Protecting Against CyberAttacks Through Social Networks, ZeroFOX Raises $11 Million

Anyone can be anyone on social networks. It’s part of the allure of sites like Facebook and Twitter. They enable self-expression, but increasingly the ability to assume any identity online is being used by hackers to get sensitive data from consumers and businesses.

Looking to address that threat, Baltimore-based ZeroFOX has launched with $11 million in financing led by NEA and including a who’s-who of some of the best and brightest security technologists. Some of the individual investors backing the company include: Enrique Salem, the former chief executive of Symantec and a director on the FireEye board; Michael Fey, the worldwide chief technology officer at McAfee; John Jack, a board partner at Andreessen Horowitz and former chief executive of Fortify; and Ken Levine, the chief executive at Verdasys.

While most businesses are acutely aware of the problems they face from mobile devices and “freemium” software as a service offerings for business applications, social networks are a different beast altogether, says ZeroFOX chief executive James Foster. Indeed, the 2013 Verizon Data Breach Report indicated that nearly one-third of all data breaches occurred via a social application as the primary attack vector.

The threats are very real, according to Foster. During forward operations in a combat theater, one military organization was hacked via social networks, Foster says. “In this use case social was leveraged to identify the location of troops.”

For businesses, the concern can be over identity impersonation, cyber attacks, fraud, phishing, or cognitive hacking , are very real concerns, as well.

ZeroFOX’s technology can provide monitoring and mapping of social network usage to identify threats that may be coming. “We’re using patented machine learning technology,” Foster says. “We know how many times a piece of file was sent to places anywhere in the world. And we can put a social graph on top of our technical analysis graph.”

Using the company’s services, businesses can determine whether they’re the subject of a targeted attack, or just one of a number of institutions being hit with a generalized phishing or malware attack.

For Foster, this is just the latest step in a long career in the security industry. He began as an employee at the Department of Defense in the late 90s and founded his first security company, Ciphent, in 2006.

It was Foster’s pedigree in the security industry combined with the market need for an offering to address social networking threats that brought NEA to the table, says Dayna Grayson, a partner in the firm’s Washington office. “There’s innovation in the security space but around social in particular there’s a huge opportunity for disruption,” Grayson says.