Highlights:

  • Zafran’s platform accelerates remediation by leveraging existing cybersecurity tools to fix vulnerabilities.
  • In order to enhance understanding of security flaws, the platform supplements its gathered information about each issue with external data points.

Zafran Security Ltd., a new startup, has recently introduced a platform aiming to assist companies in promptly addressing vulnerabilities within their technological infrastructure.

Zafran debuts with over USD 30 million in funding, with Sequoia Capital and Cyberstarts leading the funding round. Cerca Partners and Penny Jar Capital also participated in the investment. Forbes reports that Zafran will prioritize ramping up its sales initiatives following this influx of capital.

Addressing vulnerabilities promptly upon discovery isn’t always feasible within enterprise settings. This is often due to the considerable time and specialized expertise required to develop effective mitigations. Rapidly resolving newly uncovered vulnerabilities poses an even greater challenge in expansive technological environments, where an existing backlog of issues may already be present.

Thanks to Zafran’s platform, the remediation process will go more quickly. The company claims that its software uses the cybersecurity tools already installed in an organization’s network to fix vulnerabilities.

Cybersecurity products like firewalls gather extensive technical data essential for identifying vulnerabilities. However, each product structures its generated data differently, complicating the process of correlation. Zafran asserts that its platform can automatically harmonize the telemetry gathered by an organization’s cybersecurity tools to reveal vulnerabilities.

In order to enhance the understanding of security vulnerabilities, the platform supplements the collected information regarding each issue with external data points. These data points encompass specifics regarding the libraries loaded into memory by a company’s applications during operation. Zafran also considers additional factors, such as the accessibility of a particular workload via the public web.

Utilizing the aggregated data, the platform not only identifies vulnerabilities but also categorizes them according to their severity. Certain cybersecurity weaknesses, like those impacting an application isolated from the company’s network, may not pose a risk of data breach. Zafran distinguishes vulnerabilities that are not consequential, filters them out, and then prioritizes the remaining issues based on their level of urgency.

Additionally, the platform proposes a solution for every identified issue. Zafran might, for instance, indicate whether modifying the firewall’s workload-protecting configuration can lessen an application’s vulnerability. This decreases the necessity for software teams to manually devise mitigation strategies, thereby conserving substantial time and effort.

Accelerating the process of resolving vulnerabilities reduces the timeframe during which hackers can execute cyberattacks. This shortened window subsequently decreases the likelihood of data breaches.

“In an industry characterized by the perpetual race between attackers and defenders, the exploitation window has been consistently overlooked. Zafran transforms risk mitigation by mobilizing security controls against evolving threats, bridging organizations’ security gaps and blind spots and mitigating risks at scale,” stated Sanaz Yashar, Co-founder and CEO of Zafran.

Recently, Zafran revealed that it has onboarded 12 customers onto its platform since its launch in 2022. Among these customers are Kraft Heinz Co., BNY Mellon Corp., and other prominent enterprises.