Fortinet Buys Threat Analytics Startup ZoneFox To Fight Insider Threats

Fortinet purchased threat analytics company ZoneFox to enable businesses to better leverage machine learning to detect anomalous behavior and respond to insider threats more quickly.

The Sunnyvale, Calif.-based platform security vendor said its acquisition of Edinburgh, Scotland-based ZoneFox will strengthen its endpoint detection and response (EDR) and user entity behavioral analytics (UEBA) capabilities on-premises and in the cloud. Fortinet paid $18 million in initial consideration for ZoneFox, according to a filing with the U.S. Securities and Exchange Commission.

"By combining ZoneFox's cloud-based threat-hunting technology with Fortinet's existing endpoint and SIEM security offerings, we are well positioned to provide our customers with an integrated approach to defend against insider threats, eliminate network blind spots, and protect today's expanding attack surface," Ken Xie, Fortinet's founder, chairman and CEO, said in a statement.

[Related: Fortinet Bolsters IoT Security With New Network Access Control Tool]

The integration of ZoneFox's machine-learning-based threat-hunting technology will complement FortiClient endpoint security to provide EDR capabilities and extend FortiSIEM with additional UEBA features, on-premises and in the cloud, according to Fortinet.

"Integrating our solution with the Fortinet Security Fabric will allow us to extend our reach to a broad spectrum of Fortinet and third-party solutions to solve customers' most difficult challenges in network security," Jamie Graves, founder and CEO of ZoneFox, said in a statement.

Fortinet's stock is down $2.05, or 2.47 percent, to $80.89 in trading Tuesday morning. ZoneFox was founded in 2012 and employs 25 people, according to LinkedIn. Fortinet didn't immediately respond to a request for additional comment.

ZoneFox's machine-learning capabilities are able to uncover blind spots, alert users to suspicious activities, and distill billions of events per day into high-quality threat leads, according to Fortinet. The company can also deepen visibility into endpoints and associated data flow and user behavior on and off the network, Fortinet said.

ZoneFox’s cloud-based architecture captures essential data around user, device, resource, process and behavior to analyze and configure policies easily, according to Fortinet. And ZoneFox's ability to combine a full forensics timeline recording of information with a simple search interface helps analysts quickly determine the actions needed to boost an enterprise's security posture, Fortinet said.

ZoneFox's zero-configuration agent is easy and fast to deploy, Fortinet said, and can scale up to support more than 10,000 agents without performance loss.

The ZoneFox agent securely streams continuous sequences of activities from monitored desktops, laptops, servers or cloud services to the company's artificial intelligence engine without impacting user productivity or privacy, Fortinet said in a blog post. By running in a company's network for at least 30 days, ZoneFox is able to gather enough data to learn what normal user behavior looks like, according to Fortinet.

ZoneFox's unsupervised anomaly-detection algorithm then identifies events that don't fit the pattern of users' everyday activity, Fortinet said, with those anomalies checked for known risk factors such as ransomware, use of hacking tools, or access policy violations. A risk score is then attributed to the anomaly, Fortinet said and, if it it's deemed risky, a real-time alert is triggered to allow for rapid action.

Many threat detection and response offerings on the market don't scale or are priced based on data volume ingested or actions taken, which Fortinet said results in high-price surprises to CISOs and CFOs relative to the value derived from stopping threats. As a result, Fortinet said ZoneFox has a more customer-friendly pricing structure than many of its peers.

Service providers can also take advantage of the ZoneFox integration with the Fortinet Security Fabric to provide the skills and resources that their customers might not have, according to the company.

The ZoneFox deal comes four and a half months after Fortinet acquired Internet of Things-focused security firm Bradford Networks for $17 million plus up to $2 million in additional earn-outs. The Boston-based company provides an agentless assessment of all devices accessing the network—including those that are IoT-enabled—and automatically contains the non-compliant ones in real time.