This is the default text value
Financial Services Organization Outgrows Kenna and Adopts Evidence-Based Exposure Management
Financial Services Company Replaces Kenna
As this company's vulnerability management program matured, accuracy in risk prioritization became increasingly critical. Recognizing the limitations of Kenna and traditional vuln management, the team looked to evolve toward exposure-based risk management while preserving existing remediation workflows and operational ownership.
The Challenge: Prioritizing True Exposure Amid Noise and False Criticals
The organization had successfully used Kenna to reduce the overall number of vulnerabilities across its environment. However, over two years, major limitations emerged. The most significant issue was that end-of-life vulnerabilities were being scored as 0 out of 10, rather than receiving appropriately elevated risk scores.
Kenna’s inaccurate risk scoring made the platform no longer viable for the customer’s needs. The security team needed a solution that could continue ingesting the full breadth of vulnerability data from across the environment, while reprioritizing those findings using reliable risk context and clearly communicating remediation priorities to both operators and leadership.
The Implementation
The Solution: Using Existing Defenses to Eliminate Panic Patching
The organization selected Zafran to replace Kenna’s vulnerability prioritization capabilities while preserving existing remediation workflows. Zafran was deployed to ingest vulnerability and asset data from the organization’s existing security stack and reprioritize findings using richer context beyond severity alone.
By incorporating internet exposure and runtime context, Zafran enabled the security team to differentiate theoretical exposures from vulnerabilities that posed real operational impact. This helped focus remediation on issues that were both truly exposed and relevant, rather than reacting to false criticals.
Unlike Kenna, which lacked visibility into both end-of-life vulnerabilities and active mitigations, Zafran correlates vulnerabilities with existing security controls to determine whether issues are already mitigated and where remediation is truly required. This enabled the security team to ensure unsupported systems received appropriate attention.
Zafran’s prioritized findings were used to drive remediation tickets in Jira, improving prioritization without disrupting existing workflows.
In just weeks, we migrated from Kenna to Zafran and immediately eliminated 90% of our CVSS critical vulnerabilities.
-CISO of a major lending organization
The Results
The organization successfully replaced its prior platform without disrupting vulnerability remediation operations.
- 96% reduction of CVSS Critical/High vulnerabilities
- Restored accurate prioritization of end-of-life and high-risk vulnerabilities
- Unified vulnerability, asset, and mitigation data into a single platform
- Enhanced prioritization by incorporating internet exposure, runtime context, and mitigation-aware risk signals
- Preserved existing ticket-driven remediation workflows
- Increased confidence that remediation efforts are focused on real, validated risk
By replacing its previous vulnerability prioritization platform with Zafran, the organization preserved the operational strengths of its vulnerability management program while closing critical gaps in risk accuracy. With mitigation-aware prioritization and a unified view across existing security tools, the team now focuses remediation efforts on what truly matters, without panic patching or workflow disruption. This also gave leadership a clearer, continuously updated view of organizational risk exposure and how compensating controls reduced that risk over time.
Learn More
Zafran has redefined vulnerability management with a new operating model that transforms reactive patching into proactive risk reduction. Using your existing defenses and live risk context, Zafran helps you prove what’s truly exploitable, and mitigate it fast.
See why leading enterprises trust Zafran to focus on what actually matters. Discover the new operating model for vulnerability management.
Industry
Financial Services
Primary Use Cases
Unified vulnerability ingestion across security tools
Risk-Based Vulnerability Prioritization
Ticket-driven remediation workflows for asset owners
Key Outcome
96% reduction of CVSS Critical/High vulnerabilities
See Zafran in action
See Zafran in Action
Prioritize and fix what is truly exploitable using risk context from your existing security tools