Information Security award entry

ZoneFox focuses on providing world-class security systems that effectively combat the growing business issue of insider threats. Through ground-breaking and sophisticated machine learning technology it provides rapid insights that are critical for helping businesses create a strong security posture, all from a single dashboard. This allows security teams to see where business-critical data is going, who is accessing it and importantly who is doing things with it they shouldn’t be – either accidentally or maliciously – quickly, easily and without impacting on endpoints or user privacy.

Based in Edinburgh, ZoneFox is headed up by Dr Jamie Graves, a former PhD student at Edinburgh Napier University. In November 2016, it launched a new machine based learning solution, called ZoneFox Augmented Intelligence (AI). The product, which is the most advanced of its kind to be developed in the UK, has been created over the course of six years and is targeted at a wide range of business sectors.

Team ZoneFox

■ How does ZoneFox answer the specific market need or application for which it was designed?

Labour-intensive analysis of ever-growing volumes of data, excessive false positives and complex policies management means protecting sensitive data can be highly resource-intensive.

Built on machine learning and AI technology, ZoneFox eliminates these problems by monitoring user-behaviour around sensitive data, capturing only the information needed, then rapidly analyzing that data to deliver the valuable insights needed to quickly detect anomalies and identify risky user behaviors.

Guesswork is eradicated, resources are managed efficiently and security posture is strengthened with 24/7 visibility of all users and endpoints across the organisation.

The combination of smart alerting through user behaviour analytics, applying statistical analysis to detect anomalies, monitoring for breaches of predefined policies coupled with ZoneFox’s capability to drill down into user activities, delivers truly robust threat protection, safeguarding business and enabling organisations to respond rapidly to significantly reduce the likelihood, cost and impact of a breach.

AI Dashboard

■ What is ZoneFox’s total cost of ownership? Is it possible that some of your customers find that scalability issues, management of updates/configurations and more, increase costs associated with deployment of your solution?

Our rapid two-week onboarding process on commodity hardware and use of open-source analytics software ensures that client investment is minimal. ZoneFox AI can cost as little as 26 GBP per agent, per year.

Our platform is built upon highly scalable, open-source data storage, analytics and search systems that can scale from 10s to 100,000s of endpoints – whatever your requirements and budget, we have a solution, also offering you the option to pay using flexible investment models to match SME to enterprise budget and timescales.

Our hosted solution also offers a cost effective solution to clients who don’t wish to invest in on premise servers.

Updates to the system are only required at the central server ensuring that deployment of the agent is quick and a ‘one-time’ event. Agent deployment is performed using standard software deployment tools and can be executed by any IT team member.

■ What is the market share for the sales of ZoneFox?

ZoneFox is a scale up company, but has grown exponentially over the last 18 months and has started to witness penetration in to key verticals including iGaming, financial services and Legal.

[pdf-embedder url=””]

ZoneFox has a near-zero impact endpoint agent combined with a powerful big data analytics and machine learning platform, that enhances your insider threat detection capabilities by leveraging user behaviour analytics and machine learning.

This means that organisations can safeguard their sensitive data within minutes, deliver a company-wide deployment in under a week, allowing security teams to respond rapidly.

Additionally, ZoneFox takes remote workers into account, as all data recorded by ZoneFox is centrally stored, ensuring that user activities can be correlated across machines, SharePoint and databases into a single behavioural analysis. This facilitates the identification of unusual behaviour and potential threats both on or off the network, which can prove to be a huge asset when it comes down to complying with the EU GDPR.

■ How has ZoneFox helped customers to meet/surpass corporate expectations?

One of the biggest benefits ZoneFox has delivered is the reassurance we can give to the families that use our services – and the volunteers that work with us – that their data is safe and being looked after.” Linda Kilgour, Children’s Hospice Association of Scotland, IT MANAGER

“Realising that we could get visibility around data flow across the network – where files were going, what files were being accessed by who, what files were coming in, what was going out – not only in real-time but historically too … well we were pretty much sold on ZoneFox straight away.” Trevor Doull, Craneware, IT MANAGER

ZoneFox’s patented endpoint agent is non-intrusive, lightweight and does not require the setup, configuration and collection of operating system and other 3rd party logs.

Our solution utilizes a unique 3-layer architecture:

  • Forensic-level detail: supports incident response and case-building
  • Rule-based alerts: detects known issues, valuable to support compliance
  • Machine Learning: uncovers ‘unknown unknowns’ and blind spots

Its push-architecture approach employs a unique 5-factor model – collecting data from 5 touch-points – to deliver distinct advantages over other solutions:

  • Extremely lightweight data collection and storage
  • Can be applied across any data source; endpoint, mobile, database, cloud
  • Collects information wherever a machine is located and whatever network the machine is connected to
  • Low false positives mean security teams can focus on the things that matter

Full automation means no hand-holding is required. ZoneFox rapidly learns ‘normal’ user behavior, and starts detecting anomalous behavior within hours. Insights are rapid – hours, instead of days, weeks or months.

As for its product roadmap, the company plans to increase the visibility it gives its customers via API-based integrations with products such as cloud access security brokers (CASBs) and e-Discovery platforms. It also plans to add a remediation support function, whereby it will provide customers with “next best action” suggestions based on what it has found in their infrastructure.

As we know, cyber security and the insider threat are developing and changing at unprecedented rates, and the ZoneFox solution grows and adapts to keep up with the latest threats and industry trends. To ensure our clients remain protected against current risks, we apply major product updates twice a year, and push non-intrusive feature updates on a monthly basis.

An entry for you to assess

2017 Submission: Heading
This is the main picture that will appear at the top of your entry. At least 1200 pixels wide is recommended.
Maximum upload size: 2.1MB
Please use the internet address of a picture (it should end in .png or .jpg or similar) that will be visible to people outside your organisation until after the awards end.
No more than 10 words please.
No more than 25 words please

Save this tab if you have made any changes

Another organisation

Please provide the internet address of the organisation's logo
For inclusion in our publicity about this entry if nominated
Information will be required about the start and end date of, size of investment in and geographical scope of your initiative where appropriate

About your Entry

The information you provide here will help determine the suitability of your submission and the best shortlist for your entry if nominated

The investment on this initiative from its initial conception to now, excluding elements that would have been required for other reasons anyway, and excluding aspects that do not impact this entry. We may use this when finalising the shortlists to split a popular category into two categories by project size. Also judges take this into account when assessing Impact, and so if you can disclose this information it can only be helpful for both of these processes.
initiative's focus
Which region(s)?
Which nation?
Covering which countries?


Let us know here if you would like some aspects of your entry kept confidential
We may wish to include your entry in publicity about shortlisted entries.
If you would like the candidate's organisation's name to not be mentioned by us then please ensure that it is also not mentioned in your text, images, videos or PDFs included in your entry.

Save this tab if you have made any changes

Your Entry

Here you describe your initiative or strategy; what you did and why you did it, how it was successful and what your fellow professionals could learn from your experience. You can use a mix of text, pictures, video and PDFs etc. to convey your ideas and engage the interest of judges. We recommend that you include a concise overview for judges spending less time reviewing entries, with greater depth also provided for those that wish to know more. You will be able to fine-tune (edit) your materials up until the time that judging starts.

Any background or confidential information that you would like the organisers to take into account when considering this entry for nomination. This will not be published.
Your entry in full.
If you have a video you would like included with your entry description, upload it to YouTube and paste the link here
Maximum upload size: 2.1MB
If you have a PDF you would like included with your entry description, upload it here

About the following

These input blocks for Impact, Innovation and Inspiration are provided in case you would wish to provide additional information for the judges, to help them understand the strength of your submission in terms of each of our three judging criteria.

The difference made in target communities and benefits to the organisation - good anecdotal or metric evidence of real outcomes rather than reams of stats.
If you have a video you would like included with your impact statement, upload it to YouTube and paste the link here
What's distinctive about this entry and how being creative has helped you overcome challenges - a good idea that your fellow professionals might not have thought of.
If you have a video you would like included with your innovation statement, upload it to YouTube and paste the link here
Hints and tips from your real experience to help your fellow professionals (the judges) adopt your good ideas and apply them to suit their circumstances.
If you have a video you would like included with your inspiration statement, upload it to YouTube and paste the link here

Save this tab if you have made any changes