A UK government cybersecurity agency has advised companies relying on two of its popular external attack surface management (EASM) products to find alternatives by next year.
The National Cyber Security Centre (NCSC) said it is retiring its Web Check and Mail Check tools by March 31 2026.
“Retiring these services is in keeping with our roadmap for ACD 2.0, which stated last year that the NCSC will only deliver solutions where the cyber security market is unable to, or where being part of GCHQ presents a unique opportunity to drive up resilience at scale,” wrote NCSC service owner Hannah E.
“This will allow us to divert resources to new initiatives designed to help protect the UK’s cyber infrastructure.”
Web Check and Mail Check have been helping British organizations to better manage risk across their external attack surface since 2017.
Web Check runs scans for common web vulnerabilities and misconfigurations, such as whether digital certificates are valid or content management systems are patched.
Mail Check helps organizations to implement anti-spoofing controls SPF, DKIM and DMARC, as well as run TLS security checks for confidentiality.
Finding Alternatives
The NCSC urged current users of both tools to find commercial alternatives before the end-of-life date next March. Hannah E explained that an NCSC buyer’s guide will help organizations to select the product that’s right for them, by looking for solutions that offer:
- Insight into which solutions they’re running across the entire attack surface, DNS configuration, websites and certificates
- Security analysis of identified risks such as software security, email security or exposed services
- Supporting functions to manage the attack surface, such as overview dashboards, reports for downloading and sharing, and/or workflow features like adding comments or setting status fields on findings
Organizations should also consider subscribing to the NCSC’s Check your cyber security service, which apparently checks email systems for anti-spoofing and privacy capabilities.
Subscribers to the NCSC’s Early Warning and DNS Check offerings will continue to receive findings from Mail Check and Web Check via their MyNCSC accounts, the agency said.