Skip to main content

Beta What do you think of this service? Your feedback will help us to improve it.

  4. Extended monitoring service

Author: Government Digital Service

Extended monitoring service

Extended monitoring is a free vulnerability monitoring service provided by the Government Digital Service (GDS) that helps public sector organisations identify and respond to security vulnerabilities in their internet-facing digital services.

The service is centrally funded so there is no cost to organisations and the service can be used as well as, or instead of, your own monitoring.

Benefits of using extended monitoring

There are a number of benefits with using extended monitoring in your organisation:

  • free and centrally funded with no cost to your organisation
  • proactive protection that detect vulnerabilities before attackers do
  • expert support with help prioritising and resolving issues
  • optional SIEM integration that feed alerts directly into your existing security tools

What extended monitoring does

Once you register, GDS will monitor your digital environment and:

  • alert you to vulnerabilities and misconfigurations
  • support you to fix any issues
  • use automated and manual triage of the issues to help you prioritise critical issues

The service can find internet-facing vulnerabilities including:

  • web based vulnerabilities
  • exposed files, storage buckets and admin panels
  • misconfigurations
  • phishing domains
  • new and existing CVEs in applications like Microsoft Exchange and ServiceNow
  • software vulnerabilities like XSS and RCE
  • exposed API keys and passwords
  • open ports
  • IP addresses in untrusted locations

As the service evolves, new checks will be added based on user feedback, without disrupting your services.

When we add new checks to our service we will make sure they don’t harm the service being monitored.

Source of scanning

Current monitoring traffic originates from scanner.detectify.com with the dedicated IP addresses 52.17.9.21 and 52.17.98.131.

Please ensure you have notified the appropriate people to allow traffic from these IPs.

From time to time the IPs will change as we rotate in new suppliers and services. We will notify you of any changes.

Frequency of scanning

The extended monitoring service makes multiple connections a day to services operating on your domains. It queries each service by host and IP address and each open port found.

Neither GDS nor the organisation can control the timing or cadence of the monitoring.

Impact on services

Extended monitoring can generate a substantial amount of traffic but is within the volumes a modern service should be able to tolerate.

If your website or digital service is not configured to handle reasonable volumes of traffic it could encounter issues.

If your service is unable to handle this volume of traffic, it could already be vulnerable to a denial of service (DoS) attack.

Use SIEM to receive data

If you use a SIEM tool, you can sign up to our data sharing service to receive all vulnerability data directly into your SIEM tool.

Sign up for extended monitoring

We accept domains in any namespace, for example .gov.uk, .nhs.uk, or .org.uk, as long as you own the domain and can authorise monitoring of the services it operates.

Getting extended monitoring set up for your organisation is straightforward. Here’s how to get started:

  1. You will need to know what domains you own, to give GDS permission to access your domains.
  2. You will need to tell your organisation’s appropriate security and operations people about the monitoring before it is set up. This makes sure they understand where the extra traffic is coming from and don’t block it.
  3. You should tell your service providers about the monitoring to make sure you are contractually allowed to include extended monitoring.
  4. Once you’ve registered, GDS will then start monitoring and will email you when we find critical issues and tell you how to fix them.
  5. We’ll ask for your feedback on the issues we find and the quality of the service, so that we can continually improve.

Register for extended monitoring

Making changes after setting up extended monitoring

If you need to make changes after setting up extended monitoring, you will need to let us know by email or by submitting a new form. For example if you need to change the authoriser or add a new domain.

Contact

If you need more information email support@domains.gov.uk

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now