Customer Reviews

"Integration with security tools to determine the real risk. This is one of the key differentiators: CVSS and EPSS are not always completely accurate for every organization. By connecting directly to these tools, Zafran is able to determine if a security tool alerts or blocks on exploits for an open vulnerability. If the system is protected with a block mode prevention capability in a security tool, the applicable risk is reduced. This can provide more measured and change-managed patching and remediation. We are continuing to add new integrations as we bring them into the company, including a Breach & Attack (BAS) tool. While you have options on what tools to integrate with, the more you integrate, the better it is to determine Applicable Risk."

"I see the benefits of Zafran Security as soon as we got our first major integration done. We were a little bit different than most companies, having a non-standard setup. We opted for a private SaaS solution, standing up a small, self-contained version of Zafran Security in our private cloud due to certain government and compliance obligations regarding our vulnerability and risk data. It took a couple of months to set that up, and then about another month for the first integration. We started seeing benefits within the first three to four months, and since then we have been dialing it in with additional integrations."

"What I appreciate the most about Zafran Security is that it is awesome, and the ability to identify truly critical vulnerabilities that needs to be addressed is a standout feature. We saw benefits from Zafran Security almost immediately after deploying it."

"The compensating controls consideration of Zafran brings a new light to TVM that we've never had before. It is unique compared to other Continuous Threat Exposure Management (CTEM) platforms where vulnerability risk is adjusted based off protections in place for our assets. When we were going to market for a solution, this feature alone drew our attention. Integrating with our existing security stack and encompassing all of this data together has been game changing."

"The features we have found most valuable in Zafran Security are the Mitigations and Exposure Tracker modules, as they significantly enhance our risk management processes. The Mitigations module is particularly beneficial because it identifies impactful risk-reducing measures that can be implemented by simply enabling minimal features. This efficiency allows us to bolster our security posture without substantial changes to our existing processes or infrastructure. It's incredibly useful for prioritizing actions that yield maximum security benefits with minimal effort, ensuring that our resources are utilized where they make the most difference."

"I appreciate the weekly insights Zafran provides, which include critical topics for networks and IT security, allowing us to evaluate which insights apply to our environment. The organization score feature is valuable to keep the leadership team updated on how our infrastructure fares security-wise. The applicable risk level versus base risk level feature is beneficial because prior to Zafran, we only used the base risk level, but now understand that risk depends on the asset itself. Zafran is an excellent tool."