Fortinet FortiRecon Reviews

Our primary use case of Fortinet FortiRecon is threat intelligence and digital risk protection. Since we operate in the banking sector in Pakistan, protecting sensitive customer and financial data is critical. FortiRecon helps us identify potential threats from the dark web, phishing domains and external attack surfaces before they impact our environment.

We use FortiRecon in combination with our on-prem FortiGate firewalls and SIEM to strengthen overall visibility. While FortiGate and our internal controls secure the internal network and branch connectivity, FortiRecon extends this protection by monitoring external risks in real time.

Speaking from my experience in the banking sector, Fortinet FortiRecon provided us with much-needed visibility into external threats. It allowed us to identify exposed assets and leaked credentials at an early stage, which reduced the risk of exploitation. Although it did not directly enhance our internal branch connectivity or firewall protections, it improved our overall security posture and gave our team more confidence in monitoring and managing digital risks.

The whole GUI of Fortinet FortiRecon is very user-friendly. The endpoints we were catering to were very visible and easy to navigate, so we didn't have to go through minute details to get the info and the stats out. Fortinet FortiRecon has done what other vendors haven't provided: easy accessibility and the whole process is very simplified.

Fortinet FortiRecon provides us with much clearer visibility into our external attack surface and digital assets. It allows us to identify leaked credentials and exposed information more easily, which is often tricky to manage on other platforms.

The only feature I would recommend for Fortinet FortiRecon is smoother integration with third-party SIEM and SOAR platforms. For instance, we use IBM QRadar and it would be ideal if FortiRecon’s threat intelligence findings could be pushed directly into QRadar rather than requiring manual exports or custom API setups

I have been using Fortinet FortiRecon from September 2024 till February 2025.

Regarding stability, it is quite stable. Fortinet upgraded their system in January 2025, which caused a minor downtime for three days, but overall it has been very stable without any crashes or lag.

Scalability can improve with better integration with other vendors, which would allow it to be used in professional environments and high-end organizations.

I would rate Fortinet support about seven and a half, on a scale from one to ten.

Positive

We have also used CrowdStrike Falcon, which was very good. The integration scenario in CrowdStrike Falcon was very nice.

The setup process for Fortinet FortiRecon was straightforward since it’s a SaaS solution. Once we reviewed the documentation and configured the scopes for monitoring, it was fairly easy to get started. Unlike traditional Fortinet tools, there isn’t a VMware image or on-prem version for lab practice, which might have been useful for technical teams who want hands-on training before moving to production.

Currently, there is a team of eight members that used Fortinet FortiRecon until February 2025.

Even though we are no longer actively using Fortinet FortiRecon and are now exploring other CTI tools, I still found its features very useful for monitoring our external attack surface. It gave us good visibility into exposed assets, leaked credentials and potential indicators of compromise linked to our organization.

We initially used it alongside a broader infrastructure that included Symantec devices Cisco Catalyst switches, and FortiGate firewalls. That said, it’s important to understand that FortiRecon doesn’t directly protect these assets the way an endpoint or firewall solution does. Instead, it gives you an outside-in view, showing what an attacker could potentially discover about your environment from the outside.

Integration with other vendors is possible through API keys but the process feels a bit manual and takes extra effort. The documentation is straightforward, but I think Fortinet could do a better job of offering more in-depth training focused specifically on FortiRecon, especially for teams that are new to external threat intelligence tools.

Overall, I would recommend FortiRecon to organizations that want clearer visibility into their external risks. It’s easy to use, does a great job of highlighting issues we weren’t aware of, and is more beginner-friendly compared to many other threat intelligence platforms. I would give it an 8 out of 10 for visibility and usability, but after factoring in the integration challenges, my overall rating comes to 7 out of 10.

I use Fortinet FortiRecon for status management and to see all the community threats in IT in our company, and to be aware of what threats can be present on our system.

I find it beneficial in my specific use cases because we can see all the threat actors, the fraudulent domains, and all that can happen in an IT company, such as ransomware and web mobile apps. We have all reports and all things that are good for an administrator to see appearing threats, and it's easier for SOC analysts to use Fortinet FortiRecon to be aware of what can be in our IT and how we can prevent this.

The impact of the Deep Web and Dark Web monitoring on my threat detection strategy has been significant; on some attacks we've seen an impact, particularly on web mobile rather than others, such as with QR codes and malicious QR codes.

The metrics I use to evaluate the effectiveness of Fortinet FortiRecon's external attack surface management include the phishing URL sent, phishing email reporting, and blocking what's related to phishing.

From my perspective, the best feature of Fortinet FortiRecon is the data sheets; I think it is pretty cool. I haven't used all the features, but the data sheets is the one that I use the most, and this is really beneficial.

In our organization, Fortinet FortiRecon's threat hunting capabilities have helped in managing cybersecurity risks because we have some SOC analysts that use most of this tool during their work. I didn't use it extensively, but I have seen them using it and received good reviews from them.

The main benefits that I have seen from Fortinet FortiRecon are the access to information for all the attacks, the reports, and the organization of the software. The access to information and the overall integration of many tools in one platform make Fortinet FortiRecon a comprehensive tool for overall cybersecurity improvements in our IT equipment.

Regarding what I would like to see improved or enhanced in Fortinet FortiRecon in the future, I don't have any recommendations. I think it's working well right now.

I have been using Fortinet FortiRecon for about nine months.

Regarding performance and stability, I find Fortinet FortiRecon really stable.

When it comes to the scalability aspect, I find it scalable.

I know about Fortinet tech support; I've already used it, but not for Fortinet FortiRecon. They are always available to respond and provide good answers, so I think it's excellent.

Positive

I did not have any other product in place for digital risk protection before Fortinet FortiRecon, but we had some Fortinet products before, just not a protection solution of this type.

I was involved in the initial setup and deployment part of Fortinet FortiRecon, and it was really simple and easy to deploy.

I did the deployment of Fortinet FortiRecon in-house; I did not use any integrators or consultants for the deployment part.

I did not evaluate any other options or look into any different solutions available in the market; only Fortinet FortiRecon was considered.

With the reports and alerts in place, I have seen benefits in my day-to-day operations because it's better than just a made-up report. We can access information more clearly and precisely with the reports.

I know that the Brand Protection feature in Fortinet FortiRecon has been used, but I haven't personally used it.

The automated alerts and reporting features of Fortinet FortiRecon generate some reports, but I don't think it's fully automated. Some tasks are automated but not all; the reports are automated, but not all the tasks.

On a scale of one to ten, I would rate Fortinet tech support an 8.5.

Based on my experience with Fortinet FortiRecon, I would recommend it as a product and solution to others.

I would rate Fortinet FortiRecon a 9 out of 10.

We are using Fortinet FortiRecon as a threat intelligence platform for protecting our company.

We have added two or three more products from Fortinet.

We are working with solutions from Fortinet including Fortinet SOAR, FortiRecon, and some ZTNA solutions.

The attack surface management and brand monitoring are some good features from Fortinet FortiRecon that I find most valuable.

The threat hunting capabilities of Fortinet FortiRecon have helped my organization manage cybersecurity risks.

We are using the brand protection feature.

Brand protection is very useful for identifying password leakage, duplicate applications, proxy applications in the name of our company, and protecting forged websites, phishing URLs, and duplicate URLs, among many more.

The reporting and alerts in Fortinet FortiRecon need to be improved and support is another area of potential improvement.

Engaging the support team with Fortinet FortiRecon takes more time than expected.

It has been more than a year since I have been working with Fortinet FortiRecon.

For stability, I would rate Fortinet FortiRecon around eight as it is a stable product.

To scale up Fortinet FortiRecon solution, you just need to procure more licenses; it is all about the licensing and investment.

We have compared Fortinet FortiRecon with Cybel, considering it as a main competitor in the market.

The initial setup for Fortinet FortiRecon is very simple.

I would rate the license cost for Fortinet FortiRecon as excellent because it is very useful for protecting our dark web monitoring and attack surface monitoring.

I am using all these applications for our infrastructure, including Fortinet FortiRecon and Fortinet SOAR.

If we talk about the threat intelligence platform, dark web monitoring is a very basic feature for threat detection strategy.

Fortinet FortiRecon is helpful for takedown of any duplicate or forged applications available on the internet, including fraudulent mobile apps created in the name of our company, which is a very important feature for us. Two years back, I provided a review on PeerSpot about Fortinet FortiSIEM. I am currently using this application since last year, so I cannot suggest any improvements, but we are browsing that application and figuring out how we can enhance our security.

We chose Fortinet because we have many other Fortinet products on our premises, helping us to correlate data and take feeds from different devices, making it very easy to analyze the complete security stack.

Overall, I would give Fortinet FortiRecon a rating of eight out of ten.

My main use case for Fortinet FortiRecon is to understand what attackers can see before they take action. As the security team, we need to know what attackers can see before they do.

The best features of Fortinet FortiRecon include the dark web monitoring, which is the standout for me. Getting alerts when company credentials or data show up on dark web forums is genuinely valuable, and that is not something you can do manually.

The brand protection side is also solid, as it picks up on phishing domains impersonating us quickly. Additionally, the attack surface discovery is good because it finds assets we did not even know were exposed.

Fortinet FortiRecon has helped us reduce our exposed attack surface. We identified and took down or secured approximately 15 assets.

There are no features that came up during implementation that we are not actually using.

I have been familiar with Fortinet FortiRecon for about seven years now.

We decided on Fortinet FortiRecon specifically over Recorded Future because we also looked at Digital Shadows, which was a close contender. It has a good product with solid dark web monitoring, but we already had a Fortinet relationship, so Fortinet FortiRecon made more sense from an integration and commercial standpoint.

When we first implemented Fortinet FortiRecon, it took about a month to get up and running.

The scope of our work with Fortinet FortiRecon is managed by the entire team. The adoption of Fortinet FortiRecon has gone well, as the entire team uses it in the same way.

I can put some numbers to that, as we are saving about 75 hours per month.

When evaluating options, we considered Recorded Future, which was probably the strongest competitor we looked at. It has really powerful threat intelligence, but the pricing was significantly higher than Fortinet FortiRecon, making it hard to justify for our team size.

When I start using Fortinet FortiRecon in my workflow, the first thing I do is plug in all our domains and subdomains to get a baseline picture of our external attack surface. You need that foundation first before anything else makes sense. The results from that initial scan are significant.