Demo Sandbox

Demo Sandbox

Explore the data risk insights you will gain, in our sandboxed Administrator’s Portal

(Without talking to a sales person)


Try a live demo of ZORB

See ZORB in action using real time, live data from one of our employee’s devices running ZORB software.

ENTER THE SANDBOX

What will I see in the sandbox?

Connect to a real online Admin Portal used to manage a users’data risk posture.

Understand the insights an administrator in your business will have access to when using our service.

Explore all FOUR pages of the online Admin Portal:

Geolocate blocked threats:

  • RISK – data blocked from unapproved applications.
  • WARN – data blocked from being sent to a destination not associated with its parent application.

Check the legitimacy of the destination on VirusTotal.

NOTE: The sandbox takes a data feed from a real user. If the user is configured correctly, you may not see any breach alerts. You may need to change the display time period using the button on the top right.

Outbound data risk profile over time:

  • APPS – data blocked from unapproved applications.
  • DEST – data blocked from being sent to a destination not associated with its partent application.

NOTE: The sandbox takes a data feed from a real user. If the user is configured correctly, you may not see any breach alerts. You may need to change the display time period using the button on the top right.

Manage TRUSTED applications:

  • An application not on this list has its data blocked from transmission.
  • A trusted application can still have its data blocked from transmission if data is not sent to the defined trusted endpoint.

You will see examples of the granularity to which the application data integrity can be defined. Such as blocking any data requests for app updates not sent directly to the vendor.

NOTE: The sandbox is connected to a real user. We have disabled functionality that allows you to change the user’s configuration.

For example, you can see the user specific list of approved applications, but cannot change them.

User license management.

NOTE: The sandbox is connected to a real user. We have disabled functionality that allows you to change the user’s license setup.

Ready for the real thing?

See first hand how ZORB blocks data theft, protecting your sensitive data and business reputation.

14-DAY RISK FREE TRIAL

No credit card required.

Risk free trial

Want a one-to-one demo tailored to your business needs?

Book a live demo to learn how ZORB can eliminate data theft and protect your business.









    Rise in Data Theft

    The Rise in Data Theft

    The theft of sensitive data and IP in reputationally driven businesses like yours can have big consequences.

    Unfortunately data theft is on the increase.

    This page is undergoing a little TLC

    Please come back later...

    Man in protective gear about to get started with some construction

    Image courtesy of freepik.

    A typical UK business has a 40% – 46% chance of suffering a data breach this year. There are many different sorts of data breaches – physical data breaches (via USB drive, printed material, theft of unencrypted data in storage), data sent as email content/attachment, or data breaches via covert channels (e.g. malware).

    ZORB prevents unauthorised disclosure of data via the network. We check every single data as it is about to be sent from a PC (such as sending to a server, another PC or externally) for three criteria:

    • is the application sending this data authorised, known and trusted?
    • is the destination of the data to a known, trusted endpoint?
    • is the data being sent via a known, trusted channel?

    If the answer to any of these is “NO” or “DONT KNOW”, then the data does not get sent.

    For example, Outlook wants to synchronise with Microsoft Cloud. If it tries to sync with anything other than a Microsoft-owned endpoint, ZORB can block it.

    Now supposed a malicious application on your device has renamed itself to Outlook. Other solutions will see that the application is called Outlook and trust it. ZORB will block it; as even though the application is called Outlook, it is attempting to sending to an unknown third-party server which is not a Microsoft endpoint.

     

    NOTE: ZORB does not prevent physical breaches or breaches via email content. There are other tools on the market that are better positioned to do this than ZORB. Please contact us if you want advice on these.

    ZORB Data Shield will block certain types of malware.

    Many malwares, such as botnets or ransomware, connect to a Command & Control (CC) server, typically hosted in the cloud. If Data Shield sees an untrusted application attempting to send data to an unknown endpoint – we block it.

    Furthermore, Data Shield downloads a daily feed of “known malicious endpoints”. We check outgoing data  (especially internet-destined traffic) against this known unsafe list and block accordingly.

     

    NOTE: Data Shield prevents data breaches. It is NOT a replacement for your device’s antivirus. We do not monitor incoming data. So we dont detect malware being downloaded. However, should malware get past your AV and install on your device, we will stop malware from sending data.

    In theory, Data Shield will block ransomware. However, this is not its primary role and should not be relied upon.

    Some, not all, ransomware calls home to register before it starts encrypting files. This Command & Control (CC) server is  typically hosted in the cloud. If Data Shield sees an untrusted application attempting to send data to an unknown endpoint – we block it.

    Additionally, Data Shield takes a daily feed of “known malicious endpoints” which does include some ransomware servers. We check outgoing data  (especially internet-destined traffic) against this known unsafe list and block accordingly.

     

    NOTE: Data Shield prevents data breaches. It is NOT a replacement for ransomware detection tools.We may detect ransomware communication and block it. But we provide no guarantee that ransomware will not encrypt your data. ZORB should not be your primary defence against ransomware, but we MAY provide a second line defence.

    “I’ve just discovered a malicious application called ‘bad.exe’ on my device. It is scanning the network for other devices and sending this data back to a compromised cloud-based identity provider.”

    Provided the malicious application is NOT in your trusted list of applications, whilst we do not prevent the application from downloading, installing and running (thats the job of your antivirus), Data Shield will block any attempts the application makes to send data.

    If the malicious application renames itself to Outlook, for example, then you have two options.

    You can configure trusted destination endpoints for each application, on your Trust List. By permitting Outlook to send data only to Microsoft; ‘legit’ Outlook will continue to run. Whilst ‘bad’ Outlook will still run, any data exfiltration attempts will be blocked as the destination address is not trusted. Furthermore, you will be alerted of the block attempt, the application and the device so that you can remove the malware from the infected PC.

    Or, simply remove Outlook from the Trust List. The Trust List then updates on each device running Data Shield. This will not uninstall Outlook, but all  PCs running Data Shield will block outgoing Outlook data whilst you resolve the malware issue.

    ZORB Data Shield decides if data is permitted to be transmitted via a Trust List on the ZORB cloud portal. The Trust List includes i) application names, ii) destination endpoints, iii) ip addresses and iv) comms ports. The list can be configured to any granularity desired.

    If an application is NOT on the Trust List, even if the user manages to install the app, Data Shield will block the app from sending data. (In theory, you no longer need to configure admin-only installation permissions on a device, but we recommend you still do this as good practice.)

    Should you then decide to rollout a business approved cloud-storage application for your users, simply add it to the Trust List and Data Shield will no longer block data from it.

    Also see “A select few users need to access a certain application” below.

    As per “Stop users using unauthorised cloud storage” above, ZORB Data Shield decides if data is trusted via a Trust List of known applications. If an application is not on this list, any data it attempts to send will be blocked.

    Multiple different Trust Lists can be set up, as per user privilege. So if Finance have an application that Sales should not be allowed to send data from – simply include the application in the Finance profile but not the Sales profile.

    This is not intended to replace access privileges defined in other programs such as Active Directory. Instead, Data Shield provides a second line of defence in that even if a Sales user manages to access the Finance app they wont be able to send data.

    “We’ve migrated all our applications to the cloud. We have no standalone applications on user devices. Users should connect to the cloud via the corporate VPN.”

    Even though you have migrated everything to the cloud, can you be 100% sure that application data is going ONLY to legitimate cloud endpoints?

    Data Shield allows several options. In the case where each cloud app has its own desktop application, Data Shield’s Trust List can be configured to include destination address ranges by application.

    For example, only send Google Drive data that is destined to a Google owned IP – otherwise block it. This prevents Google data from leaking to other third-party cloud servers.

    Alternatively, if you wish to retain destination control within the corporate infrastructure, remove all applications from the Trust List, and add only the VPN and its known IP address range to the Trust List. This means that only application data sent over the VPN will be transmitted to the corporate HQ, whilst data attempting to be sent outside of the VPN is blocked.

    “We host our own Outlook servers. We dont want Outlook data going to Microsoft.”

    When you configure your company Trust List on ZORB’s cloud portal, you can allow certain endpoints per application. This is not dissimilar to configuring a firewall. Data Shield works on DENY ALL, unless it is on the allowed list:

    1) Outlook, Microsoft  – only transmits outlook data destined to Microsoft owned endpoints

    2) Outlook, [Microsoft, Google, Amazon]   – only sends Outlook data destined to either Microsoft, Google or Amazon endpoints

    3) Outlook, 192.168.1.6   – only sends Outlook data destined to an Outlook server on IP address 192.168.1.6

    4) Outlook, Microsoft, 192.168.1.6    – only sends Outlook data destined to either an Outlook server on IP address 192.168.1.6 or to Microsoft

    You can configure what you deem as trusted data to a high level of granularity. If you have two outlook servers, one running encrypted pop3 and one plaintext pop3:

    Outlook, 192.168.1.6, pop3, T995

    Outlook, 192.168.1.7, pop3, T110

    “Our hybrid workers should only send data over the corporate VPN, even for cloud-based applications.”

    If your security policy insists that hybrid workers can only transmit data over the VPN, then remove all applications from the Trust List. Then add only the VPN and its known IP address range to the Trust List. This means that any application data attempting to bypass the VPN will be blocked.

    Alternatively, if certain applications are allowed to connect directly to the cloud but all other data must go via VPN, then also add these applications and their known cloud domains to the Trust List.

    Also, see “Outsourced all applications to the cloud” above.

    Q. Can you be sure that all of your data is transmitted via the VPN? (Potentially  due to a poor quality VPN, VPN misconfiguration, or malware putting a new route in the PC router table to bypass the VPN completely.)

    Q. Can you be sure that your users are actually using the corporate VPN everytime they connect?

    Whilst we encourage VPN usage to enhance security, VPNs are not a silver bullet:

    • many data breaches are due to misconfigured VPN, such as VPN tunnelling
    • it is very simple to bypass a VPN
    • your user might choose not to initialise the VPN because MSOffice apps run slowly over the VPN (despite all their security awareness training)
    • some data is harder to transmit over a VPN, such as email
    • some networks encourage users not to use the VPN, such as trying to get internet connection over a train WiFi

    ZORB Data Shield provides notifications on VPN (mis)usage:

    • alerts if a user terminates their VPN after it has booted
    • alerts on all and any traffic sent outside of the VPN

    Data Shield does not block data from being sent outside of the VPN, but we do alert. The reason is we deem this to be a VPN configuration issue, and we dont want to block data that you have decided can legitimately be sent outside of the VPN.

    How can you be certain that updates are coming from a trusted source? ZORB Data Shield will only allow data to be sent from trusted application, to trusted destinations. Anything else is blocked.

    Typically an update starts with a pull request from the application. This means we can ensure an update come from trusted sources, e.g. conifgure Office updates to only come from Microsoft, Adobe updates to only come from Adobe etc.

    If malware requested a malicious Office update hosted on a non-Microsoft owned IP, the update request will be blocked.

    ZORB Data Shield only permits outgoing data based on THREE criteria:

    • is the application sending this data authorised, known and trusted?
    • is the destination of the data to a known, trusted endpoint?
    • is the data being sent via a known, trusted channel?

    It’s not unusual for some users to require access to a certain application that other user should not be allowed to access (see “A select few users need to access a certain application” above).

    By default, Data Shield blocks data sent via covert channels such as FTP, SSH, RDP, Torrent, TOR, etc.

    However, it is possible to configure different Trust Lists for different profiles of users.

    Say your developers needed to use SSH, but other users cannot. A Trust List can be created for the dev users that permits different granularity of trusted data:

    SSH, T22   – will allow SSH traffic over TCP port 22.

    SSH, T22, U22222   – maybe your SSH is set up for either TCP port 22 or UDP port 22222

    SSH, T22, 8.8.8.8   – only send SSH traffic on TCP port 22 to IP address 8.8.8.8

    “We allow hybrid working, but are concerned about the lack of visibility and risk on remote/home networks.”

    ZORB Data Shield has the option to transmit a copy of user traffic to a SIEM. However, this could result in a huge volume of traffic if each remote worker were to transmit a copy of all their incoming and outgoing trafffic.

    Data Shield will filter this traffic and only transmit sections of a data packet that is useful for security analysis, thereby reducing traffic uploaded to a SIEM by 95%.

    Sending traffic to a SIEM is an optional configuration, and priced seperately. If network traffic would provide you with useful telemetry to threat hunting, contact us at info@zorbsecurity.com

    Protect the data you value

    Try it free

    No credit card required


    Use Cases

    Use Cases

    Find out how reputationally driven businesses like yours, with high-value IP and sensitive data, are using ZORB to PREVENT data theft.

    Read our use cases – get inspired – get protected.

    This page is undergoing a little TLC

    Please come back later...

    Man in protective gear about to get started with some construction

    Image courtesy of freepik.

    A typical UK business has a 40% – 46% chance of suffering a data breach this year. There are many different sorts of data breaches – physical data breaches (via USB drive, printed material, theft of unencrypted data in storage), data sent as email content/attachment, or data breaches via covert channels (e.g. malware).

    ZORB prevents unauthorised disclosure of data via the network. We check every single data as it is about to be sent from a PC (such as sending to a server, another PC or externally) for three criteria:

    • is the application sending this data authorised, known and trusted?
    • is the destination of the data to a known, trusted endpoint?
    • is the data being sent via a known, trusted channel?

    If the answer to any of these is “NO” or “DONT KNOW”, then the data does not get sent.

    For example, Outlook wants to synchronise with Microsoft Cloud. If it tries to sync with anything other than a Microsoft-owned endpoint, ZORB can block it.

    Now supposed a malicious application on your device has renamed itself to Outlook. Other solutions will see that the application is called Outlook and trust it. ZORB will block it; as even though the application is called Outlook, it is attempting to sending to an unknown third-party server which is not a Microsoft endpoint.

     

    NOTE: ZORB does not prevent physical breaches or breaches via email content. There are other tools on the market that are better positioned to do this than ZORB. Please contact us if you want advice on these.

    ZORB Data Shield will block certain types of malware.

    Many malwares, such as botnets or ransomware, connect to a Command & Control (CC) server, typically hosted in the cloud. If Data Shield sees an untrusted application attempting to send data to an unknown endpoint – we block it.

    Furthermore, Data Shield downloads a daily feed of “known malicious endpoints”. We check outgoing data  (especially internet-destined traffic) against this known unsafe list and block accordingly.

     

    NOTE: Data Shield prevents data breaches. It is NOT a replacement for your device’s antivirus. We do not monitor incoming data. So we dont detect malware being downloaded. However, should malware get past your AV and install on your device, we will stop malware from sending data.

    In theory, Data Shield will block ransomware. However, this is not its primary role and should not be relied upon.

    Some, not all, ransomware calls home to register before it starts encrypting files. This Command & Control (CC) server is  typically hosted in the cloud. If Data Shield sees an untrusted application attempting to send data to an unknown endpoint – we block it.

    Additionally, Data Shield takes a daily feed of “known malicious endpoints” which does include some ransomware servers. We check outgoing data  (especially internet-destined traffic) against this known unsafe list and block accordingly.

     

    NOTE: Data Shield prevents data breaches. It is NOT a replacement for ransomware detection tools.We may detect ransomware communication and block it. But we provide no guarantee that ransomware will not encrypt your data. ZORB should not be your primary defence against ransomware, but we MAY provide a second line defence.

    “I’ve just discovered a malicious application called ‘bad.exe’ on my device. It is scanning the network for other devices and sending this data back to a compromised cloud-based identity provider.”

    Provided the malicious application is NOT in your trusted list of applications, whilst we do not prevent the application from downloading, installing and running (thats the job of your antivirus), Data Shield will block any attempts the application makes to send data.

    If the malicious application renames itself to Outlook, for example, then you have two options.

    You can configure trusted destination endpoints for each application, on your Trust List. By permitting Outlook to send data only to Microsoft; ‘legit’ Outlook will continue to run. Whilst ‘bad’ Outlook will still run, any data exfiltration attempts will be blocked as the destination address is not trusted. Furthermore, you will be alerted of the block attempt, the application and the device so that you can remove the malware from the infected PC.

    Or, simply remove Outlook from the Trust List. The Trust List then updates on each device running Data Shield. This will not uninstall Outlook, but all  PCs running Data Shield will block outgoing Outlook data whilst you resolve the malware issue.

    ZORB Data Shield decides if data is permitted to be transmitted via a Trust List on the ZORB cloud portal. The Trust List includes i) application names, ii) destination endpoints, iii) ip addresses and iv) comms ports. The list can be configured to any granularity desired.

    If an application is NOT on the Trust List, even if the user manages to install the app, Data Shield will block the app from sending data. (In theory, you no longer need to configure admin-only installation permissions on a device, but we recommend you still do this as good practice.)

    Should you then decide to rollout a business approved cloud-storage application for your users, simply add it to the Trust List and Data Shield will no longer block data from it.

    Also see “A select few users need to access a certain application” below.

    As per “Stop users using unauthorised cloud storage” above, ZORB Data Shield decides if data is trusted via a Trust List of known applications. If an application is not on this list, any data it attempts to send will be blocked.

    Multiple different Trust Lists can be set up, as per user privilege. So if Finance have an application that Sales should not be allowed to send data from – simply include the application in the Finance profile but not the Sales profile.

    This is not intended to replace access privileges defined in other programs such as Active Directory. Instead, Data Shield provides a second line of defence in that even if a Sales user manages to access the Finance app they wont be able to send data.

    “We’ve migrated all our applications to the cloud. We have no standalone applications on user devices. Users should connect to the cloud via the corporate VPN.”

    Even though you have migrated everything to the cloud, can you be 100% sure that application data is going ONLY to legitimate cloud endpoints?

    Data Shield allows several options. In the case where each cloud app has its own desktop application, Data Shield’s Trust List can be configured to include destination address ranges by application.

    For example, only send Google Drive data that is destined to a Google owned IP – otherwise block it. This prevents Google data from leaking to other third-party cloud servers.

    Alternatively, if you wish to retain destination control within the corporate infrastructure, remove all applications from the Trust List, and add only the VPN and its known IP address range to the Trust List. This means that only application data sent over the VPN will be transmitted to the corporate HQ, whilst data attempting to be sent outside of the VPN is blocked.

    “We host our own Outlook servers. We dont want Outlook data going to Microsoft.”

    When you configure your company Trust List on ZORB’s cloud portal, you can allow certain endpoints per application. This is not dissimilar to configuring a firewall. Data Shield works on DENY ALL, unless it is on the allowed list:

    1) Outlook, Microsoft  – only transmits outlook data destined to Microsoft owned endpoints

    2) Outlook, [Microsoft, Google, Amazon]   – only sends Outlook data destined to either Microsoft, Google or Amazon endpoints

    3) Outlook, 192.168.1.6   – only sends Outlook data destined to an Outlook server on IP address 192.168.1.6

    4) Outlook, Microsoft, 192.168.1.6    – only sends Outlook data destined to either an Outlook server on IP address 192.168.1.6 or to Microsoft

    You can configure what you deem as trusted data to a high level of granularity. If you have two outlook servers, one running encrypted pop3 and one plaintext pop3:

    Outlook, 192.168.1.6, pop3, T995

    Outlook, 192.168.1.7, pop3, T110

    “Our hybrid workers should only send data over the corporate VPN, even for cloud-based applications.”

    If your security policy insists that hybrid workers can only transmit data over the VPN, then remove all applications from the Trust List. Then add only the VPN and its known IP address range to the Trust List. This means that any application data attempting to bypass the VPN will be blocked.

    Alternatively, if certain applications are allowed to connect directly to the cloud but all other data must go via VPN, then also add these applications and their known cloud domains to the Trust List.

    Also, see “Outsourced all applications to the cloud” above.

    Q. Can you be sure that all of your data is transmitted via the VPN? (Potentially  due to a poor quality VPN, VPN misconfiguration, or malware putting a new route in the PC router table to bypass the VPN completely.)

    Q. Can you be sure that your users are actually using the corporate VPN everytime they connect?

    Whilst we encourage VPN usage to enhance security, VPNs are not a silver bullet:

    • many data breaches are due to misconfigured VPN, such as VPN tunnelling
    • it is very simple to bypass a VPN
    • your user might choose not to initialise the VPN because MSOffice apps run slowly over the VPN (despite all their security awareness training)
    • some data is harder to transmit over a VPN, such as email
    • some networks encourage users not to use the VPN, such as trying to get internet connection over a train WiFi

    ZORB Data Shield provides notifications on VPN (mis)usage:

    • alerts if a user terminates their VPN after it has booted
    • alerts on all and any traffic sent outside of the VPN

    Data Shield does not block data from being sent outside of the VPN, but we do alert. The reason is we deem this to be a VPN configuration issue, and we dont want to block data that you have decided can legitimately be sent outside of the VPN.

    How can you be certain that updates are coming from a trusted source? ZORB Data Shield will only allow data to be sent from trusted application, to trusted destinations. Anything else is blocked.

    Typically an update starts with a pull request from the application. This means we can ensure an update come from trusted sources, e.g. conifgure Office updates to only come from Microsoft, Adobe updates to only come from Adobe etc.

    If malware requested a malicious Office update hosted on a non-Microsoft owned IP, the update request will be blocked.

    ZORB Data Shield only permits outgoing data based on THREE criteria:

    • is the application sending this data authorised, known and trusted?
    • is the destination of the data to a known, trusted endpoint?
    • is the data being sent via a known, trusted channel?

    It’s not unusual for some users to require access to a certain application that other user should not be allowed to access (see “A select few users need to access a certain application” above).

    By default, Data Shield blocks data sent via covert channels such as FTP, SSH, RDP, Torrent, TOR, etc.

    However, it is possible to configure different Trust Lists for different profiles of users.

    Say your developers needed to use SSH, but other users cannot. A Trust List can be created for the dev users that permits different granularity of trusted data:

    SSH, T22   – will allow SSH traffic over TCP port 22.

    SSH, T22, U22222   – maybe your SSH is set up for either TCP port 22 or UDP port 22222

    SSH, T22, 8.8.8.8   – only send SSH traffic on TCP port 22 to IP address 8.8.8.8

    “We allow hybrid working, but are concerned about the lack of visibility and risk on remote/home networks.”

    ZORB Data Shield has the option to transmit a copy of user traffic to a SIEM. However, this could result in a huge volume of traffic if each remote worker were to transmit a copy of all their incoming and outgoing trafffic.

    Data Shield will filter this traffic and only transmit sections of a data packet that is useful for security analysis, thereby reducing traffic uploaded to a SIEM by 95%.

    Sending traffic to a SIEM is an optional configuration, and priced seperately. If network traffic would provide you with useful telemetry to threat hunting, contact us at info@zorbsecurity.com

    Start protecting too

    Try our demo sandbox

    ZORB Trial

    Free Trial

    Ready to protect your sensitive data and business reputation?

    ZORB Dashboard geolocating alerts

    Block outbound data theft in real-time

    Immediately visualise the risks to outbound data across your device estate

    Integrates with your existing setup – no new equipment needed

    Rest assured that your data is going to the right place

    Protect Your Data, Intellectual Property and Reputation

    14 Day Risk-Free Trial

    FIVE free trial licenses

    ONE login address to our online Admin Portal

    ZERO credit cards required




      We will email you a download link and your trial licenses.


      Q. Can I trial more than 5 devices or extend my trial beyond 14 days?

      → Yes, contact us at info@zorbsecurity.com

      IMPORTANT: Please don’t register multiple times to get extra licenses.

      You wont be able to manage all your devices from one dashboard if you do this.

      Instead, contact us and we’ll happily provide more trial licenses.

      Eliminate Data Theft COMPLETELY

      Ready to eliminate data theft from your entire device estate?

      BUY NOW

      Pricing

      Affordable pricing for everyone

      Ready to protect your sensitive data and business reputation?

      ELIMINATE DATA THEFT

      + STOP outbound data before it becomes a breach

      + TRANSMIT only trustworthy data

      + BLOCK data bypassing VPN

      ZORB CLOUD DASHBOARD

      + GEOLOCATE blocked events

      + REALTIME outbound data risk posture

      + CUSTOMISABLE trusted application list

      (Includes: 1 x admin license per organisation)

      1 - 50 licenses

      £69

      per license, per annum

      1 - 500 licenses

      £65

      per license, per annum

      1 - 1000 licenses

      £61

      per license, per annum

      1000+ licenses

      £57

      per license, per annum

      EXTRAS

      (Individually costed)

      Additional ZORB portal admin license

      Report theft notifications to own ticketing system

      Report theft notifications to own helpdesk

      Report theft notifications to own SIEM

      Upload network traffic to own SIEM

      Billed annually. Excludes local taxes.


        PRICING REQUEST FORM

        Or call the ZORB team on 01223 603029

        Put ZORB to the test

        See first hand how ZORB blocks data theft, protecting sensitive data and business reputations.

        14 Day Risk-Free Trial

        No credit card required

        Try ZORB for free


        Who are ZORB

        Cybersecurity is a right, not a privilege

        Our vision

        Our vision is for everyone to be able to store and transfer data completely safely.

        The current step is to revolutionise the Data Loss Prevention marketplace, so that protecting outgoing data becomes a standard element of every PC build, as essential as an antivirus to protect incoming data.

        Our pledge to our users

        ZORB pledges to our users that our technology will always be

        Simple enough so that anyone can use it

        Effective as the big-tech cyber solutions

        Affordable for everyone

        Secure by design

        Meet The ZORB Team


        Home

        Stop data theft in its tracks

        ZORB is the only software that blocks untrusted outbound data in realtime,

        making it easy to protect your

        DATA   |   INTELLECTUAL PROPERTY   |    REPUTATION

        Where ZORB fits in outbound DLP

        User working patterns are increasing data exposure

        More business data than ever is sent beyond your network perimeter – to remote sites, hybrid workers, the cloud, supply chains.

        Exposing your data to a greater risk of theft.

        If it's not trusted, it's not sent

        TRUSTED APPLICATION

        Has data come from a trusted program?

        TRUSTED DESTINATION

        Is data going to a trusted recipient?

        TRUSTED TRANSMISSION

        Inline with company policy? e.g. VPN

        Challenge the integrity of every outbound data flow

        Start from a “DENY ALL” stance.

        Only data flows that pass all THREE crucial checks are transmitted.

        Risk-Free Trial

        (No Credit Card Required)

        Take back control of data visibility

        POWERFUL

        Reduce sensitive data risk from external influences outside of your control

        SIMPLE

        Eliminate data theft without any specialist technical knowledge required

        FLEXIBLE

        Easily enforce company-wide outgoing data policies to the cloud and internet

        ZORB Data Shield GUI Screenshot showing blocked data

            Block untrusted outbound data before it becomes a breach

           Install-and-go: no technical knowledge needed

            Affordable to scale to all users and hybrid workers

            ZORB cloud dashboards; or integrate your own SIEM

            Geolocate each “block” event for threat triangluation

            Realtime theft assessment across entire user estate

        ZORB Dashboard geolocating alerts

        Do you need ZORB?

        Reputation Protection

        Is your business reputation a differentiator?

        Sensitive Data

        Does your business have sensitive, proprietary data assets?

        Hybrid Working

        Do your have remote or hybrid workers?

        Upload to Cloud Icon

        Do you use cloud applications?

        Guide to eliminating DATA THEFT!

        Shield your

        ZORB shields your data
        ZORB shields your reputation
        ZORB shields your revenues

        Partners

        Prevent data theft from sources outside of your control

        Hacker protection

        Bad actor protection

        Prevent data theft from hackers or disgruntled employees

        Malware protection

        Malware protection

        Prevent data theft from C2C-malware (botnets, RATs, ransomware)

        Cloud upload protection

        Cloud data protection

        Prevent data theft due to threats to cloud application data during upload

        Application vulnerability protection

        Application threat protection

        Prevent data theft due to app misconfiguration or malicious updates

        Eliminate data theft


        FAQs

        Questions we often get asked

        Questions & answers

        Yes. You can trial ZORB on up to 5 devices for 14 days, so you can test our theft elimination and outbound data blocking functionality.

        We do request a work email when you sign up for the trial, as we use the email to logically group your devices together for ease of management.

        Sign up for your trial here

        Our free trial covers 5 devices for 14 days. If you need to test more devices, or test over for longer timeframe, you can contact us for a pilot at info@zorbsecurity.com or call +44 1223 603029.

        Please DON’T sign up for multiple trials in the hope of additional free licenses. You won’t have a good UX as you won’t be able to manage all devices across the different licenses. We want to accommodate your pilot, so contact us instead.

        ZORB stops every outbound data flow before it leaves the device. The integrity of each data flow is then checked against a “safe list” of trusted applications, trusted destinations the application should send the data to, and trusted application transmission channels. If the data flow meets these criteria, then the data is deemed as trusted and is allowed to be transmitted. “Deny until proven trusted” is a powerful security stance.

        The safe list is your organisation’s list of trusted, allowed data sources. This list is configurable to any level of granularity to meet business requirements. Each data source on this list is assigned 1) the application it comes from, 2) the permitted destination domains or IP addresses, and 3) the expected transmission ports or protocols.

        Defining this on a firewall would require a lot of rulesets and continual maintenance. ZORB’s safe list requires a minimum amount of set up and does not require technical knowledge. We do most of the setup work for you by providing a pre-built safe list which has a standard set of safe applications already configured. You just need to add your business specific applications to the list via ZORB’s online portal.

        More details on how ZORB’s technologies works can be found here.

        No! Think of ZORB as a reverse antivirus.

        Antivirus checks incoming data against a list of known malicious signatures and quarantines anything it thinks is potentially dangerous. This prevents malware from entering your systems.

        ZORB checks outbound data against a list of trusted criteria and blocks everything, only permitting data that meets the trust criteria. This prevents data from being maliciously exfiltrated from your systems.

        More information on why blocking outbound data is important can be found here.

        Most Microsoft devices run Window’s Defender Firewall. Typically, this used to protect against incoming threats.

        By default, unless a rule is configured otherwise, a firewall blocks all incoming data and allows all outgoing traffic. When an application is installed, an incoming data rule is automatically applied to the firewall (and is not automatically removed upon uninstall). Application-specific outbound rules must be manually applied.

        This is certainly possible in Defender Firewall. But would require large amounts of work to set this up and to maintain as business applications change. Neither is Defender Firewall very configurable. Malware can easily bypass a firewall by masquerading as a safe application.

        Many data breaches occur due to a firewall misconfiguration. One slight miscalculation in a ruleset can leave a business wide open to attack.

        More information about what can and cannot be done using Windows Defender firewall is available here.

        Application traffic data is more exposed to threats than ever before, because more and more data is leaving the trusted business infrastructure to go over the public internet to cloud applications, data centres or mobile/hybrid workers.

        ZORB protects sensitive data from theft on mobile worker’s devices in just the same way as on office-based devices – only allowing trusted data to be transmitted.

        Remote workers should connect to the HQ or cloud applications via VPN. But this does not guarantee all data goes through the VPN. For added security, ZORB can be configured so that all outbound data is forced through the VPN, otherwise it does not get sent.

        ZORB does not collect or store any user application data from the user’s device. ZORB simply interrogates the integrity of the data flow before it leaves the device to determine whether to block or allow the data to be transmitted.

        Some data is collected for reporting purposes, but does not include any user-related data. When ZORB detects traffic that should not leave a device, first ZORB immediately blocks it. Then ZORB sends an alert about this exfiltration attempt. The standard configuration is for this alert to be sent to ZORB’s online portal, where it is stored for your review. This data is not used for anything other than for your reporting purposes.

        However, if absolute confidentiality is required, ZORB can send the alert to your own SIEM or helpdesk instead.

        Contact us to find out more on info@zorbsecurity.com or call +44 1223 603029.

        ZORB works on data flow, not data content, which means that ZORB does not care if data is encrypted or not.

        Regardless, it is basic security hygiene that you ensure all outbound data is encrypted when passing over a public network such as wifi or the Internet. But take note, encryption does not stop data theft – encryption only makes data unreadable.

        ZORB provides one administrator license to our online portal. (Additional licenses are available upon request.)

        The online portal serves two functions, 1) it is the administration centre for all of your devices running ZORB and where you administer the safe lists, and 2) it is the reporting centre.

        The reports provide a snapshot of data theft threat posture across your entire device estate, and each block attempt is geolocated and cross-referenced with VirusTotal to aid threat hunting and safe list optimisation.

        Alternatively, reporting data can be sent to your business helpdesk or SIEM. The online portal is still required for safe list administration.

        Yes.

        Network traffic is an invaluable threat hunting tool and ZORB can send a copy of all incoming and outgoing data from a device, to your SIEM.

        However, this volume of duplicate traffic could put additional pressure on your internal network. Whilst we can send a copy of the entire packet, it might be better to only send certain fields from each packet to your SIEM. We can work with you to determine the most effective and efficient way to do this.

        Contact us to find out more on info@zorbsecurity.com or call +44 1223 603029.

        Unfortunately, today, ZORB runs on Windows only. Our roadmap does include roleout to other platforms if demand is shown.

        Why not let us know your other use case requirements, or sign up as a tester here

        ZORB does not protect against data leakage

        ZORB protects against data theft – the deliberate, intentional theft of sensitive data by hackers, malware or disgruntled employees.

        A data leak as the accidental disclosure of sensitive information by human error, such as a user accidentally emailing Personally Identifiable Information to the wrong address. Mitigation of this involves inspecting the content of emails, web forums, social posts for sensitive data.

        Data theft and data leakage each requires a different protection strategy, which is covered in more detail here.

        ZORB does not protect against physical data theft

        Physical data theft includes such things as

        • printing classified data and removing it from the building
        • copying sensitive data to external drives, such as USB stick

        This is not on our roadmap because there are many good tools that already prevent this type of data theft.

        Still got questions?

        Contact us

        NEW PDF Download!

        Your 5 simple steps to eradicating data theft

        Download


        Contact

        Let's talk

        We love to talk about what we do, cybersecurity or just about anything else.

        We’ve built our reputation upon trust – which comes from communication, so let’s get talking.




          Visit us

          We’re located in the heart of Silicon Fen in Cambridge, UK, about a mile from the A14 junction 33.

          ZORB Security Ltd
          St. John’s Innovation Centre
          Cowley Road
          Cambridge
          CB4 0WS

          01223 603029
          info@zorbsecurity.com