ThingsRecon - Experts & Thought Leaders

ThingsRecon, a pioneer in external attack surface discovery and supply chain intelligence, has released the results of its first industry-wide study into the state of digital hygiene across enterprises.  The research analysed more than 770,000 digital assets, including applications, domains, IPs, scripts, and certificates, across multiple organisations. The findings uncovered over 800,000 high-severity hygiene issues. That’s more issues than assets, meaning that on average every digital asset carried at least one serious weakness.  Other key findings Every application checked carried more than one issue on average (110% issue density)  Nearly two-thirds of domains showed multiple weaknesses (165% issue density)  1 in 3 certificates were misconfigured (33%)  Cyber hygiene failures DNS records were found across 6,000 applications, while nearly 1 in 5 apps carried an exploitable misconfiguration In one organisation running 2,700 applications, 21 were found exposing unencrypted login forms, leaving credentials vulnerable to interception. In another case, 1,100 dangling DNS records were discovered across 6,000 applications, while nearly 1 in 5 apps carried an exploitable misconfiguration.  “These results show that cyber hygiene failures are systemic, not isolated,” said Stephane Konarkowski, Chief Product Officer and Co-Founder of ThingsRecon, adding “From unencrypted logins to dangling DNS records, attackers don’t need advanced exploits to gain access; they just take advantage of overlooked basics.”  Other internet-facing services Importantly, the study only considered high-severity hygiene issues across applications, domains, and certificates. It did not include medium- and low-level hygiene issues, APIs, software and third-party components, public IP infrastructure, traditional software vulnerabilities (CVEs) or other internet-facing services. That means the true scale of unreported weaknesses is far greater than the 800,000 reported above.  Stephane Konarkowski added: “Our findings highlight that enterprises urgently need continuous, external visibility of their digital surfaces. Even the world’s largest organisations are overlooking fundamentals that create real-world risk.”

ThingsRecon, an expert in Digital Asset Discovery and Supply Chain Attack Surface Management (EASM), announced the launch of its new supply chain product and a significantly expanded strategic partnership programme. This initiative is designed to empower Managed Security Service Providers (MSSPs), Application Cybersecurity Partners, and cybersecurity consultancies to deliver comprehensive, next-generation security solutions to global enterprise organisations and governments.  Intelligence of AI technology ThingsRecon is providing enterprises with seamless access to its cutting-edge asset discovery By forging powerful collaborations with trusted partners, ThingsRecon is providing enterprises with seamless access to its cutting-edge asset discovery, vulnerability management, and supply chain attack surface management capabilities.  This combination harnesses the intelligence of AI technology with the deep expertise of ThingsRecon's own ecosystem and its partners.  Game changer for security professionals "We are excited to announce the launch of our supply chain discovery product. This provides greater context and continuous visibility to the digital connections and proximity of suppliers," said Tim Grieveson, Chief Security Officer & EVP Information Security of ThingsRecon. "Our latest product is a true game changer for security professionals as it will provide customers with a far more complete and accurate view of their attack surface, enabling them to identify, prioritise, and remediate vulnerabilities more effectively, including those across their supply chain, within APIs, and their extended digital connections.”  Research from BetterCloud Security teams often drown in alerts without clarity, and data without insights. Research from BetterCloud found that 68% of SaaS apps are IT-sanctioned, which means nearly one in three apps are flying under the radar without formal approval, visibility or oversight.  ThingsRecon flips the model by connecting technical exposure to business risk. The platform equips organisations to: Detect and respond to emerging threats faster, by automatically discovering and mapping internet-facing assets like domains, IPs, scripts, and APIs—including those forgotten or considered shadow IT.  Improve cyber hygiene and reduce attack surfaces, by adding context, proximity, and business relevance insights to every asset, helping security teams understand not just where the risks are, but how they are connected and why they matter.  Automate and increase efficiency of attack surface management with advanced AI algorithms and smart scanning engines.  Streamline compliance with evolving global regulations demanding clear digital visibility, such as NIS2, SEC, and DORA. Landscape of global regulations "In today's landscape of global regulations and increasingly sophisticated cyber threats, we firmly believe that expanding our partnerships to enhance our discovery, supply chain, and attack surface management capabilities is not just beneficial, but essential," Grieveson added. "This empowers security and risk pioneers to move beyond basic vulnerability scanning and embrace holistic cyber risk management. Together, we're enabling them to find, understand, quantify, communicate, and remediate more assets, more effectively, at a speed and scale previously unimaginable.”  ThingsRecon powerful discovery capabilities ThingsRecon is also expanding its Partnership Programme, opening doors for MSSPs and service providers to integrate powerful discovery capabilities into their offerings.  Programme benefits include:  Enhanced service portfolios and new revenue streams  Full technical enablement and AI-assisted Training  Frictionless interoperability and data-only integration options  Joint marketing and go-to-market support