ZeroFox was created in 2013 under the name Riskive, but changed to its current name months later. The company began as a startup in an 8,000 sq. ft. space inside Betamore - a startup incubator in Baltimore's Federal Hill neighborhood.
In 2015, ZeroFox raised $27 million in Series B funding. By 2016, the company had outgrown its space and moved to an 18,000 sq. ft. space inside a former Pabst Brewing facility in South Baltimore.[3] In 2017, ZeroFox raised $40 million in funding led by Redline Capital Management, a European venture firm, and Silver Lake Waterman, a fund that focuses on pre-IPO companies. Prior investors New Enterprise Associates, Highland Capital Partners and Core Capital also contributed. The investment helped bring ZeroFox's total funding to $88 million.[4]
ZeroFox partners with other software organizations such as IBM, Hootsuite, Splunk, ThreatQuotient, and others to visualize, analyze, and predict cyber security threats to respond quickly to reduce the impact of incidents.[5] ZeroFox partners with Google Cloud to warn users against phishing domains.[6]
In 2020, ZeroFox closed a new $74 million round of financing led by Intel Capital. This funding round was one of the largest a Maryland cyber firm has landed in recent years. This brings ZeroFox's backing to $162 million to date.[7]
The company went public on August 4, 2022 through a $1.4B SPAC deal. In the deal, ZeroFox also acquired ID Experts Holdings, Inc. (“IDX”). The combined company was then called ZeroFox Holdings, Inc. and traded on the Nasdaq Stock Market under the ticker symbol “ZFOX” for its common stock and “ZFOXW” for its publicly traded warrants.[8][9][10]
Purchase
On February 6, 2024, ZeroFox announced that it had entered into a definitive agreement to be acquired by Haveli Investments, a leading private equity firm focused on enterprise software and cybersecurity. Under the terms of the merger agreement, Haveli Investments would acquire ZeroFox in an all-cash transaction at an enterprise value of approximately $350 million.[11]
On May 13, 2024, it was announced that Haveli Investments had completed the purchase of ZeroFox Holdings.[12]
Acquisitions
In October 2020, ZeroFox acquired Cyveillance from LookingGlass in a move designed to merge Cyveillance's threat intelligence data cache and dark web intelligence capabilities with the ZeroFox Digital Risk Protection Platform.[13]
In July 2021, the company acquired Vigilante, a dark web threat intelligence company.[14]
In August 2022, the company acquired IDX, a breach response company.[15][16]
In April 2023, the company acquired LookingGlass Cyber Solutions, an external attack surface management and threat intelligence company.[17]
2021 Forrester Wave™ External Threat Intelligence Services: Best-in-class for Brand Threat Intelligence Use Cases And Takedown Service[19]
2022 Frost & Sullivan Global Competitive Strategy Leadership Award: Digital Risk Protection, Global[20]
2023 Cyber Defense Magazine Global Infosec Awards: Best Threat Intelligence Technology; Cutting Edge Executive Protection; Next Gen Threat Intelligence [21][22]
2023 SPARK Matrix™: Technology Leader in Digital Risk Protection by Quadrant Knowledge Solutions [24]
2023 Forrester Wave™: Top Threat Intelligence Provider in External Threat Intelligence Services [25]
2023 Enterprise Security Tech Awards: Cyber Top 20 [26][27]
2023 CyberSecurity Breakthrough Award: Incident Response Solution of the Year[28][29]
Controversies
Freddie Gray protest surveillance
The company faced criticism over its handling of the 2015 protests over the death of Freddie Gray when it singled out its nonviolent organizers. ZeroFox labeled DeRay McKesson and Johnetta Elzie as high physical threats to law enforcement despite not being suspected of any criminal activity.[30][31][32] ZeroFox was unsuccessful at differentiating between impersonating troll accounts and Elzie's actual social media presence.[33]
FBI contract and the January 6 Capitol Attack
ZeroFox signed a $14 million social media intelligence contract with the FBI on Dec 30, 2020, taking over from Dataminr, which held the contract until Dec. 31, 2020. This transition period led to decreased visibility leading up to the 2021 United States Capitol attack, and led agents to calling it an expletive sounding similar to ZeroFox.[34][35][36]
^Davis, Aaron C. (31 October 2021). "Warnings of violence before Jan. 6 precipitated the Capitol riot". Washington Post. Retrieved 31 October 2021. But the end-of-the-year changeover limited the FBI's understanding of what was happening online at a key juncture, just as extremists were mobilizing. FBI agents started using an alternative service known as ZeroFox that was unfamiliar to many in the bureau. The change came as a surprise, causing confusion about how to use the new system. Some agents and analysts felt the new service was a significant downgrade, particularly when it came to tracking things on Twitter. Within the FBI, some frustrated agents quickly started using a derisive nickname for ZeroFox — replacing the "Fox" with a similar-sounding expletive, to indicate how little use it seemed to have.31"It wasn't that we were blind, it just turned out to be a bad time to have less visibility into what was happening online, because we were changing systems and a lot of people didn't really know the new system," said one person familiar with the matter.
^Dilanian, Ken (8 March 2021). "Why did the FBI miss the threats about Jan. 6 on social media?". NBC News. Retrieved 1 November 2021. Fact check: false. FBI agents have said in court records that they monitor public social media, and the bureau recently signed a $14 million contract with a "threat intelligence" company called ZeroFox "to proactively identify threats to the United States and its interests" on the internet. For years, the FBI has had a similar arrangement with DataMinr, which can flag social media postings of interest to its clients.