ZeroFox’s external threat hunting capabilities give analysts complete access to raw threat intelligence
ZeroFox released an advanced external threat hunting capabilities within the ZeroFox platform, designed to provide real-time threat intelligence to threat hunters, analysts and cyber responders.
This new threat hunting capability extends the full spectrum threat intelligence solutions currently offered by ZeroFox. It allows for direct access to enriched and raw intelligence feeds, searching across the firm’s entire global data lake, and interactive access to an elite team of dark web operatives skilled at adversary engagement.
The enhanced threat hunting module delivers a complete global view of active and historical threat intelligence data to understand risks across physical and cyber domains, including social media as well as the surface, deep and dark web. The solution allows for integration into existing systems through platform workflows, a new hunting interface and integrated data services, enabling enterprises to rapidly respond to today’s escalating threats.
The need for global and tailored intelligence has never been greater as threats on publicly available platforms continue to increase over the last year. The ZeroFox intelligence team has observed an over 100% increase in ransomware attacks, a 300% increase in social-media-based attacks and an 80% increase in domain spoofing attacks.
Security teams need access to finished intelligence relevant to their business, security teams and sector to understand their risk profile and make informed security decisions. The enhanced ZeroFox threat hunting capabilities will increase access to raw data and finished intelligence to help quickly inform those decisions. Additionally, the ZeroFox App Library provides over 700 pre-existing integrations with essential collection, protection and disruption partners to drive impactful results.
“Our External Threat Hunting capabilities fill the intelligence gap, where cyber defenders do not have a single comprehensive lens to track, research and investigate external attacks and attackers,” said James C. Foster, CEO at ZeroFox. “These new capabilities within our platform are critical weapons for organizations as they continue to battle with the all-time high rate of ransomware and cyberattacks. I am very proud of our pace of innovation to help customers stay ahead of persistent adversaries around the world.”
“Intelligence is critical to the success of an organization, whether you are searching for emerging threats, protecting key assets or seeking to avoid disruptions to business operations,” said Len Robinson, Manager – Digital Investigations and Corporate Threat Intelligence, Retail Business Services, an Ahold Delhaize company. “Massive amounts of data are needed to fuel a good intel program. Tools that provide the ability to quickly and effectively search large amounts of data sets are key to success.”
The ZeroFox Threat Hunting capabilities will launch officially next week at the Black Hat USA 2021 Conference in Las Vegas, the world’s largest gathering of security practitioners. The enhanced capabilities include:
- External threat hunting: Deeply investigate relationships between various attack and threat indicators and access ZeroFox’s unique threat intelligence data lakes consisting of petabytes of curated intelligence and raw threat data on malicious domains/URLs, hosts, IPs, command and control networks, compromised credentials, attacker attribution, campaigns, vulnerabilities and exploits, attacker tools and phishing kits and ransomware.
- Dark ops engagement: Leverage the world’s largest team of in-theater dark web operatives with access to the underground economy. Traditionally, this level of access has remained beyond reach for the majority of analysts. ZeroFox operatives investigate and curate findings in order to generate finished intelligence relevant to your threat environment, taking necessary actions to protect your assets and confidentiality. With leading coverage across every major economy with over 30 distinct linguistic specializations, the operative team services are now available 24×7 through RFI automation in the platform, helping organizations predict and recover from attacks.
- Threat data services and app library: Integrate the entire ZeroFox threat data lake into your broader security tech stack, including 700+ apps and technology partners. Access contextual intelligence data feeds, including credit card BIN numbers, new DNS registrations and social phishing URLs that are tailored to you, your platform and your business. Stream unfiltered data, including botnet infections, underground communications, vulnerabilities, command and control networks as well as SSNs to power data collection and analysis.
“The ability to dig into threat intelligence datasets of direct or indirect evidence is needed to help correlate deeper potential evidence. This is critical to support the intelligence mission and its primary intelligence gathering requirements,” said Joe Baum, Director of Threat Management Group, Motorola Solutions. “As intelligence analysts, we need tools for full and open inspection of intelligence data sets to build higher confidence and finished intelligence which we use to influence our decision making – deeper examination of raw and enriched data can enable this.”