Zafran aims to help solve an ongoing issue in modern business environments, which is the large quantity of vulnerability information and the issues that are actually critical to a business. Security teams typically use many different tools that produce fragmented results for cloud-based systems, on-premises infrastructure, and the application layer, which creates redundancy, inconsistency, and uncertainty regarding "real" exposure.

Zafran solves this problem by consolidating vulnerability data into one, unified view to provide organizations with an understanding of their overall security posture without needing to rely on disconnected dashboards or manual correlation. The foundation of Zafran's platform is based on the premise that not every identified vulnerability presents the same level of risk. Rather, vulnerabilities are evaluated based on the specific context of the organization's environment; evaluating factors such as runtime presence, potential external access and current security controls to determine whether or not the vulnerability is likely to be exploited. The use of contextualized assessments helps shift the focus away from potential risks and towards what could actually lead to a breach.

In addition to performing assessments, Zafran's platform focuses on immediate risk mitigation. Instead of waiting for a scheduled patch cycle that could be delayed by operational issues, the Zafran platform will identify ways to reduce the exposure through the current security controls. It also connects vulnerability insights to remediation workflows, reducing the manual effort required to assign, track, and resolve issues. By aligning security analysis with operational execution, Zafran seeks to bridge the gap between identifying vulnerabilities and addressing them in practice.

Use Cases Highlighted by Zafran

Agentic Exposure Management

Reducing the amount of manual labour usually involved with vulnerability management is what Zafran's methodology for exposure management is focused on. Security teams can spend an inordinate amount of time on tasks such as investigating alerts; validating whether a vulnerability can be exploited; identifying the responsible owner assets and preparing reports on findings. Such tasks are necessary to run an efficient security operation but can delay response times to alerts, while also drawing attention away from higher priority security initiatives.

As part of an automated workflow process for continuous vulnerability management, Zafran automates these types of tasks that are usually conducted manually through one or more of its autonomous mechanisms, such as providing the ability to scan for vulnerabilities as and when they appear, including newly disclosed vulnerabilities that often do not appear in traditional scans. Evaluating all identified exposures within the context of an organization's operating environment like an exploitable vulnerability; have an impact based on whether or not it could be exploited.

Another area of this utilization case is the ownership mapping process. Identifying the asset owners of a particular system/application usually takes a great amount of time due to the need for coordination between multiple teams. Zafran automatically correlates various data signals to identify the appropriate owners of each asset, allowing remediation work to be routed to the correct individuals or teams without delay, and reducing the likelihood of routing errors or unnecessary back-and-forth communications.

Exposure Assessment and Remediation

Risk from background noise in vulnerability data versus the validity of risks from traditional scoring have resulted in an overabundance of vulnerability reports that are treated with equal urgency by many organizations. This is an inefficient method of prioritizing vulnerabilities and increases the workload for both security and IT teams. To solve this problem, Zafran examines the vulnerabilities in conjunction with the attributes of the organization that contains the risk.

Zafran obtains vulnerability data from multiple sources and normalizes them into a single, logical set of data. After this occurs, Zafran analyzes the data to determine risk factors such as whether or not the affected object is powered on during the time of an attack, whether or not that object may be reachable from an outside source, and if the attacker has any known methods of exploiting that type of object

After identifying all the vulnerabilities that represent the largest exposure to risk, Zafran begins the mitigation process. Rather than just focusing on deploying patches, which may take longer to implement due to operational features, Zafran raises questions about adjusting security controls to limit exposure to risk. This may involve configuration changes or policy updates that limit the likelihood of exploitation while longer-term fixes are planned.

Proactive Exposure Hunting

Zafran provides proactive exposure hunting ability to find potential threat sources before they become live threats. In most environments, businesses will use periodic scans or vendor supplied patches to determine if they were impacted by new vulnerabilities. This lag time in reporting can leave holes in visibility especially with new threat types. Zafran helps to overcome this limitation by continually analyzing the environment for exposure in near real-time.

Through maintaining an accurate component inventory and dependency map for all software components across the environment, Zafran is able to determine quickly whether new publicly available vulnerability disclosures affect components already present in the company’s environment. In addition, Zafran analyzes each underlying library and package that exists within the software components and compares them against the vulnerability scanning methods that are in use.

In addition to identifying what assets are affected by newly published vulnerabilities, the Zafran software also provides context around how those assets fit into the overall network environment. To do this, it analyzes the asset’s network access and existing security controls to make a determination whether or not the newly published vulnerabilities would actually be exploitable if leveraged against the systems. This method provides a process for the security team to identify not only where there are vulnerabilities but also where the vulnerabilities may be leveraged as part of a potential attack path.

 Sanaz Yashar - Co-Founder & CEO 

“Zafran brings vulnerability findings together across existing tools, creating a unified view of exposure across the hybrid enterprise.”