Best use of Machine Learning/AI

ZoneFox – Combats insider threats by giving organisations tools to rapidly and efficiently detect and respond to behaviours that are exposing sensitive data to risk

[maybe-frm-field-value field_id=4685 user_id=current entry=8089 equals=”Anonymous during judging stage”]

Information Security award entry for the “[4721]” category

[/maybe-frm-field-value] [maybe-frm-field-value field_id=4685 user_id=current entry=8089 not_equal=”Anonymous during judging stage”]

Information Security award entry from for the “[4721]” category


ZoneFox focuses on providing world-class security systems that effectively combat the growing business issue of insider threats. Through ground-breaking and sophisticated machine learning technology it provides rapid insights that are critical for helping businesses create a strong security posture, all from a single dashboard. This allows security teams to see where business-critical data is going, who is accessing it and importantly who is doing things with it they shouldn’t be – either accidentally or maliciously – quickly, easily and without impacting on endpoints or user privacy.

Based in Edinburgh, ZoneFox is headed up by Dr Jamie Graves, a former PhD student at Edinburgh Napier University. In November 2016, it launched a new machine based learning solution, called ZoneFox Augmented Intelligence (AI). The product, which is the most advanced of its kind to be developed in the UK, has been created over the course of six years and is targeted at a wide range of business sectors.

Team ZoneFox

■ How does ZoneFox answer the specific market need or application for which it was designed?

Labour-intensive analysis of ever-growing volumes of data, excessive false positives and complex policies management means protecting sensitive data can be highly resource-intensive.

Built on machine learning and AI technology, ZoneFox eliminates these problems by monitoring user-behaviour around sensitive data, capturing only the information needed, then rapidly analyzing that data to deliver the valuable insights needed to quickly detect anomalies and identify risky user behaviors.

Guesswork is eradicated, resources are managed efficiently and security posture is strengthened with 24/7 visibility of all users and endpoints across the organisation.

The combination of smart alerting through user behaviour analytics, applying statistical analysis to detect anomalies, monitoring for breaches of predefined policies coupled with ZoneFox’s capability to drill down into user activities, delivers truly robust threat protection, safeguarding business and enabling organisations to respond rapidly to significantly reduce the likelihood, cost and impact of a breach.

AI Dashboard

■ What is ZoneFox’s total cost of ownership? Is it possible that some of your customers find that scalability issues, management of updates/configurations and more, increase costs associated with deployment of your solution?

Our rapid two-week onboarding process on commodity hardware and use of open-source analytics software ensures that client investment is minimal. ZoneFox AI can cost as little as 26 GBP per agent, per year.

Our platform is built upon highly scalable, open-source data storage, analytics and search systems that can scale from 10s to 100,000s of endpoints – whatever your requirements and budget, we have a solution, also offering you the option to pay using flexible investment models to match SME to enterprise budget and timescales.

Our hosted solution also offers a cost effective solution to clients who don’t wish to invest in on premise servers.

Updates to the system are only required at the central server ensuring that deployment of the agent is quick and a ‘one-time’ event. Agent deployment is performed using standard software deployment tools and can be executed by any IT team member.

■ What is the market share for the sales of ZoneFox?

ZoneFox is a scale up company, but has grown exponentially over the last 18 months and has started to witness penetration in to key verticals including iGaming, financial services and Legal.

[pdf-embedder url=””]

ZoneFox has a near-zero impact endpoint agent combined with a powerful big data analytics and machine learning platform, that enhances your insider threat detection capabilities by leveraging user behaviour analytics and machine learning.

This means that organisations can safeguard their sensitive data within minutes, deliver a company-wide deployment in under a week, allowing security teams to respond rapidly.

Additionally, ZoneFox takes remote workers into account, as all data recorded by ZoneFox is centrally stored, ensuring that user activities can be correlated across machines, SharePoint and databases into a single behavioural analysis. This facilitates the identification of unusual behaviour and potential threats both on or off the network, which can prove to be a huge asset when it comes down to complying with the EU GDPR.

■ How has ZoneFox helped customers to meet/surpass corporate expectations?

One of the biggest benefits ZoneFox has delivered is the reassurance we can give to the families that use our services – and the volunteers that work with us – that their data is safe and being looked after.” Linda Kilgour, Children’s Hospice Association of Scotland, IT MANAGER

“Realising that we could get visibility around data flow across the network – where files were going, what files were being accessed by who, what files were coming in, what was going out – not only in real-time but historically too … well we were pretty much sold on ZoneFox straight away.” Trevor Doull, Craneware, IT MANAGER

ZoneFox’s patented endpoint agent is non-intrusive, lightweight and does not require the setup, configuration and collection of operating system and other 3rd party logs.

Our solution utilizes a unique 3-layer architecture:

  • Forensic-level detail: supports incident response and case-building
  • Rule-based alerts: detects known issues, valuable to support compliance
  • Machine Learning: uncovers ‘unknown unknowns’ and blind spots

Its push-architecture approach employs a unique 5-factor model – collecting data from 5 touch-points – to deliver distinct advantages over other solutions:

  • Extremely lightweight data collection and storage
  • Can be applied across any data source; endpoint, mobile, database, cloud
  • Collects information wherever a machine is located and whatever network the machine is connected to
  • Low false positives mean security teams can focus on the things that matter

Full automation means no hand-holding is required. ZoneFox rapidly learns ‘normal’ user behavior, and starts detecting anomalous behavior within hours. Insights are rapid – hours, instead of days, weeks or months.

As for its product roadmap, the company plans to increase the visibility it gives its customers via API-based integrations with products such as cloud access security brokers (CASBs) and e-Discovery platforms. It also plans to add a remediation support function, whereby it will provide customers with “next best action” suggestions based on what it has found in their infrastructure.

As we know, cyber security and the insider threat are developing and changing at unprecedented rates, and the ZoneFox solution grows and adapts to keep up with the latest threats and industry trends. To ensure our clients remain protected against current risks, we apply major product updates twice a year, and push non-intrusive feature updates on a monthly basis.