← Back to context

Comment by yatralalala

4 days ago

I'm building Recon Wave (https://reconwave.com) - we monitor companies online perimeter and let them know when something's wrong.

Recon Wave basically finds and scans all their services - DNS, IPs, Apps, Ports - and notify customers when it breaks some policy (aka. "no ports than 443 should be open") or when some service is straight vulnerable.

I'm former security engineer and I hated all that "critical reports" that reported missing CSP header.

We're now playing with an idea to build LLM pentesting agent that could run agains the whole infra of our customers.

3 comments

yatralalala

Reply
tempaccount420  4 days ago

I'd hope companies practice Zero Trust nowadays and don't just close off all the ports (and leave things vulnerable, just inside a VPN...)

  • yatralalala  4 days ago

    I'm all for in for it. Sadly, companies host wild stuff and forget about it.

    What we build is primarily focused on companies that have at least hybrid stack - some on prem, some in cloud. If you completely behind load balancer and have strict change management, we can't bring you any value.

    In ideal world, we wouldn't have any business. But oh boy... Companies host wild stuff.

    Every single conversation I had with clients ended up with us showing some of their infra and the response was "wow, we didn't know this is ours".

    • Cyphase  4 days ago

      > In ideal world, we wouldn't have any business.

      Said every security company ever. :)