What is External Monitoring?
External Monitoring is a new feature that helps you understand your organization's security posture from an outside perspective. It currently scans your email and web security configurations to identify potential security improvements.
Privacy & Security
Who can see my scan results?
Scan results are visible to External Monitoring customers, which allows them to see scan results alongside your assessment and Risk Ledger. This will help you:
Demonstrate your security posture with objective data
Support your assessment responses with evidence
Show your commitment to security improvements
Is the scanning process secure?
Yes. Our scanning process:
Follows industry best practices for security testing
Only checks publicly available security configurations
Never attempts to exploit vulnerabilities or access private data
What data do you collect?
We only collect information from public DNS records and web server responses, similar to what any web browser would receive. This includes:
Email security configurations (SPF, DMARC)
Web security headers
SSL/TLS certificate information
Using External Monitoring
How do I get started?
Visit the External Monitoring section in your Risk Ledger account
Review any pre-populated assets
Add additional assets by clicking "add asset"
Check your initial security findings
Note: if you have a Web Application Firewall (WAF), you may need to whitelist Risk Ledger's scanning IP address in order for us to scan your assets.
IP Addresses to whitelist:
18.202.105.19252.215.173.201
Can I add or remove assets to scan?
Yes, you can manage your assets at any time through the External Monitoring interface.
Please note that we use the registered website on your profile as an initial system asset, and to change this you can update the website on your profile.
You may also make assets inactive if they are no longer in use.
How often are scans performed?
DNS and Web security checks (TLS, CSP, HSTS, HTTP headers) run weekly
Email security checks (SPF, DMARC) run weekly
Suppliers can manually trigger a rescan of email security checks at any time, from a finding directly
Getting Help & Providing Feedback
How do I provide feedback?
We want to hear from you! You can:
Use the feedback button within the product
Book a feedback session with our team here
Reply to any of our communications
What if I find incorrect results?
Please let us know immediately through any of the feedback channels. Understanding any false positives or inaccuracies helps us improve the service.
Can I get help understanding my results?
Yes! We offer:
Detailed explanations within the product
Help documentation for each type of security check
To get more help, please reach out to our support team via Intercom
Future Plans
What features are coming next?
We're focusing on email, DNS and web security for the beta, but our roadmap includes:
Enhanced Security Guidance
Clearer explanations of why each check matters
Practical steps for improving configurations
Industry best practice recommendations
Assessment Integration
Connect scan results to assessment answers
Provide evidence of security controls
Combine outside-in data with your assessment responses
Result Sharing
Share results with customers to demonstrate your security posture
Add context to explain your configurations
Show progress on security improvements
Additional Security Checks
Expanded domain checks
More security indicators
Our goal is to help you understand your security posture and make meaningful improvements. We'd love to hear what additional security checks and guidance would be most valuable for your organisation.
Technical Details
What specific configurations do you check?
Email Security
Web Security
DNS Security
Port Scanning
Have another question?
Contact our Product Manager, Arati Dey anytime at arati@riskledger.com.