ZeroFox has expanded its partnership with e92plus, which now makes its MSSP program available to e92plus partners across the UK, Ireland, and Benelux. The partnership will give e92plus’s MSSP partner network access to ZeroFox’s external threat protection capabilities, including brand protection, phishing disruption, dark web monitoring, impersonation detection, and executive protection.
Most managed security offerings are still built around internal environments: endpoints, networks, cloud systems, identity, and logs. But many attacks now begin outside those environments. Threat actors impersonate brands, register phishing domains, target executives, expose credentials on the dark web, and build infrastructure before an attack ever reaches the customer’s network. ZeroFox is positioning its program as a way for MSSPs to add that external layer without building the capability from scratch. For MSSPs, the partnership addresses a real service gap.
Adding Service Without Forcing Operational Changes
Customers are asking for help beyond traditional monitoring as external threat protection is gaining relevance for managed security providers. Many SMBs and midmarket companies do not have the internal teams to track impersonation, exposed credentials, phishing infrastructure or executive targeting across the open web, dark web, and social platforms. That creates an opening for MSSPs that can package external threat intelligence and response into a managed service.
Mark Stevens, SVP Channel and Alliances at ZeroFox, told MSSP Alert that the goal is to let partners add the service without forcing major operational changes.
“Partners plug ZeroFox into what they already run - SIEM, SOAR, TIP, ITSM, Slack, Teams - via 700+ pre-built connectors, webhooks, or REST APIs. No rip-and-replace,” Stevens said. “Alerts are analyst-validated before they hit the queue (24x7 OnWatch is included), and takedowns run through ZeroFox's Global Disruption Network - not partner SOC headcount. Net result: one enriched, prioritized feed inside existing workflows. Not a new console.”
With MSSPs already under pressure to reduce noise, this provides simplicity and does not add more complexity. MSSPs need cleaner signals and a clear path to action and if a service can validate threats and help remove them, partners have a stronger outcome to take to customers.
Why MSSPs Would Add ZeroFox
Many MSSPs already use SIEM, MDR, endpoint, cloud, and identity tools. ZeroFox’s argument is that those tools do not fully cover external threats.
“SIEM and MDR watch inside the perimeter. ZeroFox watches outside it - social media, 6B+ domains, 180+ platforms, deep and dark web, 21K dark web forums daily,” Stevens said. “And it's not a raw signal. The Discover > Validate > Disrupt model means 100+ analysts validate threats before escalation (95% takedown acceptance rate, 1M+ takedowns annually). MSSPs get confirmed threats with a disruption path - not more noise to triage.”
For partners, the service opportunity is around threats customers can see and understand quickly: fake domains, phishing pages, executive impersonation, exposed credentials, dark web mentions and brand abuse. These are visible risks, and they often need action before they turn into incidents inside the customer environment.
That makes external threat protection a useful add-on for MSSPs that want to expand beyond monitoring and response. It can support vCISO services, executive reporting, incident readiness, and customer risk reviews.
Executive Protection Is Driving Demand
ZeroFox said executive and VIP protection is becoming one of the strongest areas of MSSP interest.
“Executive and VIP protection - and it's accelerating,” Stevens said. “Deepfakes, doxxing, credential exposure, and cyber-physical threats against leadership have moved from edge case to board-level priority, and most MSSPs have zero native coverage for it.”
Brand and domain protection are still strong use cases, especially for phishing and impersonation takedowns. But Stevens said executive protection is now coming up more often with partners, including protection around travel and events. This is important for MSSPs because customers are looking beyond network and endpoint security and also want to know where their executives, brands, and employees are exposed outside the company.
The expanded partnership also gives ZeroFox a stronger route into the UKI and Benelux partner market. e92plus already works with cybersecurity resellers, MSPs, and MSSPs across the region. By bringing ZeroFox’s MSSP program into that network, the distributor can offer partners another managed security capability at a time when many are looking to move beyond standard detection and response services.
A Bigger Channel Opportunity
The partnership shows how external threat protection is becoming part of the MSSP service stack. Customers want help spotting threats before they reach the business. That gives MSSPs a way to build services around brand protection, phishing takedowns, exposed credentials, executive protection, dark web monitoring and physical security risk.
For e92plus partners, ZeroFox offers a way to add those services without building a separate external threat intelligence team. For ZeroFox, the deal expands its reach through a cybersecurity distributor with an established partner base in Northern Europe. External threat protection can help MSSPs move beyond monitoring and helping customers act on them before they turn into bigger problems.
