Fortinet upgrades FortiRecon to boost proactive cyber defences

Techday NZ

2 days ago

Fortinet has introduced substantial enhancements to its FortiRecon platform, aligning it more closely with the continuous threat exposure management (CTEM) framework to bolster organisations' abilities to address evolving cybersecurity risks.
The new release incorporates expanded internal attack surface monitoring, adversary-centric dark web intelligence, and security orchestration into a unified system intended to help security teams proactively identify and prioritise exposures, validate risks, and speed up response times. These features are designed to reduce the chances and impact of security breaches by mirroring an attacker's viewpoint in security assessment and response.
Attack surfaces and risk prioritisation
Organisations are increasingly seeking strategies that address their growing attack surfaces, rising alert volumes, and the fragmentation of security operations. According to Gartner, "By 2026, organisations prioritising their security investments based on a continuous exposure management program will be three times less likely to suffer from a breach."
FortiRecon's latest update integrates with the Fortinet artificial intelligence-driven security operations centre (SOC) platform and aims to cover all five pillars of the Gartner CTEM framework: scoping, discovery, prioritisation, validation, and mobilisation. This integration is designed to facilitate coordinated remediation between IT and security teams by centralising security operations.
Nirav Shah, Senior Vice President, Products and Solutions at Fortinet, commented on the challenges facing security professionals: "Chief information security officers and security teams are overwhelmed by growing attack surfaces and an endless stream of unprioritised alerts. With the latest enhancements to FortiRecon, we're giving organisations an attacker's eye view of their internal and external exposures, backed by artificial intelligence-powered threat intelligence from FortiGuard Labs, real-world validation, and automated response. This allows organisations to cut through the noise, focus on what matters most, and measurably reduce risks and vulnerabilities before attackers can exploit them."
Expanded capabilities
The platform's enhancements consist of several core areas:
Attack surface management: FortiRecon now provides continuous monitoring and an adversary's perspective of both internal and external digital attack surfaces. New features include National Vulnerability Database severity ratings and FortiRecon Active Exploitation severity ratings to optimise patch management processes.
Adversary-centric intelligence: The updated platform offers actionable threat intelligence from sources such as dark web activity, ransomware trends, leaked credentials, exploited vulnerabilities, and data on at-risk vendors. Enhancements enable bulk downloads of indicators of compromise and provide stealer infection details to support security operations centres in accelerating breach detection and incident response.
Brand protection: The platform continues to monitor for threats such as domain imitation, rogue mobile applications, phishing campaigns, and executive targeting, employing proprietary detection algorithms to identify and assist in remediating those threats, as well as monitoring public code repositories and open data exposures.
Security orchestration: The addition of automated playbooks for threat investigation and response streamlines remediation workflows and reduces the time required for responding to incidents.
Flexible deployment and recognition
Existing customers using FortiFlex are able to deploy FortiRecon Cloud via their credits under a usage-based licensing arrangement. FortiFlex supports a wide customer base, including those managing hybrid and multi-cloud environments, as well as managed security service providers. Purchases via major cloud marketplaces can also contribute towards fulfilling cloud committed spend obligations.
The operational effectiveness of FortiRecon has been noted in the KuppingerCole Leadership Compass for Attack Surface Management 2025 report, where Fortinet is named as an Overall Leader, Market Leader, and Innovation Leader. The report highlights FortiRecon's capabilities within environments governed by Centre for Internet Security controls, industrial control systems, Internet of Things devices, and operational technology. Integration with the broader portfolio of Fortinet Security Fabric, such as FortiGate NGFW, FortiSOAR, FortiSIEM, and FortiDAST, was also recognised.
These enhancements mark the next stage in Fortinet's efforts to assist organisations in managing continuous threat exposure and streamlining their security operations through a centralised and coordinated platform.