Global Pharma Leader Enhances Threat Prioritization and Risk Visibility
Novartis is a Fortune 500 pharmaceutical company operating in over 70 countries worldwide.
The Challenge
Threat Prioritization & Exposure Management Novartis teams were investing significant time and resources to manually identify and address vulnerabilities at scale. Their existing tools evaluated CVEs and control gaps, but often lacked insight into whether vulnerabilities were actually exploitable in their environment. Many of the tools in place failed to factor in compensating controls, internet exposure, or whether existing defenses could neutralize the risk. As a result, the organization faced difficulty in determining which exposures warranted immediate attention.
The Solution
Zafran stood out by aggregating vulnerability signals and applying advanced risk context — including runtime presence, internet exposure, and threat actor activity—to identify the exposures most likely to be exploited.
Zafran's ability to surface internet-facing assets was especially impactful. In one instance, Novartis identified four exposed assets linked to activity from threat actor group BlackBasta — two of which were internet-facing and two that had misconfigured security controls.
Zafran also enabled Novartis to evaluate the effectiveness of their existing security stack, turning previously passive defenses into active inputs for risk prioritization and decision-making.
Implementation
Implementation was performed in-house with support from Zafran.
Results
With Zafran, Novartis transformed how they manage cyber risk — streamlining remediation workflows by consolidating overlapping vulnerabilities and surfacing only the most actionable items. This drastically reduced ticket noise and optimized the use of both internal and outsourced resources.
Zafran identified the riskiest 0.004% of assets exposed to the internet, and found they lacked active firewall protection. This level of visibility, delivered in under 5 minutes, helped Novartis take immediate action to harden their perimeter.
Overall, they achieved a 95% reduction in critical CVEs, enabling security teams to shift focus from blanket patching to precision mitigation. Today, Zafran is a cornerstone of Novartis’ exposure management strategy, continuously evaluating defenses against known threat actors and supporting M&A due diligence with scalable, risk-based visibility.
Novartis is a Fortune 500 pharmaceutical company operating in over 70 countries worldwide.
Industry
Primary Use Cases
Key Outcome
25K+
In under 5 minutes, Zafran uncovered over 25K vulnerabilities across 10 assets thought to be protected by firewalls
See Zafran in action
Learn More
Zafran works closely with its customers, to transform exposure management to remain ahead of adversaries, to know with confidence what is most exploitable in their environment, and to rapidly remediate the risk. We invite you to see what our customers already know. Come see the power of Zafran.
See Zafran in Action
Prioritize and fix what is truly exploitable using risk context from your existing security tools
