ZORB Data Shield

ZORB Data Shield’s primary role is to prevent an organisation incur data exfiltration, theft or loss. On average, a UK business has a 40% – 46% chance of suffering a data breach this year.

There are many types of data breach:

  • physical data breaches such as via USB drive
  • application data breach such as data sent as email content/attachment
  • network data breach such as data sent over a covert channel or to a malicious endpoint, either accidentaly or with intent
  • supply chain data breach, such as data lost from a third-party cloud provider
  • password brute forcing, etc


ZORB prevents unauthorised disclosure of data via the network. We check every single data as it is about to be sent from a PC (such as sending to a server, another PC or externally) for three criteria:

  • is the application sending this data authorised, known and trusted?
  • is the destination of the data to a known, trusted endpoint?
  • is the data being sent via a known, trusted channel?

Our default stance is “DENY ALL” – ie block data from being sent unless it meets all 3 of these criteria.

For example, if Outlook is not on your trusted application list, then any data sent from Outlook will be blocked. So lets add Outlook to your Trust List.

However, some malware has bypassed your antivirus and installed on your device, renaming itself to Outlook. Other data breach prevention solutions will see the application as Outlook (trusted) and allow data to be sent.

ZORB takes this a stage further. Our Trust List can be configured so as to only trust data from Outlook that is being sent to Microsoft. Any data from Outlook that is not to Microsoft (such as the malware that installed earlier) is blocked.

We can take this a stage further. Your company policy states that hybrid workers should send all data via the VPN to the HQ. Any data from Outlook (trusted) to Microsoft (Trusted) that is sent directly to Microsoft and not via the VPN – is blocked.

We’ve collated a set of use cases here.


If data is attempting to be sent from your device that is not trusted (in any combination of trusted program, trusted destination, trust channel), ZORB Data Shield uses proprietary technology to cancel the data flow.

The application will still load and operate normally, thinking it has sent the data. But ZORB has killed the data flow connection, preventing data from being sent outside of the device.


ZORB is not an antivirus and is not intended to replace your existing antivirus solution.

Antivirus looks for threat signatures in INBOUND data, such as email attachments or internet downloads.

ZORB does not monitor incoming data. ZORB prevents data breaches via OUTBOUND data.

If malware gets past your antivirus (which is very simple to do) and installs on a device, ZORB will detect and block any attempt it makes to send data back to its home server. In particular, this is for malware that connects to a Command & Control server in the cloud, such as botnets or ransomware.

There is more about how ZORB can be used to prevent malware related data breaches in our Use Cases page.


We can trial Data Shield for free with up to 5 users for 30-days here.

If you would like to run a pilot with more users, or for a longer period, contact us at info@zorbsecurity.com



Still got questions?

Contact us