ZeroFox Adversary Disruption service obstructs external cyberattacks at the source

ZeroFox announces Adversary Disruption service to automate the dismantlement of malicious infrastructure, content, sites and bot accounts required to conduct external cyberattacks.

ZeroFox Adversary Disruption service

Taking down malicious domains, fake social media accounts and malicious content is time-consuming, costly and often only delays attackers rather than stopping them. Security teams need to disrupt attacker infrastructure and limit the ability to quickly pivot to other targets. ZeroFox leverages the collective intelligence of its Global Disruption Network (GDN) and scalable takedown automation to quickly block active and emerging threats.

With hundreds of thousands of disruption actions taken every week, ZeroFox strikes out threats before they reach their targets, taking down the associated domains, social media profiles and phishing kits, mobile applications and bot accounts effectively rendering the attack infrastructure moot.

Security teams today are challenged with quickly identifying and disrupting an increasing number of external threats, including ransomware, phishing, fraud and spoofing. Working directly with domain registrars, hosting and cloud providers, and social networks can be time-consuming; backlogged takedown processing queues and slow-to-respond hosts can create an exposure gap. ZeroFox speeds time-to-disruption, leveraging a GDN made up of hundreds of customers and network partners.

ZeroFox quickly pivots on attack indicators collected across thousands of validated threats and automatically distributes them to various third-party providers including ISPs, Telcos, CDNs, DNS providers and registrars, and endpoint security platforms. The ZeroFox Adversary Disruption service can block and remediate threats in minutes rather than hours or days, saving security teams valuable time and resources and reducing the window of exposure and vulnerability.

“Given the increasing volume and sophistication of today’s cyberattacks, security teams need better artificial intelligence and automation to take the fight to the adversary. While removing individual posts and profiles might slow down an attacker, the ZeroFox Adversary Disruption service was developed to stop them in their tracks,” said James C. Foster, Co-founder, Chairman and CEO of ZeroFox. “We are proud to work alongside our partners, customers and digital platform providers towards the collective goal of disrupting adversaries at scale.”

The ZeroFox Adversary Disruption service includes:

  • Automated Disruption of malicious domains, content, profiles and infrastructure associated with external cyberattacks
  • Collective Intelligence from a Global Disruption Network including hundreds of network providers, partners and customers
  • Disruption Feed of malicious infrastructure lists with seamless integration into customers’ broader security and technology workflows and techstacks

“We are proud to be an active partner in the ZeroFox Global Disruption Network. Using ZeroFox external threat intelligence on malicious IPs and domains helps our customers and connected communities prevent repeat attacks and disruption,” said Chris Stewart, VP Global Alliances at Exabeam. “Our partnership further enhances our market-leading threat detection, investigation and response (TDIR) capabilities. We see this as another crucial piece of automation and providing protection at scale to address the increasing pace of cyberattacks that organizations are facing.”

The ZeroFox Adversary Disruption service shortens exposure time and speeds time-to-disruption by taking proactive measures before the damages of an external cyberattack can occur. ZeroFox works directly with ISPs, DNS providers and registrars, mobile app stores, cloud and hosting providers, and others to quickly identify and take down potentially malicious domains at the point of registration to prevent threat actors from leveraging those domains in campaigns.

ZeroFox’s Disruption Intelligence Feed, including malicious infrastructure lists, can be easily integrated into firewalls, proxies, endpoints, and email and web security gateways. With each disruption action taken, attacker infrastructure is dismantled, making it more difficult for threat actors to pivot to new targets and benefitting the entire ZeroFox community.

The solution has been recognized by industry partners, including a previously announced partnership with Mandiant, and third-party analyst firms including Forrester. The Forrester Wave: External Threat Intelligence Services, Q1 2021 states that “ZeroFox is best in class for brand threat intelligence use cases and takedown service.” ZeroFox customers experienced a 60% increase in the volume of frauds and scams, including phishing attacks, targeting stakeholders from 2020 to 2021. This underscores the need for disruption that can stop repeated attacks.

The unveiling of the Adversary Disruption service comes on the heels of ZeroFox’s recent announcement of intent to acquire IDX and become a publicly traded company via merger with L&F Acquisition Corp.