At the beginning of November the National Cyber Security Centre (NCSC) announced that Web Check and Mail Check – two components of the UK government’s Active Cyber Defence programme – will be decommissioned on 31 March 2026.
The NCSC says:
“By 31 March 2026, organisations should have alternatives to Mail Check and Web Check in place.”
For many public sector organisations these tools have been the first line of defence for monitoring website configurations and email security for a number of years. With the services drawing to a close, organisations are being urged by the NCSC to adopt commercial External Attack Surface Management (EASM) solutions.
⭐ Special offer: smooth transition to Hexiosec ASM - free until 31 March 2026
If the prospect of losing two trusted tools feels unsettling, don’t worry, Hexiosec has been working hard, including with NCSC on their Active Cyber Defence 2.0 programme, to provide a comprehensive alternative that goes beyond what the NCSC offered. Below is a quick look at why the retirement is happening, what these tools actually did, and how Hexiosec ASM will more than fill the gap.
Why are Web Check and Mail Check being retired?
Over the last eight years the cyber security landscape has matured. EASM platforms have proliferated, offering far richer functionality than the Web Check and Mail Check services. Rather than duplicating what is now a thriving commercial market, the NCSC wants to focus on areas where only the government can make a difference, as stated when they announced ACD 2.0.
A quick refresher: what did Web Check and Mail Check do?
Web Check was designed to help organisations identify and fix common web vulnerabilities. It ran light touch, non-intrusive scans and flagged misconfigurations against an organisation’s domain that attackers can, and often do, exploit.
Mail Check was used to help organisation with assessing their email security. It helped domain owners implement anti spoofing controls and data encryption.
These services helped build a baseline of good practice across the UK public sector. However, as cyber threats evolve, many organisations need broader visibility and continuous monitoring that extend beyond a handful of checks.
Hexiosec’s collaboration with NCSC on the ACD 2.0 exploration
In October 2024 the NCSC ran an exploration into external attack surface management under their ACD 2.0 initiative. They invited commercial providers to test their EASM products with real organisations. Twenty ASM vendors initially took part and were thanked publicly. The NCSC then selected a shortlist of providers to complete the detailed trial – we were delighted that Hexiosec ASM was on that shortlist of just 10 vendors.
During the trials we worked alongside a selection of the NCSC’s public and private sector customers, gathering feedback and refining our platform.
The NCSC’s report on the trials highlighted three key areas that ASM tools help organisations with:
- Insight and visibility – giving organisations sight of their online assets.
- Security analysis and issues – checking assets for misconfigurations and vulnerabilities.
- Supporting functions – making the data accessible and actionable, with dashboards, reporting and integrations.
Hexiosec ASM provides accurate and up-to-date information on your assets and vulnerabilities, with comprehensive reporting and API capabilities. This results in a high quality EASM capability that directly aligns with the NCSC’s vision for the future of cyber defence.
Hexiosec ASM is the perfect upgrade
At Hexiosec we started with the same goal as the NCSC: reduce cyber risk through accessible, actionable security checks.
Hexiosec ASM scans your public infrastructure every day, providing you with visibility of all your internet-facing assets. This accurate inventory of assets allows you to keep on top of what you have exposed, and provides insight on your overall attack surface. It also allows you to visualise your Web Presence (a Hexiosec ASM term that the NCSC have adopted in their report) allowing you to actually see what is being hosted on your domains, and is visible to the public.
Hexiosec ASM’s carries out a series of comprehensive checks against your infrastructure every day. Rather than simply reporting a list of issues found, it carries out analysis to provide actionable insights, with clear remediation advice, allowing you to start improving your security posture straight away, and stay on top of emerging threats.
Hexiosec ASM provides a number of supporting capabilities above anything the NCSC tooling provided. You can integrate Hexiosec ASM data with your other systems (e.g. your ticketing or SIEM platform) as well as generating summary and detailed reports for different stakeholders. One of the biggest additional areas of coverage it gives you, is the ability to monitor organisations in your supply chain to ensure they are not inherently exposing you to threats.
Why act now?
The decommissioning of the NCSC’s tools in March 2026 may feel distant, but cyber security maturity takes time. The NCSC’s buyer’s guide encourages organisations to evaluate EASM providers now and to consider the importance of features such as asset discovery, vulnerability analysis and supporting functions.
By adopting Hexiosec ASM, you’ll not only replace the Mail Check and Web Check functionality that’s disappearing but also gain a more complete view of your external exposure.
Special offer: smooth transition with Hexiosec ASM
The first 100 organisations to sign up below will receive free access to full Hexiosec ASM features to monitor your main domain until the NCSC’s tools are retired on 31st March 2026. See for yourself the value Hexiosec ASM brings to the cyber security posture of your organisation.
Final thoughts
The retirement of Mail Check and Web Check marks the end of an era for these NCSC Active Cyber Defence tools. It also signals a positive shift: the UK cyber ecosystem has grown to the point where commercial offerings can take the lead, freeing government resources for unique initiatives.
At Hexiosec we’re proud to contribute to this ecosystem with a platform that builds on the NCSC’s principles and delivers broader coverage, deeper insight and continuous protection.
If you’d like to see how Hexiosec ASM can help you transition smoothly, get in touch or book a demo today.
We’d love to support you on your cyber security journey.
Related Posts
