Behind every app, domain, API, and supplier lies another thing. We map those invisible connections, giving security, risk, compliance, vendor management, and executive teams a live view of their extended digital ecosystem.
While building solutions for enterprise clients, Co-Founder Stephane Konarkowski discovered that most organizations had no idea how many apps, APIs, and services were actually connected to their environment. Getting an answer to a simple question was impossible: How many assets are you looking to protect?
Together with Nicolas Renard, he built an engine that scans what’s exposed on the internet, uncovering hidden applications, forgotten infrastructure, third-party connections, and many other blind spots that traditional tools miss.
That experiment became ThingsRecon: a discovery-first platform capable of finding the things that touch an organization, not from the inside out, but from the outside in. Not just to count assets, but to understand their connections, exposures, and digital proximity to what really matters.
Your digital ecosystem extends far beyond the vendors and the things you can name.
It’s the untracked APIs, the forgotten integrations, and the unseen suppliers that often carry the greatest risk. By combining continuous attack surface discovery with third-party visibility in one platform, we’ve built a living view of the extended digital ecosystem your organization depends on.”
Robin de Vries
CEO
|
ThingsRecon
.png)
Stephane Konarkowski
CPO & Co-Founder
.png)
Nicolas Renard
CTO & Co-Founder
.png)
Tim Grieveson
CSO & EVP Information Security
Daan Dia
Investor & Co-Founder
.png)
Aziz Maakaroun
Investor & Co-Founder
Sabrina Pagnotta
Head of Marketing
Laurie Coady
Head of Operations
Romuald Bois
Senior Technical Support Engineer
.png)
Tom Lukas Steingräber
AI Digital Producer
At the heart of ThingsRecon lies a discovery engine built to find the things that touch your ecosystem. Every day, we scan millions of domains, IPs, APIs, certificates, and web applications to uncover the hidden layers of an organization’s attack surface.
A proper recon doesn’t stop at what’s visible. From shadow assets and abandoned subdomains to inherited supplier infrastructure, we surface what traditional scanners miss.
We correlate and contextualize every finding, mapping relationships, exposures, and Digital Proximity™ (Patent Pending) to critical systems — enriched with data from geopolitical, financial, compliance, and threat intelligence sources. The result is a continuous view of your attack surface and third-party risk. A dynamic map of your digital connections as they grow and evolve.
More than discovery, it’s living cyber intelligence.
Our team is here to help.
Expand your MSSP offering.
Send questions or enquiries.
Five reasons security leaders rely on us to turn discovery into remediation.
Our deep discovery engine surfaces shadow assets, hidden dependencies, and geo-fenced services most tools miss. By combining continuous asset discovery with third-party risk visibility in one platform, we’ve built a continuous view of your evolving digital ecosystem.
Evidence-based risk prioritization is backed by over 100 automated checks across DNS, SSL/TLS, headers, and web hygiene indicators that provide measurable proof of improvement.
Digital Proximity™ (Patent Pending) adds context to the data: not just “is this vendor risky?” but how directly their risk touches you. It’s a unique measurement of how close each asset or supplier sits to your critical systems.
Agentless, external scanning means zero disruption. Visibility starts within hours, not weeks, so you can map the assets inside your perimeter, plus the suppliers, partners, and fourth parties connected to you.
With points of presence in North America and Europe, our platform scans from the nearest regional vantage point, surfacing risks hidden behind geo-fences, localized CDNs, or regional DNS variations.
