Out of Stealth: Introducing Randori Recon

Randori Recon: Shining Light on Your Most Tempting Targets

Brian Hazzard & David "Moose" Wolpoff

Today we’re thrilled to officially announce general availability of Randori Recon, the first phase of our automated attack platform. With only an email, Randori Recon can stack rank your most tempting targets for an adversary.

Just like true adversaries, our attack platform starts with reconnaissance. Modeled on hacker logic, Randori Recon surveilles an organization, exactly as an attacker would, highlighting assets with the highest perceived adversarial value. And, as your internet-facing environment expands and shifts, Randori continuously adjusts, providing an ever-changing heat map of your most tempting targets.

Recon dashboard

Focused, stealthy, and patient — Randori Recon provides organizations with a highly authentic view of their attack surface. Based on technology used to penetrate some of the world’s largest and most secure organizations, Randori Recon has proven highly effective at identifying windows of opportunity and exploitable systems that could result in a breach. This arms CISOs, C-Suites and boards with insights and proof needed to facilitate a proactive conversation around risk and IT governance.

Randori Recon is already used by dozens of organizations, including Greenhill, Click Software, Carbon Black, and the Center for Strategic and International Studies. We’ve helped customers identify blindspots, process failures, and dangerous misconfigurations, including decades old servers, compromised domains, exposed software repos, exploitable databases, webcams, and even an internet connected aquarium. 

Randori’s black box approach starts with only an email. From this, we discover an organization’s complete attack surface by scanning from multiple locations and lenses to ensure the most accurate view. Unlike other attack surface management solutions that are noisy and riddled with false positives, our Confidence Engine uses machine learning and graph theory to analyze the data collected and alerts only on items we are truly confident are connected to your organization.  

In addition, we’ve invested heavily in developing Target Temptation, a new analysis model to identify the assets most likely to elicit action from an attacker. Based on our years of experience, the model takes into account several factors such as known weaknesses, research potential, post-exploitation potential, applicability, and the cost of action by an attacker. 

By automating this hacker logic used by our team and real adversaries to identify where to strike and pivot, we aim to give organizations an edge by enabling you to:

  • Discover your unknowns. Continuously monitor your internet facing footprint.
  • Identify what’s tempting. Understand where an attacker will strike first and why.
  • Focus on what matters. Prioritize, act fast, and cut through the noise.
  • Monitor for change. Stay informed when new systems come online or changes occur.

We started Randori to provide organizations with the most authentic and real way to test their security. As we work towards our vision and build the world’s most authentic attack platform, today we are taking the first step by providing our customers real insight into their most tempting  targets.

See it for yourself, with just an email address.

– Moose & Brian