Zafran CEO Sanaz Yashar worked for the elite cyber intelligence agency Unit 8200 for 15 years and was promoted to officer in 2004.
Eric Sultan
S
Anaz Yashar was studying biology at Tel Aviv University when she got the decision: Israel’s elite cyber surveillance unit 8200 desired to recruit her. She had perhaps essentially the most unusual background of her colleagues. When she was a youngster, Yashar and her family fled their home in Tehran, the capital of Iran – one in all Israel’s biggest geopolitical enemies – and immigrated to Israel. Her background was a part of the draw for 8200, Israel’s equivalent of the National Security Agency: Yashar understood Farsi and Iranian culture, each useful for gathering details about her homeland.
After spending 15 years in Israeli intelligence and 7 years within the private sector, Yashar has now raised $30 million for a brand new company called Zafran. The cybersecurity startup’s goal is to stop spies and cybercriminals from exploiting known vulnerabilities to interrupt into corporations’ networks. It targets a pressing problem: the common data breach costs the victim company a mean of $4.5 million IBM data from 2023, and former studies have shown that cyberattacks impose costs on the worldwide economy Hundreds of billions annually.
“It’s almost biological, it’s like a self-healing platform.”
Zafran’s premise is straightforward, if technically difficult: discover which existing digital vulnerabilities are most pressing for a given customer, after which tell them how they’ll leverage the technologies they have already got to mitigate the chance. Zafran does this by scanning a customer’s network and testing application programming interfaces (APIs) to work out which controls can fix a specific vulnerability and translating that into something that even a non-technical manager can understand, Yashar says.
“It’s almost organic, it’s like a self-healing platform,” she says, explaining that the product studies each customer’s body to work out how best to fight off infections.
The idea got here about during an investigation right into a ransomware hack at a hospital when Yashar worked at Mandiant, a cyber incident response company. Yashar and her future co-founders Ben Seri and Snir Havdala worked at different security corporations but were investigating the identical incident. They were unable to recuperate the ability’s records and were later horrified to learn that the hospital had the technology that might have prevented the breach in the primary place. They had experienced the identical thing over and once more. “I’m tired of this, I can’t watch this anymore,” Yashar remembers telling Seri. He responded by spending the weekend designing a prototype of what would turn into Zafran. Yashar, Seri and Havadala resigned from their respective employers to launch the corporate at the tip of 2022.
As Zafran comes out of stealth on Thursday, the $30 million in funding so far from some VC heavyweights may also be announced. Doug Leone, a billionaire Sequoia investor with experience backing successful Israeli-founded cybersecurity startups like Wiz and Cyera, is on the board. Gili Raanan, Midas list maker and founding father of Israeli early-stage VC firm Cyberstarts, and his partner Lior Simon have also invested in Zafran, as has Penny Jar, the VC fund of basketball superstar Steph Curry.
“Containing threats is just super difficult. This is because you need a deep understanding of the customer’s network topology,” says Raanan. “You can eliminate the threat by mitigating it with controls in place. This is a new science in cybersecurity and this is what has everyone so excited about Zafran.”
Zafran’s focus is now on ultra-fast growth. It already has 12 customers, Yashar said, including a healthcare organization, but she declined to call any customers. But billionaire board member Leone says the corporate won’t deal with being the following billion-dollar startup. “Unicorn status is a measure of vanity,” says Leone, who ran Sequoia for greater than 25 years. “It takes our eye off the ball… Next we need to develop a repeatable and fast sales model.”
Zafran’s co-founders were inspired to found Zafran after witnessing quite a few corporations being hacked despite having the technology to dam the attacks.
Eric Sultan
The startup is entering a cybersecurity industry suffering from corporations claiming they’ll protect businesses from looming online threats — and grab a bit of it a $1 trillion market. Zafran must persuade security leaders that its product will actually help stem the relentless tidal wave of cybersecurity incidents that others have didn’t stop. “Companies have invested heavily in detection, response and preventative technologies, and yet breaches still occur,” said Erik Nost, principal analyst at Forrester. New technologies must sustain with the large scale and speed at which cybercriminals and digital spies move today, Nost adds.
Yashar knows exactly how briskly hackers can move. She became an officer with Unit 8200 in 2004, where she chosen foreign targets and decided how best to observe them. “She’s a great outside-the-box thinker and very creative,” says former 8200 commander Ehud Schneorson. “This is partly because she came from a different culture… but also because she was a newcomer to Israel and wanted to prove herself.”
In the mid-2010s, Yashar was on the lookout for an exit from the military and joined Cybereason, a brand new company with 8,200 former Lior Div employees (the corporate’s valuation would rise to $2.7 billion in 2021, although quite a few employees since then , including Div., have left the military). and its evaluation reduced by 90%). Yashar was hired to guide Cybereason’s cyber intelligence team in 2016, investigating a number of the most consequential hacker attacks world wide.
That led them to the epicenter of one of the vital devastating cyberattacks in history in 2017. NotPetya was a virulent, destructive malware aimed toward killing victims that included corporate giants comparable to law firm DLA Piper and global shipping company Maersk. Yashar led Cybereason’s efforts to grasp the malware in Ukraine, the origin of the attacks, and made an important discovery shortly after landing in Kiev: NotPetya had a kill switch. Anyone infected with the malware could essentially turn it off and the code could not distribute or encrypt files. Yashar and Div claim the crew later worked with Ukrainian cyber police to decipher NotPetya’s code and origins. (Ukraine’s cyber police didn’t reply to requests for comment.)
“We found all the Russian back doors. It was crazy,” she remembers. In October 2020, the US Department of Justice accused Russian spies figuring out of the GRU’s Intelligence Directorate to perform the NotPetya attacks.
During her five years at Mandiant, which was purchased by Google for $5.4 billion in 2022, she refocused on Iran and researched APT33, a bunch that has long targeted large aerospace and petrochemical corporations has apart. “They are very powerful,” she says. “I found them in more than five organizations, including critical infrastructure.”
Few founders of security startups can look back on such extensive and diverse experience. “She has spent most of her adult life trying to understand what opponents are doing,” says her old Cybereason boss, Div. “She’s real… And I’ve been around enough times now to tell you who’s doing stupid things.”
MORE FROM FORBES
