Skip to content Skip to navigation Skip to footer
New Enterprise Strategy Group finds Fortinet Security Operations solutions improve security team operational efficiency and reduce risk to the organization by up to 99%
Overview
Security Services
Case Studies & Reviews
Models & Specs
Resources

Overview

FortiDeceptor detects and responds to in-network attacks such as stolen credential usage, lateral movement, man-in-the-middle, and ransomware. Adding FortiDeceptor as part of your cybersecurity strategy helps shift your defenses from reactive to proactive with intrusion-based detection layered with contextual intelligence.

video how to use fortinet fortideceptor protect ot it networks

Early, accurate attack detection (no false positives) reduces attacker’s dwell time

FortiDeceptor lures attackers into revealing themselves early at the reconnaissance stage by engaging with a wide range of deception assets distributed throughout your environment. The platform generates high-fidelity alerts based on real-time engagement with attackers and malware, providing attack activity analysis and attack isolation. This helps alleviate the burden on SOC teams inundated with false-positive alerts. FortiDeceptor also correlates incident and campaign activities and collects IOCs and TTPs, allowing SOC teams to make smarter, faster decisions.

Watch Now
fortideceptor ui

Automatically contains in-network attacks before they spread

When an attacker engages with deception assets, for example, fake files on an endpoint, or if malware tries to encrypt fake file, FortiDeceptor can neutralize the attack by automatically isolating any compromised endpoint. This prevents the attack from spreading and stops communication with a C&C server. This can be done using FortiDeceptor’s built-in, automated attack quarantine capabilities or by sending an alert to SIEM/SOAR for an orchestrated response.

Dynamic protection scales up as the threat level increases

To combat emerging threats and vulnerabilities, FortiDeceptor enables on-demand creation of deception decoys based on newly discovered vulnerabilities, or suspicious activity, providing automated, dynamic protection across OT/IoT/IT environments. Further, FortiDeceptor response capabilities go beyond SOAR evidence enrichment and automated host quarantine playbooks, by providing a SOAR playbook for on-demand deployment of deception assets in response to suspicious activity in your network.

Features and Benefits

Dynamic deception platform, with extensive support for IT/OT/IoT environments, diverts attackers from sensitive assets to shift the balance to the defender’s advantage.

VISIBILITY & ACCELERATED RESPONSE

Integrates with Fortinet Security Fabric and third-party security controls (SIEM, SOAR, EDR, sandbox)

INSIDER THREAT DETECTION

Reduces dwell time and false positives, detects early recon & lateral movement to misdirect attacks

FORENSICS & THREAT INTELLIGENCE

Captures and analyzes attack activities in real time, provides detailed forensics, collects IOCs & TTPs

QUARANTINED/UNQUARANTINED ATTACKS

Infected endpoints can be quarantined away from the production network

OPTIMIZED FOR OT/IOT/IOMT

Operates in online/air-gapped (offline) modes and a ruggedized version is available

EASY DEPLOYMENT & MAINTENANCE

Easy to deploy, manage & maintain with ML to automatically customize, deploy, & manage decoy assets

FortiDeceptor Use Cases

Detection
DYNAMIC DECEPTION
Network visibility and breach detection via passive footprint. Detects threats to assets that cannot provide their own telemetry.
Malware Protection
RANSOMWARE MITIGATION
Early detection and response to ransomware attacks. Misleads malware to encrypt fake files, triggering automatic blocking of the infected endpoint.
Hybrid Workforce
LATERAL MOVEMENT DETECTION
Detects attackers early in the discovery phase and misdirects lateral activities to the decoy and away from real assets.
icon threat hunting
THREAT HUNTING
Enables in-network threat detection, tracks attack origin, gathers TTPs by observing attackers, provides intelligence for rapid response.
Secure Worker
SECURITY FOR IT/OT/IOT/IOMT
Extensive decoys including SCADA systems, IoT sensors are available, plus the ability to upload your own decoys.

Enterprise Analyst Validation

ESG Economic Validation on Fortinet SecOps Fabric
ESG Economic Validation: The Quantified Benefits of Fortinet Security Operations Solutions. Improved security team operational efficiency and reduced risk to the organization, each by up to 99%. Written by Aviv Kaufmann, Practice Director and Principal Economic Validation Analyst at Enterprise Strategy Group. July 2023
The Quantified Benefits of Fortinet Security Operations Solutions
As enterprises evolve, new technologies emerge, and cybercriminals introduce more sophisticated attacks, security leaders and their teams face a variety of challenges in securing the organization’s networks. This new report published by Enterprise Strategy Group details the benefits of using Fortinet Security Operations solutions, including improved operational efficiency and more effective risk management.
Download Report »

FortiGuard AI-Powered Security Services

FortiGuard Labs - Fortinet’s elite cybersecurity threat intelligence and research organization comprised of experienced threat hunters, researchers, analysts, engineers, and data scientists - develops and enhances FortiGuard AI-powered Security Services as well as provides valuable expert help through FortiGuard Expert-driven Security Services.

Show All Services
Content Security
Web Security
Device Security
Application Security
SOC NOC Security
Protect Against Web-borne Threats with FortiGuard URL Filtering Service.
FortiGuard URL Filtering Service

Provides comprehensive threat protection to address threats including ransomware, credential-theft, phishing, and other web-borne attacks.

Case Studies

Chandler Unified School District
Chandler Unified School District
Proactively Protecting a Large School District and Its Ever-Growing Attack Surface
IT Solutions Partner
IT Solutions Partner
IT Solutions Provider Chooses FortiDeceptor to Detect and Block In-Network Attacks
Regional Hospital System
Regional Hospital System
FortiDeceptor Delivers Breach Protection for Critical Healthcare Services
DefendEdge
DefendEdge
Chicago-based MSSP Powers Diverse Security Use Cases With the Fortinet Security Fabric

Gartner Peer Reviews

The Gartner Peer Insights Customers’ Choice is a recognition of vendors in this market by verified end-user professionals, taking into account both the number of reviews and the overall user ratings. To ensure fair evaluation, Gartner maintains rigorous criteria for recognizing vendors with a high customer satisfaction rate. gartner peer insights customers choice badge 2021 gartner peer insights customers choice badge 2020
★★★★★
"Stable and Reliable Firewall"

"We use FortiGate in our company's HQ and many of the branches across the country. For a company that deals mainly with sensitive customers data, we needed to make sure that our networks are protected by the best firewall solution that's available (also thanks to Gartner reviews)."

—  Cloud Infrastructure Engineer in the Finance Industry
★★★★★
"Tons Of Value in a Small Package"

"We decided to deploy the full Fortinet network stack including FortiGate 60E's to all 90+ of our retail locations. We further deployed FortiGate 200E's in HA pairs to all datacenter locations. These UTM appliances are some of the best and most feature rich I have ever used."

—  Director of IT in the Retail Industry
★★★★★
"Delivered What We Were Looking For"

“Our experience with implementing this solution has been very satisfactory. We went with Fortinet for price and simplicity and have received what we were looking for." 

—  VP, Deputy CIO in the Finance Industry
★★★★★
"Strong Firewall Solution That Protects Your Business Systems"

"Very easy to implement and configure, especially if you already have other Fortinet products in your network they all bind in to the one "security fabric" and provide a great overview of all your network devices and events in your network. Also the price is superb for such product."

— Programmer in the Finance Industry
★★★★★
"NGFW That Needs To Be In Your Company"

"FortiGate NGFW is the main guard of our IT infrastructure. All network goes through it. It can easily handle all our traffic. Now, most of the employees are working from home so VPN is getting hit really bad, but that is not a problem for FortiGate."

— PHP Backend Developer in the Finance Industry

Models and Specifications

FortiDeceptor is designed to deceive, expose, and eliminate external and internal threats early in the attack kill chain, and proactively block these threats before any significant damage occurs. It’s available as a hardware and virtual appliance and in a ruggedized version ideal for harsh environments.

View by:

  • Hardware Appliances
  • Virtual Machines

Hardware Appliances

FortiDeceptor Rugged 100G
Form Factor
Desktop - fanless
Max VLANs
48
Total Interfaces
6x 1GbE RJ-45 ports
Default RAID level
No
Power Supply Unit
24Vdc - 48Vdc input
FortiDeceptor 1000G
Form Factor
1 RU Rackmount
Max VLANs
128
Total Interfaces
4 x GE (RJ45), 4 x GE (SFP)
Default RAID level
1
Power Supply Unit
Dual PSU optional

Virtual Machines

The virtual appliance of FortiDeceptor can be deployed on VMware and KVM platforms.

FortiDeceptor VM
Max VLANs
128
Ports
6 virtual network interfaces

Resources

Analyst Reports
Blogs
Data Sheets
Podcast
Solution Briefs
Videos
White Papers
ESG Economic Validation: The Quantified Benefits of Fortinet Security Operations Solutions
ESG Economic Validation: The Quantified Benefits of Fortinet Security Operations Solutions »

Improved Security Team Operational Efficiency and Reduced Risk to the Organization, Each by Up to 99%

Active Defense and Deception Technology: The Time is Now!
Active Defense and Deception Technology: The Time is Now! »

Security operations requirements, like threat detection and response, continue to grow more challenging each year. According an Economic Validation report from TechTarget’s Enterprise Strategy Group, it can take 168 hours or more, on average, to identify threats, while many threats are never detected.1 Therefore, CISOs should consider deception technology for improving threat detection and response. Modern deception technology like FortiDeceptor combines the historical value of deception technology with ease of use, automation, and actionable intelligence—creating an active defense. These benefits are especially important for organizations with limited security staff and skills and those merging IT and OT.

2021 Data Breach Investigations Report
2021 Data Breach Investigations Report »

The DBIR was created to provide a place for a security practitioner to look for data-driven, real-world views on what commonly befalls companies with regard to cybercrime

Cybersecurity Deception – Using Active Defense to Beat Cyber Adversaries
Cybersecurity Deception – Using Active Defense to Beat Cyber Adversaries »

Deception can provide value across the attack chain by not only deceiving adversaries, but also detecting, enabling forensics data, or even helping with real-time mitigation.

Deception Technology for SAP System Security
Deception Technology for SAP System Security »

Protecting business-critical data is becoming increasingly complex—and by extension, increasingly relevant for today's organizations. One critical element of this evolution is their increasing reliance on, and hyperconnectivity across foundational technologies such as data centers, cloud platforms, SaaS applications, and broadly adopted software vendors like Microsoft and SAP.

Offensive Defense: Using Deception Against Ransomware Attacks
Offensive Defense: Using Deception Against Ransomware Attacks »

Deception technology should be fully integrated with NGFW, NAC, SIEM, Sandbox, SOAR, and EDR solutions to automate the mitigation response based on ransomware detection. By combining deception technology with a comprehensive security platform, organizations will be able to detect and respond to attacks, such as ransomware, long before they can achieve their malicious goals.

FortiDeceptor Ordering Guide
FortiDeceptor Ordering Guide »

FortiDeceptor Ordering Guide

FortiDeceptor Data Sheet
FortiDeceptor Data Sheet »

FortiDeceptor Datasheet

Tech Bytes: Get Early Attack Detection And Fast Response With Fortinet FortiDeceptor
Tech Bytes: Get Early Attack Detection And Fast Response With Fortinet FortiDeceptor »

Today on the Tech Bytes podcast we’re talking deception. That is, deceiving attackers that try to exploit your network by creating fake assets and infrastructure. Sponsor Fortinet is here to talk about using deception techniques to spot intruders via its FortiDeceptor product. We’ll also talk about threat reconnaissance capabilities of a product called FortiRecon. Our guest is Moshe Ben Simon, VP of Product Management.

Operational Technology Cybersecurity Assurance With FortiDeceptor
Operational Technology Cybersecurity Assurance With FortiDeceptor »

FortiDeceptor provides simple-to-use, unintrusive, network-based early detection of threats that target OT and IT environments. Through the deployment of decoys and honeytokens, FortiDeceptor automates the containment of cyberattacks before serious damage occurs.

FortiDeceptor Enables a New Breach Protection Approach
FortiDeceptor Enables a New Breach Protection Approach »

Whether a security breach happens due to an external or internal attack, it can take months for an organization to discover the breach and begin remediation.

Deceive By Design: How To Protect Critical Infrastructure With Deception Technology
Deceive By Design: How To Protect Critical Infrastructure With Deception Technology »

Moshe Ben Simon makes the case and provides examples of how deception technologies can be used in OT systems. This can delay the attacker and give the defender more time to detect and respond to the attack before the attacker succeeds. Deception also provides a high fidelity signal since no one should access the deception device or system.

Security Automation Summit: How To Use Deception Technology To Protect Your OT/ IT Networks
Security Automation Summit: How To Use Deception Technology To Protect Your OT/ IT Networks »

In operational technology environments, safety and continuity are crucial considerations—but traditional security controls simply won’t protect OT infrastructure, much of which wasn't designed to combat today’s fast-evolving threats. With air gaps between IT and OT decreasing and OT/IT devices often deployed in the same segment, bad actors have increased opportunities to move laterally across IT/OT infrastructures.

How to Use Fortinet FortiDeceptor to Protect OT/IT Networks
How to Use Fortinet FortiDeceptor to Protect OT/IT Networks »

FortiDeceptor, Fortinet’s innovative, non-intrusive, agentless OT/IT/IoT deception solution is a force multiplier to current security defenses, providing early detection and response to active in-network threats. The FortiDeceptor decoys generate high-fidelity, intelligence-based alerts that result in an automated incident response to help stop zero-day attacks. In this session, VP Product Management, FortiDeceptor, Moshe Ben Simon, provides valuable tips and insights on how to use deception for early breach detection and protection against cyber threats across the IT/OT environment.

Deception Technology for IT/OT/IoT Environments
Deception Technology for IT/OT/IoT Environments »

Fortinet's FortiDeceptor is a Distributed Deception Platform (DDP), simulating various types of IT, OT, ICS, and IoT decoys, as well as critical applications (e.g. ERP/SAP, etc.).

A New Breach Protection Approach with FortiDeceptor
A New Breach Protection Approach with FortiDeceptor »

Verizon's 2018 DBIR reports two-thirds of breaches come from external attacks while the remaining are from insider threats. FortiDeceptor is built to deceive and redirect both external and internal attacks to a network of decoys. It exposes these reconnaissance attacks and eliminates them, disrupting the entire kill chain before it even begins.

Use Cyberdeception To Lure Attackers From Critical Assets
Use Cyberdeception To Lure Attackers From Critical Assets »

Proactive Cybersecurity for Operational Technology

VPAT: FortiDeceptor
VPAT: FortiDeceptor »

Fortinet Accessibility Conformance Report

Training & Certifications

NSE 3
Security Operations
These lessons provide knowledge about the Fortinet products that comprise the Fabric Management Center. These products provide machine-speed artificial intelligence, integration, automation, advanced threat detection and response, and centralized security monitoring and optimization, all of which help to address the volume, sophistication, and speed of today’s cyber threats.
Learn More

Free Product Demo

Today's targeted attacks can originate from both external or internal to an organization. Advanced threat deception is key to providing early detection and response before an attack is allowed to complete its full lifecycle. This fully functional FortiDeceptor demo provides users the experience to centrally manage decoys and lures, with actionable visibility to threat campaigns, and the ability to easily integrate with FortiGates to block these attacks.

Quick Links

links image 1 139x100

Free Product Demo

Explore key features and capabilities, and experience user interfaces.
resource center icon 139X159

Resource Center

Download from a wide range of educational material and documents.
links image 2 139x121

Free Trials

Test our products and solutions.
contact sales icon 139x85

Contact Sales

Have a question? We're here to help.