BlackFog Logo

Frequently Asked Questions (FAQ’s)

About BlackFog

Will BlackFog slow down my machine performance?2024-05-20T22:36:04+01:00

BlackFog has been specifically designed to have little to no impact on your machine in terms of performance. If anything you should notice your machine is noticeably faster because it is preventing the transfer of vast amounts of information from your machine over the network.

From a CPU perspective BlackFog uses around 1-5% (depending on Operating System and processor) during normal network operation and 0% on idle. Your browser typically uses 20% or more depending upon the site you are visiting. BlackFog also uses only small amounts of other system resources such as memory and drive space.

Why do I need BlackFog if I have an Anti-Virus product already?2024-01-28T20:44:49+00:00

Anti-Virus products focus on what to do AFTER you have been infected. BlackFog focuses specifically on real-time network threat detection and preventing spyware and ransomware from infecting your machine in the first place. BlackFog works in conjunction with your existing AV solution. Just like you would go to the Dr. when you are sick, an AV solution will help you get better. BlackFog operates by preventing the sickness by decreasing your exposure to pathogens and boosting your immunity overall.

By proactively blocking threats and distribution networks using BlackFog’s pioneering anti data exfiltration we can eliminate over 99% of threats.

For an in depth look at our technology we highly recommend you look at our technology page.

What is the Breach Monitoring Module?2024-01-28T23:27:29+00:00

BlackFog’s Breach Monitoring module allows an organization to monitor its exposure over the Dark Web with regular domain scanning. With more than 10 billion accounts exposed over the Dark Web, BlackFog ensures you are notified in real time when a breach has occurred. The module also enables benchmarking against industry peers and easy report generation.

What is BlackFog’s Threat Hunting module?2024-01-28T23:23:53+00:00

BlackFog’s unique Threat Hunting module provides threat intelligence for all organizations, where previously only organizations with large technology budgets and teams of experts were able to benefit from this type of threat intelligence. This module takes threat intelligence to a new level by providing detailed insights into each identified threat, enabling organizations to stay ahead of cybercriminals as the threat landscape evolves. With insights such as crowdsourced impact, confidence level and MITRE classification, BlackFog’s Threat Hunting capabilities are able to identify false positives, investigate threat origins and provide peer-based risk analysis.

What is BlackFog’s resource consumption like?2024-01-28T20:42:34+00:00

From a system resource perspective BlackFog was designed to be very lightweight. In fact, the BlackFog executable occupies approximately 2MB of drive space and the whole package around 20MB. It has been developed in the same language as the underlying operating system and has no dependency on other runtime frameworks, so it is very fast.

BlackFog has a small memory footprint of around 25MB and uses less that 5% CPU at its peak. Routinely you will see it around 1-2% on a very active machine.

How is Updating BlackFog managed?2024-01-28T20:36:31+00:00

BlackFog utilizes different rule sets to protect your device. Updating BlackFog is managed within the application automatically. BlackFog periodically checks BlackFog servers for updated rules and downloads new ones as necessary. BlackFog uses SSL for all connections to its update servers. Please ensure you have all the relevant ports open to ensure it is working correctly in your environment.

In addition, BlackFog periodically provides application updates to providing additional features and bug fixes. The application checks for updates every few days and allows you to install the update if desired. Our enterprise console allows updates to happen automatically in the background with no user intervention.

Does BlackFog collect information about me?2024-01-28T20:41:15+00:00

The short answer is NO. BlackFog is very conscious about privacy and we do not collect information about you. In fact, BlackFog makes you aware of what information other applications are collecting and where all your information is going (whether you have consented or not).

The only information that is sent to our servers is the IP address of the destination request so that we may geo-locate it for you and send back the result. We do not keep log files about this activity and the results are only consumed by BlackFog and cached locally for later use.


We already have an EDR / XDR solution, why would I need ADX?2024-01-28T22:54:15+00:00

EDR / XDR solutions provide necessary endpoint protection as well as threat detection, investigation, and response by using threat intelligence and data analytics. BlackFog works well alongside these solutions but also offers some advantages over these technologies. Here are some main points to consider.

  1. AI powered EDRs can’t always provide persistent, protectable solutions for 100% threat detection whereas BlackFog uses behavioral analysis to identify and block suspicious activity before the attack begins.
  2. With EDR /XDR not all responses are automated, so human input and response is required. BlackFog is a fully automated on-device technology, meaning the action is taken immediately by the agent on the device. No human intervention required.
  3. Some EDR / XDR solutions do not provide cross platform protection and reporting. They also require “a push” to install updates, whereas BlackFog can work across most platforms with integrated reporting available from our Enterprise Console. Our updates are all done automatically via the on device agent.
  4. Traditional EDR / XDR requires specialized and dedicated staff. BlackFog does not require specialized staff to monitor or react to threats or attacks, eliminating the need for dedicated resources. Our Enterprise Console provides a centralized, easy to use view of what is happening across all devices in the organization.
  5. Most EDRs / XDRs are cloud based whereas BlackFog provides on device protection that does not require any cloud access to provide protection.
  6. EDR / XDR is not designed to prevent data exfiltration. Insider threats such as employee mistakes, credential theft and rogue employees require constant monitoring and intervention. BlackFog’s core function is preventing data exfiltration through outbound traffic analysis, restricting data leaving the device under specific, suspicious circumstances.
I think our firewall and antivirus technology is enough to protect us2024-01-28T22:57:49+00:00

Defensive based technologies aren’t effective at preventing the types of attacks we see today. If a cybercriminal really wants to infiltrate a device or network, they will be successful. Preventing cybercriminals leaving with your data is critical in preventing a cyberattack.

I have cyber insurance for ransomware, isn’t that enough?2024-01-28T22:56:57+00:00

While cyber insurance has become a ‘need to have’ for many organizations, it is only part of a cybersecurity strategy. Cyber insurance may help with the cost of remediation from an attack, but it doesn’t offer any protection. Cyber insurers are also suffering from an exponential rise in claims and the industry is changing quickly to adapt. Policies are harder to get, more expensive, and may not pay out on ransomware attacks. It’s also worth noting that many insurers are mandating certain technologies such as ADX in order to qualify for coverage.

How is BlackFog different from DLP?2024-01-28T22:45:47+00:00

Data Loss Prevention (DLP) is one of the most popular legacy approaches to keeping sensitive data secure for organizations. A traditional network approach developed in the 1990’s, it struggles to accommodate the needs of the modern remote workforce. ADX builds on the technology behind DLP while making it more relevant to today’s workforce and security threats. BlackFog sits on the endpoint, so it doesn’t matter where employees are based. Unlike DLP which requires a strict set of policies which are difficult to implement and change, BlackFog is easy to deploy, and fully automated.

How does ADX interact with the zero trust approach?2024-01-28T22:50:02+00:00

ADX has been specifically designed to be a zero trust solution as it prevents any code from unauthorized data exfiltration. BlackFog effectively validates a zero trust architecture by ensuring every application is doing exactly what it says it should. In an ideal world this would not be necessary, but latent code can activate at anytime as we have seen time and time again. 

Doesn’t my EDR/XDR protect me from ransomware?2024-01-28T23:23:11+00:00

With 89% of ransomware attacks now exfiltrating data, you need to ensure you have a tool that prevents data exfiltration and ransomware. When you look at the many global corporations making ransomware headlines on a regular basis, it’s clear that many of these tools aren’t successfully blocking attacks. Preventing data exfiltration offers an additional layer of protection which has become a ‘must have’ technology.

Anti Data Exfiltration (ADX): Beyond Antivirus and EDR

BlackFog goes beyond first and second generation technologies like Antivirus and EDR/XDR and focuses on anti data exfiltration (ADX), ultimately protecting organizations from extortion and securing its most valuable asset, its data.

Rather than having teams monitor and respond to events, BlackFog provides fully automated 24/7 protection to prevent cyberattacks in real time so you can focus on what you do best.

Anti Data Exfiltration

What role does ADX play in a cybersecurity strategy?2024-01-28T23:15:36+00:00

The goal of any cyberattack is data theft. Adding an ADX solution to a security strategy ensures that there is nothing for an attacker to gain. Without data exfiltration there is no breach, no ransom and no extortion. When cybercriminals can’t steal data, they move on to the next target.

What makes ADX a different approach?2024-01-28T23:17:14+00:00

We know that any cybercriminal intent on infiltrating a device or network will eventually find a way in, regardless of the perimeter defense solutions that are in place. ADX looks at the problem in a new way. By making the assumption that bad actors will get into the network, it focuses on preventing them from leaving with an organizations data. No data exfiltration means no successful cyberattack.

What is ADX?2024-01-28T23:12:35+00:00

Pioneered by BlackFog, ADX is a technique used to prevent unauthorized data from leaving a device. By targeting multiple parts of the kill chain, ADX effectively blocks the activation and spread of cyberattacks. Since cyberattacks, especially ransomware focuses on data theft for extortion this has become an important technique to thwart modern polymorphic attacks that cannot be stopped by traditional anti-virus or EDR solutions.

How Does ADX Work?2024-01-28T23:14:05+00:00

ADX works by investigating outgoing data on endpoint devices. This gives it a markedly smaller footprint than other solutions, such as firewalls or DLP, which examines incoming and outgoing traffic at the edge of the network. ADX solutions are lightweight enough to run on mobile devices and do not need to work on the corporate network. Instead of comparing traffic to a dictionary of attack signatures, ADX solutions use behavioral analytics to identify unusual behaviors on a user-centric basis. ADX limits the ability for users – including privileged users and administrators – to send sensitive data outside the network.

How can I trust ADX technology?2024-01-28T23:09:49+00:00

BlackFog has been around since 2015 and is the leader in ADX, a new category for anti data exfiltration technology. BlackFog has been endorsed by leading analysts and received several industry awards, so you can trust ADX technology. Hundreds of global customers across all industry verticals trust BlackFog to secure their data and prevent cyberattacks.


We’re a small company, cybercriminals won’t target us2024-01-28T23:34:55+00:00

This is exactly why you need to invest in cybersecurity. Cybercriminals are most often looking for low hanging fruit like smaller under-resourced organizations.

We don’t have the budget for new products2024-01-28T23:37:41+00:00

We would suggest an audit of the tools you are currently using. If you are currently spending a portion of your budget on a traditional solution such as AV for example, it’s worth noting that AV is now embedded into every modern operating system, so it’s a very easy decision to cut this expenditure and focus on newer technologies like Anti Data Exfiltration.

We don’t have sensitive data to protect2024-01-28T23:33:14+00:00

Every organization regardless of size, vertical or location has data worth protecting. Cybercriminals don’t discriminate and they often look for low hanging fruit, which is in many cases those businesses who don’t feel they are worthy of being a target.

We don’t have enough resources to manage another security tool2024-04-11T20:32:44+01:00

BlackFog is often described as ‘set it and forget it’ by our customers. It offers 24/7 automated protection, so you don’t need to deploy extra resources to manage it. In addition, BlackFog offers a vCISO productfor those companies who would prefer to have it managed for them.

Do I need to add another tool?2024-01-28T23:32:04+00:00

Many organizations are using 20+ cybersecurity tools to prevent attacks, yet many of them still make front page ransomware and data breach news. The goal of any cybercriminal is data theft and with 89% of ransomware attacks exfiltrating data in 2022, ADX has become an essential technology.