AI-Native Threat Exposure Management and Remediation

Zafran operates a risk and mitigation platform designed to help security teams answer whether their organizations are truly protected against threats. The platform aggregates, normalizes, and de-duplicates vulnerability, asset, and control data from multiple sources spanning hybrid cloud enterprises into a single source of vulnerability truth. The company’s approach focuses on understanding how attackers view networks, their methodologies, attack vectors, technologies, and business models.

Zafran establishes runtime presence of vulnerabilities, internet exposure of assets, business criticality, and threat intelligence. The platform correlates this contextual analysis with existing security defenses such as next-generation firewalls, web application firewalls, and endpoint detection and response systems to reveal vulnerabilities that are most exploitable within specific environments. The solution cuts false positives by 90% and prioritizes the 10% of vulnerabilities that actually matter, mapping exposures, attacker tactics, techniques, and procedures along with compensating controls. An AI engines make remediation recommendations.

The company has raised $130 million in total funding, including a $40 million round led by Sequoia Capital and a $70 million round led by Menlo Ventures with participation from Sequoia Capital and Cyberstarts.