ZeroFox Intelligence

Outsmart Attackers with the industry’s best threat intelligence services

Identify and monitor relevant threats to your organization with rapid, actionable, and best-in-class intelligence – so you can proactively stay a step ahead of attackers.

Full spectrum threat intelligence
Visibility to see beyond your perimeter.

Unleash the full potential of threat intelligence

Stop cyber threats and get inside the minds of attackers with ZeroFox threat intelligence services. You’ll have a complete view of your threat landscape across the surface, deep and dark web with everything from searchable finished intelligence reports to on-demand access to threat data and integrated intelligence feeds.

  • Dark web intelligence

    Access deep and dark web data that helps you identify exposed or stolen credentials, PII, IP, and attack chatter directed at your organization

  • Brand intelligence

    Identify suspicious activity beyond your perimeter that puts your brand at risk such as fraudulent domains, social media impersonations, posts with abusive language and phishing, including those that have previously been submitted to domain registrars, web hosts and social networks for takedown

  • Fraud intelligence

    Find data sets of compromised credentials from botnet breach packages, fraudulent websites, tools and social engineering methods aimed at undermining your business and clients

  • Internet infrastructure intelligence

    Distinguish between legitimate and suspicious providers for domains and hosting/VPS infrastructure. Find current infrastructure exploits and TTPs, suspicious hosts, botnet-infected IP addresses, and domains used in attacks

  • Malware & ransomware intelligence

    Quickly track down malware, adversaries, and TTPs being used to gain access, escalate, exfiltrate, and ransom your organization

  • Vulnerability intelligence

    Track the latest vulnerabilities and exploit scripts, enriched with our in-depth analysis on critical CVEs including timeline of events, social media and underground forum chatter, reproduction, remediation, and mitigation recommendations

  • Physical threat intelligence

    Monitor events or policies affecting specific geographic areas of operation or specific executives. Track TTPs affecting cybersecurity and physical posture

  • Third party intelligence

    Scope potential risk of vendors and partner companies in your supply chain across the threat intelligence spectrum

  • Geopolitical intelligence

    Gain contextual insight into new developments in domestic, foreign, and global environmental affairs that have the potential to impact your organization’s personnel or assets around the world

  • Strategic intelligence

    Receive curated intelligence on cyber, physical, and geopolitical factors relevant to your business to inform long-term investments and decision-making

Broad & deep proprietary threat data at your fingertips

Threat intelligence services that plug right into your security tools.

ZeroFox provides your security team with comprehensive, accurate, and timely intelligence bundles through our API to work within your existing SIEM, SOAR, TIP, or IAM security tools. Get real-time access to identity & fraud, deep & dark web, and network & vulnerabilities feeds

ZeroFox for Splunk enables organizations to visualize and analyze threats directly from the purpose-built Splunk App.

Integrates 300+ security solutions in order to act as a centralized hub for your entire infrastructure

Identify threats outside the firewall on the platforms where you do business everyday: such as social media and digital platforms.

The ZeroFox Active Directory Integration allows automated remediation actions to be taken on Active Directory users with known found instances.

Helps security teams accurately detect and prioritize threats across the enterprise, to respond quickly to reduce the impact of incidents.

Organizations use Swimlane SOAR to consume alerts generated by ZeroFox, initiate takedown processes, track requests, extract IOCs and pass them to their TIP or other security platforms.

With the ZeroFox Threat Feed integration, ThreatQ users can ingest, correlate and take action on attacks made against their organizations via social media.

The ZeroFox Okta Integration allows automated remediation actions to be taken on Okta users with known found instances of credential compromise.

Datadog provides cloud scale application monitoring and log management for cloud applications.

Provides orchestration of social media, digital platform threat detection, and investigations to provide alert and IoC integration via ZeroFox Threat Feed API.

Integrates social intelligence and fuses automation, orchestration, and response to enable organizations of any size to be more predictive, proactive, and efficient.

The ZeroFox Norton Lifelock Integration allows automated remediation actions to be taken on Norton Lifelock users with known found instances of credential compromise.

“ZeroFox gives our team peace of mind for our online brands and executive team.”

Nate Lewis
Global Incident Response Manager at Reyes Holdings, LLC

Daily Intelligence Brief

Learn More

Daily intelligence delivered to your inbox

ZeroFox in action

Total Defense Against Digital Threats Outside Your Perimeter.


Unique assets monitored daily


Brands protected across social channels

Dark web forums monitored constantly


Frequently asked questions

See ZeroFox in action