Introduction

ThingsRecon Discovery provides comprehensive visibility and control over your organisation's external-facing assets, equipping you to find and deal with potential and hidden risks. 

What is ThingsRecon Discovery?

The key features and functions of TR Discovery are:

• Attack surface discovery: TR Discovery provides a comprehensive picture of your organisation’s external attack surface, including managed and unmanaged infrastructure and applications.
• Risk prioritisation: TR Discovery categorises discovered Things based on risk severity, business context, and potential for vulnerability exploitability. This allows customers to focus remediation efforts on the most critical threats to optimise security resources.
• Actionable insights: TR Discovery delivers a passive analysis of potential risks, including open ports, misconfigured services, outdated software, and exposed sensitive data.  
• Risk reduction: Through TR Discovery, you can:
  1. Implement controls to address shadow IT, reduce overexposure, and ensure compliance with regulatory standards.
  2. Generate remediation plans from the portal to help harden assets and mitigate vulnerabilities before attackers exploit them.
• Workflow integration: TR Discovery integrates with existing security tools and workflows for seamless remediation and response.

How does ThingsRecon Discovery work?

ThingsRecon Discovery scans use a multitude of different techniques to discover your organisation’s external attack surface. Most of these techniques are passive. The only active element of a scan is when it connects to an application and renders it to build a map.

ThingsRecon Discovery offers two types of discovery scans:

• Static: From a predefined list of domains entered by the user, discover all related Fully Qualified Domain Names (FQDNs), applications, IPs, etc. and the relations between them
• Dynamic (or deep discovery): From a domain starting point, discover other domains belonging to the organisation. From discovered domains, find all other things that are part of your external attack surface. Deep discovery can tell you the likelihood of a domain belonging to your organisation and what techniques have been used to find it.

You can configure scans further by setting them up with different parameters.

See: Setting up Scans

System requirements

The ThingsRecon Platform runs on Google Cloud Platform, hosted in the European Union and other customer-specific locations. The only prerequisites for using the solution are:

• A user account on the ThingsRecon platform 
  1. Different users will require different access rights. For example, someone responsible for setting up service accounts will require Admin rights
• Having the required IP addresses on your allowlist, if behind a firewall.

User Profiles

When an organisation first uses the TR platform, the team at ThingsRecon will set up one or more administrators within the organisation. These administrators can then set up and assign user roles to others within the company.

TR Discovery access controls support four main types of users: Administrators, Operators, Contributors, and Readers. Their differing rights within the platform are shown in the following table.