Do I need to install anything?

No: scarlet is all cloud-based and so there is nothing to install.

Do I need to configure anything?

Yes, but only a little bit! For most organisations you will literally be finished in ten minutes.

scarlet works by connecting to the different cloud vendors that you select, and then sending any events to the collaboration tools that you choose. So, the only configuration required is to generate some API keys, then paste them into scarlet. And that’s it.

How do you protect my API keys?

Firstly, we only ever ask for the minimum set of APIs that are needed to deliver the service.

Upon receipt, your API keys are immediately encrypted in-memory with a public-key, and then sent to a database where they are stored. To protect them from being intercepted whilst in storage, the database doesn't hold the decryption keys, and also has no direct connection to the internet.

When the API keys are needed, copies are forwarded from the database to yet another system (all the while still encrypted), where they are decrypted in-memory, used, then immediately overwritten and destroyed afterwards.

How much do you charge?

Pricing is based on usage, and is calculated per asset, per day, then invoiced monthly.

The current cost is €0.02 per asset, per day. So if you have 100 assets, then for a typical 30-day month, you would be looking at €0.02 x 100 x 30. Which comes to around €60.00 per month (plus any taxes).

What is an asset?

Glad you asked! For scarlet, an asset is an IP address (IPv4 or IPv6), a domain name, or a URI.

Is scarlet just another vulnerability scanning tool?

No. Sort of.

Whilst scarlet does incorporate scanning technology, it isn’t scanning for vulnerabilities as such. Instead, it is designed to quickly and reliably detect changes, and then to send these changes to the collaboration tools you configure.

What changes do you actually check for?

Currently, scarlet is looking for:

  • configuration changes (addresses, domain names, URIs, firewalls);
  • port state changes (TCP, UDP, SCTP, UDPL, DCCP and ICMP), and
  • service changes (HTTP, TLS, QUIC, DTLS, X.509 certificates etc.)

How frequently do you check?

It is typically around once a minute or so, but in practice this will vary due to vendor rate limiting etc. (scarlet will dynamically adapt for maximum reliability).

Do you support IPv6?

Yes! Everything in scarlet is designed to natively support both IP versions. However, some of the cloud vendors and collaboration tools are still not fully IPv6 compatible. Check with your supplier!