Vice President & Deputy Chief Security Officer at Lumen Technologies
Real User
2025-07-10T17:54:08Z
Jul 10, 2025
My use cases for Zafran Security revolve around two primary areas. One is around vulnerability management and prioritization of vulnerabilities and risks because we're a really large company with a lot of acquisitions and tech debt. If you just go by, say, Nessus or a traditional vulnerability scanner, it says you've got about 100,000 vulnerabilities that you need to address. With Zafran Security, it integrates with your security controls, allowing you to take that risk score and reduce it based on the controls in place or increase the risk based on different factors, such as if the issue is internet reachable or if there's an exploit in the wild. The second use case is around threat hunting. I have the threat hunting team under me and this focuses on zero-day vulnerabilities and industry threats. If you read the news, you can see sometimes a dozen new threats daily about specific vendors or platforms having new vulnerabilities or CVEs that are being actively exploited without a patch yet. My team ingests those reports and prioritizes which represent the biggest risk to my company, Lumen. With Zafran Security, we can quickly identify if we're using that platform or vendor and check the software version running. It gives us insight into compensating controls and identifies which systems should be targeted first for remediation.
Sr. Information Security Analyst at a healthcare company with 501-1,000 employees
Real User
Top 10
2025-05-20T14:47:00Z
May 20, 2025
Zafran Security is helping reduce the amount of critical vulnerabilities in our environments that require prompt remediation. It has helped us focus on the assets and critical vulnerabilities that actually matter and have a real impact in preventing an incident or breach. Zafran has really helped us stay current with threat intelligence and all the new vulnerability insights that come out, especially for vulnerabilities in actively exploited and may exist in runtime. The solution has helped us get new information out in front of those who must remediate immediately, which has allowed us to move swiftly with reducing vulnerability risks on the network. Because of this, the amount of time required to address vulnerability remediation has reduced. The product has also aided us in addressing infamous vulnerabilities and threat actors that are the constant variable in the threat landscape.
Vice President, Information Security at a financial services firm with 1,001-5,000 employees
Real User
Top 20
2025-04-10T07:45:00Z
Apr 10, 2025
We connect this to our vulnerability scanner as input, our security tools to better determine risk, and our change management tool to provide risk-based vulnerabilities to the remediation teams. We have three use cases: 1) What is the real Applicable Risk in our environment for new, risky vulnerabilities, especially Zero Day and CISA KEVs? 2) Do the security tools that we have in place today reduce the risk of those vulnerabilities such that we don't have to panic and patch? 3) When the patch remediation team submits an exception to delay patching a particular vulnerability on a particular system, when is the risk of accepting that exception?
Works at a healthcare company with 10,001+ employees
User
Top 10
2025-03-12T13:59:00Z
Mar 12, 2025
Our primary use case for Zafran involves leveraging it to enhance our vulnerability risk scoring methodology. In today's rapidly evolving threat landscape, accurately prioritizing vulnerabilities is crucial, and Zafran provides us with the necessary tools to achieve this. It seamlessly integrates with our existing security infrastructure, including Endpoint Detection and Response (EDR), Next-Generation Firewalls (NGFW), and Web Application Firewalls (WAF). By doing so, Zafran assesses the risk reduction capabilities these controls offer against the exploitation of identified vulnerabilities. One of the standout features of Zafran is its ability to analyze and augment risk scores by considering real-world mitigating factors that might not be apparent through standard vulnerability assessments. Traditional methods often highlight numerous vulnerabilities, many of which are not immediately exploitable or are mitigated by existing security measures. Zafran helps us cut through the noise by highlighting truly critical vulnerabilities—those with either insufficient or no mitigating controls in place. This refinement allows our security team to focus on addressing vulnerabilities that pose the highest risk, significantly enhancing our efficiency and security posture. Beyond risk scoring, Zafran enriches our understanding of our risk landscape by providing insights into various situational aspects. It detects internet-facing assets, evaluates whether a vulnerable process is actively running, and checks for the presence of known threats targeting specific weaknesses. These additional layers of context are invaluable, allowing us to make informed decisions quickly and effectively. Incorporating Zafran into our security operations has improved our overall vulnerability management strategy. It not only helps in prioritizing vulnerabilities but also supports strategic decision-making by providing a holistic view of our threat environment. This ensures that scarce resources are used effectively, focusing on vulnerabilities that require immediate attention and intervention. Zafran's user-friendly interface and comprehensive reporting capabilities make it accessible to our entire security team. Reports generated through Zafran are detailed and actionable, equipping our analysts with the insights needed to communicate risks effectively across different stakeholders within the organization. Zafran has become an indispensable tool in our cybersecurity arsenal. Enhancing our vulnerability risk scoring methodology, not only aids in identifying critical vulnerabilities but also ensures that our mitigation efforts are strategically aligned with the realities of our operational environment. In an era where cyber threats are increasingly sophisticated, having a nuanced understanding of our vulnerability risk is invaluable, and Zafran delivers precisely that. With Zafran, we've moved beyond arbitrary scoring to a more strategic, context-aware assessment of vulnerabilities, significantly bolstering our capacity to protect our assets and reduce risk enterprise-wide.
Zafran Security integrates with existing security tools to identify and mitigate vulnerabilities effectively, proving that most critical vulnerabilities are not exploitable, optimizing threat management.
Zafran Security introduces an innovative operating model for managing security threats and vulnerabilities. By leveraging the threat exposure management platform, it pinpoints and prioritizes exploitable vulnerabilities, reducing risk through immediate remediation. This platform enhances your...
My use cases for Zafran Security revolve around two primary areas. One is around vulnerability management and prioritization of vulnerabilities and risks because we're a really large company with a lot of acquisitions and tech debt. If you just go by, say, Nessus or a traditional vulnerability scanner, it says you've got about 100,000 vulnerabilities that you need to address. With Zafran Security, it integrates with your security controls, allowing you to take that risk score and reduce it based on the controls in place or increase the risk based on different factors, such as if the issue is internet reachable or if there's an exploit in the wild. The second use case is around threat hunting. I have the threat hunting team under me and this focuses on zero-day vulnerabilities and industry threats. If you read the news, you can see sometimes a dozen new threats daily about specific vendors or platforms having new vulnerabilities or CVEs that are being actively exploited without a patch yet. My team ingests those reports and prioritizes which represent the biggest risk to my company, Lumen. With Zafran Security, we can quickly identify if we're using that platform or vendor and check the software version running. It gives us insight into compensating controls and identifies which systems should be targeted first for remediation.
Zafran Security is helping reduce the amount of critical vulnerabilities in our environments that require prompt remediation. It has helped us focus on the assets and critical vulnerabilities that actually matter and have a real impact in preventing an incident or breach. Zafran has really helped us stay current with threat intelligence and all the new vulnerability insights that come out, especially for vulnerabilities in actively exploited and may exist in runtime. The solution has helped us get new information out in front of those who must remediate immediately, which has allowed us to move swiftly with reducing vulnerability risks on the network. Because of this, the amount of time required to address vulnerability remediation has reduced. The product has also aided us in addressing infamous vulnerabilities and threat actors that are the constant variable in the threat landscape.
We connect this to our vulnerability scanner as input, our security tools to better determine risk, and our change management tool to provide risk-based vulnerabilities to the remediation teams. We have three use cases: 1) What is the real Applicable Risk in our environment for new, risky vulnerabilities, especially Zero Day and CISA KEVs? 2) Do the security tools that we have in place today reduce the risk of those vulnerabilities such that we don't have to panic and patch? 3) When the patch remediation team submits an exception to delay patching a particular vulnerability on a particular system, when is the risk of accepting that exception?
Our primary use case for Zafran involves leveraging it to enhance our vulnerability risk scoring methodology. In today's rapidly evolving threat landscape, accurately prioritizing vulnerabilities is crucial, and Zafran provides us with the necessary tools to achieve this. It seamlessly integrates with our existing security infrastructure, including Endpoint Detection and Response (EDR), Next-Generation Firewalls (NGFW), and Web Application Firewalls (WAF). By doing so, Zafran assesses the risk reduction capabilities these controls offer against the exploitation of identified vulnerabilities. One of the standout features of Zafran is its ability to analyze and augment risk scores by considering real-world mitigating factors that might not be apparent through standard vulnerability assessments. Traditional methods often highlight numerous vulnerabilities, many of which are not immediately exploitable or are mitigated by existing security measures. Zafran helps us cut through the noise by highlighting truly critical vulnerabilities—those with either insufficient or no mitigating controls in place. This refinement allows our security team to focus on addressing vulnerabilities that pose the highest risk, significantly enhancing our efficiency and security posture. Beyond risk scoring, Zafran enriches our understanding of our risk landscape by providing insights into various situational aspects. It detects internet-facing assets, evaluates whether a vulnerable process is actively running, and checks for the presence of known threats targeting specific weaknesses. These additional layers of context are invaluable, allowing us to make informed decisions quickly and effectively. Incorporating Zafran into our security operations has improved our overall vulnerability management strategy. It not only helps in prioritizing vulnerabilities but also supports strategic decision-making by providing a holistic view of our threat environment. This ensures that scarce resources are used effectively, focusing on vulnerabilities that require immediate attention and intervention. Zafran's user-friendly interface and comprehensive reporting capabilities make it accessible to our entire security team. Reports generated through Zafran are detailed and actionable, equipping our analysts with the insights needed to communicate risks effectively across different stakeholders within the organization. Zafran has become an indispensable tool in our cybersecurity arsenal. Enhancing our vulnerability risk scoring methodology, not only aids in identifying critical vulnerabilities but also ensures that our mitigation efforts are strategically aligned with the realities of our operational environment. In an era where cyber threats are increasingly sophisticated, having a nuanced understanding of our vulnerability risk is invaluable, and Zafran delivers precisely that. With Zafran, we've moved beyond arbitrary scoring to a more strategic, context-aware assessment of vulnerabilities, significantly bolstering our capacity to protect our assets and reduce risk enterprise-wide.
We use Zafran Security for threat prioritization. We establish priority to understand which risks should be patched or mitigated first.