SEE YOUR ENVIRONMENT THROUGH THE EYES OF AN ADVERSARY
Assess the exposure of your infrastructure, third-party vendors, and clients with the Foretrace Total Recon technology, using the same tools and techniques as cyber adversaries.
Foretrace Total Recon implements the latest methodologies in intelligence gathering, footprinting, and scanning of your public infrastructure and information to determine the overall exposure of your environment to an outsider with no credentialed access. This is designed to address many of the vectors commonly leveraged by cyber criminals: phishing, compromised credentials, vulnerable systems, and exposed information.
Foretrace's methods are as non-intrusive as possible and will generate minimal traffic on your public facing systems. Get started using only your domain name.
Continuous Automated Reconnaissance
and External Attack Surface Management (EASM)
Foretrace Total Recon is designed to enable active analysis of you and your third parties external exposure, generated primarily with passive techniques. Your exposure is detailed in various modules and continuously updated for live monitoring of your exposure surface. You will receive alerts for changes in your exposure surface, which can be customized to enable swift remediation. Modules may expose active campaigns against you, or vectors in which you are currently vulnerable. Foretrace's modules are being actively developed and updated to reflect the same tools and techniques leveraged by cyber criminals.
Available Modules
Account Exposure
Details the exposure of internal emails, listing any breaches, leaks, spam lists, phishing lists, or credential compilations that contain your internal emails. You can provide internal emails to be monitored, or they can be optionally sourced using OSINT. VIP account exposure scanning is prioritized.
Domain Profile
Scans for available information on domains and subdomains, including: the technology in use on the pages, vulnerability to takeover, presence on blacklists, and more. Analysis against the current and historical status of your domain's DNS records will be used to detect potential exposure or anomalies.
Repo Scanner
Searches open source and public code repositories for presence of organizational information where it is not expected to appear (accounts, secrets, files, duplicate code, etc.)
Phishing Surface
Identifies live exposure of your customers, prospective customers, or internal employees to phishing schemes via domains with lexical similarity to your own. In addition to sourcing any similar sites' metadata, the site will be compared to yours to determine if a registered domain is posing as your site.
Data Leak Detection
Searches discovered documents for the presence of regulated or sensitive data, using pre-built patterns, and allowing creation of custom patterns (internal naming conventions, confidential project indicators, PHI, PII, etc.) Leakage incidents by you, your vendors, or your customers can be discovered quickly.
Metadata Exposure
Discovers publicly exposed documents that may be associated with your organization. Discovered documents will be scanned for the presence of metadata, allowing insight into the potential exposure of domains, usernames, IPs, organizational naming conventions, tools used internally, etc.
Asset Discovery
Inventories the target organizations assets which are exposed to the internet, intentionally or otherwise. This will populate all available information which can be enumerated about the system, including: vulnerabilities, exposed services, technologies footprinted, hostname, location, OS, etc.
Note: Additional modules are in continuous development. Our team proactively researches developing open-source methodologies and tools in footprinting and OSINT collection, which are captured in easy-to-use modules and made available to Foretrace customers.
In The News
Vision
MISSION
Foretrace was founded to develop security solutions that bring clear and actionable results to customers of all sizes. Foretrace aims to prevent, assess, and contain the exposure of customer accounts, domains, and systems to malicious actors.
TECHNOLOGY
Our software and services are developed, tested, and delivered with rigorous standards for quality and compliance. Foretrace implements industry best practices in all phases of its service delivery and software development.
TECHNIQUES
The tools and techniques employed by Foretrace reflect those currently used by real cyber adversaries. This enables customers to see what an outsider can actually see, not what can be seen by proprietary software and algorithms.