top of page

Team Cymru Releases Pure Signal™ Recon, the Next Generation of its Internet Signal Intelligence Solution

Threat hunting solution allows analysts to see cyber attack campaigns spin up across the internet and block them before they are launched


February 23, 2021

Team Cymru announced today the release of Pure Signal™ Recon, beginning the next generation of its flagship threat reconnaissance offering.

Elite threat hunting and security analyst teams in the public sector and Global 1000 organizations rely on the pure Internet signal made available via Recon to trace, map and monitor cyber threat infrastructures across the globe. The solution allows them to analyze Internet traffic with a level of clarity similar to what they would expect from their own internal network telemetry.

A security team’s visibility ends at the firewall and threat intelligence from traditional sources is usually fragmented and dated. However, with on-demand access to Pure Signal™ data, clients can take a seed of intelligence and trace a threat through more than a dozen hops to its source, then flesh out the extended threat infrastructure to have comprehensive visibility into what threat actors are doing anywhere across the Internet.

Pure Signal Recon unlocks over three months of global Internet telemetry, revealing unmatched levels of critical data about billions of connected nodes, networks, servers and clients, regardless if they are victim, target or threat actor. This data is updated in near real time.

“One sentiment that has persisted for decades is that security teams feel like they’re playing a constant game of whack-a-mole,” explained David Monnier, Team Cymru Fellow. “For most organizations, visibility ends at the firewall, and the intelligence they receive from their own investigations may be a couple domain names or IP addresses. You get a threat report that includes 7 IP addresses to block and the threat actors simply pivot to different command and control servers. With Recon, you can take those 7 IP addresses from the threat report and identify the other 30 IP addresses that comprise the threat actors’ infrastructure. You can also watch it over time and identify other IP addresses as they come online. It has a big impact on your security posture.”

Organizations are making it a priority to build advanced analyst teams as senior stakeholders realize how critical this function is now that the network perimeters of companies effectively no longer exist. Pure Signal™ Recon provides otherwise unattainable visibility into what is happening virtually anywhere on the Internet. This puts analysts in a position to optimize prevention, detection, response and supply chain security.

Use Case Examples:

Threats evolve faster than security vendors can keep up. Using months of Internet traffic visibility, threat actor movements can be traced with clarity, victims illuminated, and their next targets identified.

With near-real-time updates to internet traffic activity analysts can detect malicious communications coming to and from enterprise assets, third-party vendor assets and cloud assets to close the detection gaps left by detection and response tools.

Attackers often dwell for long periods of time inside networks, their initial entry remains hidden by time and the avalanche of data burying security teams. Recon can illuminate a visible path of a threat and trace it back in time and to its origin, accelerating root cause analysis, compromise assessment and remediation.

Remediation is a major challenge that Recon users are able to overcome. For example, organizations facing huge financial losses are further drained when malware they missed during cleanup is activated again. Recon allows clients to view their attack surface from the perspective of the attacker, illuminating malicious communications, even from shadow IT or third-party vendor networks. This perspective enables breach cleanup to be comprehensive and verifiable.

About Pure Signal™ RECON

Pure Signal™ RECON delivers on-demand access to Internet traffic telemetry, which allows security teams to investigate and monitor external threats with a level of clarity similar to what they would expect from their internal network telemetry. It is this visibility that allows users to block cyber-attack campaigns before they’re launched. However, clients also use this information to close detection gaps, identify shadow IT, perform root cause analysis during an attack, expand understanding of the tactics, techniques, and procedures (TTP) employed by specific threats, and illuminate the attack surface from enterprise to supply chain to cloud.

About Team Cymru

Since 2005, Team Cymru’s mission has been to save and improve human lives by working with public and private sector analyst teams, enabling them to track and take down threat actors, criminals, terrorists and human traffickers around the globe. The company delivers comprehensive visibility into global cyber threat activity and is a key source of intelligence for many cyber security and threat intelligence vendors. Its Community Services division provides no-cost threat detection, DDoS mitigation and threat intelligence to network operators, hosting providers and more than 130 CSIRT teams across 86+ countries. Enterprise security teams rely on its Pure Signal™ platform for on-demand access to global internet traffic telemetry, which allows them to see what’s happening virtually anywhere across the internet with a clarity similar to that of their own internal network telemetry. With this visibility, they close detection gaps, accelerate incident response, and get ahead of critical, recurring threats – mapping and monitoring threat infrastructures around the world and blocking attacks before they are launched. For more information visit

bottom of page