and OT.
View Report »
ESG Economic Validation: The Quantified Benefits of Fortinet Security Operations Solutions. Improved security team operational efficiency and reduced risk to the organization, each by up to 99%. Written by Aviv Kaufmann, Practice Director and Principal Economic Validation Analyst at Enterprise Strategy Group. July 2023
The Quantified Benefits of Fortinet Security Operations Solutions
As enterprises evolve, new technologies emerge, and cybercriminals introduce more sophisticated attacks, security leaders and their teams face a variety of challenges in securing the organization’s networks. This new report published by Enterprise Strategy Group details the benefits of using Fortinet Security Operations solutions, including improved operational efficiency and more effective risk management.
Download Report »

Case Studies

Cirion Technologies
Cirion Technologies
Digital Technology and Infrastructure Provider Optimizes Its Security Service in Latin America with Fortinet’s Advanced Support
Toyota Material Handling
Toyota Material Handling
Toyota Material Handling Converges its IT and OT Environments with the Fortinet Security Fabric
Laguna Woods Village
Laguna Woods Village
FortiGuard Incident Response Helps Large Planned Community Recover from Ransomware
Chandler Unified School District
Chandler Unified School District
Proactively Protecting a Large School District and Its Ever-Growing Attack Surface

Models and Specifications

FortiDeceptor is designed to deceive, expose, and eliminate external and internal threats early in the attack kill chain, and proactively block these threats before any significant damage occurs. It’s available as a hardware and virtual appliance and in a ruggedized version ideal for harsh environments.

View by:

Hardware Appliances

Form Factor
Desktop - fanless
Max VLANs
48
Total Interfaces
6x 1GbE RJ-45 ports
Default RAID level
No
Power Supply Unit
24Vdc - 48Vdc input
Form Factor
1 RU Rackmount
Max VLANs
128
Total Interfaces
4 x GE (RJ45), 4 x GE (SFP)
Default RAID level
1
Power Supply Unit
Dual PSU optional

Virtual Machines

The virtual appliance of FortiDeceptor can be deployed on VMware and KVM platforms.

Max VLANs
128
Ports
6 virtual network interfaces

Resources

Analyst Reports
Blogs
Data Sheets
Podcast
Solution Briefs
Videos
White Papers
Deceive By Design: How To Protect Critical Infrastructure With Deception Technology
Deceive By Design: How To Protect Critical Infrastructure With Deception Technology »

Moshe Ben Simon makes the case and provides examples of how deception technologies can be used in OT systems. This can delay the attacker and give the defender more time to detect and respond to the attack before the attacker succeeds. Deception also provides a high fidelity signal since no one should access the deception device or system.

Security Automation Summit: How To Use Deception Technology To Protect Your OT/ IT Networks
Security Automation Summit: How To Use Deception Technology To Protect Your OT/ IT Networks »

In operational technology environments, safety and continuity are crucial considerations—but traditional security controls simply won’t protect OT infrastructure, much of which wasn't designed to combat today’s fast-evolving threats. With air gaps between IT and OT decreasing and OT/IT devices often deployed in the same segment, bad actors have increased opportunities to move laterally across IT/OT infrastructures.

How to Use Fortinet FortiDeceptor to Protect OT/IT Networks
How to Use Fortinet FortiDeceptor to Protect OT/IT Networks »

FortiDeceptor, Fortinet’s innovative, non-intrusive, agentless OT/IT/IoT deception solution is a force multiplier to current security defenses, providing early detection and response to active in-network threats. The FortiDeceptor decoys generate high-fidelity, intelligence-based alerts that result in an automated incident response to help stop zero-day attacks. In this session, VP Product Management, FortiDeceptor, Moshe Ben Simon, provides valuable tips and insights on how to use deception for early breach detection and protection against cyber threats across the IT/OT environment.

Deception Technology for IT/OT/IoT Environments
Deception Technology for IT/OT/IoT Environments »

Fortinet's FortiDeceptor is a Distributed Deception Platform (DDP), simulating various types of IT, OT, ICS, and IoT decoys, as well as critical applications (e.g. ERP/SAP, etc.).

A New Breach Protection Approach with FortiDeceptor
A New Breach Protection Approach with FortiDeceptor »

Verizon's 2018 DBIR reports two-thirds of breaches come from external attacks while the remaining are from insider threats. FortiDeceptor is built to deceive and redirect both external and internal attacks to a network of decoys. It exposes these reconnaissance attacks and eliminates them, disrupting the entire kill chain before it even begins.

Free Product Demo

Deceive by Design: See how to use deception technology to protect IT/OT assets.

What to Expect:

  • Learn how to deploy a dynamic deception layer based on the latest threats
  • Understand how to early detect and isolate attacks in seconds with zero false-positives
  • Find out how to use decoys to safeguard unpatched OT and IoT systems