Datanet » NEWS AND EVENTS » Datanet Systems at Fortinet Security Day 2026: The Art of Deception in Cyber Defense
SOITRON GROUP
Menu
Datanet » NEWS AND EVENTS » Datanet Systems at Fortinet Security Day 2026: The Art of Deception in Cyber Defense
Datanet Systems at Fortinet Security Day 2026: The Art of Deception in Cyber Defense

Fortinet Security Day 2026 once again brought together the cybersecurity specialist community in Romania under a highly topical motto: “Fortify Your Cybersecurity.” The annual event dedicated to the Fortinet ecosystem in Romania provided participants with an applied perspective on the latest security solutions and trends, bringing together IT professionals, security engineers, managers, and decision-makers from both public and private organizations.

Datanet Systems participated in this edition as Gold Sponsor for the second consecutive year, a status that reflects the company’s continuous involvement in the Romanian Fortinet ecosystem and its commitment to the local cybersecurity community. The Datanet team was present both at their own booth – where visitors could explore recent projects built on Fortinet technology – and on the main stage with a keynote presentation.

 

 

The Art of Deception: Shifting the Balance of Power with FortiDeceptor”

The presentation delivered by Andrei Iacoboaiea, Network Security Consultant at Datanet Systems, started with an uncomfortable but essential question for any security team: If an attacker were already inside your network, could you identify them? And, more importantly, how fast?

The question is not rhetorical. Data from the 2025 Fortinet Global Threat Landscape Report paints a worrying picture – attackers carried out an average of 36,000 scans per second, identifying vulnerable targets before patches could even be applied.  There were 97 billion exploitation attempts in a single year—a figure that reflects the level of automation achieved by modern attacks.

But the statistic with the greatest impact remains another: over 168 hours (more than a week) is the average time required to identify a threat once it has penetrated the network. And, in many cases, the threat is never detected at all.

The conclusion of the presentation was clear: adding a new layer of prevention is no longer enough. The real challenge is drastically reducing detection time. And the answer to this challenge comes through a fundamental shift in perspective.

What “The Art of Deception” Means in Practice   

Traditionally, the attacker holds the initiative: they choose the timing, the target, and the method—while the defender reacts. Deception technology flips this dynamic: instead of waiting for the attacker to find real assets, we build a fake, attractive environment and lure them there.

The FortiDeceptor solution, which was the central element of the Datanet presentation, implements this concept through four complementary components:

  • Decoys (honeypots) — Fake assets (servers, network devices, applications) that look completely real but have no operational value.
  • Lures — Fake services running on these decoys that make the traps believable.
  • Fake network traffic — To make the artificial environment appear live and active.
  • Breadcrumbs (tokens) —Fake resources placed on real assets that direct the attacker toward the trap systems

The fundamental operational advantage: No one has a legitimate reason to interact with a fake asset. Therefore, any interaction with a decoy is, by definition, a high-fidelity alert—an alert that demands immediate attention and generates zero false positives.

 

 

How FortiDeceptor Works in Practice

The solution operates in a four-step workflow:

  1. Discovery: FortiDeceptor performs an active and passive inventory of assets, understanding the topology of the real network.
  2. Deployment: Decoys and tokens are generated and placed automatically or manually, optimized to blend naturally into the environment.
  3. Detection: The moment an attacker interacts with a decoy, they are immediately visible, featuring real-time detection and threat intelligence collection.
  4. Automated Response: The attack is automatically blocked, the compromised asset is quarantined, and the security team receives actionable intelligence.

The solution covers all types of environments – Windows endpoints, Linux and IoT devices, as well as SCADA and OT networks, where installing security agents is not possible. When a decoy is compromised, FortiDeceptor does not stop at an alert: it triggers a coordinated response across the entire infrastructure—network-level blocking, endpoint quarantining, investigation, and identity control.

 

Challenges Eliminated by FortiDeceptor

The presentation detailed concrete scenarios where the solution brings immediate value:

  • Ransomware — Fake targets “feed” the malware with erroneous data, diverting and isolating the attack before it reaches real data. The malware is kept busy with fictitious files, preventing the encryption of critical assets.
  • Lateral Movement — This is the area where deception technology excels. Unlike traditional solutions that monitor inbound or outbound traffic, FortiDeceptor detects the attacker inside the network as they navigate between systems. It serves as the last line of defense—the one that catches the attack when all other security layers have failed.
  • OT, IoT, and IT Environments  — Visibility and detection through passive fingerprinting for assets that cannot provide their own telemetry. The range of available decoys is remarkable: in addition to Windows and Linux, FortiDeceptor emulates dozens of SCADA and OT systems (Siemens, Schneider Electric, Rockwell Automation), medical devices (infusion pumps, DICOM/PACS systems), VoIP, VPN, IoT, and cloud equipment. It is precisely these systems—OT, medical equipment, legacy devices—that represent the blind spots you cannot patch and cannot monitor with agents.
  • Zero-Day Threats —  Interactions with decoys can reveal previously unknown vulnerabilities, providing early warning and the possibility of immediate investigation.
  • Stolen Credentials & Active Directory Directory — FortiDeceptor detects the use of stolen credentials and implements deception at the Active Directory level, one of the most frequent attack vectors today.
  • Layer 2 Attacks and ZTNA Policies ZTNA — The solution also covers advanced network scenarios, helping to strengthen Zero Trust Network Access policies.

Outbreak Alerts: Automatically Updated Deception Layer

A distinctive feature presented by Andrei Iacoboaiea is the Outbreak Alerts mechanism. FortiGuard Labs continuously monitors the threat landscape, and when a new threat emerges—as was the case with the Black Basta ransomware, which affected over 500 organizations and 12 out of 16 critical infrastructure sectors—FortiDeceptor can automatically deploy decoys that emulate that exact vulnerability. The deception layer updates itself permanently without manual configuration. The traps adapt to the threat of the day.

 

Native Integration into the Security Ecosystem

FortiDeceptor does not work in isolation. It integrates natively with the Fortinet Security Fabric—FortiGate, FortiNAC, FortiSOAR, FortiAnalyzer, FortiSIEM, FortiSandbox—as well as with existing third-party solutions. Enriched, real-time threat intelligence is delivered where it is needed, and the response is automatically orchestrated across the entire infrastructure. The solution adds value on top of the existing security stack without requiring the replacement of other components.

 

Why Every Organization Should Consider Deception Technology?

The presentation’s conclusion summarized the essential arguments: FortiDeceptor is effective against new and unknown threats, including malicious insiders; it is non-intrusive and does not affect current operations; it scales automatically as the risk level grows; it has low overhead and maintenance costs; and—perhaps the most important operational advantage—it provides early, well-founded warnings with zero false positives. Detection time drops from over a week to mere minutes.

 

 

FortiSASE –  Security for the Distributed Workforce

At the Datanet Systems booth, our colleagues delivered presentations dedicated to the FortiSASE solution for interested visitors. FortiSASE represents Fortinet’s answer to the security challenges of organizations with distributed workforces and hybrid work models.
The solution brings together network and security capabilities delivered from the cloud—including Secure Web Gateway, CASB, Zero Trust Network Access, and SD-WAN—into an integrated platform that ensures a consistent experience and uniform protection regardless of where users connect from. Through the SASE (Secure Access Service Edge) approach, organizations can simplify their security architecture, reduce operational complexity, and ensure centralized visibility over traffic and users, whether they are at the office, at home, or on the move.

 

Datanet Systems — a strategic Fortinet Partner in Romania

Participation in Fortinet Security Day 2026 confirms once again Datanet Systems’ position as a traditional partner and specialized Fortinet integrator in Romania. With solid experience in designing, implementing, and supporting complex IT infrastructures for the enterprise environment and public sector, Datanet Systems leverages the entire Fortinet portfolio—from Next-Generation Firewalls and Secure SD-WAN to advanced detection and response solutions like FortiDeceptor — to provide clients with a cyber defense tailored to current threats.
Their presence as a Gold Sponsor for the second consecutive year at the most important Fortinet event in Romania reflects their commitment to the local security community and their readiness to be an active partner in the region’s cybersecurity ecosystem.

For further details about Fortinet portfolio, please contact us at sales@datanets.ro.