Free Network Scan
Request a free external network perimeter scan. We'll identify exposed services, open ports, and potential security weaknesses in your public-facing infrastructure.
About the Free Network Scan
A free network scan probes the public-facing IP address you provide for the open ports and services exposed to the internet. The scanner is the same class of tool an attacker uses on day one of a reconnaissance phase: nmap-style port enumeration, banner grabbing on responding services, and a check for the most common misconfigurations on each (default credentials on admin interfaces, expired or self-signed certificates on HTTPS endpoints, deprecated TLS versions still negotiating).
What you learn from a network scan is the size of your external attack surface. Most UK SMEs have one of three results. The first is a small, intentional surface (just web traffic on 80/443, mail on 25/465/587). The second is a medium surface with one or two unintentional things exposed (an admin panel that should only be reachable on the internal network, an old service running on a forgotten subdomain). The third is a sprawling surface where servers, devices, or developer environments have been published to the internet without anyone realising.
Cyber Essentials does not strictly require an external port scan, but the firewall control asks that only the ports your business needs are reachable from the internet. The free scan is the cheapest way to find out what those ports actually look like from outside. Anything you cannot explain on the result list is the next thing to investigate.
Common questions
Is the network scan free?
Yes. The free external scan covers the most common ports and services. You can run it once per IP per day on the public addresses you control.
Will this scan trigger any security alerts?
It can, on networks with their own intrusion-detection systems. If you operate a SOC or an MDR service, expect the scan to show up in your alert feed. The scan source IP is in the result page so your team can correlate it.
How is the free scan different from a full vulnerability assessment?
The free scan finds the open ports and the obvious misconfigurations. A full vulnerability assessment authenticates against your services, walks the application logic, tests the patch level on each service, and produces a CVSS-scored gap list. We deliver the full version under our managed vulnerability scanning service.
What if I do not own the IP I want to scan?
Do not run the scan. Unauthorised scanning of an IP you do not own is potentially a Computer Misuse Act 1990 offence. The free scan should only be used against IPs you own or have explicit written authorisation to test.
Beyond the free check
Network Infrastructure Assessment
The full version of this scan, plus authenticated testing, manual exploitation, and a written remediation plan.
Learn moreManaged Vulnerability Scanning
Continuous scanning of your external surface, with risk-prioritised remediation tickets.
Learn moreCyber Essentials Plus
The certification-grade external test that satisfies the Cyber Essentials Plus assessment requirement.
Learn more