ZeroFox partners with Google Cloud to warn users against phishing domains

Cybersecurity provider ZeroFox has announced a partnered capability with Google Cloud to warn users of malicious URLs and fake websites in a bid to disrupt phishing campaigns.

As part of the partnership, ZeroFox will automatically detect phishing domains for customers and submit verified, malicious URLs through Google Cloud’s Web Risk Submission API, disrupting attacks and warning users of malicious content on billions of devices using browser warnings. This is expected to help both ZeroFox customers as well as Google Cloud users.

“If a URL or domain flagged by ZeroFox is validated as malicious, Google will provide a warning message to users across its 5 billion devices in a matter of minutes, advising them not to access the domain in question,” said James Foster, founder, and CEO of ZeroFox.

AI engine used to take down malicious domains

ZeroFox provides a SaaS-based offering that uses global intelligence collection and AI analysis across a broad set of data sources to deliver continuous domain monitoring to accurately detect instances of account takeovers, website spoofs, and impersonations.

It also features a domain takedown service built on an AI analysis engine that automatically detects malicious domains including typosquatting, homoglyphs — common spelling-based, domain-jacking methods — and other early indicators of phishing sites. Post detection, ZeroFox works with its “global disruption network” consisting of domain hosts, registrars, and other partners to have these malicious sites taken down or blocked.

“The ZeroFox external cybersecurity platform collects intelligence across the internet, looking for indicators of threats targeting our customers, including malicious domains, social media impersonations, data breaches, and more,” Foster said. “We leverage AI analysis and detection capabilities in order to provide internet speed and scale of the collection as well as detection of otherwise hidden threats, such as object detection in images and logo infringement.”

ZeroFox uses AI mainly in the processing and analysis phases of its backend pipeline. During the processing stage, AI technologies such as computer vision and natural language processing are applied to all content. At the analysis stage, more specific AI techniques are used depending on the use case.

This results in highly accurate alerts being generated and sent to customers through the platform’s service delivery model, with 100% (all true positives) precision, Foster said.

To ensure that relevant and actionable alerts are delivered quickly, ZeroFox employs a combination of AI and human intelligence in its service delivery model. This approach is consistent with other cybersecurity monitoring, alerting, and response systems.

While protection against external attacks is a crucial add-on to an organization’s security regime, only a few security products cater to this segment. Most solutions, however, have some form of machine learning and behavior analysis component in place to detect and protect against malicious activities.

“The most popular approach is for security companies to OEM this service from OpenText/Webroot, through BrightCloud reputation service, which is the recognized market leader for this segment,” said Dave Gruber, principal analyst at ESG. “Some other security companies maintain their own databases of malicious URLs, embedding similar services within their offerings through a Gateway or API-based add-on security offering.”