FortiDeceptor lures attackers into revealing themselves early at the reconnaissance stage by engaging with a wide range of deception assets distributed throughout your environment. The platform generates high-fidelity alerts based on real-time engagement with attackers and malware, providing attack activity analysis and attack isolation. This helps alleviate the burden on SOC teams inundated with false-positive alerts. FortiDeceptor also correlates incident and campaign activities and collects IOCs and TTPs, allowing SOC teams to make smarter, faster decisions.Further, FortiDeceptor response capabilities go beyond SOAR evidence enrichment and automated host quarantine playbooks, by providing a SOAR playbook for on-demand deployment of deception assets in response to suspicious activity in your network.

Features

VISIBILITY & ACCELERATED RESPONSE

Integrates with Fortinet Security Fabric and third-party security controls (SIEM, SOAR, EDR, sandbox)


INSIDER THREAT DETECTION

Reduces dwell time and false positives, detects early recon & lateral movement to misdirect attacks


FORENSICS & THREAT INTELLIGENCE

Captures and analyzes attack activities in real time, provides detailed forensics, collects IOCs & TTPs


QUARANTINED/UNQUARANTINED ATTACKS

Infected endpoints can be quarantined away from the production network


OPTIMIZED FOR OT/IOT/IOMT

Operates in online/air-gapped (offline) modes and a ruggedized version is available