Skip to main content

Beta What do you think of this service? Your feedback will help us to improve it.

  4. Extended monitoring service

Author: GDS

Extended monitoring service

Extended monitoring is a free vulnerability monitoring service provided by the Government Digital Service (GDS) to any UK public sector organisations.

Using commercial tools, the service monitors the internet-facing digital environment of organisations to look for vulnerabilities that could be exploited by attackers.

The service is centrally funded so there is no cost to organisations and the service can be used as well as or instead of your own monitoring.

What extended monitoring does

If you sign up for the service, we will monitor your digital environment and:

  • tell you about any issues we find
  • support you to fix any issues
  • use automated and manual triage of the issues to help you prioritise critical issues

The service can find internet-facing vulnerabilities including:

  • web based vulnerabilities
  • exposed files, storage buckets and admin panels
  • misconfigurations
  • phishing domains
  • new and existing CVEs in applications like Microsoft Exchange and ServiceNow
  • software vulnerabilities like XSS and RCE
  • exposed API keys and passwords
  • open ports
  • IP addresses in untrusted locations

As we get feedback from users of the service, we will add extra checks and scans to the service.

When we add new checks to our service we will make sure they don’t harm the service being monitored.

We will also tell you if there are any significant changes to the service, but we will not ask for authorisation for the same domains again.

Frequency of scanning

The extended monitoring service makes multiple connections a day to services operating on your domains. It queries each service by host and IP address and each open port found.

Neither GDS nor the organisation can control the timing or cadence of the monitoring.

Impact on services

Extended monitoring can generate a substantial amount of traffic but is within the volumes a modern service should be able to tolerate.

If your website or digital service is not configured to handle reasonable volumes of traffic it could encounter issues.

Note: If your service is unable to handle this volume of traffic, it could already be vulnerable to a denial of service (DoS) attack.

Use SIEM to receive data

If you use SIEM, you can sign up to our data sharing service to receive all vulnerability data directly into your SIEM.

Contact support@domains.gov.uk for more information.

Sign up for extended monitoring

We accept domains in any namespace, for example .gov.uk, .nhs.uk, or .org.uk, as long as you own the domain and can authorise monitoring of the services it operates.

Getting extended monitoring set up for your organisation is straightforward.

  1. You need to know what domains you own, and complete this Extended Monitoring form to give GDS permission to access your domains.
  2. You will need to tell your organisation’s appropriate security and operations people about the monitoring before it is set up. This makes sure they understand where the extra traffic is coming from and don’t block it.
  3. You should tell your service providers about the monitoring to make sure you are contractually allowed to include extended monitoring.
  4. GDS will then start monitoring and will email you when we find critical issues and tell you how to fix them.
  5. We ask you to give us feedback on the issues we find and the quality of the service, so that we can continually improve.

Making changes after setting up extended monitoring

If you need to make changes after setting up extended monitoring, you will need to let us know by email or by submitting a new form. For example if you need to change the authoriser or add a new domain.

Contact

If you need more information email support@domains.gov.uk

Sign up to UK Government Security

Subscribe to our newsletters to receive notifications when changes to strategy, policy, standards, and guidance are published on the website.

Sign up now