AI is changing not only the attack landscape but also the rules of the game, helping attackers "work smarter not harder," according to Derek Manky, Fortinet VP of global threat intelligence. Attackers have always found new ways to compromise networks, but executing successful attacks hasn't always been straightforward. Today's adversaries, however, have begun to leverage generative AI and Cybercrime-as-a-Service to accelerate every stage of their attacks. These new tools and tactics have simplified the creation of highly sophisticated phishing campaigns using believable content, automated the process of finding system vulnerabilities, and enabled them to create effective exploits faster than ever, resulting in increasingly complex and efficient cyberattacks.

The speed and scale of these new AI-powered attacks weigh heavily on SOC analysts, requiring that they take a more proactive approach to cyberthreats. They need to be able to look beyond the organization's traditional perimeter to where malicious actors operate to identify potential and imminent threats before they target the network, such as discovering new phishing campaigns targeting customers and executives before they are launched, locating leaked credentials and exploited vulnerabilities, and identifying third-party vendors that have been the victims of ransomware.

To help analysts and threat hunters discover potential threats faster, Fortinet has made several new enhancements to our FortiRecon service. These enhancements provide more threat visibility while simplifying investigation and response.

Attack Surface Management for Early Detection and Mitigation of Internal and External Risks

FortiRecon is Fortinet's powerful digital risk protection (DRP) service powered by our advanced AI- and human-gathered intelligence systems. This SaaS-based service is part of the Fortinet SecOps platform and combines three robust modules: Attack Surface Management (ASM), Brand Protection, and Adversary Centric Intelligence (ACI). With this latest FortiRecon release, we have enhanced our ASM module with a new Internal Attack Surface Management Service (IASM) that provides analysts with more comprehensive and continuous exposure detection. Easily added to the FortiRecon External Attack Surface Management module, this new service gives analysts extended visibility and insight into internal risks that can be exploited by threat actors for persistence and lateral movement once inside the network.

Internal Attack Surface Management

The FortiRecon IASM module provides continuous monitoring and visibility into your internal network, alerting you to vulnerabilities that can be exploited for lateral movement by threat actors. Using a lightweight scanner container deployed in your network, FortiRecon IASM scans the internal network to discover and map connected devices, internal web applications, their open ports and services, and any known vulnerabilities. The scan results are cross-referenced with FortiRecon threat intel on actively exploited vulnerabilities. They provide analysts with updated vulnerability and prioritization scores to help them quickly understand which issues pose the greatest risk to their organization so administrators can effectively prioritize remediation efforts.

External Attack Surface Management (EASM) 

Using proprietary threat intel data, the FortiRecon EASM searches the internet and dark web for known and unknown exposed assets (such as domains, sub-domains, ASN, IP blocks, IP addresses) and alerts administrators to exploitable vulnerabilities, SSL certificate issues, leaked credentials, public cloud misconfigurations, and more. For example, when leaked credentials go up for sale on the dark web, there's a high probability that they will be used in a password-stuffing attack. Once you know that credentials have been compromised, you can accelerate your remediation efforts by leveraging the FortiRecon-FortiSOAR integration to trigger a playbook to reset those accounts.

FortiRecon also integrates with FortiGate to provide valuable exposure control. Using this integration, FortiRecon retrieves internet-facing device metadata from FortiGate (such as NAT and public IPs) and adds them to its routine scans.

To learn more about FortiRecon EASM, read this blog.

Brand Protection: Identify and Stop Brand Threats in Their Tracks

Brand protection, another top priority, is a responsibility shared by your marketing, legal, and security teams. Attackers often target organizations through impersonation, leveraging your brand to create fraudulent copycat websites, registering typosquatting domains, building fake social media accounts, and developing rogue mobile apps designed to capture user credentials and sensitive information and distribute malware.

The FortiRecon Brand Protection Service enables you to quickly identify real threats to your brand and take them down for you. We do this by monitoring and alerting you to similar-looking domains, rogue mobile apps in app stores, data leaks in code repos, open bucket exposure, and phishing campaigns. We can even help you protect your executive online presence by identifying when personal information related to them has been posted online.

Executive Monitoring

Threats targeting your executives, such as impersonations and data leaks, are especially difficult to identify. By adding your executive's phone number, business and personal emails, social media, and similar information, FortiRecon will monitor their online, public-facing presence and identify threats such as leaked credentials, Telegram mentions, dox site mentions, darknet mentions, social media threats, stealer infections, leaked documents, and more.

Dark Web Monitoring

The FortiRecon Adversary Centric Intelligence (ACI) module leverages the FortiGuard Labs threat research team's expertise to provide organization-specific and expertly curated dark web, open source, and technical threat intelligence, including threat actor insights and potential ransomware attacks on your organization or supply chain vendors. Access to this information enables you to proactively assess risks, respond faster to real incidents, better understand an attacker's TTPs, and protect your assets and data. Here's a roundup of recent ACI capability updates:

Protect Against Supply Chain Attacks

FortiRecon can continuously monitor and assess your supply chain and commercial software vendors and evaluate M&A targets' exposure by adding them to the Vendor Risk Assessment watchlist. Using a combination of AI- and human-gathered intelligence, FortiRecon generates a detailed risk assessment report about each vendor. This assessment identifies the overall estimated risk exposure rating, related activity in hacker communities and dark web marketplaces, and more to help you assess the likelihood of threat actors' interest in targeting your vendor.

Ransomware Mitigation

FortiRecon provides curated ransomware intelligence to help SOC analysts quickly understand if their organization or supply chain vendors have been or are soon to be attacked. As shown in the image to the left, the tab displays information on past and potential ransomware incidents with data captured from blogs and websites managed by ransomware operators. Organizations can be added to the watchlist to be continuously monitored.

Zoom Out: See More -Act Faster

The FortiRecon ASM Overview tab provides a consolidated view of an organization's digital risk posture. It allows SOC analysts to quickly investigate the most critical alerts that require immediate action. The tab combines scan results, brand impersonations, and tailored dark web intel, including vendor risk assessment, ransomware, and vulnerability intelligence. Analysts can easily view prioritized threats across all modules. 

The new FortiRecon MITRE ATT&CK view maps detections to the MITRE ATT&CK framework, providing SOC analysts with the tactics, techniques, and procedures attackers can use or are currently using against your organization. Critical issues detected across all three FortiRecon services are mapped to the relevant MITRE ATT&CK techniques and sub-techniques. 

Try FortiRecon Digital Risk Protection Service Today

FortiRecon was designed to help your organization detect real threats earlier and faster. It increases your SOC analysts' efficiency and helps proactively mitigate risks by providing advance insight into internal and external threats.Learn more about these recent enhancements to FortiRecon, and to get started, check out this FortiRecon guided demo.