Recon Detection
Optional Recon Detection helps identify reconnaissance activity against monitored external assets and surfaces alerts with evidence context.
What It Means for You
Same approved scope as external assurance—now with recon alerts layered on top.
Earlier signal. Enumeration often precedes exploitation. Alerts tie probes to hosts and domains you already track.
Less noise. Deterministic rules; each detection ships with evidence you can paste into a ticket or review packet.
One workflow. Recon sits next to drift and verified exposure in the same workspace—no separate spreadsheet merge.
When Probes Spike, What Do You Do?
Standard playbooks with asset-level evidence context.
Harden fast. Focus fixes on the host, path, or service that saw the probe—not generic internet noise.
Escalate with proportion. Use severity, repetition, and asset criticality to decide SOC vs. IR—evidence is attached for the call.
Brief with receipts. Show what was observed, when, and what action followed—straight from the detection record.
The Recon Blind Spot
Inventory shows what exists; recon shows who is knocking.
Probing Before Breach
Enumeration hits your scope before exploitation. Without alerts you learn late.
Noise vs. Signal
Raw logs fatigue teams. Rules tie events to in-scope assets with a written reason.
Audit Trail
Timestamped detections support post-incident review and regulator questions.
What You Get
SOC-ready outputs, not a raw log dump.
Probes Tied to Your Surface
Events match assets and domains in your approved scope only.
Rules You Can Stand Behind
Clear detection logic and evidence context so alerts can be reviewed with confidence.
Evidence in Every Detection
Severity, trigger summary, timestamps, and suggested next steps are included with each alert.
Where You Already Work
Recon context sits beside exposure, drift, and evidence so teams can review signals in one workflow.
How You Add Recon Detection
Named in the quote when you buy it—no hidden SKU.
Raise It on Demo or With Sales
Tell sales you want recon coverage. We confirm fit, scope, and how it pairs with your external assurance work.
We Scope It in Your Quote
If it fits, the proposal lists Recon Detection explicitly: coverage, volumes, and how it pairs with your external assurance work.
Go-Live With Your Rollout
Onboarding aligns recon detection with your monitored external assets and review workflow.
Run It as Part of Daily Assurance
Review recon activity beside exposure and drift: what was observed, when it was recorded, and what evidence changed over time.
Who Uses It
SOC, assurance owners, and IR leads covering internet-facing brands.
Security Operations
Prioritise hardening and response using recon activity alongside drift and exposure findings.
Multi-Workspace Orgs
MSP and complex structures: carve recon visibility by client or business unit so each team sees probes against their own surface — without leaking context across units.
Compliance & Legal
Timestamped recon events and explainable evidence support incident review and audit narratives.
Frequently Asked Questions
Recon Detection add-on
Add Recon to Your External Assurance Budget Line
Ask for it on the next demo or renewal; we confirm fit and list it in the quote.