Fast-growing cybersecurity startup Zafran Security Ltd. today announced that it has raised $60 million in a Series C funding.

Menlo Ventures led the round with participation from Sequoia Capital, Cyberstarts, PSP Growth, Vintage Investment Partners and Knollwood Investment. The deal comes less than two years after Zafran’s previous funding round. According to the company, its annual recurring revenue has more than tripled since that raise while its valuation has doubled.

Zafran provides a cybersecurity platform that helps companies find vulnerabilities in their infrastructure. It searches for weak points by analyzing the technical data collected by an organization’s other cybersecurity tools. Typically, different tools output the telemetry they gather in different formats. Zafran says that its platform organizes the data into a consistent format and removes duplicate items.

The company’s platform generates remediation suggestions for the issues that it finds. According to Zafran, the software can not only recommend a fix but also provide pointers on how to implement it. It might, for example, instruct administrators to reset a server after downloading an operating system patch and run tests to ensure that the patch was installed correctly.

The company announced its funding round in conjunction with the launch of a new offering called Agentic Exposure Management. According to Zafran, it uses artificial intelligence agents to streamline the vulnerability remediation workflow.

When researchers discover a new zero-day exploit, Agentic Exposure Management can check whether it affects a company’s applications. The offering checks a program’s SBOM, a file that lists its components, to determine if it contains vulnerable code. The software then generates a temporary mitigation that can be used until the application’s developer releases a patch.

Before administrators can fix a vulnerable workload, they have to find the colleague responsible for maintaining the workload. The task can take several hours in a large organization, which leaves time for hackers to launch cyberattacks. Agentic Exposure Management skips that step by using AI to identify the staffer in charge of a vulnerable system.

Fixing urgent issues quickly also requires developers to skip any low-priority vulnerabilities that might be in their queue. A zero-day flaw in a database, for example, may not have to be patched immediately if the database is behind a firewall. Agentic Exposure Management automatically evaluates whether a vulnerability can be exploited by hackers. 

“Vulnerability management burns massive analyst hours on repetitive triage and manual patching, the kind of service-oriented work that AI agents excel at automating,” said Menlo Ventures partner Rama Sekhar.

Zafran will use its funding round to develop new features and grow its international presence. 

Photo: Zafran