Lock Down Your Servers and Network: BlackFog’s Data Exfiltration Protection Mitigates Threats Across Endpoints

TL; DR: BlackFog, founded in 2015, is on a mission to prevent outbound data loss via real-time behavioral analysis and data exfiltration technology. The company serves as a virtual CISO for individuals, businesses, and managed service providers, helping lock down server networks and strengthen regulatory compliance. By monitoring for and preventing unauthorized data collection, BlackFog protects users from increasingly sophisticated phishing and ransomware attacks.

For decades, security companies have relied on a castle-and-moat technique to fortify network walls, protecting the data inside from potential invaders. But considering the modern threat landscape, these methods are decidedly medieval.

“Bad guys will always find a way to get in,” said Darren Williams, Founder and CEO at BlackFog. “And they probably won’t approach the front entrance — they may drop in from a parachute, come in through an underground tunnel, or enter through a back door. ”

The key to mitigating today’s sophisticated threats, according to Darren, is to assume hackers will find a way in — and ensure you have a plan in place to stop them from escaping with your data.

“People seem to forget they’re fighting a war in which conventional weapons no longer work,” he said. “Yes, you want to use firewalls and other methods to lock the door and secure your windows, but you also need a plan in case the attacker gets in and is walking out with your jewels — your data. What we do through data exfiltration protection is stop him from getting away and extracting that information.”

BlackFog’s outbound data-loss protection shields users against data collection and identity profiling, ensuring in real time that private information stays that way.

The solution is available for personal use, empowering individuals and families to confidently work and shop on mobile and desktop devices. The company also offers products tailored to the needs of businesses and managed service providers, which essentially serve as virtual chief information security officers (CISO).

BlackFog was founded in 2015, the same year that European institutions agreed on data privacy reform via the General Data Protection Regulation (GDPR), which came into force on May 25, 2018. Darren, a serial entrepreneur, had recently sold his company LiveTime Software Inc. and was looking for a new opportunity in cybersecurity.

“The GDPR, and data privacy in general, was big in Europe at the time,” Darren said. “People were facing a growing number of online threats in addition to a loss of privacy across the internet. We thought, ‘Everyone’s looking at this whole cybersecurity problem the wrong way — they’re not watching what’s leaving; only what’s coming in.’”

He built BlackFog’s behavioral analysis and data exfiltration technology to combat that problem, concurrently designing the products to be GDPR-compliant and limit the collection of personally identifiable information.

“What we do is prevent data loss using behavioral analytics at the endpoint — because that’s where the action is,” Darren said. “And as data moves off the network, we use analysis and AI to see what is going on and whether it should be stopped. So we’re more preventative technology in that sense. Unlike antivirus technology, we don’t wait for you to be infected and then offer a solution.”

Today, BlackFog mitigates more than 24 million threats across mobile and desktop endpoints using multiple defenses against ransomware, spyware, malware, phishing, unauthorized data collection, and profiling.

“When companies download our software, they’re often surprised to see hundreds of requests for data profiling coming from news sites,” Darren said. “Typically, the content is injected with all of these little agents that are collecting data. BlackFog stops them in their tracks so there is no unauthorized removal of information from the device. It’s like a reverse firewall.”

Darren told us that BlackFog has been spreading the word about the dangers of data exfiltration for years. But it wasn’t until January 2021, when reports on the SolarWinds Orion security breach surfaced, that people began to open their eyes.

The Russia-linked intelligence-gathering attack, known as SUNBURST, impacted several U.S. government agencies and businesses. According to SolarWinds, cyberattackers inserted a vulnerability within specific Orion Platform software versions that allowed them to establish a low-profile presence, eventually compromising the servers on which Orion products ran.

“The Orion attack is a classic example of how hard it can be to detect ransomware and why no one picked up on it as it sat inactivated,” Darren said. “When it is activated, it attaches itself to a legitimate process, undoes itself, and dwells again. No one notices because it’s only memory. If the U.S. government couldn’t detect it, what do you think the chances are, without any resources, that your systems are going to protect you?”

That’s where data exfiltration comes in, picks up on all data leaving server networks and putting a stop to malicious activity.

“It’s crazy because we’ve been talking about data exfiltration at BlackFog until we’re blue in the face for years,” Darren said. “All of the sudden, people realize that this is real — attackers can get in your systems through lots of different techniques. They just sit there until they pounce like a cat, and then they’re extracting data and sending it to Russia.”

BlackFog puts data exfiltration prevention within reach for everyone from families to small businesses and MSPs.

For individuals and families, the affordable product offers peace of mind that no one — malicious actors or otherwise — can collect and sell your information without permission.

“I had my Mum and Dad in mind when we designed it initially,” Darren said. “No one should be preyed upon. You should be able to have a pleasant experience shopping online without getting bombarded with data collection or phishing attacks.”

BlackFog’s technology serves as an extension of existing IT teams for small and medium-sized businesses and enterprises. The point-and-click solution is customizable but also works out of the box to protect data.

“No SME is going to have a $250,000 CISO and a team of IT people sitting at their disposal,” Darren said. “You install it on the endpoints, we give you access to the enterprise management console, and there is no configuration necessary. Customers can’t believe how touchless the system is.”

BlackFog also helps MSPs add value to their offerings. A consolidated dashboard allows providers to manage their entire customer base as a group while individual customers manage their own user accounts.

“MSPs love it because it’s a multitenant solution — they can run thousands of customers off one portal, but at the same time view every single one and generate monthly reports.”

As for what’s on the horizon, BlackFog plans to release a redesigned Mac product this year. The release will coincide with Apple’s latest Macs, which feature Apple Silicon chips, rather than Intel chips.

“Apple has released these great new M1 processors, which gives us a lot more capabilities on the Apple platform,” Darren said.

BlackFog’s previous Mac solutions were not as robust as the Windows and Android editions due to Apple-imposed restrictions involving kernel drivers.

“Fortunately, they have luckily allowed us to do some interesting things now that will take advantage of some of their new chips,” he said. “We’ve got lots of other plans for the future as well — hopefully, 2021 is the year people will start understanding the concept of data exfiltration.”