Fortinet announces ZoneFox acquisition

Fortinet announced today that it has acquired Scottish cybersecurity provider ZoneFox.

The deal, financial terms of which were not disclosed, will see ZoneFox’s technology – which uses machine learning and behavioural analysis to combat malicious and/or accidental insider threat – incorporated into the Fortinet Security Fabric.

“Enterprise organizations are experiencing a dramatic increase in the number of endpoints and users accessing data and cloud resources, which is also increasing the need to defend against insider threats,” said Fortinet founder, chairman and CEO Ken Xie. “By combining ZoneFox’s cloud-based threat-hunting technology with Fortinet’s existing endpoint and SIEM security offerings, we are well positioned to provide our customers with an integrated approach to defend against insider threats, eliminate network blind spots and protect today’s expanding attack surface with automation and machine learning.”

Fortinet predicts that the acquisition will provide customers with deeper visibility into endpoints, data flow and user behaviour, forensics reporting, out-of-the-box support for regulatory compliance (including GDPR, ISO 27001, HIPAA and PCI DSS), and more.

The ZoneFox team will join Fortinet as part of the acquisition.

“We’re pleased to join the Fortinet team and bring together our shared vision of alleviating CISO concerns about insider threats,” said Dr. Jamie Graves, founder and CEO of ZoneFox. “Integrating our solution with the Fortinet Security Fabric will allow us to extend our reach to a broad spectrum of Fortinet and third-party solutions to solve customers’ most difficult challenges in network security.”

A blog post by Fortinet places particular emphasis on the value the acquisition will add to FortiSIEM, the company’s existing SIEM offering. Value for money was also explicitly emphasised – according to Fortinet, “ZoneFox and FortiSIEM also have a more customer-friendly pricing structure than many on the market”.

As cybersecurity vendors struggle to differentiate themselves in an increasingly crowded marketplace, we’re seeing more and more ‘generalist’ cybersecurity providers accumulating smaller and more specialised companies – other recent examples include Cisco’s $2.4 billion acquisition of Duo Security, which closed at the start of this month.

SIEM is one area where the big names are still struggling to beat out the niche vendors, with Splunk in particular maintaining its hold on the market.

Fortinet’s hope may be that this acquisition – particularly relevant this year, with regulatory compliance and ML/AI capabilities being hot topics both in cybersecurity and in general – will give FortiSIEM the boost it needs to catch up.

However, with highly complex ‘best of breed’ based cybersecurity stacks becoming the norm, this strategy doesn’t always pay off in the long run, and requires continued investment in and promotion of the acquired company and its products and brand – examples where this has succeeded for other companies include the acquisition of Arcsight by HP (and later by Micro Focus), or MessageLabs and Blue Coat by Symantec. Notably, the greatest success tends to involve products which have retained their individual name, reputation, and (of course) loyal customers.

“We will remain focused on building cutting edge security products that enable Sec-Ops teams to mitigate the risk of the Insider Threat,” Graves told “As CEO and founder, I am honoured to be embarking on the next step of the ZoneFox journey with the team. ZoneFox will always have its roots in Scotland and will remain part of the local Scottish Security community to both access and develop talent.”

At this stage, it remains to be see what exactly the acquisition will entail, and what it’ll mean for ZoneFox and its products – but we’ll be keeping an eye out.

Researcher, writer, recovering medievalist. Currently particularly interested in the cybersecurity solutions market, cyber insurance/risk modelling, and IoT security.

Related posts

Your thoughts