ZeroFox Reviews & Product Details

I use ZeroFox to protect our brands, executives, and assets from threats across social media. It stands out for how effectively it monitors and remediates threats across our external digital footprint. ZeroFox excels at stopping fake websites, impersonated executives, and phishing domains before they reach our customers. I appreciate how it also protects our leadership from deepfakes, scams, and impersonation attacks. One standout strength is how ZeroFox brings together digital risk protection, threat intelligence, and external attack-surface monitoring into one cohesive platform. The setup was very easy, which made it simple to start using. Review collected by and hosted on G2.com.

Several of my teammates mention that ZeroFox lacks certain customizable features, like more granular filtering, tailoring alert types, and deep workflow flexibility. It would be nice to have custom alert severity mapping to allow organizations to define their own severity tiers or scoring models. Review collected by and hosted on G2.com.

After three years of continuous use, we view ZeroFox not just as a tool, but as a trusted cybersecurity partner. Its unified approach to external threat intelligence, brand protection, and rapid disruption has delivered tangible value by reducing risk, protecting reputation, and improving operational efficiency. For organizations seeking robust protection against modern digital threats—especially those targeting brands, executives, and customers—ZeroFox stands out as a mature, effective, and future‑ready solution.

As threat actors increasingly target brands, executives, and customers across social media, domains, and the open, deep, and dark web, ZeroFox has proven itself to be a reliable, forward‑thinking, and highly capable platform for external cybersecurity Review collected by and hosted on G2.com.

While ZeroFox delivers strong external threat visibility, the volume of alerts can occasionally be overwhelming and requires ongoing tuning to reduce noise and focus on the most critical risks. Some advanced workflows and customization options have a learning curve, which can slow efficiency for smaller or lean security teams. Additionally, as an enterprise‑grade platform, the cost and feature depth may feel heavier than necessary for organizations with more limited or narrowly scoped use cases. Review collected by and hosted on G2.com.

Its ability to detect and remediate brand impersonations and account takeovers in real time is impressive. The dashboard is user-friendly, and the alerts are actionable and easy to prioritize. ZeroFox significantly enhances our digital risk protection by offering proactive threat intelligence across social media, surface web, and dark web sources. The automation features reduce manual workloads and improve response time, making it a solid tool for staying ahead of external threats. Review collected by and hosted on G2.com.

Occasional alert noise can lead to extra triage time, and deeper customization of policies could be more intuitive. Additionally, integrating with other security platforms sometimes requires manual configurations that could be smoother Review collected by and hosted on G2.com.

What I like best about ZeroFox is how comprehensive yet straightforward it is to use for brand protection. It covers the full workflow end-to-end — from phishing website detection and submitting takedown requests, to dark web monitoring for potential data leaks — without being overly complex to operate day to day.

I also appreciate the level of service from their team. The launch/onboarding configuration was well handled, and the recurring check-in meetings are genuinely useful. They actively listen to customer feedback and it’s clear they take it seriously. Review collected by and hosted on G2.com.

What I dislike is mostly around some usability and customization details. Access control could be more granular, especially RBAC and visibility controls, so different teams can be limited to only the assets or alert types relevant to them (for example, allowing marketing to view impersonation-related alerts without access to data leak or dark web monitoring). Today, achieving that kind of separation can require duplicating configurations, which adds unnecessary overhead.

Alert search and day-to-day alert handling could also be improved to make investigation and triage faster. Reporting could also be stronger, particularly around more customizable customer reports (e.g., filtering and trending by geolocation and industry, and risk scoring based on alerts and monitored assets).

Finally, the physical security module feels very US-oriented and would benefit from stronger coverage and relevance for European organizations. Overall these are smaller details, but addressing them would make the platform even better. Review collected by and hosted on G2.com.

I like ZeroFox because of its ease of use, which makes it very user-friendly. One of my favorite features is the alerts tab, providing very detailed information on potential threats we observe. This feature keeps us aware of threats aimed at our institution and makes investigating or elevating alerts quite straightforward. Review collected by and hosted on G2.com.

I have issues with the AI aspect of ZeroFox, especially in determining the legitimacy of some alerts, like domain analysis. I've noticed these are mainly false positives. I think they rely too much on potential typosquat or substring aspects without accurately comparing potential reported sites to our institution's own. Review collected by and hosted on G2.com.

I like how ZeroFox thoroughly scans the web and dark web for threats, ensuring a broad coverage. They provide a lot of configuration options to get good results, which helps tailor the product to our specific needs. The process of taking down spoofed websites is valuable for protecting the bank and our customers from fraud, as it ensures that fake sites are removed promptly. The initial setup was pretty easy, which made integrating ZeroFox into our workflow smoother. Review collected by and hosted on G2.com.

They make it difficult to actually take some sites down sometimes. They are always asking for more evidence, when the site is clearly fraudulent. For example, they alerted me to a fraudulent site that was loading a beacon from our webpage, which meant it is fake and copied. The URL is also phishy. I ask them to take it down and they ask for more evidence, when there is nothing else that could possibly be provided. It is not us, it is clearly not us, and it is loading the beacon ZeroFox placed to identify these fake sites, and they ask for more evidence. Kinda silly. Review collected by and hosted on G2.com.

I like that alerts are escalated manually by ZeroFox analysts, but also brought to our attention with the ZeroFox GPT service which automates the escalation process and provides quick remediation advice. By escalating alerts to our team, we can quickly identify the core issues that we need to remediate without having to dig through hundreds of potential alerts and risk missing critical issues through manual analyst review. We had issues with the quality of alerts provided by Recorded Future, which thankfully seems to be solved with ZeroFox. Review collected by and hosted on G2.com.

At times ZeroFox can miss alerts or delay reporting alerts which we feel should have been raised to us quicker. We have noticed that some services offer weaker detection than others without manually tuning detection criteria, but overall the detection rate is acceptable. From what I have heard from the team responsible for the setup of ZeroFox there were an excess of false positive alerts when the tool was originally deployed. Tuning the software has taken a long time to get right. Review collected by and hosted on G2.com.

I love the ease of the platform and the transparency with reporting on ZeroFox. I'm able to follow up on individual use cases using specific alert numbers that are easy to find in the platform. Monitoring social media for impersonators and scams cuts out a bulk of our manual labor efforts. They auto-report alerts for us, which speeds up takedown time and relieves us from having to fill out individual takedown request forms. I also like how I can view numbers and trends in our alerting, which helps us adjust our settings as trends shift to have the most coverage at all times. Review collected by and hosted on G2.com.

It was a bit bumpy the first 3 months, but was very easy after some communication issues were resolved. Review collected by and hosted on G2.com.

I am very much pleased with ZeroFox, especially in terms of brand protection and darkweb scrubbing. The platform excels at scrubbing the internet for brand and domain-related threats, giving us valuable intel from the dark web regarding things like our bank identification numbers for credit cards and debit cards. This advance knowledge helps us act swiftly to protect our customers and assets. I really appreciate the dashboard for presenting issues clearly, and the supportive role of the ZeroFox team in verifying items and escalating necessary actions. The takedown and disruption tools are significant for us, effectively handling malicious websites and protecting our brand. We have not experienced any issues or complaints and look forward to seeing further improvements as time goes on. I am really satisfied with the initial setup as well; it was seamless and insightful, with a knowledgeable support team. Overall, ZeroFox is a great platform that meets our diverse needs all in one space. Review collected by and hosted on G2.com.

I find that it takes a while for websites to be taken down. Even in some cases, I have documented where a request was made to take down a malicious site. While I know that some aspects of the takedown process involve the site registrar or host acceptance, I think it takes in excess of forty-eight hours to have a site killed. That should be improved to make it more efficient and reduce the risk of exposure to our customers and organization. Review collected by and hosted on G2.com.

I appreciate ZeroFox's Platform module for being user-friendly and integrated with AI enhancements via Tags, which help AI learn the behavior of alerts to reduce false positives and alert fatigue. I also enjoy the convenience of communicating directly with the support team right from my email, which makes for faster progress without needing to open up a ticket elsewhere. Additionally, I like how easy the initial setup of ZeroFox was. Review collected by and hosted on G2.com.

The only feedback or perhaps a future roadmap to include options to be able to whitelist users listed in the affected alert from showing up since they don't actually exist in our system to avoid multiple manual labor to repeat detail information to be validated each escalated alert. Review collected by and hosted on G2.com.