Zafran Security

🏆 Thank you for the recognition CyberSecurity Breakthrough 🏆 #CTEM

Vulnerability Management has evolved 🔄 The problem is, most haven’t evolved with it. As vulnerability backlogs grow exponentially, organizations deal with complex hybrid and multi-cloud environments and teams are drowning in noise and toil, most are still clinging to legacy practices. That’s why I find Continuous Threat Exposure Management (CTEM) so appealing. While some have heard of the term, most don’t know where to begin. Luckily there’s resources out there though, such as Zafran Security’s Practical Guide for Evolving from VM to CTEM. I break down the guide step-by-step in my latest article, including: 🔷5 Stages of CTEM 🔷The 4 stages of exposure management maturity, including factors such as asset inventory, prioritization and exposure hunting 🔷Effective communication and workflows to facilitate not just finding issues, but fixing them e.g. Remediation Operations (RemOps) And much more. Be sure to check out the full write-up and guide, as it helps organizations pivot from a reactive to a proactive model of risk management. As someone who’s written a book on Vulnerability Management, this evolution is long overdue. https://lnkd.in/eT9HT2Db #ciso #cybersecurity #appsec #vulnerabilitymanagement

🥇 We’re THRILLED to take home the 𝐂𝐓𝐄𝐌 𝐋𝐞𝐚𝐝𝐞𝐫 distinction from James Berthoty’s 2025 Cloud Security Market Report and the 𝐨𝐧𝐥𝐲 𝐞𝐚𝐫𝐥𝐲-𝐬𝐭𝐚𝐠𝐞 𝐬𝐭𝐚𝐫𝐭𝐮𝐩 recognized. As CTEM gains buzzword status, it’s vital to separate signal from noise. James highlights it best: "CTEM leaders are building the future of doing vulnerability management at scale by taking data from multiple sources and unifying it into a single vulnerability management tool." Check out the full report for tons of great insights #CTEM #VulnerabilityManagement #ExposureManagement Sanaz Yashar Snir Havdala Ben Seri

We’re honored to receive a whopping 𝐒𝐈𝐗 𝐦𝐞𝐧𝐭𝐢𝐨𝐧𝐬 in the new Exposure Management Market Guide by Francis Odum and Aqsa Taylor, including a special callout for our Agentic Remediation™ capability. The guide truly captures the pain security teams feel today and highlights what makes Zafran Security different from the usual aggregators: 🔹 Real-time vuln discovery without piling on new agents 🔹 One unified, deduplicated inventory 🔹 Risk-based prioritization with context like runtime presence, internet reachability, and the 𝘤𝘰𝘯𝘧𝘪𝘨𝘶𝘳𝘢𝘵𝘪𝘰𝘯 of security controls (not just the presence) 🔹 AI-powered remediation that assigns high impact tickets 🔹 Measuring the real impact of security tools to show ROI One of our CISO customers put it best in the report: “𝘎𝘰𝘪𝘯𝘨 𝘵𝘰 𝘡𝘢𝘧𝘳𝘢𝘯 𝘸𝘢𝘴 𝘳𝘦𝘢𝘭𝘭𝘺 𝘵𝘰 𝘵𝘢𝘬𝘦 𝘢 𝘣𝘦𝘵𝘵𝘦𝘳 𝒓𝒊𝒔𝒌-𝒃𝒂𝒔𝒆𝒅 𝒂𝒑𝒑𝒓𝒐𝒂𝒄𝒉 𝘵𝘰 𝘪𝘥𝘦𝘯𝘵𝘪𝘧𝘺𝘪𝘯𝘨 𝘸𝘩𝘢𝘵 𝘸𝘦 𝘯𝘦𝘦𝘥 𝘵𝘰 𝘧𝘰𝘤𝘶𝘴 𝘰𝘯 𝘧𝘪𝘳𝘴𝘵 𝘢𝘯𝘥 𝘴𝘦𝘵 𝘰𝘶𝘳 𝘚𝘓𝘈𝘴.” Check out the full report in the comments Sanaz Yashar Ben Seri Snir Havdala #CTEM #AgenticAI #ExposureManagement #VulnerabilityManagement

According to new research from Google's Threat Intelligence Group, the time to exploit vulnerabilities has gone negative. What does that mean? On average, 𝐚𝐭𝐭𝐚𝐜𝐤𝐞𝐫𝐬 𝐡𝐚𝐯𝐞 𝐰𝐨𝐫𝐤𝐢𝐧𝐠 𝐞𝐱𝐩𝐥𝐨𝐢𝐭𝐬 𝐛𝐞𝐟𝐨𝐫𝐞 𝐚 𝐩𝐚𝐭𝐜𝐡 𝐞𝐯𝐞𝐧 𝐞𝐱𝐢𝐬𝐭𝐬. And with AI, we’re already seeing attackers spin up exploit kits in 15 minutes. If that’s the pace of attacks, we cannot afford to let cyber criminals hold the AI advantage. More of our customers are now exploring 𝐀𝐠𝐞𝐧𝐭𝐢𝐜 𝐑𝐞𝐦𝐞𝐝𝐢𝐚𝐭𝐢𝐨𝐧™ and automated mitigations to defuse vulnerabilities ahead of patch cycles. We are entering a new era. The question is, do we want to be the ones adapting or the ones reacting? Inspired by Chris Hughes #AgenticAI #AgenticRemediation #ExposureManagement #VulnerabilityManagement Sanaz Yashar Snir Havdala Ben Seri

We recently had the privilege of welcoming Douglas Leone of Sequoia Capital to our New York and Tel Aviv offices. No filters, no fluff, just real wisdom from a lifetime of navigating technology cycles. Doug’s journey is one of grit, determination, resilience, and curiosity. These are the same qualities we look for in our teams as they push to build a world class company. He has only invested in a handful of Israeli startups that he believes are truly best of breed, which made his visit feel especially meaningful. Our CTO, Ben Seri, led a thoughtful conversation on AI. Beyond the noise, it’s clear that meaningful use cases are emerging, and now is the moment to build something truly transformative with real impact. We are grateful to Doug for sharing his time and perspective with us. Bogomil Balkansky Sanaz Yashar Snir Havdala

"Zafran is the Holy Grail of vuln prioritization" 😎 Reddit comments hit different

Headed to SecureWorld Dallas this week? Come meet Zafran Security at #booth270 where our own Ric Lewis and Bennett Wyant will be on-site to discuss the hows and whys of transforming vulnerability management into a successful CTEM program. ✅ Save your spot today → https://lnkd.in/gv5r7y2b

The response to our 𝐀𝐠𝐞𝐧𝐭𝐢𝐜 𝐑𝐞𝐦𝐞𝐝𝐢𝐚𝐭𝐢𝐨𝐧™ launch has been incredible. In our last post, we showed how Agentic Remediation can take vulnerabilities from detection to automated patching with a human in the loop. This new demo highlights another reality of vulnerability management: many scanner findings are actually false positives. Scanners cannot account for the endless environmental conditions that determine whether a vulnerability is truly exploitable. In the video below, our AI agent investigates a flagged vulnerability in OpenSSL: 1️⃣ It researches the CVE and finds it is only exploitable on PowerPC CPUs 2️⃣ It checks the impacted asset directly and confirms it is running x86 3️⃣ It concludes that the vulnerability is a false positive, and no patch is required Here we see how Agentic Remediation reduces wasted cycles by validating exploitability in real time and separating signal from noise. Sanaz Yashar Ben Seri Snir Havdala #CTEM #ExposureManagement #VulnerabilityManagement #AgenticAI

🤯 Just days after we launched 𝐀𝐠𝐞𝐧𝐭𝐢𝐜 𝐑𝐞𝐦𝐞𝐝𝐢𝐚𝐭𝐢𝐨𝐧, Gartner featured it in their Emerging Tech Impact Radar, naming Zafran Security as a vendor. The takeaway: Humans cannot keep up with today's volume and velocity of alerts. Agentic Remediation is needed to scale response beyond human capacity. What to do: Security leaders exploring AI to improve efficiency and effectiveness of their VM programs should be testing Agentic Remediation today. 🤙 If this sounds like you, we should talk. #AgenticRemediation #ExposureManagement #CTEM #VulnerabilityManagement Sanaz Yashar Ben Seri Snir Havdala Gartner, “Emerging Tech Impact Radar: Global Attack Surface Grid,” by Luis Castillo, Tom Powledge, et al., 17 September 2025. ID G00830679