Improving collective security through continuous analysis of public-facing attack surfaces. Open, categorised benchmarking data, free for everyone.
Torus Security operates VectorScan, a continuous internet research programme that surveys public-facing assets across the IPv4 address space. The programme exists for one reason: to produce the quantified exposure data that underpins better cyber risk decisions for our customers, for the insurance market, and for the security community.
Every organisation presents an external attack surface to the internet. Most have limited visibility into what that surface looks like to an adversary. VectorScan closes that gap by discovering, classifying, and benchmarking exposed services at scale, transforming raw technical findings into business-context intelligence.
The categorised and normalised data generated by this research is published as open peer group statistics through our free Exposure Insights service. Any organisation can assess their external posture against real industry benchmarks. Not vendor estimates, not survey data, but observed measurements derived from continuous scanning across millions of assets.
VectorScan conducts internet-wide surveys using five parallel scanning tools that execute simultaneously, delivering comprehensive coverage in hours rather than weeks.
Starting from publicly registered domains, our enumeration engine identifies subdomains, associated infrastructure, and DNS records to map the full extent of an organisation's internet-facing footprint.
Open ports are probed with RFC-compliant requests to identify running services. Web services are fingerprinted for technology stack, TLS configuration, and response characteristics. Email security records (SPF, DKIM, DMARC) are evaluated. Vulnerability detection identifies known CVEs and misconfigurations.
This is where VectorScan diverges from conventional scanning. Every discovered service passes through our proprietary enrichment layer, where 500+ classification rules map technical findings to 40+ service functions across 10 contact vectors. A forgotten development server becomes "customer payment gateway, externally accessible on non-standard port." Technical noise becomes business intelligence.
Classified data is normalised and aggregated into industry peer groups. For each contact vector, we calculate frequency distributions, percentile rankings, Z-scores, and skewness metrics. This produces the open benchmarking dataset, complete with full statistical context.
All findings are structured as OCSF-standardised records for immediate consumption by downstream risk models and insurance pricing engines. The data feeds our RiskVector platform for probability calculations and FAIR-based loss quantification.
All VectorScan probes are benign, use only RFC-compliant requests, and collect only information that is already publicly accessible to anyone connecting to the service on the correct port. Our scanning operates at controlled rates designed to have zero operational impact on target systems.
The categorised and normalised exposure data produced by VectorScan is made freely available through our Exposure Insights service. We believe that access to accurate, real-world benchmarking data should not be gated behind expensive subscriptions or limited to organisations that can afford enterprise security tooling.
Any organisation can use our free service to see how their external posture compares to peers in their industry vertical, with distribution analysis, percentile rankings, and full statistical context.
Understand your external exposure with quantified benchmarks. Prioritise remediation based on where you deviate from industry norms, not where generic frameworks suggest you focus.
Risk-based pricing grounded in live exposure data. Continuous quantified signals that replace stale annual questionnaires with real-time evidence of defensive posture.
Aggregated, anonymised exposure statistics across 20+ industry verticals. A growing dataset for academic researchers, CERTs, and policy teams improving collective resilience.
We take transparency seriously. All VectorScan scanning activity is clearly identifiable through multiple mechanisms so that network administrators can immediately recognise our traffic and distinguish it from malicious activity.
Each VectorScan probe hosts a web server at its IP address that identifies the scanning programme, explains its purpose, and provides opt-out instructions. If you observe traffic from one of our IP addresses, you can navigate directly to it in a browser for immediate identification.
While VectorScan exists to improve collective security and the data we produce is used to deliver free benchmarking that benefits the entire community, we respect the right of network operators to control what touches their infrastructure.
Email us with your CIDR blocks or IP addresses and your organisational affiliation. We will add your ranges to our exclusion list, typically within two working days. Opted-out ranges are excluded from all future scanning activity.
✉ [email protected]Configure your firewall to drop traffic from the probe IPs listed above. Blocking these addresses prevents indexing of your services in future scan cycles.
Please note: opting out of VectorScan data collection means your organisation will not appear in our peer group benchmarking statistics and will not benefit from the free Exposure Insights service. Your data will not be available for insurance risk assessment through our platform.
If you believe you have identified abusive activity originating from our scanning infrastructure, or if you have any questions about the VectorScan research programme, please contact us directly. We take all reports seriously and will respond within one working day.
Free Risk Intel or straight to a quote.