Technical Note: ZoneFox 4.0 - How does AI work

Key Concepts

ZoneFox AI, or Augmented Intelligence, adds context, risks and ratings to activities on your network to find a wide range of threats.  

AI learns general facts about user behaviour in order to identify when anomalous behaviour occurs.  

Events stream in through ZoneFox; AI builds profiles for each user, and takes around a week to learn what ‘normal’ behaviour looks like for that user.  AI uses a combination of the applications a user accesses, and their actions (ie read, write, upload files, etc.)

ZoneFox uses risk scoring to categorise events in terms of how anomalous they are deemed to be.  Peer group analysis is also used to learn what ‘normal’ looks like for each team in the business. 

The ‘severity’ score comes from a combination of risk and anomalousness.  

AI can be used in three ways;

• Continuous monitoring - check AI alerts via the Alerts Dashboard
• Threat Hunting - to look for something unusual
• React - respond to alerts and react to something that's happened