External Recon
Overview
Section titled “Overview”External Recon looks at your organization from the outside — the way an unauthenticated attacker would — to map your internet-exposed attack surface using open-source intelligence and active discovery.
Key benefits
Section titled “Key benefits”| Benefit | Capability | Business value |
|---|---|---|
| Attacker’s view | Outside-in, unauthenticated discovery | See what’s reachable before an attacker does |
| Surface mapping | Exposed hosts, services, and assets | Find forgotten or shadow exposure |
| Intelligence | OSINT enrichment | Context on what’s discovered |
How it works
Section titled “How it works”External Recon performs reconnaissance from outside your perimeter: discovering exposed hosts and services, gathering open-source intelligence about your domains and assets, and surfacing the externally reachable footprint. It complements the inside-out attack-surface and cloud-posture views by showing what’s visible without any access to your accounts.
Threat-intelligence enrichment (for example reputation and exposure data) adds context to discovered assets.
Implementation / workflow
Section titled “Implementation / workflow”- Provide the domains/targets that represent your organization and confirm authorization.
- Run External Recon to map the exposed surface.
- Cross-reference discoveries with your known inventory (Cloud Resources) to spot shadow exposure.
- Feed confirmed exposure into attack-path prioritization.
Best practices
Section titled “Best practices”- Only run reconnaissance against assets your organization owns or is authorized to assess.
- Reconcile external findings with internal inventory to catch unmanaged, internet-facing assets.