Recon provides 24/7 monitoring of your full range of endpoints, network, SaaS, email and more. We partner with internal information technology and security teams of any size to provide additional telemetry and threat intelligence for unparalleled detection, triage, investigation, incident response, threat hunting, and expert guidance in remediation. Our dedicated security experts eliminate immediate threats while providing comprehensive security operations.
Bring new levels of confidence to your enterprise security.
We work with your team to resolve incidents and eliminate threats – from early warning through detection, investigation, and response. Recon's Managed Security Operations are powered by a comprehensive cybersecurity stack that includes a fully managed SIEM and SOAR. Our platform is engineered to facilitate comprehensive security operations that lead to supreme confidence.
As part of Recon’s service, customers receive 24x7 monitoring, detection, and response services across all of their workstations, servers, active directory, and cloud applications. MDR provides a foundational level of protection for Recon’s full MSO service.
Fully managed email security powered by Sublime and Chronicle SOAR. AEP combinines best-in-class email security tooling and the correlation and automation capabilities of Chronicle SOAR with the expertise of Recon’s SOC to deliver a comprehensive email security solution that is able to catch cutting-edge adversary techniques including brand spoofing and QR code phishing.
As part of Recon’s service, customers receive licenses for our advanced endpoint detection and response agent (Lima Charlie). Our agent installs with no-reboot and provides powerful, custom alerting tailored to your environment. For our customers who have already invested in endpoint tooling, we will integrate with those tools to better enrich our visibility into their environment.
Recon’s service does not stop at the endpoint. Recon’s SOC monitors your environment for security-relevant telemetry across your network perimeter including VPNs and firewalls.
Monitoring identity telemetry and responding to suspicious logon behavior is a critical way to stop attacks before they can get started. Recon actively monitors our customer’s identity logs for suspicious activity and leverages best in class orchestration and automation techniques to catch not only suspicious login activity but also the follow-on activities that others miss.
The personal attention given by Recon’s staff in setting up our security is invaluable. The systems and procedures they set up for us are exactly what we need to meet our financial industry compliance requirements. Further, the ongoing monitoring and assistance they provide allows us to concentrate on developing our applications without distractions, but with full assurance that our systems are secure.
Recon InfoSec tracks threat intelligence across the industry and curates that intelligence according to what’s relevant to your industry and your organization. Threat intelligence permeates every aspect of our service and is a primary driver for new detections, Threat Hunts, and Security Guidance.
How specifically is your team/organization benefiting from threat intelligence? Does it end up in a stack of reports collecting dust? How is your current provider using that intelligence to make your organization safer?
Recon collaborates with clients to deploy canary systems in their network that mimic high-value assets. These canary systems provide a low-noise, high-fidelity alert signal to Recon’s SOC. Recon continuously monitors these canary tokens and systems for suspicious behavior.
Is your current MDR provider helping you deploy canary systems in your environment? Do they help you think strategically about where you place those systems to generate the best indicator possible?
Recon’s SOC actively monitors intelligence sources, searching for indicators, gaps, or potential vulnerabilities for our team to use as hypotheses for a hunt. Our team then forms their hypothesis using an “assumed breach” mentality and combs through our customers' logs looking for potential indicators of a threat. The findings of those hunts are then used as the basis for new detections to make our customers continuously safer from emerging threats.
Every single member of my security group fully appreciated working with a team of Recon InfoSec’s caliber. Their focus on the golden triangle of people, processes, and technology meant no stone was left unturned in our aim to move up the maturity curve across our full suite of security services.
The Recon Security Operations Portal provides customers with a consolidated view of their security posture across their entire network. Recon’s customers can log into the Portal to see their asset inventory, log sources, integrations, and view the active cases that the Recon SOC is investigating. Customers can also leverage the chat function in the portal to get direct access to the analysts that are conducting threat hunts, writing new detections, and protecting their environment from bad actors.
All of Recon’s agreements come with 30 hours of incident response work included. In case of a major incident, our team knows your environment better than anyone else and will be able to respond quickly. Our team will work to contain the incident and remove the bad actor as well as begin performing a root cause analysis.
What kind of support does your current provider have in case of an incident?
In order to operate efficiently and securely in a digital environment it is crucial to have solid collaboration between security operations, risk management and network operations. As part of the MSO service Recon brings the expertise from the security operations perspective to that triangle of collaboration. Included in Recon’s service are monthly meetings where the notable cases from the previous month are reviewed and where we can provide recommendations on existing risks and approaches to remediate those risks.
If we are “guarding the house” and we see a “broken window” we are going to recommend you get that window fixed. This type of guidance will be proactive, but we will also be available to answer questions about how much risk we see in particular approaches/decisions and recommendations on what next steps a client might want to take to improve their security posture.
We consider Recon InfoSec our business partner and one of our main resources for IT security. We believe organizations of any size would benefit from working with them. Their people were great to work with, knowledgeable, and very professional.
Let us know how we can contact you, what you would like to know, and how we can help.
