Simplify Your Cyber Risk Management with Actions

Nicola Chapman
26 May 2023
|
2 min Read
|
Nicola Chapman
Create free account

Contents

The first step when looking to improve your cyber security posture is understanding the risks you are vulnerable to, but once you have visibility of these risks, you then need to plan how to tackle them.

FractalScan Surface’s powerful Actions feature helps you to understand and prioritise the actions you need to take to improve the security of your attack surface.

What is an Action?

As the name suggests, an ‘Action’ is a thing you need to do to resolve one or more risks against your attack surface. Instead of just giving you a long list of risks for you to investigate, FractalScan Surface groups your risks together based on the resolution required and the domain or IP address the risks are against.

For example, if there are multiple different Critical Vulnerabilities & Exposures (CVEs) against an out of date version of PHP you are using, one Action will be raised to update PHP on the domain it’s used on.

Similarly, if you have more than one risk relating to a certificate, one action will be raised by FractalScan Surface to resolve all issues with that certificate.

List View of Advised Actions

Action management

Now you’ve got a list of actions you need to take, you can use FractalScan Surface to manage these through to resolution.

The Kanban board view allows you to prioritise and track progress of the actions.

Unplanned Actions on Kanban Board

You can view the description & remediation help, assign an owner, add due dates and add notes. You can also view the individual risks that have been grouped into the action.

Remediation & Vulnerability Advice

Resolution

Each time FractalScan Surface rescans your attack surface, it is checking to see whether the risks that were previously identified are still present.

When the risks under an action are no longer detected, the action will automatically be marked as resolved, giving you confirmation that your fixes or other remediation activities have been successful.

Actions - Resolution Kanban Board

In addition to this, notifications can be configured to alert you when risks that were previously detected are no longer found.

For more information about notifications you can read this blog: How to get the most out of your FractalScan Surface notifications.

About Nicola Chapman
Nicola is the Product Manager for FractalScan Surface, working closely with the Red Maple Technologies engineers to represent our customers' and users' needs. She has over 10 years product management experience building products to help solve real world problems for businesses.
Nicola Chapman

REVIEWS

What our customers think

Haas Automation Logo

Ken Shannon

Haas Automation

"FractalScan Surface is an impressive tool that we use to monitor our external cyber risks and those of our dealers worldwide. We've even used it to perform due diligence security checks on third-party suppliers. I appreciate the easy-to-understand summary views, and my team likes that the daily scans automatically reflect their ongoing risk mitigation efforts. I'd really encourage other companies to use this tool and start tracking their cyber risks."

View The Space

Robin Craib

VTS

"FractalScan's capability to mark domains hosted on shared cloud services gives us the ability to remove risks associated with IP addresses which are not part of our infrastructure, allowing us to focus our resources. The consultancy we've had from the professional services team at Red Maple Technologies confirms the credibility and background of the team building FractalScan. I'm excited to see what's coming next for FractalScan."

Formula 1

CIO

Formula 1

"FractalScan Surface has been great for discovering our online-visible assets and exposures, allowing us to make some immediate improvements to reduce our cyber risk." Daily scanning enables us to keep on top of our external attack surface, which is particularly important to us since we have complex digital content output. FractalScan gives us the view on our data we didn't have."

Capterra Logo

Andy K.

Financial Services

"Simplicity - give it a domain and it will find out what it can about subdomains, related domains and any issues it identifies with them. We may not be privy to sites or subdomains other parts of the business may implement. FractalScan gives us a discovery tool to identify previously unknown public infrastructure, we can reduce our external attack surface by identifying and resolving issues and getting "old" public infrastructure decommissioned."

Capterra Logo

Tim N.

Information Technology and Services

"What I appreciate the most about FractalScan is the level of accuracy this platform provides while maintaining a passive approach to data collection. As someone who works in technical sales and consulting, I have a lot of clients working with products in this space. The common problem is the overwhelming amount of results and the operational overhead required to make those results actionable. FractalScan's unique solution provides results that are immediately accurate and actionable."

Capterra Logo

Jason C.

Financial Services

"FractalScan Surface provides a compact and concise overview of vulnerabilities that have been identified on our assets. It is important for teams to be able to understand the issue, prioritise remediation activities and focus on removing vulnerabilities from our estate....this tool enables all of this and has proven to find vulnerabilities that other tools do not."

Capterra Logo

Jack S.

Information Technology and Services

"FractalScan Surface delivers an exceptional experience, principally by enhancing our understanding of customers' digital assets. The platform's intuitive interface facilitates a user-friendly experience that our team appreciates. This, in turn, allows us to proactively identify vulnerabilities and address them before they escalate. We've found the platform to be markedly superior to its market counterparts in terms of capability and efficiency. Integration into our existing business processes was seamless, minimising any potential operational interruptions."