Artificial Intelligence & Machine Learning , Fraud Management & Cybercrime , Governance & Risk Management

From Despair to Disruption: Zafran Takes on Cyber Mitigation

Amid COVID-19 Ransomware Woes, Sanaz Yashar's Frustration Sparked Zafran's Birth
From Despair to Disruption: Zafran Takes on Cyber Mitigation
Sanaz Yashar, co-founder and CEO, Zafran (Image: Eric Sultan)

A startup led by an ex-Mandiant manager emerged from stealth Thursday with over $30 million in funding to help security teams mobilize their existing controls.

See Also: The State of Organizations' Security Posture as of Q1 2018

New York-based Zafran was born not from an epiphany but rather from frustration with the limitations of existing security frameworks. Zafran co-founder and CEO Sanaz Yashar experienced this firsthand while at Mandiant helping an Israeli hospital hit by DeepBlueMagic ransomware during the peak of COVID-19. She said the attack said led to massive data loss and issues distinguishing between patients.

"The input is frustration with endless, countless failures," Yashar told Information Security Media Group. "Frustration led us to resign from Mandiant and start something new."

What Makes Zafran's Platform Unique?

Discontent with the status quo prompted Yashar to co-found Zafran in hopes of developing a mitigation platform that effectively addresses unpatched vulnerabilities. Zafran secured paying customers within six months of launch and already serves three companies in the Fortune 25, Yashar said. She wants to establish cyber mitigation as a new security technology category given its importance in the field.

Zafran aims to close the gap between threat detection and remediation by anticipating and neutralizing threats before they can be exploited by attackers, according to Yashar. She wants to use the funding led by Sequoia Capital and Cyberstarts to make Zafran's platform more scalable, integrate AI to refine the mitigation knowledge base, and assemble a team of top-tier developers, researchers and analysts.

"Raising is not hard when you're solving a real pain,"" Yashar said. "The biggest money is going toward the platform and hiring the best talent."

On the risk assessment side, Zafran wants to take a customer's existing controls under consideration when determining what vulnerabilities pose the biggest risk to them, which Yashar said will help organizations optimize their return on investment. The company's dashboard helps customers see what risk is most exploitable as well as risk reduction activity they could carry out with their existing controls.

"We aim to make our platform so intuitive that even the CEO can use it."
– Sanaz Yashar, co-founder and CEO, Zafran

Zafran has built a war game simulation that allows customers to check how well their cyber platform defends against existing threats and how much risk is reduced by paying for additional controls. The company is also building out automated mitigation playbooks that allow customers to push through changes that reduce operational risk with the click of a mouse.

"We don't see any existing category for us because we do both comprehensive risk assessment and mitigate the risk," Yashar said.

How Much Does Zafran Plan to Grow?

Yashar seeks to fill critical gaps in the cybersecurity framework by streamlining communication and operational processes between IT and security teams, streamlining patch management, and enhancing organizational resilience against cyberthreats. Specifically, Zafran can cut vulnerabilities and improve security posture by integrating comprehensive risk assessment with effective mitigation strategies.

Zafran employs 50 people today, and Yashar hopes to at least double the company's headcount by the end of 2024. Roughly a dozen of Zafran's workforce is focused on sales and marketing, and Yashar hopes to triple that figure by hiring in the United States and relocating to America herself to fuel go-to-market.

"We're more than doubling our organization this year to support our platform development," Yashar said. "Our secret sauce is talent, attracting talent, building a team that drives our vision forward."

From a metrics standpoint, Zafran plans to track its overall customer count, customer revenues, referrals from existing customers, employee growth in both R&D as well as sales and marketing, and the number of patents filed. Yashar hopes Zafran will close the gap between detection and remediation via scalability, innovation and a deep understanding of the market's needs.

"We aim to make our platform so intuitive that even the CEO can use it to mitigate risks," Yashar said.


About the Author

Michael Novinson

Michael Novinson

Managing Editor, Business, ISMG

Novinson is responsible for covering the vendor and technology landscape. Prior to joining ISMG, he spent four and a half years covering all the major cybersecurity vendors at CRN, with a focus on their programs and offerings for IT service providers. He was recognized for his breaking news coverage of the August 2019 coordinated ransomware attack against local governments in Texas as well as for his continued reporting around the SolarWinds hack in late 2020 and early 2021.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing inforisktoday.co.uk, you agree to our use of cookies.