Global Pharma Leader Transforms Vulnerability Management with Risk-Based Prioritization
The customer operates across more than 70 countries and maintains a security stack that includes over 20 tools. With more than 300,000 assets and a rapidly evolving threat landscape, they needed a better way to identify, prioritize, and respond to vulnerabilities.
The Challenge: Vulnerability Prioritization & Exposure Management
This customer’s teams were investing significant time and resources to manually identify and address vulnerabilities at scale. Their existing tools evaluated CVEs and control gaps, but often lacked insight into whether vulnerabilities were actually exploitable in their environment. Many of the tools in place failed to factor in compensating controls, internet exposure, or whether existing defenses could neutralize the risk. As a result, the organization faced difficulty in determining which exposures warranted immediate attention.
The Solution
Zafran aggregated vulnerability signals and applied advanced risk context, such as runtime presence, internet exposure, active threat actor activity, and the configuration of existing compensating controls, to identify the exposures most likely to be exploited.
For the customer, Zafran's ability to surface internet-facing assets was especially impactful. In one instance, the customer identified four exposed assets linked to activity from threat actor group BlackBasta, two of which were internet-facing and two that had misconfigured security controls.
Zafran also enabled the customer to evaluate the effectiveness of their existing security stack, turning previously passive defenses into active inputs for risk prioritization and decision-making.
The Implementation
The Result
With Zafran, the customer shifted from a volume-based vulnerability management program to a context-driven vulnerability management program that consolidates overlapping findings, surfaces exposures proven exploitable, and streamlines remediation across internal and outsourced teams. Key outcomes include:
- Identified the 0.004% of assets that were internet-facing, lacked active firewall protection, and contained CVSS “critical” vulnerabilities, pinpointing the exposures most likely to be exploited.
- Delivered actionable visibility in under five minutes, enabling immediate hardening of high-risk assets using existing defenses.
- Achieved a 95% reduction in critical vulnerabilities, allowing teams to focus on the small subset of CVEs that truly mattered instead of patching everything.
Today, Zafran serves as a core platform for continuous exposure management, validating control coverage, surfacing new exploitable gaps, and enabling faster, evidence-based remediation across the enterprise.
Industry
Primary Use Cases
Key Outcome
95%
Zafran reduced CVSS Criticals for the customer by 95%
See Zafran in action
See Zafran in Action
Prioritize and fix what is truly exploitable using risk context from your existing security tools
