Log inSign up

PART OF THE LETS SECURE PLATFORM FOR CONTINUOUS TECHNICAL SECURITY MONITORING.

Discover shadow IT and forgotten services before they become incidents

Lets Secure Discovery uses Certificate Transparency logs, DNS verification, and low-intensity technical verification to find hostnames, subdomains, and services outside the documented inventory.

See what is new, what is active, what is already managed, and which findings need review, including possible dangling CNAME risks, unexpected public services, and internet-exposed management surfaces.

Request a demoExplore capabilities
Discovery overview
Total findings10
New unreviewed2
Active unmanaged3
Managed5
IP footprint2 IPv4
Top ASNDemo Network

See what is actually exposed

Inventories and documentation become stale quickly. New services are published, test environments remain online, certificates reveal subdomains, and old DNS records point to resources that are no longer used.

Discovery helps find what manual reviews often miss: shadow IT, forgotten applications, older subdomains, unknown hostnames, and exposed services that should be reviewed.

Certificate Transparency discovery

Find hostnames and subdomains visible in Certificate Transparency logs, even when they are not present in your regular inventory.

DNS and reachability

Verify whether a hostname still resolves, which IP addresses it points to, and whether it appears to be publicly reachable.

Unmanaged findings

Separate managed, active unmanaged, historical, and new unreviewed findings so the team can prioritise the right work.

Possible dangling CNAME

Identify CNAME records that point to removed or unclear external resources and flag them for review.

TLS and HTTPS status

Check whether discovered hostnames respond with TLS and HTTPS, and whether the certificate appears to match the service.

Threat context where relevant

Enrich technical findings with MISP threat intelligence where relevant, without making uncertain attribution claims.

From unknown hostnames to reviewable findings

Discovery is more than a list of subdomains. Lets Secure structures findings so you can see status, review state, DNS result, TLS and HTTPS status, issuer, latest observation, and recommended action.

This makes it easier to decide whether a finding should be handled, moved to managed, ignored as historical, or investigated further.

  • Hostname and related domain
  • Status: managed, active unmanaged, or historical
  • Review status
  • DNS resolution and rDNS
  • TLS and HTTPS status
  • Certificate issuer and latest observation
  • CNAME and provider information
  • Dangling CNAME assessment
  • MISP status where relevant
  • Low-intensity active verification support
Discovery overview showing total findings, unreviewed hostnames, active unmanaged findings, IP footprint, top ASN, and Discovery status by domain.

Examples of findings Discovery can surface

Shadow IT

A subdomain appears in certificate logs but is missing from the internal inventory.

Forgotten test environment

An old test or staging environment still responds publicly.

Unexpected public service

A hostname points to an active IP address and responds with HTTPS even though it is not documented.

Possible dangling CNAME

A DNS record points to an external service that no longer appears active or owned.

Certificate reveals new exposure

A new certificate shows hostnames that need review before they become a permanent part of the exposure.

Unexpected infrastructure

A hostname points to an unexpected ASN, country, or infrastructure owner.

Continuous follow-up, not a one-time scan

Exposure changes over time. New hostnames appear, old certificates remain visible, DNS records change, and external providers move infrastructure.

Lets Secure helps track the change continuously: what is new, what is active, what has been reviewed, what is managed, and what needs action.

Discovery finding detail showing hostname, DNS resolution, TLS and HTTPS status, Certificate Transparency data, dangling CNAME assessment, and threat context where relevant.

Discover

Collect hostnames from Certificate Transparency, DNS, and verified domains.

Verify

Check DNS, TLS, HTTPS, and low-intensity technical signals.

Classify

Group findings as managed, active unmanaged, historical, or ignored.

Review

Inspect IP, ASN, rDNS, certificate, CNAME, and threat context where relevant.

Act

Move known resources to managed, handle risks, or document accepted findings.

Track

See new, recurring, and changed findings over time.

Do you know everything exposed to the internet?

Lets Secure Discovery helps find shadow IT, forgotten services, unknown hostnames, and risky drift before findings become incidents or urgent remediation work.

Request a demoExplore capabilities