Identify and Remediate Digital Risks Faster with ZeroFox OnWatch

Identify and Remediate Digital Risks Faster with ZeroFox OnWatch
5 minute read

As part of your organization’s security posture and procedure, you most likely have plans for specific scenarios. Similar to fire drills from elementary school, you might have a plan of action in the case of physical threats, server failures, or employee retaliations. But what about the threats that exist outside the four walls of your office? The ones beyond your perimeter on platforms outside of your management or control? As threats on social media and other digital platforms, from mobile apps to surface, deep and dark web continue to grow, you need a plan for early detection and remediation of these risks. Since many of these threats are new territory for security and marketing teams alike, it can be difficult to know where to start.

Enter the ZeroFox OnWatch team. Since ZeroFox’s founding, we’ve created a community of researchers, threat hunters, analysts, and experts who dedicate their time to identifying and remediating risks found on social media and digital platforms. And they’re excellent at it. From early alert triaging to custom threat analysis, ZeroFox OnWatch provides the expertise, services, and effectiveness you need to safeguard your business, brand, people and locations against social and digital threats.

Combining artificial intelligence and human analysis

Our analysts make up the core of ZeroFox OnWatch services. With analysts reviewing and escalating individual alerts that impact key business needs, with ZeroFox OnWatch we’ve struck a balance between the automated and human driven. We believe you shouldn’t have to choose between artificial-intelligence driven alerts and human analysis, so with ZeroFox OnWatch, you get both. Alerts are generated through the ZeroFox Rule Engine which includes pre-built policies based on our industry expertise and frequent use cases, such as risky account changes, impersonation identification, offensive content and physical violence alerts, counterfeit goods, information leakage and more. Custom policies can easily be created for individual entities and networks, called FoxScripts, solving nearly any use case.

ZeroFox OnWatch does not replace the hard work of our artificial-intelligence driven rule engine and alert generator but rather adds an additional layer of validation and escalation by our expert analysts. This combination of artificial intelligence and expert analysis ensures each alert is validated and critical alerts are escalated to you, the customer, so you can focus your efforts on what’s most important to you.

Alert Triage and Escalation

For customers with several brands, products, people, domains or other entities to maintain and protect, it can be difficult to dedicate the time to analyzing each alert that comes through the platform. This could mean missing a critical threat to your business or a delayed response to risks. With OnWatch’s alert triage and escalation, our best-in-class analysts review, validate, and escalate your alerts without you lifting a finger. This ensures you are made aware of critical alerts quickly and can focus your efforts on the most impactful issues facing your business.

What does the triage and escalation process look like? As alerts are generated through the ZeroFox Platform, our analysts review each alert, including:

  • Risk rating - is this a critical or high alert? Should it be?
  • Associated rule - What use case is this rule solving?
  • Offending profile or user - Does this user frequently post similar content? How long has this profile existed? For social profiles, how many followers does this user have? What’s their level of engagement?
  • Offending content - Reviewing the post, comment or account, what is the risk with this specific content?

Once an alert is fully reviewed and triaged by the OnWatch team, it is escalated to the customer. For OnWatch Standard customers, remediation actions are recommended based on the risk analysis of the alert. This can include blocking the offending user, hiding or deleting the post, or reporting the account for removal by the associated network.

OnWatch Premium customers receive full wrap-around services, including automated remediation actions. Our expert analysts will immediately remediate threats based on industry expertise and custom workflows based on organizational use cases, without you lifting a finger.

Workflow Design

For OnWatch Premium customers, custom workflows can be developed based on business processes and organizational needs. For organizations that work with high-profile executives or VIPs that expect a large number of impersonation attempts, this may mean defining a workflow where all impersonation attempts are packaged into a weekly report. For attempts at account hacking however, this same organization may define a workflow where an email or phone call is made when a client’s account is taken over.

The development of custom workflows ensure security teams can prioritize specific use cases and stay informed around immediate concerns in the manner they prefer.

Custom Threat Analysis

Another benefit of OnWatch Premium is custom threat analysis, conducted by our ZeroFox Alpha Team. This research-driven analysis provides deeper context and critical visibility into risks, threat landscapes and specific perpetrators. Trend and research reports are created, including remediation and security recommendations to prevent against future risks by similar perpetrators.


As stated above, ZeroFox OnWatch Premium entitles customers to highly effective takedown services. Years of experience combined with automation allows our team to perform takedowns with precision and efficiency unobtained via independent efforts. In combination with Takedown-as-a-Service, which enables a specified number of takedowns per month, ZeroFox experts ensure timely incident resolution and risk mitigation for complete digital protection.

Best in Class Training

OnWatch Premium customers also receive the best-in-class training offered by ZeroFox University. This includes trainings on how to use the ZeroFox Platform as well as best practices in social media security and digital risk protection to strengthen your organization’s overall security posture. Online and in-person courses are available to fit every security administrator’s preference and schedule.

The ZeroFox OnWatch Difference

ZeroFox OnWatch offers an enhanced ZeroFox experience. Combining our analysts’ years of experience and comprehensive workflows, ensure you never miss a critical alert, identify risks to your organization and remediate those risks faster, all without lifting a finger.

See ZeroFox in action