Startup Zafran Security Ltd. launched today with a platform that promises to help companies more quickly fix vulnerabilities in their technology infrastructure.

The startup disclosed on the occasion that it has raised more than $30 million through a funding round led by Sequoia Capital and Cyberstarts. Cerca Partners and Penny Jar Capital contributed as well. According to Forbes, Zafran will focus on accelerating its sales efforts in the wake of the investment.

Immediately fixing vulnerabilities after they’re discovered isn’t always possible in the enterprise. The reason is that developing a mitigation can require a significant amount of time as well as specialized skills. Quickly fixing a newly discovered vulnerability is even more challenging in large technology environments, where there may already be a backlog of existing issues to address.

Zafran’s platform promises to speed up the remediation process. According to the company, its software fixes vulnerabilities using the existing cybersecurity tools installed in an organization’s network.

Cybersecurity products such as firewalls collect a significant amount of technical data that is useful for detecting vulnerabilities. But each product organizes the data it generates in a different format, which makes connecting the dots difficult. Zafran says its platform can automatically reconcile the telemetry collected by a company’s cybersecurity tools to uncover vulnerabilities.

To provide a clearer picture of security flaws, the platform enriches the information it gathers about each issue with external data points. Those data points include details on what libraries a company’s applications load into memory while they’re running. Zafran takes into account other factors as well, such as whether a given workload is accessible through the public web.

The platform uses the data it aggregates to not only detect vulnerabilities but also rank them by severity. Some cybersecurity flaws, such as those affecting an application that is isolated from the rest of a company’s network, can’t lead to a data breach. Zafran identifies vulnerabilities that don’t represent a risk, filters them and ranks the remaining issues based on their urgency.

The platform also suggests a fix for each issue it finds. Zafran could, for example, point out if a vulnerability in an application can be mitigated by changing the settings of the firewall that protects the workload. It thus reduces the need for software teams to manually develop mitigation methods, which saves a significant amount of time and effort.

Fixing vulnerabilities more quickly shrinks the time window in which hackers can launch cyberattacks. That compressed time window, in turn, helps lower the risk of data breaches.

“In an industry characterized by the perpetual race between attackers and defenders, the exploitation window has been consistently overlooked,” said Zafran co-founder and Chief Executive Officer Sanaz Yashar. “Zafran transforms risk mitigation by mobilizing security controls against evolving threats, bridging organizations’ security gaps and blind spots and mitigating risks at scale.”

Zafran disclosed today that it has signed up 12 customers to its platform since launching in 2022. Those customers include Kraft Heinz Co. and other large enterprises.

Photo: Zafran