We use cookies on this site to help provide the best possible online experience. By using this site you agree to our use of cookies.
Click to view our cookie policy and customize your cookie preferences.
UK cyber security company Hexiosec provides Hexiosec ASM, an External Attack Surface Management platform, and Hexiosec Transfer, a UK sovereign end-to-end encrypted File Transfer solution.
Agreement start: 1 April 2025
Agreement end: 31 March 2028
Subsequent invoice date: Invoiced annually on anniversary of purchase.
Institutions may participate in the Agreement at any time during its life, but shall be bound by its Terms and Conditions, including payments, until 31 March 2028.
Hexiosec ASM: Site licence
Hexiosec Transfer: Per user
Higher and Further Education and Research Councils in the United Kingdom, and to Universities and Colleges of Further Education in the Republic of Ireland. Other organisations supporting education, including research bodies and the public sector, may ask to participate in the Agreement. Chest will liaise with the Supplier about any such requests.
Hexiosec ASM is developed by ex UK Government defence and intelligence engineers.
This Agreement has been negotiated by Chest in response to a need within the academic community to understand and have visibility of an organisation’s attack surface, following the results from the recent research project on the National Picture of Risk for ac.uk.
NCSC highlighted the importance of attack surface management through an experiment including Hexiosec ASM here: NCSC's ACD 2.0 exploration into attack surface management completed and their findings can be found from the experiment here: ACD 2.0: Insights from the external attack surface management trials
Licensor: Hexiosec Limited, Eagle Tower, Montpellier Dr, Cheltenham GL50 1TA. 11223788.
Hexiosec ASM and Hexiosec Transfer are designed and developed by the Hexiosec team in Cheltenham. The team is made up of former UK government and defence cyber security engineers, who have decades of cyber security experience.
Hexiosec ASM is an External Attack Surface Management platform that helps organisations of any size identify which assets are visible online, the vulnerabilities present, and the risks these vulnerabilities pose.
With continuous scanning and real-time notifications, customers will be alerted to changes in their attack surface as they happen. The platform is accessible online via a responsive web app on both desktop and mobile, so customers can monitor and manage their external security from anywhere.
External Attack Surface Management—Reimagined
Modern academic institutions rely on a diverse and distributed digital infrastructure — spanning central IT, departmental systems, research platforms, and student-led services. This complexity creates visibility gaps and security challenges that are difficult to manage with traditional tools.
Hexiosec ASM is purpose-built to help customers regain control of their external attack surface, providing continuous visibility of the institution’s public exposures to the internet.
The ASM platform automatically discovers publicly accessible infrastructure — from faculty-managed web servers to shadow IT — and builds a up to date inventory of the institutions online presence. With daily scanning and automatic discovery, customers can identify hidden risks before they’re exploited.
Hexiosec ASM analyses the exposed assets for vulnerabilities, misconfigurations, and weak controls. Risks are scored by severity and enriched with threat intelligence, including Known Exploited Vulnerabilities (KEVs), helping IT and security teams prioritise what matters most.
The platform also supports effective remediation, grouping risks into clear, trackable Actions. Using Hexiosec's built-in Kanban board, teams can manage fixes collaboratively and visually — ideal for organisations with multiple stakeholders and shared responsibilities. Once an action is resolved, Hexiosec ASM confirms the change automatically and updates the action’s status.
Designed for both agility and integration, Hexiosec ASM works across desktop and mobile, and connects easily with existing systems via a REST API. From downloadable reports for governance committees to interactive visualisations that simplify complex environments, everything is geared towards making institutions more secure.
What’s included in the Hexiosec ASM Enterprise Tier ?
Find out more about what Hexiosec ASM can do here.
Hexiosec Transfer is a UK sovereign end-to-end encrypted file transfer solution that allows users to share documents without risk of being intercepted or viewed by unauthorised users.
Robust controls allow customers to set files to expire after a set number of downloads or after a specific date, giving complete control of sensitive documents.
The application can be used as a web app, or the powerful integrations into Microsoft Outlook and SharePoint allow users to share documents securely without leaving the relevant application.
Recipients of Hexiosec Transfer files don’t need an account to download them, making it perfect for sending files to users outside an organisation.
Customers can also request files from someone, without them needing an account.
What’s included in the Hexiosec Transfer Enterprise Tier?
Find out more about what Hexiosec Transfer can do here.
This content is restricted to logged in members.
What is attack surface management?
Attack surface management is a continual process of identifying, cataloguing, evaluating, and remediating the cyber security of an organisation’s externally facing digital assets.
What is asset discovery?
Asset discovery is the process of identifying, organising, and recording an organisation's assets. Attack surface management primarily focuses on an organisation's assets available over the public Internet. This can include: Servers Domains Subdomains IP addresses IP ranges Services Certificates Components Cloud providers Web pages Once you have an accurate record of all the assets under your control, you can understand exactly what risks your organisation is vulnerable to, and take action to reduce risk exposure or remove unnecessary assets and services from your infrastructure altogether.
Why is asset discovery important?
With the rise of cloud and off-premises services, it is becoming more complex than ever for those managing cyber security to keep up with the ever-increasing number of assets available over the public Internet. The advent of cloud computing means even companies with small physical footprints can have a vast array of digital assets that can quickly become unmanageable. A strong cyber security strategy includes multiple approaches, but in the context of asset discovery, it revolves around understanding what you have, where it is available, who can access it, and what vulnerabilities it presents. Fundamentally, without understanding what you have online, it’s impossible to know the risks it presents or mitigate the potential impact it could have on your organisation if it were exploited.
Where can I find out more?
For FAQs on using Hexiosec ASM, read our internal docs here - https://docs.hexiosec.com/asm
Why shouldn’t I just send documents via email?
When documents are sent via email, they often remain in the inbox. If either the sender's or the recipient's email account are compromised, this can lead to data retention problems and security risks.
Is Hexiosec Transfer secure?
At all points during a transfer, including when on Hexiosec servers, the files are encrypted using keys that only the users hold. Only the sender can view the details of files or invitations you have already shared. Once a file or invitation is expired, the keys in the browser are also removed. Full details: The files are all end-to-end encrypted, using AES-256 in Galois Counter Mode (GCM). Encryption key derivation uses PBKDF2 and HKDF. AES key wrap is used to protect your local keys. When sending file sharing requests, the encryption keys are themselves encrypted using ECDH and NIST curve P-384. Browsing traffic is encrypted using TLS versions 1.2 or 1.3
Can I apply additional controls?
Yes. With Hexiosec Transfer additional controls can be applied when uploading or requesting files. This includes: The number of times a file can be downloaded. How long the file is retained before it expires. A password required to decrypt files, in addition to the link, as a form of 2‑factor authentication. The password should be shared separately to the link. Email verification, which requires the named recipients to verify their email address before downloading the files. When the file expires, either because of the duration set or the maximum number of downloads is reached, it is automatically deleted from Hexiosec servers.
How does requesting a file work?
As well as using Transfer to securely send files, it can also be used to request files. The recipient of the request does not need a Transfer account. To receive a file, generate an invitation request, which creates a unique link to be shared with the person who has the files to send. With the invitation link they can send files with full end-to-end encryption. When the sender has used the invitation link to send files, the files will be available in the Hexiosec Transfer inbox, and are decrypted using the key.
How do I know how much data I have used?
Users with access to usage data can view a monthly breakdown of used bandwidth, and the total remaining for the current annual period. When the remaining available bandwidth drops below 100GB, a warning will appear in the application. Upon reaching the TB annual allowance, a warning will be displayed to all users within the application. Additional TBs can be purchased by contacting help@chest.ac.uk.
Where can I find out more?
For FAQs on using Hexiosec Transfer, read our internal docs here: https://docs.hexiosec.com/transfer/file-encryption-and-security-faqs
Licensor: Hexiosec Limited, Eagle Tower, Montpellier Dr, Cheltenham GL50 1TA. 11223788 .
The Chest Order, together with the Licence Terms and Conditions, and any exceptions listed below, create a legally binding contract between your institution, organisation or company and the Licensor. Therefore please read the terms and conditions carefully and only submit a Chest Order if its terms and conditions are acceptable to your institution, organisation or company and you have the authority to make the financial commitment shown.
This licence is subject to the terms and conditions for the Standard Software as a Service (SaaS) Licence (July 2024). This applies to both Hexiosec ASM and Hexiosec Transfer products.
Chest is an Enterprise of Jisc. All Purchase orders must be made out to Jisc Services Ltd, 4 Portwall Lane, Bristol, BS1 6NB to cover all charges plus VAT. Payments are due within thirty days of invoice date; recipients of late payments are entitled to interest in accordance with UK statutory provisions.
On receipt of a completed Order, and a Purchase Order (if required by the Institution) made payable to Jisc, Institutions will be invoiced depending on the licence and payment term selected. Invoices are payable within 30 days of the date of the invoice.
All purchases - annual payment option, they will be invoiced for year one immediately, with invoices for subsequent years to follow approximately three months prior to the licence anniversary date
At the end of a Licence period access to the software will be rescinded. It is the intention of Chest and Hexiosec to renew this Agreement. If the Agreement is renewed or extended, then new conditions may apply. If the Agreement is not renewed, then any extension is a matter between institutions and Hexiosec.
The product(s) may be used by any Authorised User of the Licensee for Educational Purposes which includes the administration and management of the licensee’s educational and research operations. These permissions are described in the terms and conditions for the Standard Chest Licence for Software.
| Students | No |
| Academic Staff | Yes |
| Non-Academic Staff | Yes |
| Administration and management | Yes |
| Staff home use rights | Yes |
| Student home use rights | No |
| Installation on Hosted Server | No |
Join our mailing list for the latest news, event information and resources
