FortiRecon combines machine learning, automation, and human intelligence to monitor an organisation’s external attack surface continually
Fortinet announced FortiRecon, a complete Digital Risk Protection Service (DRPS) offering that uses a powerful combination of machine learning, automation capabilities, and FortiGuard Labs cybersecurity experts to manage a company’s risk posture and advise meaningful action to protect their brand reputation, enterprise assets, and data.
FortiRecon uniquely delivers a triple offering of outside-in coverage across External Attack Surface Management (EASM), Brand Protection (BP), and Adversary-Centric Intelligence (ACI) to counter attacks at the reconnaissance phase — the first stage of a cyberattack — to significantly reduce the risk, time, and cost of later stage threat mitigation.
“The sooner you identify and stop an adversary in the attack cycle, the less costly and damaging their actions. Employing a powerful combination of human and artificial intelligence, FortiRecon provides organisations with a view of what adversaries are seeing, doing and planning. FortiRecon’s vendor-agnostic SaaS delivery model, combined with an intuitive interface and easily digestible reports, enables executives across the organisation to quickly understand the risks posed to their company, data, and brand reputation, while our team of FortiGuard Labs cybersecurity experts enhance the offering with takedown services, guidance on prioritisation of remediation efforts, and targeted threat research and intelligence,” said John Maddison, EVP of Products and CMO, Fortinet
With the introduction of FortiRecon, Fortinet provides enterprise organisations with a powerful tool to understand how the adversary views an organisation from the outside to help inform cybersecurity teams, the C-Level, and risk and compliance management on how to prioritise risk and improve the company’s overall security posture.
FortiRecon offers companies consistent and comprehensive coverage across three areas:
- External Attack Surface Monitoring: Empowers organisations to understand their risk profile and mitigate risks early. Provides an outside-in view of an organisation and its subsidiaries to identify exposed known and unknown enterprise assets and associated vulnerabilities and prioritise the remediation of critical issues. EASM identifies servers, credentials, public cloud service misconfigurations, and even third-party partner software code vulnerabilities that malicious actors could exploit.
- Brand Protection: Enables organisations to protect their brand and identify risks to their customers. Proprietary algorithms detect web-based typo-squatting, defacements, phishing impersonations, rogue mobile apps, credential leaks, and brand impersonation on social media, all common techniques used by cyber threat actors. The early detection of malicious activity allows teams to quickly take action (such as website or application takedown) to stop and prevent damage.
- Adversary-Centric Intelligence: Increases the security awareness of an organisation’s SOC team with industry and geography-specific coverage to understand their attackers better and protect assets. FortiGuard Labs cybersecurity experts assess the underground and imminent threat risks posed by active cybercriminals to an individual company by proactively monitoring public and private forums, open-source, dark web, and other cybercriminal domains. FortiGuard Labs experts assess and curate custom threat intelligence by collecting human intelligence and providing recommendations specific to the company, industry, and geography.
For partners, FortiRecon can be sold on top of the Fortinet Security Fabric or as a stand-alone, vendor-agnostic solution that delivers easily digestible reports and enables customers to quickly understand the risks posed to their company, data, and brand reputation. FortiRecon also extends the categories of risk for which partners can provide insight to customers and increases the opportunity to land new customers that have only invested in more traditional security solutions.
