Fortinet has announced new enhancements to its FortiRecon platform, aligning it with the Continuous Threat Exposure Management (CTEM) framework. The improvements integrate attack surface management, dark web intelligence, and security orchestration into a unified platform.
With these upgrades, security teams gain a clearer attacker’s view of their internal and external exposures. The system validates risks in real time and automates response processes, reducing the likelihood of breaches.
Key updates include:
- Attack surface management: Continuous monitoring of digital exposures, now with National Vulnerability Database severity ratings alongside FortiRecon’s active exploitation ratings.
- Adversary-centric intelligence: Enhanced insights from dark web activity, leaked credentials, and ransomware data. New bulk IOC downloads and stealer infection details speed up SOC workflows.
- Brand protection: Proprietary algorithms to detect and remove fake phishing domains, rogue apps, and executive impersonations.
- Security orchestration: Automated playbooks streamline investigations and response.
According to Gartner, by 2026, organizations using continuous exposure management will be three times less likely to suffer a breach. Fortinet’s integration of FortiRecon into the CTEM pillars of scoping, discovery, prioritization, validation, and mobilization reflects this industry direction.
FortiRecon is available through FortiFlex, Fortinet’s usage-based licensing program. Customers using dynamic hybrid or multi-cloud environments can apply FortiFlex credits to FortiRecon Cloud deployments.
The platform has also earned recognition, being named an Overall Leader in the KuppingerCole Leadership Compass for Attack Surface Management 2025.
