The Zerofox Platform

ZeroFOX delivers automated threat detection and remediation of risks targeting organisations and employees across social media, mobile apps, web domains, surface, deep/dark web and collaboration platforms. The ZeroFOX platform automatically identifies and remediates risks inc. fraudulent accounts, phishing attacks, scams, exposed PII, insider threats, physical threats and more.


  • Social Account and Digital Protection & Security
  • Streamlined Takedown service: ‘One click’ takedown requests
  • Real-Time Page Moderation: Hide, Delete & Block posts inline
  • Malware, SPAM & Phishing detection & removal
  • Cyber, Fraud & Scam Protection
  • Artificial Intelligence (AL), Machine Learning (ML) & Deep Learning
  • Enabling computers to understand Context within human language interactions
  • Optical Character Recognition: detect text and characters within Images


  • Gain Visibility beyond the perimeter to catch more threats faster
  • Ensure Control- AI-driven analysis, custom policies, role-based administration.
  • Automate Protection against threats and data coverage gaps


£299 per unit per month

Service documents


G-Cloud 11

Service ID

5 5 8 4 3 2 8 0 7 7 3 1 1 6 6



Lisa Ingham

0845 58 27001

Service scope

Software add-on or extension
Yes, but can also be used as a standalone service
What software services is the service an extension to
Managed Security for enhanced protection of digital assets
Cloud deployment model
Public cloud
Service constraints
No constraints or limitations on hardware configuration, there are planned maintenance windows on the platform with no disruption of the service due to HA architecture
System requirements
  • Configuration and setup of public information on protected assets needed.
  • ZeroFOX's platform focuses on protecting the external digital footprint

User support

Email or online ticketing support
Email or online ticketing
Support response times
ZeroFOX Global Customer Operations provides 24x7x365 day support, with an SLA of 24h and average reply time: 1.4 hours
User can manage status and priority of support tickets
Online ticketing support accessibility
WCAG 2.1 A
Phone support
Phone support availability
24 hours, 7 days a week
Web chat support
Onsite support
Yes, at extra cost
Support levels
All ZeroFOX platform subscriptions include a level of customer support. ZeroFOX OnWatch managed services provide customers more enhanced hands-on protection, to ensure no alerts get missed and all critical issues are highlighted immediately. ZeroFOX OnWatch Premium subscribers receive the full spectrum of ZeroFOX expert managed services. Takedown support is available via ZeroFOX Takedown-as-a-Service for customers looking for removal of offensive comments and posts, unauthorised or fraudulent accounts and other infringements. ZeroFOX OnWatch is our premier managed serviced offering, ensuring the most of your investment in ZeroFOX and achieve best-in-class protection for your organisation. Customers are not assigned an individual support engineer but rather support will be scaled across Global Customer Operations to ensure swift expert support and, if required escalation.

ZeroFOX Support:
o Launch & Implementation
o 8am-8pm Email/Online/Phone Support EST
Cost: 25% of Subscription Annual Contract Value

ZeroFOX OnWatch Standard
o Launch & Implementation
o 24x7 Email/Online/Phone Support
o Alert Triage & Escalation
o Health Check
Cost: 30% of Subscription Annual Contract Value

ZeroFOX OnWatch Premium
o Launch & Implementation
o 24x7 Email/Online/Phone Support
o Alert Triage & Escalation
o Health Check
o ZeroFOX University
o Workflow Design
o Custom Threat Analysis
Cost: 40% of Subscription Annual Contract Value
Support available to third parties

Onboarding and offboarding

Getting started
ZeroFOX offers many differnt launch and more indepth technical training courses; these can be online or in-person either at your offices, a seperate meeting space or at ZeroFOX's offices in London or Baltimore. ZeroFOX provides extensive User Documentation available on-line through The Platform.
Service documentation
Documentation formats
  • HTML
  • PDF
End-of-contract data extraction
ZeroFOX will perform the secure deletion steps to delete any customer data. It's worth highlighting that ZeroFOX does not store any non-public data from our Customers and follows GDPR guidelines on data handling.
End-of-contract process
At the end of the contract, the Customer has the option to renew and extend their protection services with ZeroFOX. If the Customer decides to not go ahead with the renewal, ZeroFOX will suspend the services coverage and initiate secure data deletion of all profile and trending information from the Customer.

Using the service

Web browser interface
Supported browsers
  • Internet Explorer 10
  • Internet Explorer 11
  • Microsoft Edge
  • Firefox
  • Chrome
  • Safari 9+
Application to install
Designed for use on mobile devices
Differences between the mobile and desktop service
The ZeroFOX mobile app shows alerts and allows full functionality to request takedowns, block or hide content etc. No configuraton can be performed within the Mobile app and no reporting/dashboard (right now) can be seen/run
Service interface
Description of service interface
ZeroFOX is a SaaS based platform as such users access it via a HTTPS web page.
Accessibility standards
WCAG 2.1 A
Accessibility testing
ZeroFOX is a SaaS based platform as such users access it via a web page, any assitive or universal access services would be provided by the user's web browser and/or Operating System in use
What users can and can't do using the API
Zerofox has a Restful SOAP API. This allows all alerts to be pushed in to 3rd party tools, such as Threat Intel or SIEM Solutions, allowing customers to view alerts in one console.
API documentation
API documentation formats
  • HTML
  • PDF
API sandbox or test environment
Customisation available
Description of customisation
ZeroFOX Rules are written in FoxScript- this is a JavaScript language. Users can customise Rules or add their own rules. anyone with JavaScript knowlege can undertstand our language. Furthermore ZeroFOX offer training courses to help in understanding FoxScript


Independence of resources
Supported by an always-on, always-available infrastructure, the ZeroFOX Platform delivers a 99.99% of availability, through leveraging the scalability and global presence of Amazon AWS.


Service usage metrics
Metrics types
"Metrics for Health monitoring of digital presence for an organisation
Total Content Analyzed, Alerts and Remediated Content"
Reporting types
  • API access
  • Real-time dashboards


Supplier type
Reseller providing extra support
Organisation whose services are being resold
Zerofox Platform

Staff security

Staff security clearance
Other security clearance
Government security clearance

Asset protection

Knowledge of data storage and processing locations
Data storage and processing locations
EU-US Privacy Shield agreement locations
User control over data storage and processing locations
Datacentre security standards
Managed by a third party
Penetration testing frequency
At least once a year
Penetration testing approach
Another external penetration testing organisation
Protecting data at rest
  • Physical access control, complying with SSAE-16 / ISAE 3402
  • Scale, obfuscating techniques, or data storage sharding
Data sanitisation process
Data sanitisation type
Deleted data can’t be directly accessed
Equipment disposal approach
In-house destruction process

Data importing and exporting

Data export approach
ZeroFOX has a rich reporting tool allowing users to run PDF reports for a specificed period and style of report such as Executive Report, Takedown Report, Technical Report, or Protected Entity Report. As part of this ZeroFOX also offers users the ability to export their data in a CSV format, and also offers custom data exporting
Data export formats
Data import formats

Data-in-transit protection

Data protection between buyer and supplier networks
Other protection between networks
ZeroFOX is a SaaS platform
Data protection within supplier network
TLS (version 1.2 or above)

Availability and resilience

Guaranteed availability
99.99% availability leveraging infrastructure, scalability and global presence of Amazon AWS
Approach to resilience
Fault Tolerance and Load Balancing at all service levels, including User Interface, Database, and Container Clusters
Outage reporting
Email Alerting

Identity and authentication

User authentication needed
User authentication
Username or password
Access restrictions in management interfaces and support channels
Management approval required to access management interfaces and support channels. Management and support interfaces are segmented networks and are not directly accessible unless coming from authorised network.
Access restriction testing frequency
At least every 6 months
Management access authentication
  • 2-factor authentication
  • Public key authentication (including by TLS client certificate)
  • Limited access network (for example PSN)
  • Username or password

Audit information for users

Access to user activity audit information
Users contact the support team to get audit information
How long user audit data is stored for
Access to supplier activity audit information
Users contact the support team to get audit information
How long supplier audit data is stored for
Between 6 months and 12 months
How long system logs are stored for
Between 6 months and 12 months

Standards and certifications

ISO/IEC 27001 certification
ISO 28000:2007 certification
CSA STAR certification
PCI certification
Other security certifications

Security governance

Named board-level person responsible for service security
Security governance certified
Security governance approach
Zerofox complies with ISO27001.
Information security policies and processes
ISSM reports to board level executives on policy and governance. ISSO audits and ensures day to day operations comply with policy for all business units.

Operational security

Configuration and change management standard
Supplier-defined controls
Configuration and change management approach
SDLC for both application and infrastructure changes, including source code static and dynamic analysis (application), and vulnerability and baseline scanning (infrastructure)
Vulnerability management type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Vulnerability management approach
Threats are assessed based on CVE score and if the vulnerability is exploitable. Patches for systems is deployed on an as needed basis or biweekly.
Protective monitoring type
Conforms to a recognised standard, for example CSA CCM v3.0 or SSAE-16 / ISAE 3402
Protective monitoring approach
Daily reporting and metrics from endpoint, cloud, and networking controls. Weekly scanning of public facing infrastructure. Weekly internal scanning of systems for vulnerabilities/indicators of compromise
Incident management type
Conforms to a recognised standard, for example, CSA CCM v3.0 or ISO/IEC 27035:2011 or SSAE-16 / ISAE 3402
Incident management approach
Predefined runtime playbooks of: Phishing, Spear-Phising, Data exfiltration, Data Leakage, Endpoint Code Execution, and Server Code Execution (Code Execution definitions: Malware, Ransomware, Remote Code Execution)

Secure development

Approach to secure software development best practice
Conforms to a recognised standard, but self-assessed

Public sector networks

Connection to public sector networks


£299 per unit per month
Discount for educational organisations
Free trial available
Description of free trial
Online form then an Expert be in contact to demo:
Identify employee targeted phishing attacks on social networks
Find and takedown fraudulent & impersonating accounts
Mitigate costly customer fraud and scams
Uncover stolen information, counterfeit goods and pirated content
Continuously monitor key employee & company accounts for compromise
Link to free trial

Service documents

Return to top ↑