FortiDeceptor is designedto deceive, expose, andeliminate external and internal threats early in the attack kill chain and proactively block these threats before any significant damage occurs.

To monitor and analyze the real world network and application traffic activity, FortiDeceptor work flow deployed as following steps:

FortiDeceptor Work Flow Detail

1. FortiDeceptor deploys decoys with different OS types equipped with lures (e.g. RDP/ SMB/Credentials/HoneyDocs) that appear indistinguishable from real IT and OT assets and are highly interactive.
2. FortiDeceptor acts as an early warning system that exposes attacker’s malicious intent and tracks lateral movement, which translates to real-time alerts sent to FortiDeceptor, as well as FortiAnalyzer and FortiSIEM for review and validation. FortiDeceptor applies analytics powered by FortiGuard Labs, FortiSandbox, and VirusTotal intelligence, to a consolidated set of security events and correlates them to the campaigns with timeline of activities.
3. FortiDeceptor allows security analyst to manually investigate and apply manual remediation or automatically block these attacks based on severity before actual damage occurs via integration with FortiGate, FortiNAC, and FortiSOAR