Scottish security start-up ZoneFox on the prowl for UK partners
User behavioural analytics vendor set for London office and partner recruitment drive after securing Series A funding
Scottish cybersecurity start-up ZoneFox is on the hunt for 15 UK partners as it launches into the channel with its user behavioural analytics (UBA) solution.
ZoneFox was founded in 2010 by PhD student Jamie Graves and professor Bill Buchanan, following Graves' PhD research at the University of Napier.
The Edinburgh-based vendor provides a UBA solution that is designed to monitor the movements of users in an organisation by mapping their day-to-day behaviour.
It claims the data it builds up means it can recognise and flag when a user has deviated from their usual activity and is potentially conducting malicious activity.
CEO Graves said the ZoneFox solution is a step beyond traditional signature-based methods that he claims are becoming increasingly unreliable.
"We take a very different view to collecting and processing data to your standard end-point protection or even network-based monitoring systems, which gives us a far more detailed and accurate view of what's going on with user behaviour," he said.
"It will look at the files they've touched, the behaviour they've performed on the files - a number of different factors - in order to build up a profile and these factors are very easy to map into policies.
"[For example, an end user] shouldn't be allowed to access certain records. You could create a rule around that fairly easily but signatures are becoming less and less useful, so some of the machine-learning capabilities we have allow us to build a profile of what [an end user] normally does and if it's something they haven't done [before], we'll flag it as an issue."
Graves explained that ZoneFox is often viewed as a competitor to next-generation end-point vendors but said that actually it is complementary to these solutions, adding its own human analytics to the malware detection and analytics of these vendors.
He said ZoneFox is to a certain extent vying for market share with vendors in the SIEM space, but claimed that the detection methods of others are less advanced and as a result throw up more false positives.
"We have perceived competitors such as Carbon Black and Cylance, but they are highly complementary to what we do," he said.
"I'd say we have some crossover with SIEM solutions that have this type of capability enabled - so Splunk, for example, have a UBA component - but they're using traditional forms of evidence that infer user behaviour and are not very good at giving you direct insights. They're high in false positives and can take a lot of time to help investigate incidents."
Channel strategy
ZoneFox recently secured £3.6m in Series A funding, taking its total raised to £6.1m. The funding will be used partly to launch an office in London as it looks to build its UK channel.
The vendor currently has two partners, with another two set to be confirmed imminently, and is looking to have around 15 by the end of the year, having previously sold purely direct.
"Last year we had 400 per cent growth in terms of sales bookings and we used the opportunity to spin up a number of channel relationships, so this year they're starting to bear fruit and we've used part of the investment to bring on board a dedicated channel manager," Graves said.
"[We're looking for] channel partners that provide a value-add service around not just commodity items, so those who are looking to expand their portfolio beyond just things like anti-virus, for example.
"There are a lot of really good innovative resellers out there who are interested in helping their customers push forward and solve some significant challenges."
Graves said that ZoneFox expects to see around 30 per cent of its business go through the channel in 2017, rising to around 60 to 70 per cent in 2018.
He added that he is also in discussions with a number of specialist distributors in the UK with a view to adopting a two-tier model.