Fortinet Network Detection and Response
FortiDeceptor lures attackers into revealing themselves early at the reconnaissance stage by engaging with a wide range of deception assets distributed throughout your environment. The platform generates high-fidelity alerts based on real-time engagement with attackers and malware, providing attack activity analysis and attack isolation. This helps alleviate the burden on SOC teams inundated with false-positive alerts. FortiDeceptor also correlates incident and campaign activities and collects IOCs and TTPs, allowing SOC teams to make smarter, faster decisions.Further, FortiDeceptor response capabilities go beyond SOAR evidence enrichment and automated host quarantine playbooks, by providing a SOAR playbook for on-demand deployment of deception assets in response to suspicious activity in your network.
Features
VISIBILITY & ACCELERATED RESPONSE
Integrates with Fortinet Security Fabric and third-party security controls (SIEM, SOAR, EDR, sandbox)
INSIDER THREAT DETECTION
Reduces dwell time and false positives, detects early recon & lateral movement to misdirect attacks
FORENSICS & THREAT INTELLIGENCE
Captures and analyzes attack activities in real time, provides detailed forensics, collects IOCs & TTPs
QUARANTINED/UNQUARANTINED ATTACKS
Infected endpoints can be quarantined away from the production network
OPTIMIZED FOR OT/IOT/IOMT
Operates in online/air-gapped (offline) modes and a ruggedized version is available