Headline partners:

IBM Intel

Defending public attack surfaces with ZeroFOX

To operate successfully, enterprises today are increasingly reliant on digital platforms that sit outside their traditional cybersecurity sphere of influence: social media channels, email providers, mobile applications, collaboration tools and more.

The continued proliferation of these digital tools represents a significant extension of any organisation’s attack surface – criminals can use them to launch targeted phishing attacks, credential compromise, data theft, brand hijacking attacks and more. The ease of attacker access and lack of visibility into these digital platforms means it is very difficult for IT security teams to protect against attacks that exploit them – the attacks happen in the open before anyone typically knows.

ZeroFOX* has built a platform that is designed to monitor digital platforms for emerging threats. It continually pulls data from a range of sources covering public attack surfaces and using deep learning to search for emerging threats. The platform is then able to take automated action to mitigate those threats – usually by issuing takedown requests, which ZeroFOX does through its relationships with major social networks, internet service providers (ISPs) and authorities.

How It Works
ZeroFOX’s SaaS technology processes millions of data points every day – looking for terms of service violations, malicious or unauthorized content, or other threats from messages, posts, and accounts from social media, mobile application stores, collaboration platforms, and the dark web.

These platforms are monitored for signs of an attack – for example, domains very similar to an organisation’s being registered to launch a phishing attack, or a mobile app that uses a client’s branding. ZeroFOX can then alert its clients to the risk and take action with its partners to have fraudulent assets taken down.

But performing this analysis on the volume of data that is required to insulate an organisation’s entire public attack service takes an enormous amount of compute power. To do so, ZeroFOX takes advantage of Intel® hardware – their cloud-based inferencing workloads run on Intel® Xeon® Scalable processors.

Collaboration with Intel
As a member of the Intel® AI Builders program, ZeroFOX has also taken advantage of access to Intel engineers who have helped them to optimise their deep learning algorithms to run on Intel hardware.

By implementing the Intel® Distribution of OpenVINO™ toolkit, ZeroFOX was able to optimise its standard ‘You Only Look Once’ (YOLO) algorithm to take advantage of high-performance instruction sets available on Intel Xeon Scalable processors. By doing so, they were able to achieve performance improvements of up to 2.3x and reduce system latency by up to 50 percent.1

ZeroFOX CTO Mike Price attributes their success with the OpenVINO toolkit to the close relationship the company has with Intel engineers, made available through the Intel AI Builders program:

“One of the big advantages of working on this optimisation with them [Intel engineers] was being able to just explain the problem. They were able to come back very quickly, fully understanding the problem set, and to propose quick wins that got us material gains.” Mike Price, CTO, ZeroFOX

Fighting An Explosion of Phishing Attacks
The past five years have seen a significant shift in the way hackers operate. While malware-related sites used to be the favoured method of attack, phishing sites now dominate. This has been driven by the simplicity of tools like phishing kits – pre-built pieces of code, infrastructure, and distribution tools like mass mailers that allow even inexperienced scammers to set up a website and build their own phishing campaign.

Because these kits are so easy to deploy, the volume of phishing-based attacks has exploded. And with working from home the new norm for many businesses forced to adapt in the wake of the global COVID-19 pandemic, the problem has worsened in 2020.

Between January and April 2020, overall digital threat activity detected by ZeroFOX increased 9%, with phishing attacks increasing by 125%. With organisations now more reliant than ever on cloud-based collaboration tools, video conferencing, and other digital platforms, it has never been more important to get a handle on the public attack surface.

Case Study: Big Four Bank
The financial services industry has always been a prime target for scammers. One ZeroFOX client, a big four bank in the UK, was concerned with protecting its 30 million customers against a rising wave of attacks from digital platforms they had very limited insight into.

The bank’s previous platform provided unreliable alerting and limited remediation capabilities: this meant that analysts from the bank were forced to spend hours every day manually reviewing each alert flagged by the system and enacting takedown requests with ISPs themselves. They were also aware that while they were able to monitor traditional social media to some extent, they could not monitor the whole digital landscape.

By moving to ZeroFOX’s platform, the bank was able to save an average of 40 hours a week on average, achieve 7x more successful takedowns per month, and cover many more data sources than before.

  • Key takeaways
    Enterprises have vulnerabilities across their public attack surfaces: digital platforms outside their sphere of influence.
    ZeroFox* has built a platform built to monitor public attack surfaces, and mitigate threats as they emerge.
    Using the Intel® Distribution of OpenVINO™ toolkit, they optimised their AI algorithm to 2.3x faster.

Next Steps
As threat surfaces continue to expand – thanks both to the increased pervasiveness of new digital platforms, and to the worldwide shift toward remote working and digital-first experiences, it is essential that companies gain visibility into their public attack surfaces.

The best way to respond to the volume of sophisticated attacks, spread across a growing multitude of vectors, is using intelligent deep learning-based systems like the one ZeroFOX has built.
Its technology, built on Intel hardware, can analyse the colossal volumes of data required to mount an effective defence in areas where traditionally organisations have limited visibility.
To learn more about ZeroFOX, visit https://www.zerofox.com/.

June 2020


June 2021