New Features and Improvements - May 2023

Nicola Chapman
1 June 2023
|
4 min Read
|
Nicola Chapman
Create free account

Contents

Introduction

May has been another busy month for the FractalScan Surface team, with lots of new features and improvements being delivered.

This includes a new report type with more detail on your actions, risks and assets, and “Checks” showing you details of what FractalScan Surface is checking for.

See what FractalScan Surface is checking for

One of the reasons companies invest in attack surface management tools is to have peace of mind that their company is being monitored for vulnerabilities.

FractalScan Surface’s new Checks widget gives you visibility of all the checks that are being carried out against your online assets each time a scan is run.

Checks condensed UI

Against each check, any remediation actions your need to take are listed, helping to highlight the key areas of security you need to improve to reduce your risks. Related checks are grouped together, and the groups can be expanded to list all the checks included.

Checks expanded UI

The expanded view of the checks has also been included in the summary report. This is particularly useful if you’re running scans on behalf of others (e.g. Managed Service Providers), as you can easily provide evidence of what the scan has checked for when sharing the results.

Risks and Actions report

FractalScan Surface has a new Risks & Actions report type.

The report includes details of all the risks identified in your scan, and the actions that need to be taken to remediate these risks. In addition, it includes lists of all the domains & IP addresses identified by FractalScan Surface, and the number of Critical, High, Medium and Low risks identified against each one.

This report comes in the form of an Excel spreadsheet, meaning you can format and filter the data in a way that suits you.

Reports download UI

The risks & actions report is available to Premium plan users and above.

Manage the users in your organisation

You can now invite new users to your organisation and remove old users’ access, allowing you to get the most out of the user allocation in your FractalScan Surface plan.

Invitations can be sent to new users via the “invites” option in your organisation actions menu.

Invite users UI

Simply enter the email addresses for the user(s) you wish to invite, and they will be sent an email inviting them to create a FractalScan Surface account and join your organisation.

Invites are valid for 7 days, but if your team member doesn’t accept the invite in this period you can simply send them a new invite.

If you create an invite by mistake, you can delete a pending invite.

You can also view your user allocation usage to see how many more user accounts you can create.

Invite screen UI

Once the user has accepted the invite, you will need to add them into the scan groups you wish for them to access.

If an individual has left your business and you want to revoke their access, you can do this using the “x” next to the user in the users menu.

Remove user UI Organisation members with admin or owner roles can create invites and remove users.

Delete seed domains/IPs from a scan

There are a few reasons you may wish to remove a seed domain or IP from a scan, for example:

  • You made a typo or spelling mistake.
  • You want to split up a scan to separate results for different business areas.
  • You accidentally added a domain to the wrong scan.
  • The company being scanned has changed the domain they operate under.

On the Scan Scope widget on the scan overview page, you can remove a seed from a scan. This will remove all data from the scan that relates back to that seed, and its history.

Note if you remove a seed, the given domain or IP could still be found by the scan if it relates back to a seed that is still present.

Scan seed deletion UI

When a seed is deleted, all other history for the remaining scan scope will be retained.

Other improvements

  • We’ve made it clearer what the DKIM checks are checking for and when DKIM risks might not be valid on a scan.
  • When you choose to exclude IP risks from your results or mark a domain as a CDN, FractalScan Surface will no longer exclude any associated countries from your results.
  • When you create a new scan group, you can now go directly to add users to it, making the process simpler and faster.

New group UI

Coming soon

  • Creating scans via the FractalScan Surface public API.
  • Improved services and third-party component detection.
About Nicola Chapman
Nicola is the Product Manager for FractalScan Surface, working closely with the Red Maple Technologies engineers to represent our customers' and users' needs. She has over 10 years product management experience building products to help solve real world problems for businesses.
Nicola Chapman

REVIEWS

What our customers think

Haas Automation Logo

Ken Shannon

Haas Automation

"FractalScan Surface is an impressive tool that we use to monitor our external cyber risks and those of our dealers worldwide. We've even used it to perform due diligence security checks on third-party suppliers. I appreciate the easy-to-understand summary views, and my team likes that the daily scans automatically reflect their ongoing risk mitigation efforts. I'd really encourage other companies to use this tool and start tracking their cyber risks."

View The Space

Robin Craib

VTS

"FractalScan's capability to mark domains hosted on shared cloud services gives us the ability to remove risks associated with IP addresses which are not part of our infrastructure, allowing us to focus our resources. The consultancy we've had from the professional services team at Red Maple Technologies confirms the credibility and background of the team building FractalScan. I'm excited to see what's coming next for FractalScan."

Formula 1

CIO

Formula 1

"FractalScan Surface has been great for discovering our online-visible assets and exposures, allowing us to make some immediate improvements to reduce our cyber risk." Daily scanning enables us to keep on top of our external attack surface, which is particularly important to us since we have complex digital content output. FractalScan gives us the view on our data we didn't have."

Capterra Logo

Andy K.

Financial Services

"Simplicity - give it a domain and it will find out what it can about subdomains, related domains and any issues it identifies with them. We may not be privy to sites or subdomains other parts of the business may implement. FractalScan gives us a discovery tool to identify previously unknown public infrastructure, we can reduce our external attack surface by identifying and resolving issues and getting "old" public infrastructure decommissioned."

Capterra Logo

Tim N.

Information Technology and Services

"What I appreciate the most about FractalScan is the level of accuracy this platform provides while maintaining a passive approach to data collection. As someone who works in technical sales and consulting, I have a lot of clients working with products in this space. The common problem is the overwhelming amount of results and the operational overhead required to make those results actionable. FractalScan's unique solution provides results that are immediately accurate and actionable."

Capterra Logo

Jason C.

Financial Services

"FractalScan Surface provides a compact and concise overview of vulnerabilities that have been identified on our assets. It is important for teams to be able to understand the issue, prioritise remediation activities and focus on removing vulnerabilities from our estate....this tool enables all of this and has proven to find vulnerabilities that other tools do not."

Capterra Logo

Jack S.

Information Technology and Services

"FractalScan Surface delivers an exceptional experience, principally by enhancing our understanding of customers' digital assets. The platform's intuitive interface facilitates a user-friendly experience that our team appreciates. This, in turn, allows us to proactively identify vulnerabilities and address them before they escalate. We've found the platform to be markedly superior to its market counterparts in terms of capability and efficiency. Integration into our existing business processes was seamless, minimising any potential operational interruptions."