Summit Utilities Reduces CVSS Criticals by 91%
Summit Utilities is a multistate utility provider committed to reliable, secure service delivery. With patching processes built around a Microsoft stack, Summit needed a way to catch high-risk vulnerabilities that escaped standard workflows and aged into risk.
The Challenge: Patch Blind Spots and Ticketing Inefficiencies
Prior to Zafran, Summit relied heavily on Microsoft’s patch management tools to handle the bulk of its remediation efforts. While effective for most scenarios, this process often left gaps, particularly for vulnerabilities that aged beyond 30-45 days or fell outside predefined severity thresholds.
There was also no streamlined workflow for identifying, tracking, and assigning remediation efforts; the team lacked clarity and consistency in addressing lingering risk.
The Solution
Summit deployed Zafran to augment its existing patch management strategy, without needing new agents. Zafran integrated directly into Defender’s output, enriching vulnerability signals with runtime presence, internet exposure, and control coverage to uncover hidden risks.
Instead of buying a separate vulnerability scanner, Summit used Zafran’s intelligence to filter the flood of alerts down to what truly mattered, surfacing missed patches and risks aging past 30–45 days. With Jira integrations, Zafran enabled structured workflows using RemOps, including dashboards and ticket pipelines for SLA-aligned remediation.
The Implementation
The Zafran rollout at Summit was driven by the security operations team, which quickly adopted bi-weekly cadences and dashboard reviews. Summit is now expanding its use of mitigation insights and control context, with plans to build aging-based assignment rules and deeper remediation visibility.
With Zafran, we’ve got a clear view into what matters, structured workflows to act on it, and fewer risks slipping through the cracks.
Aaron Baillio, Director of InfoSec
Summit Utilities
Since implementing Zafran, Summit has:
- Achieved a 91% reduction in critical vulnerabilities by prioritizing remediation based on what truly poses risk within their environment
- Surfaced critical patching blind spots previously missed by Windows Server Update Services (WSUS) and Microsoft Defender
- Delayed or canceled the purchase of additional vulnerability scanners; freed up budget and reduced tool sprawl
- Reduced operational risk by cutting through noisy, inflated criticality scores and surfacing real threats
- Automated triage and ticket creation through Zafran’s Jira integration, aligning remediation with SLAs
Zafran is now helping Summit bridge the last mile of patch management to reduce operational risk, improve accountability, and strengthen overall posture.
Industry
Primary Use Cases
Key Outcome
See Zafran in action
See Zafran in Action
Prioritize and fix what is truly exploitable using risk context from your existing security tools
