NEW YORK, New York, March 28, 2024 – Zafran, the leader in risk and mitigation, announced today that it raised over $30 million in funding. The funding was led by Sequoia Capital and Cyberstarts, with participation from Cerca Partners and Penny Jar. Founded in 2022 by Sanaz Yashar (CEO), Ben Seri (CTO) and Snir Havdala (CPO), the company emerged as the world’s first risk and mitigation platform to pinpoint the ‘exploitable’ threats in the organization and to mitigate their risk by mobilizing existing security controls.

As attackers are getting faster and cyber threats grow exponentially, security teams are caught in a race they cannot win. According to a recent Rapid7 report, more than half of vulnerabilities were exploited within seven days of public disclosure, yet the remediation and patching of each new vulnerability takes weeks and months of planning and execution, often requiring the participation of multiple teams. Without an effective mitigation strategy, companies remain fully exposed during this exploitation window – the time between a vulnerability is discovered to the time remediation occurs. In fact, a recent Verizon report revealed that 60% of data breaches result from unremedied known vulnerabilities, underscoring the urgency for an effective risk mitigation program and execution beyond legacy patching.

"In an industry characterized by the perpetual race between attackers and defenders, the exploitation window has been consistently overlooked – and despite the inflation of security tools, organizations' risk assessments often fail to consider existing compensative security controls, ”said Sanaz Yashar, Co-Founder and CEO of Zafran. “Zafran transforms risk mitigation by mobilizing security controls against evolving threats, bridging organizations’ security gaps and blind spots and mitigating risks at scale.”

Zafran transforms risk mitigation and empowers security teams to defuse threat exploitation, by connecting to both vulnerability data and the organization’s security controls. Zafran analyzes risk while taking into account controls’ efficacy as well as exploitability factors. The company’s industry-first Mitigation Knowledge-base designed to work seamlessly with EDR, firewalls, cloud tools, and more, enables organizations to conduct a comprehensive evaluation of their risk. Zafran Applicable Risk™ reflects whether vulnerabilities are exploitable or already mitigated by compensating controls, then proactively automates mitigations to eliminate the exploitation window.

“Zafran addresses a critical pain in the security market where traditional risk assessment falls short by neglecting existing security controls and mitigation factors,” said Doug Leone, Partner at Sequoia Capital. “We are excited to support the company as it enters the next phase of accelerated growth, with a visionary platform that proactively reduces risk exposure at scale and has the potential to redefine industry standards.”

"Rarely do we back a team with the talent and aspirations to create a whole new science in cybersecurity, fusing deep cyber expertise with customer obsession," said Lior Simon, General Partner at Cyberstarts. "Sanaz, Snir, and Ben possess the capabilities and vision needed to construct the world's first risk and mitigation platform, allowing organizations to mitigate vulnerability exploitation in production without relying on legacy 'patching' and by optimizing existing security controls. We are thrilled to partner with the team from day one on this long-term and exciting journey."

About Zafran

Zafran is the market leading platform for risk and mitigation, mobilizing existing security controls to protect organizations during critical exploitation windows. The platform determines vulnerability exploitability, correlating control configuration, runtime, internet exposure, and threat intelligence exploit analysis. Zafran's hybrid, agentless solution automates mitigations, enabling organizations to proactively reduce threat exposure at scale. For more information, visit