Deception-based Breach Protection
Deceive, Expose and Eliminate External and Internal Threats

A New Breach Protection Approach with FortiDeceptor
web product icon fortideceptor

FortiDeceptor: Deception-based Breach Protection Overview

According to Verizon’s 2018 Data Breach Investigation Report, two-thirds of breaches found were from external actors while the remaining one-third involved internal actors. Unfortunately, today’s reactive security solutions are narrowly focused in either protecting external or internal threats but not both.

FortiDeceptor is based on deception-based technology that complements an organization’s existing breach protection strategy, designed to deceive, expose and eliminate attacks originating from either external or internal sources before any real damage occurs.


FortiDeceptor: Deception-based Breach Protection News

FortiDeceptor: Deception-based Breach Protection Product Details

FortiDeceptor, a Fabric-enabled deception approach allows organizations to rapidly create a fabricated deception network through the automatic deployment of decoys and lures that seamlessly integrate with an existing IT/OT infrastructure to lure attackers into revealing themselves. FortiDeceptor helps serve as an early warning system by providing accurate detection that correlates an attacker’s activity details and lateral movement that feeds up to a broader threat campaign. Threat intelligence captured from decoys is shared within the Security Fabric so automatic protection can be applied, disrupting attacks before any real damage is done.


Features and Benefits

simple icon

Actionable Visibility


GUI driven threat map quickly uncovers threat campaigns targeting your organization

Icon security fabric

Automated Protection


Security Fabric integration with FortiGate provides real-time and severity-based blocking of attackers before real damage occurs

checkmark icon

Deployment Ease


Centrally manage and automate the deployment of pre-built or custom decoys and lures

icon benefits malware

Unified IT-OT breach protection


Redirect attacks across both IT and OT critical assets

Building a Cybersecurity Workforce

Advanced training for security professionals, technical training for IT professionals, and awareness training for teleworkers.


FortiDeceptor Models and Specifications

FortiDeceptor offers both hardware and virtual appliance that allows flexibility for any organization to deploy in the campus and into the cloud.

Hardware Appliances

Form Factor
1 RU
Max Decoys
4 x GbE (RJ45), 4 x GbE (SFP)
RAID level
Power Supply Unit
Dual PSU optional

Virtual Machines

The virtual appliance of FortiDeceptor can be deployed on VMware and KVM platforms.

Max Decoys
6 virtual network interfaces


FortiGuard Security Services included in FortiDeceptor's ARAE engine

FortiDeceptor Anti-Reconnaissance and Anti-Exploit Service (ARAE) correlates attacker activities and integrates contextual intelligence through FortiGuard services mentioned below, resulting in single pane timeline-based threat campaign.


FG Antivirus


FortiGuard 防毒可阻斷最新病毒、間諜軟體以及其他內容層面的威脅。它採用行業領先的進階偵測引擎來阻止不斷變化的新威脅在您的網路中獲得據點、存取網路中寶貴的內容。

FG Intrusion Prevention


FortiGuard IPS 透過偵測威脅並在威脅侵入到網路裝置前進行封鎖,以此抵禦最新的網路入侵。

FG Web Filtering



FortiDeceptor Demo

Today's targeted attacks can originate from both external or internal to an organization. Advanced threat deception is key to providing early detection and response before an attack is allowed to complete its full lifecycle. This fully functional FortiDeceptor demo provides users the experience to centrally manage decoys and lures, with actionable visibility to threat campaigns, and the ability to easily integrate with FortiGates to block these attacks.


Below are answers to common questions regarding FortiDeceptor and related services:

How does FortiDeceptor work?

Decoys and lures are deployed to simulate real endpoints and servers with services, data and applications. Additionally, tokens can be embedded to real endpoints to redirect attacks to the decoys. Once a threat actor logs into a decoy, all activities are captured and the security administrator receives an alert directly or via Security Fabric integration with FortiSIEM, FortiAnalyzer including 3rd party SIEM for alerts and reporting. The security team can perform a full investigation, followed with either manual remediation or allow FortiDeceptor to perform automated mitigation such as device quarantine via Security Fabric integration with FortiGate.

What Decoy OS does FortiDeceptor support?

Currently, FortiDeceptor supports Windows (pre-built/custom), Linux, and SCADA.

Does FortiDeceptor fit my security infrastructure?

FortiDeceptor is offered as an appliance and VM form-factor that offers a range of deployment options.

How fast can FortiDeceptor be up and running?

Security operators can leverage built-in Deception OSes (Windows, Linux, and SCADA) to automate the deployment of decoys and lures on Day-1. Optionally, custom Windows OS decoys can also be deployed.

How do I test drive FortiDeceptor?

A self-driven FortiDeceptor demo can be found here. You may also request a live FortiDeceptor demo by contacting us here.