ZeroFOX, one of the most prominent American social media security and surveillance companies, announced a $40 million Series C investment Wednesday that signals major growth in demand from governments and companies to keep a close eye — often with an artificial-intelligence brain behind it — on social media networks.
The Baltimore-based startup’s products help manage what it calls “social media risk.” ZeroFOX sells “targeted collection of mass social and digital data” to customers in over 24 countries. “Social media risk” is a purposefully vanilla marketing term that at its core means an increasingly broad domain involving everything from malware campaigns and account takeovers to political action, cyberattacks and incidents in the physical world.
Social media is an increasingly effective attack vector, as evidenced by a recent social media espionage campaign against the Defense Department that involved links from a robot Twitter account.
The new money will go toward sales, marketing and technology — “more of what we’ve been doing,” CEO James Foster told CyberScoop. He emphasized international expansion as a particular goal. The four-year old company, which has around 150 employees and customers in more than two dozen countries, is not profitable, Foster said, but it has seen “triple digit growth” every year since 2013.
ZeroFOX is most famous for a 2015 threat report made for Baltimore police during that year’s protests and riots in Baltimore over Freddie Gray’s death in police custody. The report named DeRay McKesson and Johnetta Elzie, two prominent Black Lives Matter organizers, as “threat actors” (“Severity: High, Threat Type: Physical”) warranting “continuous monitoring.” The report, obtained through a Freedom of Information Act request, started a social media firestorm. The company was widely criticized for the report’s characterization of McKesson and Elzie. McKesson later ran as a mayoral candidate.
Most of ZeroFOX’s customers today are private sector firms, Foster told CyberScoop, including banks, media and telecoms. ISPs including Rogers Communication and Comcast are ZeroFOX customers.
Government customers exist, but ZeroFox declined to get more specific about which agencies and how they use the company’s products. ZeroFOX has in the past acknowledged work with the State Department “to monitor Facebook, Twitter, Google+ and other networks, and to alert officials to ‘anomalous and malicious’ activity,” as well as work with the Pentagon, but wouldn’t comment on government contracts this time around. A ZeroFOX representative did say government clients include entities in health care and education.