Zafran, an industry leader in risk management and mitigation, has announced that it has raised over $30 million in funding. The funding round was led by Cyberstarts and Sequoia Capital, with participation from Penny Jar and Cerca Partners. The company was founded in 2022 by Sanaz Yashar (CEO), Ben Seri (CTO), and Snir Havdala (CPO). It has emerged as the world’s first platform to pinpoint ‘exploitable’ threats in an organization and mitigate their risk.
With attackers becoming faster and cyber threats growing exponentially, security teams are often caught in a race they cannot win. A recent report from Rapid7 suggests that more than half of all vulnerabilities are exploited within seven days of public disclosure. However, remediation and patching of each new vulnerability often takes weeks and months of planning and execution, requiring the participation of multiple teams. Without an effective mitigation strategy, companies remain fully exposed during this exploitation window – the time between a vulnerability being discovered and remediation. In fact, a recent Verizon report revealed that 60% of data breaches result from unremedied known vulnerabilities. This underscores the need for an effective risk mitigation program that goes beyond legacy patching and emphasizes execution.
“In an industry characterized by the perpetual race between attackers and defenders, the exploitation window has been consistently overlooked – and despite the inflation of security tools, organizations’ risk assessments often fail to consider existing compensative security controls,” said Sanaz Yashar, Co-Founder and CEO of Zafran. “Zafran transforms risk mitigation by mobilizing security controls against evolving threats, bridging organizations’ security gaps and blind spots and mitigating risks at scale.”
Zafran is a risk mitigation platform that helps security teams prevent threat exploitation. It does this by connecting with vulnerability data and the organization’s security controls. Zafran analyzes risks by taking into account control efficacy and exploitability factors. The company’s Mitigation Knowledge-base works seamlessly with EDR, firewalls, cloud tools, and more, allowing organizations to conduct a comprehensive evaluation of their risks. Zafran Applicable Risk™ reflects whether vulnerabilities are exploitable or already mitigated by compensating controls. It then automates mitigations proactively to eliminate the exploitation window.
“Zafran addresses a critical pain in the security market where traditional risk assessment falls short by neglecting existing security controls and mitigation factors,” said Doug Leone, Partner at Sequoia Capital. “We are excited to support the company as it enters the next phase of accelerated growth, with a visionary platform that proactively reduces risk exposure at scale and has the potential to redefine industry standards.”
“Rarely do we back a team with the talent and aspirations to create a whole new science in cybersecurity, fusing deep cyber expertise with customer obsession,” said Lior Simon, General Partner at Cyberstarts. “Sanaz, Snir, and Ben possess the capabilities and vision needed to construct the world’s first risk and mitigation platform, allowing organizations to mitigate vulnerability exploitation in production without relying on legacy ‘patching’ and by optimizing existing security controls. We are thrilled to partner with the team from day one on this long-term and exciting journey.”
