Introducing The Zafran Detector
Today, we’re excited to officially launch the Zafran Detector, an innovative capability built on an obvious truth: sometimes, relying solely on data provided by other tools just isn’t enough. To give our customers the visibility and control demanded by the highest-performing cyber teams, Zafran now has its own eyes into the infrastructure.
Security products are a mix of the experience they provide, the insights they generate, and the actions they enable, but all of that depends on the quality of their underlying data. At Zafran, we’ve understood this from day one, and we’ve invested considerable effort into delivering the best possible signals to our customers.
We focused on building native detection into the platform - so we could observe risk ourselves, not wait for someone else to tell us. That’s not just a technical feature. It’s a strategic advantage.
That’s exactly what the Zafran Detector brings to the table. Today, this vision becomes reality.
Detection Must Be Continuous
To fully appreciate the need for continuous vulnerability detection, let’s walk through what usually happens when a new critical vulnerability is published. Let’s consider the case of CVE-2025-53770, the recent remote code execution (RCE) vulnerability targeting on-prem SharePoint servers.
The CVE drops. Security teams scramble. You wait for the vulnerability scanning vendor to release the relevant detection plug-in. You wait again for the next scan, or perhaps debate whether to run an out-of-band one. The clock is ticking. Then you wait even more for the results to come in, hoping there weren’t delays, failures, or assets missed due to network authentication issues or agent instability.
By the time you get a report, you’ve already burned through days. And let’s not forget: that’s just detection. Remediation hasn’t even started. This kind of lag might have been acceptable 10 years ago. Today, it’s a liability.
Figure 1: Zafran Slams The Exposure Window Shut
That’s why we built the Zafran Detector on the principle of continuous, on-demand detection. Our patented technology (US-12141297) allows us to trigger real-time inspections, at any time, without having to wait on third-party updates.
In contrast to the previous state with legacy, agent-based scanners, consider what happens in the continuous vulnerability detection process, which Zafran now enables. The new CVE makes headlines. The security team goes into action.
- Detection. The team triggers an on-demand scan right away using the Zafran Detector. Vulnerability pinpointed.
- Exposure Assessment. The Zafran platform automatically assesses your risk context: internet exposure, runtime presence, business criticality, and configuration of your available compensating controls. You immediately have situational awareness.
- Risk Mitigation. In the same breath of assessment, the Zafran platform enumerates precise, prescriptive risk mitigation actions to take NOW, with your existing defenses and without waiting on patching at all. The security control owner deploys the mitigation on that same day. Crisis controlled.
- Remediation. In parallel, Zafran’s RemOps engine formulates an AI-optimized remediation plan, creates a ticket using your existing ServiceNow or Jira system, and routes the tasks to the right owners. All automatically and with supporting evidence, to rapidly move past debate and to rally consensus. Communications streamlined, patching coordinated. The result: the vulnerability is *remediated* ASAP.
No waiting for scanner agent plug-ins. No hoping your scanner “catches up” with the bad guys. With the Zafran Detector, you have a continuous SBOM across hybrid environments and can run inspections instantly, without waiting for updates from any external vendor. This leads to dramatically faster response times when new risks emerge.
And the best part?
You don’t need to deploy yet another agent. You just plug in one API key to your existing EDR, cloud, or endpoint management tool, and visibility is immediate.
Why Are We Still Managing So Many Agents?
Ever asked yourself why your environment needs an agent for endpoint protection, another for IT operations, and yet another just for vulnerability scanning, all running side by side, just to understand your risk?
It’s redundant. And with Zafran, it’s no longer necessary.
The reality is, most organizations are already deploying powerful agents - EDR, endpoint management, and cloud tools - that have deep visibility into system behavior. But the traditional vulnerability management world hasn’t kept up. It’s still stuck in an era where you need to roll out separate agents and execute detections just to get basic scan results.
That’s inefficient.
With the Zafran Detector, we take a different approach. Instead of asking you to deploy another agent, we leverage what you’ve already invested in. Whether it’s your CrowdStrike, SentinelOne, Tanium, Intune, Jamf or AWS SSM (just to name a few!), we ride on top of it, using their footprint to deliver contextualized, first-party detection without additional overhead.
You get faster time-to-value, less operational friction, and no more struggling with agent rollout, compatibility, or asset coverage gaps. It blends the simplicity of agentless deployment with the context-rich visibility of agent-based solutions.
Beyond CVEs: A Broader Understanding of Risk
Let’s be clear: the Zafran Detector isn’t just about finding CVEs. That’s table stakes.
The Zafran Detector provides deep, contextual visibility that traditional scanners simply aren’t built for. We go beyond basic version checking or signature matching; we continuously ingest and analyze a wide range of signals across your hybrid footprint.
This includes runtime process data, giving visibility into what’s actually executing on each host; internet exposure traces and evidence, revealing which assets are reachable from the outside world; and host-based firewall configurations, showing how traffic is segmented and where gaps may exist. We also assess installed security tooling, not just identifying what’s in place, but critically, what’s missing.
This lets us build a real-time risk profile of each asset, not just a static list of vulnerabilities.
You’re not just asking, “Does this machine have Log4j?”; you’re asking, “Is this asset exploitable, reachable, and missing controls?” And now, with greater certainty and higher fidelity. So you can act quickly and decisively on your biggest risks.
This level of visibility is exactly what security teams need to move from patch management to exposure management.
Zafran’s Exposure Management Vision: A Step Forward
This launch marks a major milestone for us at Zafran.
We started this journey by tackling the hardest part of vulnerability management: deciding what matters. Prioritization was our first chapter, surfacing real business risk, not just noise.
Then we doubled down on remediation workflows, building our RemOps engine to automate fixes, track ownership, and drive accountability across teams.
And now, with the launch of the Zafran Detector, we’ve closed the loop. We are no longer solely dependent on external data sources to understand where risk lives. We can see it ourselves.
This positions Zafran as the first native end-to-end exposure management platform, one that detects, prioritizes, mitigates, remediates, and tracks risk under one unified data model.
We will of course continue to integrate with the tools you already rely on, enriching Zafran’s insights with external data where it adds value. But by having our own detection capabilities, we gain the control, speed, and deep context that integrations alone simply cannot provide.
Ready to Discover Risk Like Never Before?
The Zafran Detector is available now. Watch and share the 2-minute explainer video here.
Whether you’re just starting your exposure management journey, or looking to level up your detection and remediation game, this is your opportunity to see more, act faster, and reduce risk at scale. That’s the power of Zafran.
