ZeroFox secures $40m Series C to help manage social media risk

ZeroFox, a startup that helps companies manage social media risk including scams, malicious links and account hijacking, announced a $40 million Series C investment today.

The round was led by Redline Capital Management and Silver Lake Waterman (which is Silver Lake’s late stage growth capital fund). Existing investors NEA, Highland Capital Partners and Core Capital also participated. Today’s funding brings the total raised to $88 million, according to the company.

ZeroFox also announced that Alastair Cookson, a partner at Redline Capital Management would be joining the board of directors as part of the deal.

The world of social media risk isn’t one that’s as well understood as some other areas of cyber security, but according to ZeroFox CEO James Foster, you can get malicious links on social media just as you can in email. And as we grow more savvy about email phishing, social media offers an easier mechanism for manipulation because it has been designed as an information sharing channel where we just naturally share links.

Foster says the kind of awareness training that we learn for email tends to go out the window on social where people are much more likely to just “trust and click.”

As a good example of this, according to an article in the New York Times from last spring, hackers were able to penetrate a Pentagon official’s computer using a malicious link on Twitter. The bot account included a link for a “family-friendly summer vacation,” and the unwitting user clicked it, according to the story.

While that might seem naive in retrospect, ZeroFox has created a platform that is designed to catch these kinds of malicious links, prevent account take-overs and stop cons such as coupon scams. As investor and board member Cookson points out, companies are not necessarily paying attention to these areas as part of their security plans.

“With the mass adoption of social media, organizations of all sizes are contending with new threats that do not show up in their existing monitoring, let alone defense and remediation capabilities,” he said in a statement.

The company tends to sell to security teams and CISOs along with risk and fraud groups and marketing (which is usually in charge of a company’s social media accounts). They also sell to ISPs who are trying to protect their users. For example, they count Rogers Communications, the Canadian cable giant and Comcast as customers.

ZeroFox uses a subscription model, charging on a per account basis starting at $20 per month per account, according to Foster.