Skip to content Skip to navigation Skip to footer


Deception-based Breach Protection
Deceive, Expose and Eliminate External and Internal Threats

A New Breach Protection Approach with FortiDeceptor
web product icon fortideceptor

FortiDeceptor: Deception-based Breach Protection Overview

In the evolving threat landscape, security leaders are concerned about maintaining business resiliency in the face of cyber threats including ransomware, 0-day attacks that target legacy systems, and lateral attacks. These threats don't just affect IT networks, they can have an impact on interconnected OT networks as well. According to Verizon’s 2020 Data Breach Investigation Report, two-thirds of breaches found were from external actors; the remaining one-third involved internal actors. Reactive security solutions focus on protecting either external threats or internal threats, but not both.

Based on deception technology, FortiDeceptor complements an organization’s existing breach protection strategy. It is designed to deceive, expose and eliminate external and internal threats early in the attack kill chain before any significant damage occurs.


FortiDeceptor: Deception-based Breach Protection News

  • Mar 31, 2021
    FortiDeceptor v3.3 Release
    FortiDeceptor expands support of OT decoy profiles including Rockwell, Siemens and others. It also includes broader Fortinet Security Fabric integration for automated threat response, threat visibility, and threat hunting. Review the latest release notes for more information.
  • Jan 29, 2021
    Securing IoT/OT Systems with Deception Technology
    The convergence of IT and OT requires new cybersecurity tools; deception technology is one of the most effective.
  • Nov 17, 2020
    FortiDeceptor v3.2 Release
    FortiDeceptor provides intelligent provisioning and auto-deployment of decoys and lures, and supports deployment in air-gapped networks. For more information, please review the latest release notes.


FortiDeceptor: Deception-based Breach Protection Product Details

Using FortiDeceptor, organizations can rapidly create a fake environment that simulates the real network and assets. Through the automatic deployment of decoys and tokens, the deception network seamlessly integrates with an existing IT/OT infrastructure to lure external and internal attackers into revealing themselves. FortiDeceptor can serve as an early warning system by detecting an attacker’s activity and the lateral movement of a broader threat campaign. The threat intelligence gathered from the attacker can be applied automatically to inline security controls to stop attacks before any real damage is done.

Features and Benefits

checkmark icon

Simple Management

Centrally manage a distributed deployment of FortiDeceptor and intelligent discovery and automated deployment of pre-built or custom decoys

Malware Protection

Unified IT-OT breach protection

Lure attacks away from critical assets across both IT and OT environments

analytics icon

Improved Security Posture

Goes beyond malware protection by focusing on the threat actors

simple icon

Actionable Visibility

GUI driven threat map quickly uncovers threat campaigns targeting your organization

Icon security fabric

Automated Protection

Part of the Fortinet Security Fabric for integration with FortiGate, FortiNAC, FortiSOAR, and third-party solutions to provide real-time and severity-based blocking

Building a Cybersecurity Workforce

Advanced training for security professionals, technical training for IT professionals, and awareness training for teleworkers.

Learn More

FortiDeceptor Models and Specifications

FortiDeceptor offers both hardware and virtual appliance that allows flexibility for any organization to deploy in the campus and into the cloud.

Hardware Appliances

Form Factor
1 RU
Max Decoys
4 x GbE (RJ45), 4 x GbE (SFP)
RAID level
Power Supply Unit
Dual PSU optional

Virtual Machines

The virtual appliance of FortiDeceptor can be deployed on VMware and KVM platforms.

Max Decoys
6 virtual network interfaces

FortiGuard Security Services included in FortiDeceptor's ARAE engine

FortiDeceptor Anti-Reconnaissance and Anti-Exploit Service (ARAE) correlates attacker activities and integrates contextual intelligence through FortiGuard services mentioned below, resulting in single pane timeline-based threat campaign.



FortiGuard Antivirus protects against the latest viruses, spyware, and other content-level threats. It uses industry-leading advanced detection engines to prevent both new and evolving threats from gaining a foothold inside your network and accessing its invaluable content.

Intrusion Prevention

FortiGuard IPS protects against the latest network intrusions by detecting and blocking threats before they reach network devices.

Web Filtering

Protects your organization by blocking access to malicious, hacked, or inappropriate websites.

FortiDeceptor Demo

Today's targeted attacks can originate from both external or internal to an organization. Advanced threat deception is key to providing early detection and response before an attack is allowed to complete its full lifecycle. This fully functional FortiDeceptor demo provides users the experience to centrally manage decoys and lures, with actionable visibility to threat campaigns, and the ability to easily integrate with FortiGates to block these attacks.

How to Deploy Linux Decoy
FortiDeceptor ARAE and Fabric Integration
FortiDeceptor SCADA Demonstration
FortiDeceptor Integration with FortiNAC to Isolate End Device
FortiDeceptor Integration with FortiSIEM for Incident Investigation and Response


How does FortiDeceptor work?
Decoys and token are deployed to simulate real endpoints and servers with services, data and applications. Additionally, tokens can be embedded to real endpoints to redirect attacks to the decoys. Once a threat actor logs into a decoy, all activities are captured and the security administrator receives an alert directly or via integration with FortiSIEM and FortiAnalyzer for alerts and threat hunting. The security team can perform a full investigation, followed with either manual remediation or allow FortiDeceptor to perform automated response with FortiGate, FortiNAC, FortiSOAR, and third-party solutions as part of Security Fabric integration.

What Decoy VMs does FortiDeceptor support?
Currently, FortiDeceptor supports Windows (pre-built/custom), Linux, SCADA, VPN Server, Medical systems, ERP and POS.

How fast can FortiDeceptor be up and running?
Security operators can leverage built-in Decoy VMs mentioned above, to automate the deployment of decoys and lures on Day-1.

Does FortiDeceptor fit my security infrastructure?
FortiDeceptor is offered as an appliance and VM form-factor that offers a range of deployment options and flexible integration options.

How do I test drive FortiDeceptor?
A self-driven FortiDeceptor demo can be found here. You may also request a live FortiDeceptor demo by contacting us here.