CCoE detects cutting-edge cyber protection – FractalScan Surface
One of the Cyber Centre of Excellence (CCoE) aims is to find and bring cutting-edge cyber security solutions to the wider market, making military-grade protection available to all organisations through collective purchasing power.
The cyber security market is crowded, with many vendors making similar claims. To help officers and members secure the best protection, the CCoE Advisory Board continually reviews and assesses new cyber security providers and tools on the market with the aim of raising awareness of these best-in-class solutions and offering access to them through preferential rates. Since the CCoE launch, a few providers have been identified as offering gamechanging solutions for cyber security: Blackwired, MessageMatrix and FractalScan Surface.
FractalScan Surface
FractalScan Surface is an attack surface management tool which scans the Internet to look for misconfigurations, security vulnerabilities and exposed data to give organisations a real-time report of their security risks and likelihood of being attacked. Knowing where these vulnerabilities are allows these potential gateways into the organisation to be fixed before they are found by cyber criminals. Rob Stemp, CEO at Red Maple Technologies, the company which offers FractalScan Surface, said organisations could purchase the service to scan for vulnerabilities daily, weekly, or monthly. The company has partnered with the Cyber Centre of Excellence (CCoE) to give reduced rates for local authorities and other CCoE members.
Besides scanning for an organisation’s own risks, FractalScan Surface can also be used to check a vendor’s security posture to assess potential supply chain vulnerabilities (see page 7 for an article on supply chain risk). Doing so is completely legal as the passive scan only accesses Open Source information visible to anyone online.
“New risks and vulnerabilities emerge every day. The fundamental issue FractalScan is finding is mostly either badly configured services or out of data software that has vulnerabilities,” explained Stemp, “Things change all the time. A configuration change might be made by mistake, or a planned configuration change might have an unintended consequence, and you would want to know about that as early as possible. New vulnerabilities are discovered every day, but you don’t know they exist until you go looking.”
For example, Stemp explained that FractalScan regularly detects instances where cloud storage or administration pages for Content Management Systems have been made publicly available accidently or due to a software configuration. The scan can also check the email settings of an organisation, which if set optimally can massively reduce spam and phishing emails.
When a scan takes place, the organisation also receives an overall rating of between 1 and 5, where 5 is the gold standard. “A level 5 is aspirational but doable and with some effort any organisation can get there. If you score 4 or a 5 you are not very likely to get hacked. A level 3 they are starting to look a little bit risky but with hopefully not too much work required to get to 4. Unfortunately, at level 1 they are very likely to get hacked quickly,” he explained.
In partnership with the CCoE a one-off FractalScan Surface report was recently produced for all 382 councils in the UK (see page 6 for more information). “Now there is a very large and powerful data set that gives a nationwide view of cyber security and risk for every local authority in the UK and hopefully that will give the national bodies the information they need to make decisions around priorities and triage, where to put the funding and also where common issues might have a common solution,” Stemp explained, “The CCoE has the remit to help local authorities using this data and the local authorities can also now buy a subscription to FractalScan through the CCoE and get scanning daily, weekly or monthly. Knowing the risks is important, but being able to take those actions through to resolution is the critical bit.”
Besides local authorities, any organisation can use and benefit from FractalScan Surface, including other public sector bodies, small businesses, and schools. “We want to help every small business and government organisation in the UK and have a desire to improve cyber security at a national level,” he added.
The company behind FractalScan Surface, Red Maple Technologies, offers a range of other solutions to help protect organisations against cyber security threats, with the founders and majority of its staff coming from an ex-government national security and defence background.
To find out more about FractalScan Surface visit: www.fractalscan.com or email enquiries@ccoe.wpenginepowered.com