Fortinet unveiled major upgrades to its FortiRecon platform, making it one of the most comprehensive solutions aligned with the continuous threat exposure management (CTEM) framework. The update adds expanded internal attack surface monitoring, adversary-focused dark web intelligence, and integrated security orchestration in a unified platform. These improvements enable organizations to proactively detect and prioritize real-world risks, simulate attacker methods for validation, and speed up response efforts, thereby lowering breach risk and impact.
“CISOs and security teams are overwhelmed by growing attack surfaces and an endless stream of unprioritized alerts,” said Nirav Shah, Senior Vice President of Products and Solutions at Fortinet. “With the latest enhancements to FortiRecon, we’re giving organizations an attacker’s eye view of their internal and external exposures, backed by AI-powered threat intelligence from FortiGuard Labs, real-world validation, and automated response. This allows organizations to cut through the noise, focus on what matters most, and measurably reduce risks and vulnerabilities before attackers can exploit them.”
The announcement comes amid growing demand for exposure-driven security strategies as organizations struggle to manage expanding attack surfaces, alert fatigue, and fragmented security operations. According to Gartner®, “By 2026, organizations prioritizing their security investments based on a continuous exposure management program will be three times less likely to suffer from a breach.”¹
A Unified Platform for Continuous Threat Exposure Management
FortiRecon, in combination with its strong integration to the Fortinet AI-Driven Security Operations Center (SOC) platform, now delivers capabilities across the five pillars of the Gartner CTEM framework—scoping, discovery, prioritization, validation, and mobilization—enabling organizations to operationalize these pillars within a single, tightly integrated platform and drive coordinated remediation efforts across security and IT teams. The latest enhancements include:
- Attack surface management: Continuously monitors and delivers an adversary’s view of the organization’s internal and external digital attack surface. The latest release adds National Vulnerability Database (NVD) severity ratings, in addition to FortiRecon Active Exploitation severity ratings for faster and smarter patching.
- Adversary-centric intelligence: Provides actionable threat insights from dark web activity, ransomware intelligence, leaked credentials, vulnerabilities being exploited in the wild, and at-risk vendors. Enhancements include bulk indicators of compromise (IOC) downloads and stealer infection details, accelerating SOC workflows, and improving breach detection.
- Brand protection: Monitors for domain impersonation, rogue mobile apps, phishing campaigns, and executive targeting. FortiRecon Brand Protection uses proprietary algorithms to monitor, detect, and take down fake phishing domains, brand and executive impersonations, rogue mobile applications on multiple app stores, data leaks in code repos, open bucket exposures, and phishing campaigns, and helps protect executive online presence.
- Security orchestration: Leverages security orchestration and automated playbooks to investigate and respond to security threat findings. FortiRecon Security Orchestration reduces the time needed for responders to prioritize and take appropriate actions by automating and streamlining security workflows.
Existing FortiFlex customers may use their FortiFlex credits to deploy FortiRecon Cloud. FortiFlex offers usage-based licensing with the security industry’s broadest catalog for customers with dynamic hybrid and multi-cloud environments and MSSPs. When purchased through major cloud marketplaces, FortiFlex can also help customers meet cloud committed spend obligations.
Industry Recognition and Customer Results
Fortinet was recently named an Overall Leader as well as a Market Leader and Innovation Leader in the KuppingerCole Leadership Compass for Attack Surface Management 2025. The report highlights the operational readiness of FortiRecon with broad support for CIS, ICS, IoT, and OT environments, and its integrations with the broader Fortinet Security Fabric tools such as FortiGate NGFW, FortiSOAR, FortiSIEM, and FortiDAST.
Supporting Quotes
“FortiRecon has elevated the way we deliver managed security services. It enables our teams to provide clients with continuous, contextualized risk insights not just alerts. We’re now able to prioritize remediation based on business impact, helping our customers reduce risk faster while demonstrating measurable security outcomes. It’s a key differentiator in how we build long-term trust and value.” – Paul Cragg, CTO at Norm Cyber
Learn how FortiRecon can help advance your organization’s CTEM journey here.
Related News:
Fortinet 2025 State of Operational Technology and Cybersecurity Report Released
Fortinet Expands Lacework FortiCNAPP Updates on AWS
¹ Gartner. How to Manage Cybersecurity Threats, Not Episodes, by Jeremy D’Hoinne. Gartner, 11 Oct. 2023.
