ZeroFox

Last updated
ZeroFox Holdings, Inc.
Company type Private company
Nasdaq: ZFOX
ISIN US98955G1031
Industry
Founded2013;11 years ago (2013)
Founders
  • James C. Foster
  • Evan L. Blair
Headquarters Baltimore, Maryland
Number of locations
3
Owner
  • Haveli Investments
  • (2024–present)
Subsidiaries IDX
Website www.zerofox.com

ZeroFox Holdings, Inc. is an external cybersecurity company based in Baltimore, Maryland. [1] [2] It provides cloud-based software as a service (SaaS) for organizations to expose and disrupt phishing and fraud campaigns, botnet exposures, credential theft, impersonations, data breaches, and physical threats that target brands, domains, people, and assets.

Contents

History

ZeroFox was created in 2013 under the name Riskive, but changed to its current name months later. The company began as a startup in an 8,000 sq. ft. space inside Betamore - a startup incubator in Baltimore's Federal Hill neighborhood.

In 2015, ZeroFox raised $27 million in Series B funding. By 2016, the company had outgrown its space and moved to an 18,000 sq. ft. space inside a former Pabst Brewing facility in South Baltimore. [3] In 2017, ZeroFox raised $40 million in funding led by Redline Capital Management, a European venture firm, and Silver Lake Waterman, a fund that focuses on pre-IPO companies. Prior investors New Enterprise Associates, Highland Capital Partners and Core Capital also contributed. The investment helped bring ZeroFox's total funding to $88 million. [4]

ZeroFox partners with other software organizations such as IBM, Hootsuite, Splunk, ThreatQuotient, and others to visualize, analyze, and predict cyber security threats to respond quickly to reduce the impact of incidents. [5] ZeroFox partners with Google Cloud to warn users against phishing domains. [6]

In 2020, ZeroFox closed a new $74 million round of financing led by Intel Capital. This funding round was one of the largest a Maryland cyber firm has landed in recent years. This brings ZeroFox's backing to $162 million to date. [7]

The company went public on August 4, 2022 through a $1.4B SPAC deal. In the deal, ZeroFox also acquired ID Experts Holdings, Inc. (“IDX”). The combined company was then called ZeroFox Holdings, Inc. and traded on the Nasdaq Stock Market under the ticker symbol “ZFOX” for its common stock and “ZFOXW” for its publicly traded warrants. [8] [9] [10]

Purchase

On February 6, 2024, ZeroFox announced that it had entered into a definitive agreement to be acquired by Haveli Investments, a leading private equity firm focused on enterprise software and cybersecurity. Under the terms of the merger agreement, Haveli Investments will acquire ZeroFox in an all-cash transaction at an enterprise value of approximately $350 million. [11]

On May 13, 2024, it was announced that Haveli Investments had completed the purchase of ZeroFox Holdings. [12]

Acquisitions

Recognition

Controversies

Freddie Gray protest surveillance

The company faced criticism over its handling of the 2015 protests over the death of Freddie Gray when it singled out its nonviolent organizers. ZeroFox labeled DeRay McKesson and Johnetta Elzie as high physical threats to law enforcement despite not being suspected of any criminal activity. [30] [31] [32] ZeroFox was unsuccessful at differentiating between impersonating troll accounts and Elzie's actual social media presence. [33]

FBI contract and the January 6 Capitol Attack

ZeroFox signed a $14 million social media intelligence contract with the FBI on Dec 30, 2020, taking over from Dataminr, which held the contract until Dec. 31, 2020. This transition period led to decreased visibility leading up to the 2021 United States Capitol attack, and led agents to calling it an expletive sounding similar to ZeroFox. [34] [35] [36]

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security is the protection of computer software, systems and networks from threats that can lead to unauthorized information disclosure, theft or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

<span class="mw-page-title-main">SANS Institute</span> American security company

The SANS Institute is a private U.S. for-profit company founded in 1989 that specializes in information security, cybersecurity training, and selling certificates. Topics available for training include cyber and network defenses, penetration testing, incident response, digital forensics, and auditing. The information security courses are developed through a consensus process involving administrators, security managers, and information security professionals. The courses cover security fundamentals and technical aspects of information security. The institute has been recognized for its training programs and certification programs. Per 2021, SANS is the world’s largest cybersecurity research and training organization. SANS is an acronym for SysAdmin, Audit, Network, and Security.

<span class="mw-page-title-main">Cybercrime</span> Type of crime based in computer networks

Cybercrime encompasses a wide range of criminal activities that are carried out using digital devices and/or networks. These crimes involve the use of technology to commit fraud, identity theft, data breaches, computer viruses, scams, and expanded upon in other malicious acts. Cybercriminals exploit vulnerabilities in computer systems and networks to gain unauthorized access, steal sensitive information, disrupt services, and cause financial or reputational harm to individuals, organizations, and governments.

<span class="mw-page-title-main">Trend Micro</span> Japanese multinational cyber security company

Trend Micro Inc. is an American-Japanese cyber security software company. The company has globally dispersed R&D in 16 locations across every continent excluding Antarctica. The company develops enterprise security software for servers, containers, and cloud computing environments, networks, and end points. Its cloud and virtualization security products provide automated security for customers of VMware, Amazon AWS, Microsoft Azure, and Google Cloud Platform.

Cyveillance is an American cybersecurity company founded in 1997, based in Reston, Virginia. The company provides cybersecurity services including brand protection, social media monitoring and threat investigation, analysis, and response services. Its Cyveillance Intelligence Center subscription-based product monitors for information leaks; phishing and malware attacks and other online fraud schemes; sale of stolen credit and debit card numbers; threats to executives and events; counterfeiting; and trademark and brand abuse.

<span class="mw-page-title-main">UST (company)</span> American technology company

UST, formerly known as UST Global, is a provider of digital technology and transformation, information technology and services, headquartered in Aliso Viejo, California, United States. Stephen Ross founded UST in 1998 in Laguna Hills. The company has offices in the Americas, EMEA, APAC, and India.

<span class="mw-page-title-main">Proofpoint, Inc.</span> American cybersecurity company

Proofpoint, Inc. is an American enterprise cybersecurity company based in Sunnyvale, California that provides software as a service and products for email security, identity threat defense, data loss prevention, electronic discovery, and email archiving.

An insider threat is a perceived threat to an organization that comes from people within the organization, such as employees, former employees, contractors or business associates, who have inside information concerning the organization's security practices, data and computer systems. The threat may involve fraud, the theft of confidential or commercially valuable information, the theft of intellectual property, or the sabotage of computer systems.

<span class="mw-page-title-main">Palo Alto Networks</span> American technology company

Palo Alto Networks, Inc. is an American multinational cybersecurity company with headquarters in Santa Clara, California. The core product is a platform that includes advanced firewalls and cloud-based offerings that extend those firewalls to cover other aspects of security. The company serves over 70,000 organizations in over 150 countries, including 85 of the Fortune 100. It is home to the Unit 42 threat research team and hosts the Ignite cybersecurity conference. It is a partner organization of the World Economic Forum.

<span class="mw-page-title-main">RiskIQ</span> American cyber security company

RiskIQ, Inc. was a cyber security company that was based in San Francisco, California. It provided cloud-based software as a service (SaaS) for organizations to detect phishing, fraud, malware, and other online security threats.

Cyren Inc. was a cloud-based Internet security technology company that provided security services and threat intelligence services to businesses. It offered a range of services including web security, DNS security, anti-spam solutions, phishing detection, ransomware protection, URL filtering, malware detection, and botnet attack prevention. Cyren also provided endpoint protection for mobile devices and Internet of Things (IoT) gateways. Major clients included Microsoft, Google, Check Point, Dell, T-Mobile, and Intel. The company announced its closure in February 2023.

Cyber threat intelligence (CTI) is a subfield of cybersecurity that focuses on the structured collection, analysis, and dissemination of data regarding potential or existing cyber threats. It provides organizations with the insights necessary to anticipate, prevent, and respond to cyberattacks by understanding the behavior of threat actors, their tactics, and the vulnerabilities they exploit. Cyber threat intelligence sources include open source intelligence, social media intelligence, human Intelligence, technical intelligence, device log files, forensically acquired data or intelligence from the internet traffic and data derived for the deep and dark web.

<span class="mw-page-title-main">Verimatrix</span> Content security company

Verimatrix provides cybersecurity products and services that protect video content, streaming media, mobile applications, websites and APIs. The company merged with Inside Secure in 2019. It is headquartered in France and Asaf Ashkenazi is the CEO.

CrowdStrike Holdings, Inc. is an American cybersecurity technology company based in Austin, Texas. It provides endpoint security, threat intelligence, and cyberattack response services.

Greg Martin is a cybersecurity expert and entrepreneur. Martin was the founder of cyber-security company Anomali and the founder of the cyber security company JASK . Martin is credited with inventing the first Threat Intelligence Platform (TIP), and is the creator of the popular open source Honeypot project “Modern Honey Network”.

Cisco Talos, or Cisco Talos Intelligence Group, is a cybersecurity technology and information security company based in Fulton, Maryland. It is a part of Cisco Systems Inc. Talos' threat intelligence powers Cisco Secure products and services, including malware detection and prevention systems. Talos provides Cisco customers and internet users with customizable defensive technologies and techniques through several of their own open-source products, including the Snort intrusion prevention system and ClamAV anti-virus engine.

Perimeter 81 is an Israeli cloud and network security company that develops secure remote networks, based on the zero trust architecture, for organizations. Its technology replaces legacy security appliances like VPNs and firewalls.

Zscaler, Inc. is an American cloud security company based in San Jose, California. The company offers cloud-based services to protect enterprise networks and data.

The Israeli cybersecurity industry is a rapidly growing sector within Israel's technology and innovation ecosystem. Israel is internationally recognized as a powerhouse in the cybersecurity domain, with numerous cybersecurity startups, established companies, research institutions, and government initiatives. Tel Aviv itself is being ranked 7th in annual list of best global tech ecosystems, as reported by the Jerusalem Post.

Fortra is an American cybersecurity company based in Eden Prairie, Minnesota. The company was founded as Help/38 in 1982, rebranded as HelpSystems in 1988, and became Fortra in 2022. Fortra is owned by private equity firms TA Associates, Harvest Partners, Charlesbank Capital Partners, and HGGC.

References

  1. Tweney, Dylan (April 30, 2014). "Funding Daily: Very big private equity and very small microgadgets". Venture Beat. Retrieved May 1, 2014.
  2. Kulwin, Noah (Dec 8, 2015). "Capital Gains: Another $2 Billion Crosses Into Uber's Event Horizon, Peloton Raises Big Cash". ReCode. Retrieved Dec 6, 2015.
  3. "South Baltimore Business Roundup". Southbmore.com. 21 January 2016.
  4. "South Baltimore Business Roundup". Southbmore.com. 19 July 2017.
  5. "ZeroFox Global Partner Program". ZeroFox.com. Retrieved 21 November 2021.
  6. Sharma, Shweta (2023-04-11). "ZeroFox partners with Google Cloud to warn users against phishing domains". CSO Online. Retrieved 2023-05-17.
  7. "Baltimore's ZeroFox raises one of Maryland's largest funding rounds for cyber firms". Bizjournals.com. Retrieved 21 November 2021.
  8. Claman, Liz (4 August 2022). "ZeroFox proactively attacks cyber threats from 'Main Street to Mars': CEO". Fox Business.
  9. Spencer, Malia (4 August 2022). "ZeroFox goes public in a SPAC, completes acquisition of Portland's IDX". American City Business Journals .
  10. Zurier, Steve (4 August 2022). "IT security company ZeroFox goes public despite concerns over market conditions". SC Media.
  11. https://www.globenewswire.com/news-release/2024/02/06/2824352/0/en/ZeroFox-to-be-Acquired-by-Haveli.html
  12. "Haveli Investments Completes Acquisition of ZeroFox". ZeroFox Holdings. 2024-05-13. Retrieved 2024-05-29.
  13. Osborne, Charlie. "ZeroFox acquires Cyveillance threat intelligence business from LookingGlass". ZDNet. Retrieved 2020-10-07.
  14. "ZeroFox acquires dark web threat intelligence company Vigilante". TechCrunch. Retrieved 2022-01-29.
  15. "ZeroFox Begins Trading on Nasdaq Under Symbol "ZFOX"". ZeroFox. Retrieved 2023-05-17.
  16. "Cybersecurity company ZeroFox acquires IDX, merges with L&F to create $1.4 billion entity". ZDNET. Retrieved 2023-05-17.
  17. "ZeroFox Completes Acquisition of LookingGlass". ZeroFox. Retrieved 2023-05-17.
  18. "ZeroFox Named A Leader in Digital Risk Protection". ZeroFox. 17 July 2018. Retrieved 29 December 2023.
  19. "ZeroFox Expands Threat Intelligence Capabilities with Exclusive Visibility into External Threats". ZeroFox. 19 April 2022. Retrieved 29 December 2023.
  20. "Frost & Sullivan Recognizes ZeroFox with 2022 Global Competitive Strategy Leadership Award in Digital Risk Protection". GlobeNewswire. 7 March 2023. Retrieved 2 January 2023.
  21. "Global INFOSEC Awards for 2023 Winners by Company". Cyber Defense Awards. Retrieved 2 January 2024.
  22. "Cyber Defense Magazine Announces Winners of the Global InfoSec Awards 2023". CISION PRWeb. 24 April 2023. Retrieved 2 January 2024.
  23. "Introducing The Daily Record's 2023 Cybersecurity Power List". Maryland The Daily Record. 31 May 2023. Retrieved 2 January 2024.
  24. "ZeroFox Named Digital Risk Protection Leader by Quadrant Knowledge Solutions in 2023 SPARK Matrix™". Yahoo!finance. 17 August 2023. Retrieved 29 December 2023.
  25. "ZeroFox Recognized as a Top Threat Intelligence Provider in Forrester Wave: External Threat Intelligence Services, Q3, 2023". ZeroFox. 3 August 2023. Retrieved 29 December 2023.
  26. "The Cyber Top 20" . Retrieved 2 January 2024.
  27. "ZeroFox Named to the Enterprise Security Tech 2023 Cyber Top 20 Awards List". Yahoo!finance. 22 August 2023. Retrieved 2 January 2024.
  28. "2023 Award Winners". Cybersecurity Breakthrough Awards. Retrieved 2 January 2024.
  29. "ZeroFox Wins "Incident Response Solution of the Year" 2023 CyberSecurity Breakthrough Award". GlobeNewswire. 16 October 2023. Retrieved 2 January 2024.
  30. "Baltimore's ZeroFox faces backlash over riot threat report; CEO James Foster responds"
  31. "Activist DeRay Mckesson's Social Media Has Been Monitored by Department of Homeland Security: Report". The Root. August 15, 2015. Retrieved May 7, 2018.
  32. Brandon E. Patterson (3 August 2015). "Black Lives Matter organizers were labeled as "threat actors" by a cybersecurity firm". Mother Jones. Retrieved 26 October 2022.
  33. Klippenstein, Ken (2023-07-06). "FBI Hired Social Media Surveillance Firm That Labeled Black Lives Matter Organizers "Threat Actors"". The Intercept. Retrieved 2023-07-06.
  34. Davis, Aaron C. (31 October 2021). "Warnings of violence before Jan. 6 precipitated the Capitol riot". Washington Post. Retrieved 31 October 2021. But the end-of-the-year changeover limited the FBI's understanding of what was happening online at a key juncture, just as extremists were mobilizing. FBI agents started using an alternative service known as ZeroFox that was unfamiliar to many in the bureau. The change came as a surprise, causing confusion about how to use the new system. Some agents and analysts felt the new service was a significant downgrade, particularly when it came to tracking things on Twitter. Within the FBI, some frustrated agents quickly started using a derisive nickname for ZeroFox — replacing the "Fox" with a similar-sounding expletive, to indicate how little use it seemed to have.31"It wasn't that we were blind, it just turned out to be a bad time to have less visibility into what was happening online, because we were changing systems and a lot of people didn't really know the new system," said one person familiar with the matter.
  35. Dilanian, Ken (8 March 2021). "Why did the FBI miss the threats about Jan. 6 on social media?". NBC News. Retrieved 1 November 2021. Fact check: false. FBI agents have said in court records that they monitor public social media, and the bureau recently signed a $14 million contract with a "threat intelligence" company called ZeroFox "to proactively identify threats to the United States and its interests" on the internet. For years, the FBI has had a similar arrangement with DataMinr, which can flag social media postings of interest to its clients.
  36. "FBI Social Media Alerting". Sam.gov.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.