What is External Monitoring?
External Monitoring helps you gain continuous visibility into the external security posture of your suppliers. It automatically discovers and scans internet-facing assets associated with suppliers in your network, identifying publicly visible security signals that may indicate potential risk.
This provides an outside-in view of supplier security, complementing the information suppliers provide in their Risk Ledger assessments. Rather than relying only on point-in-time questionnaire responses, External Monitoring adds continuous intelligence about a supplier’s digital footprint and configurations
💡 External Monitoring is a paid feature. Please reach out directly to your CSM for further information if you'd like to see how External Monitoring can benefit you.
Benefits of External Monitoring
External Monitoring helps organisations move from static supplier assessments to continuous risk visibility.
Key benefits include:
Independent security signals - Gain objective insights into suppliers' external security posture based on observable technical configurations.
Continuous monitoring - Detect potential security issues as they appear, rather than relying solely on periodic reviews.
Faster risk prioritisation - Findings are categorised by severity to help you focus on the issues most likely to present real risk.
Integrated supplier collaboration - Findings appear directly alongside supplier assessment responses, allowing you to quickly verify claims or start discussions with suppliers where needed.
What assets are scanned?
External Monitoring focuses on publicly accessible, internet-facing assets associated with suppliers.
Web, Email and DNS Scans:
Web security headers (TLS, CSP, HSTS, HTTP)
Email authentication (SPF, DKIM, DMARC)
DNS configuration checks
Port Scans:
50+ critical ports including Remote Access, Database, Web Services & Management, File Sharing, and Infrastructure
These checks help highlight potential exposures that could be visible to attackers and provide early visibility so they can be reviewed and addressed where necessary.
How to use External Monitoring
To begin using External Monitoring, navigate to a supplier's profile (1) then External Monitoring (2). Here you can see the various Scan Categories, Findings and Assets:
Click into a Finding (1)(2)r to see information on what was scanned, any issues and the severity levels associated with it (3). You can also add Private notes to any finding or start a Discussion directly with your supplier (4).
Also, when viewing a supplier's Assets (1) you can start a Discussion directly with them if you believe any assets to be missing (2):
What are Severity Levels?
Severity levels are used in External Monitoring to assess and categorise the potential impact and urgency of security vulnerabilities or misconfigurations. They help prioritise security issues and determine appropriate response times for remediation.
The following factors have been taken into consideration in setting the severity of monitoring findings:
Prioritisation: Higher severity issues should be addressed first
Resource Allocation: Critical and High issues require immediate attention and resources
Risk Management: Helps balance security needs with operational constraints
Compliance: Supports meeting regulatory and policy requirements
Communication: Provides clear framework for discussing security issues with stakeholders
Severity Levels
Critical | Issues that indicate a significant security weakness and may require immediate attention. |
High | Notable security gaps or misconfigurations that could increase risk and should be reviewed as a priority. |
Medium | Areas where security controls may be present but could be improved to align more closely with best practices. |
Low | Minor improvements that may strengthen security posture but are unlikely to present immediate risk. |
Informational | Contextual observations from scans that may be useful for visibility or review but do not necessarily indicate a security issue. |
Tip: When viewing a supplier's findings, you can easily view the severity levels alongside them by click the "Severity levels" button in the findings window.
💡 If there is anything we haven't covered, please feel free to contact us at support@riskledger.com or alternatively, select the Chat icon in the bottom right corner.