ZeroFox

ZeroFox is an external cybersecurity company focused on threats that originate beyond the corporate perimeter. Its platform helps organizations discover, validate, and disrupt risks tied to brands, domains, executives, credentials, exposed assets, and physical locations across the surface, deep, and dark web, social platforms, marketplaces, and other public-facing channels.

ZeroFox organizes its offering around a continuous cycle of discovery, validation, and disruption. It combines AI-driven analysis, a large external intelligence corpus, and analyst review with operational response capabilities such as takedowns, blocking, and escalated investigations. In addition to software, ZeroFox delivers managed intelligence and response services that help customers move from alerting to action in one operating environment.

Offerings, Capabilities, and Integrations

ZeroFox combines continuous external monitoring, analyst-validated intelligence, and disruption workflows in a closed loop. The platform is built to uncover unknown exposures, prioritize credible threats, and support response actions across digital and physical risk scenarios. Its capabilities span external asset visibility, adversary monitoring, fraud and impersonation detection, takedown orchestration, malware validation, and expert-led investigations.

ZeroFox also extends beyond software through managed services, including 24×7 alert validation, dedicated analyst support, dark web human intelligence, and on-demand investigations. Integration is a core part of the offering: ZeroFox supports native connectors, APIs, webhooks, and syslog-based delivery, and maintains a broad app library that connects intelligence and alerts into SIEM, SOAR, ITSM, collaboration, analytics, and IAM environments.

Products and Services

• Cyber Threat Intelligence: Analyst-validated threat intelligence that tracks threat actors, credential leaks, attack campaigns, and underground activity across the surface, deep, and dark web.
• Attack Surface Intelligence: Continuous discovery and prioritization of internet-facing assets across cloud environments, applications, shadow IT, and third parties, with context to support remediation and exposure management.
• Brand + Domain Protection: Protection for brands and domains that detects impersonation, phishing, counterfeit activity, fraudulent sites, and related abuse, then supports rapid takedown and remediation.
• Executive + VIP Protection: Protection for executives and other high-profile individuals against impersonation, doxxing, credential exposure, deepfakes, harassment, and online-to-physical threats.
• Physical Security Intelligence: Geospatial and event-driven intelligence that identifies physical threats, disruptive events, and location-based risks affecting facilities, people, and travel operations.
• Malware + URL Sandbox: In-platform sandboxing for suspicious files, URLs, hashes, and QR codes, delivering threat validation, IOC extraction, behavioral reporting, and evidence to accelerate takedowns.
• Dark Web Intelligence: Persistent monitoring of criminal forums, marketplaces, encrypted channels, and stealer ecosystems through covert Dark Ops access and correlated intelligence.
• Detection and Investigations: Investigation support that connects large-scale external signals into prioritized findings and forensic context for analysts, responders, and threat hunters.
• Breach and Extortion Response: Expert-led support for containment, evidence gathering, communications, and response coordination during breach and extortion events.
• OnWatch Alert: Managed 24×7 alert review, triage, validation, and escalation delivered by ZeroFox security operations analysts.
• OnWatch Expert: Dedicated analyst support that extends customer teams with deeper threat research, tailored reporting, and ongoing intelligence operations assistance.

Target Customers

ZeroFox primarily targets enterprises and public sector organizations with large external attack surfaces, valuable brands, public-facing digital channels, and executives or operations that are exposed to online and real-world threats. It is especially relevant for organizations that need to reduce phishing, impersonation, fraud, data leakage, and external reconnaissance before incidents reach customers, employees, or leadership.

The company serves security operations, threat intelligence, corporate security, fraud, brand protection, and risk teams, while also supporting leadership stakeholders that need executive and physical risk visibility. ZeroFox has visible traction across industries including financial services, healthcare, insurance, media and entertainment, retail and CPG, technology, education, legal, manufacturing, and government.

Cloud Integrations and Marketplace

• Microsoft Azure Marketplace: ZeroFox has a verified Microsoft Azure Marketplace presence for Microsoft Sentinel through its ZeroFox Alerts & CTI Connectors, enabling organizations to ingest ZeroFox alerts and threat intelligence into Sentinel workflows.
• Google Cloud: ZeroFox integrates with Google Cloud through Google Web Risk, allowing verified malicious URLs to be submitted for rapid warning and blocking actions, and it also supports Google SecOps integration within its broader security ecosystem.

Key People

• David Muse: Chief Executive Officer
• Andrew McKenna: Chief Financial Officer
• Shon Myatt: Chief Technology Officer
• Kyle Novellano: Chief Revenue Officer
• Caitlin Wood Huber: Chief Customer Officer
• Russ Bentley: EVP, Product Management
• Sara Peichert: Chief of Staff
• Satish Prasad: EVP, International Center of Excellence
• Melissa Jones: EVP, Marketing
• Robeson Jennings: SVP, Global Services and Intelligence
• Kristin Dabney: Vice President, Human Resources

Key Facts

• Headquarters: Baltimore, Maryland, United States
• Employees: Approximately 885
• Annual Revenue: $233.3M
• Parent Company: Haveli Investments
• Subsidiaries: None
• Publicly Listed: No (formerly Nasdaq: ZFOX; delisted in May 2024)

Analyst Recognitions

• Gartner: Leader in Gartner Magic Quadrant for Cyberthreat Intelligence Technologies (2026).
• Forrester: Strong Performer in The Forrester Wave: External Threat Intelligence Services, Q3 2023.