Blue Hexagon | FractalScan Logo


Frequently asked questions about FractalScan Surface
Two Blue Hexagon | FractalScan Logo

1. What does FractalScan Surface do as part of a scan?

Requiring only your high-level domains ( or IP addresses, FractalScan Surface first queries a range of online sources to discover and enumerate associated online infrastructure and assets, before performing its own in-depth analysis.

FractalScan Surface’s analysis includes non-intrusive (passive) techniques to accurately identify components and risks and help build a complete picture of your attack surface. On the first scan, you will see the state of your company’s infrastructure at that point in time. For monitored scans your will see new risks and any changes over time.

For more information, please read our blog: ‘What is FractalScan Surface?’.

2. What’s the difference between monitored scans and ad hoc scans?

FractalScan Surface has 3 scan types, which types you have available will depend on the package you are on.

Own asset monitoring

This scan type is for continuously monitoring your company’s online assets. These scans are refreshed every day, meaning new assets on your attack surface and new risks are found straight away, allowing you to keep ahead of potential hackers.

Third-party monitoring

This scan type is for monitoring third-parties associated with your business. This could be your vendors, partners, sister companies or customers. These scans are run less frequently than when monitoring your own assets, usually weekly.

Ad hoc

This scan type is for carrying out one off scans of companies. For example, when carrying out due diligence on potential new vendors or partners you can get a snapshot of their attack surface. This will help you to understand how seriously they take cyber security. If you’re on the Premium or Enterprise packages, your ad hoc scan allowances will update monthly.

4. Do I need a company’s permission to scan them?

No. FractalScan Surface uses passive scanning techniques, meaning it’s compliant with the Computer Misuse Act and you don’t need a company’s permission to scan them.

5. What is covered by the free trial?

Our free trial aims to give you a taste of what using FractalScan Surface could really be like for you and your business. You can monitor the attack surface of one or more of your domains for 14 days and explore the full data in your results. This includes remediation advice for any risks we find and generating a summary report that you can download & keep.

Ultimately, we want to you to get the most out of your trial, so if there’s another domain you’d like to scan, or you want to try it for a bit longer than 14 days, get in touch and we can help.

6. When and how can I contact the support team?

Our support team is based in the UK and is available 8am – 6pm Monday – Friday. The best way to get in touch is by emailing or using the in app Contact Us option. If you are a Enterprise customer, you will have your own dedicated account manager assigned who will be your first point of contact for any support you need.

7. Where is my data being stored?

FractalScan Surface is built & supported by a team based in Cheltenham, UK. All data is stored in the UK.

8. Which package is the best choice for me?

There are 3 standard packages for FractalScan Surface: Essential, Premium & Enterprise. These packages scale with your business and mean there is an affordable option to meet every business’ needs.

  • The Essential package supports small-medium businesses in monitoring their own attack surface.
  • The Premium package supports businesses in starting to understand and monitor the key third-parties in their supply chain.
  • The Enterprise package allows a business to get full visibility of their whole attack surface, including their third-party supply chain. This package scales with the size of your business to ensure the price is suitable for businesses of any size. Please see our pricing page for more details of these packages.

If none of these standard packages quite fit your needs, please get in touch and we would be happy to provide a bespoke quote for you.

9. How do scan allowances work?

You can have a different allowance per scan type. For monitored scans (own asset & third-party) the allowance determines how many scans of each type you can have.

For ad hoc scans the allowance is usually monthly, and determines the number of one off scans you can run each month. Monthly is the standard frequency we use for ad hoc scans in our Premium & Enterprise packages but if you are on a bespoke package this frequency can be adjusted to suit your needs.

Your remaining allowances for each scan type can be seen in FractalScan Surface when you create a new scan, or by visiting your organisation’s usage page

10. How can I change my package?

You can change your package at any time by emailing

11. When do my monthly allowances update?

First of the month.

12. What happens if I delete a scan?

When you delete a scan, it is soft deleted for 30 days. This means you can un-delete it at any time during this period and get the full details & history of the scan back. Note if the scan is for own asset monitoring or third-party monitoring, the scan will not be run during the period it is in the soft deleted state. When the 30 day period has elapsed, the scan is fully deleted and your scan allowance will increase by 1 for the relevant scan type.


What our customers think