FortiDeceptor as a Service is a SaaS-based deception solution that enables organizations to swiftly detect and respond to in-network attacks, such as stolen credentials, lateral movement, man-in-the-middle, and ransomware. It creates a fabricated deception network that diverts attacks outside the actual network while luring attackers into revealing themselves.

When integrated into the Fortinet Security Fabric, FortiDeceptor enhances visibility and automation, allowing organizations to identify compromised hosts, track attacker movements, capture forensic details, and quarantine affected endpoints.

In this lab, students will configure FortiDeceptor as a Service to protect a basic network environment. Participants will set up the edge appliance, configure basic FortiDeceptor settings, deploy deception decoys, and distribute token packages to network devices. Utilizing FortiDeceptor’s integrations, students will configure FortiClient, FortiSandbox, and FortiAnalyzer for advanced reporting, malware detection and analysis, playbook automation, and endpoint isolation and quarantine. Participants will then assume the role of an attacker, exploiting systems and triggering deception decoys. This activity will be analyzed in the FortiDeceptor console and FortiAnalyzer, with FortiDeceptor and FortiClient used to detect additional malware and quarantine compromised hosts.