Sanaz Yashar, CEO of Zafran, spent 15 years working for elite cyber intelligence agency Unit 8200, promoted to officer in 2004.
Eric Sultan
S
anaz Yashar was studying biology at Tel Aviv University when she got the call: Israel’s elite cyber surveillance Unit 8200 wanted to recruit her. She had perhaps the most unusual background of her peers. When she was a teenager, Yashar and her family fled their home in Tehran, the capital of Iran — one of Israel’s biggest geopolitical enemies — and emigrated to Israel. Her background was part of the draw for 8200, Israel’s equivalent of the National Security Agency: Yashar understood Farsi and Iranian culture, both useful for gathering intelligence on her homeland.
After spending 15 years in Israeli intelligence and seven in the private sector, Yashar has now raised $30 million for a new venture called Zafran. The cybersecurity startup aims to prevent spies and cybercriminals from exploiting known vulnerabilities to break into companies’ networks. She’s targeting a pressing problem: The average data breach costs the victim company $4.5 million, according to IBM data from 2023, and previous studies have shown cyberattacks costing the global economy hundreds of billions every year.
“It’s almost biology, it’s like a self-healing platform.”
Zafran’s premise is simple, if technically difficult: determine which existing digital vulnerabilities are most pressing for a given customer, then tell them how to use the technologies they already have to mitigate the risk. Zafran does this by scanning a customer’s network and probing application programming interfaces (APIs), to look for which controls can fix a given weakness, translating that into something even a non-technical executive can understand, says Yashar.
“It’s almost biology, it’s like a self-healing platform,” she says, explaining that the product looks at the body of each customer to determine how it can best repel infection.
The idea was spawned during an investigation of a ransomware hack at a hospital when Yashar was working at Mandiant, a cyber incident response company. Yashar and her future cofounders, Ben Seri and Snir Havdala, were working at different security companies but investigating the same incident. They weren’t able to recover the facility’s files, and were later horrified to learn that the hospital had the technology that could have prevented the breach in the first place. They’d seen the same happen time and time again. “I’m sick of this, I cannot see this anymore,” Yashar recalls telling Seri. He responded by spending the weekend drawing up a prototype of what would become Zafran. Yashar, Seri and Havadala resigned from their roles at their respective employers to start the company in late 2022.
As Zafran comes out of stealth on Thursday, it’s also revealing $30 million in funding to date from some VC heavyweights. Doug Leone, a billionaire Sequoia investor with history in backing successful Israeli-founded cybersecurity startups like Wiz and Cyera, is on the board. Gili Raanan, Midas List-maker and founder of the Israeli early-stage VC company Cyberstarts, and his partner Lior Simon have also invested in Zafran, as has Penny Jar, the VC fund of basketball superstar Steph Curry.
“To mitigate threats is simply super hard. The reason it’s hard is that you need deep understanding of the client’s network topology,” says Raanan. “You can eliminate the threat by mitigating it with existing controls. That’s a new science in cybersecurity and that’s what makes everyone so excited about Zafran.”
Zafran’s focus is now on ultrafast growth. It already has 12 customers, says Yashar, including a healthcare organization, though she declined to name any clients. Billionaire board member Leone says the company won’t be focused on being the next billion-dollar startup, though. “The unicorn status is a vanity metric,” says Leone, who ran Sequoia for over 25 years. “It takes your eye off the ball… the next thing we need to do is to develop a repeatable sales model with velocity.”
The Zafran cofounders were inspired to create Zafran after seeing numerous companies being hacked despite have the tech to block the attacks.
Eric Sultan
The startup is entering a cybersecurity industry saturated with companies claiming to be able to protect businesses from imminent online threats — and take a slice of a $1 trillion market. Zafran will have to convince security executives that its product will actually help stem the unceasing tidal wave of cybersecurity incidents that others have failed to stop. “Businesses have thrown a lot of investments into detection and response and preventative type technologies, and still we see breaches,” says Erik Nost, senior analyst at Forrester. New technologies need to match the hyper-scale and speed at which cybercriminals and digital spies are moving today, Nost adds.
Yashar knows all about the pace at which hackers can move. At Unit 8200, she’d become an officer in 2004, where she selected foreign targets and decided how best to monitor them. “She’s a great out-of-the-box thinker and very creative,” says former 8200 commander Ehud Schneorson. “That’s partly because she came from a different culture… but also because she was a newcomer to Israel and she wanted to prove herself.”
In the mid-2010s, Yashar was looking for an exit from the military and joined Cybereason, a new company of 8200 alum Lior Div (the company’s valuation would rise to $2.7 billion in 2021, though its since seen staff leave en masse, including Div, and its valuation cut by 90%). Yashar was put in charge of Cybereason’s cyber intelligence team in 2016, researching some of the most consequential hacks happening across the world.
In 2017, that led her to the epicenter of what would become one of the most devastating cyberattacks in history. NotPetya was a virulent, destructive malware designed to flatline victims, which included corporate giants like legal firm DLA Piper and global shipping business Maersk. Yashar led Cybereason’s efforts in Ukraine, ground zero for the attacks, to understand the malware, making a crucial discovery soon after landing in Kyiv: NotPetya had a killswitch. Anyone infected with the malware could essentially turn it off, and the code could no longer spread or encrypt files. Yashar’s crew later went on to work with Ukraine’s Cyber Police, as it tried to pick NotPetya’s code, and provenance, apart.
“We found all the Russian backdoors. It was crazy,” she recalls. In October 2020, the U.S. Department of Justice blamed Russian spies working out of the GRU intelligence directorate for running the NotPetya attacks.
During her five years at Mandiant, bought by Google for $5.4 billion in 2022, she returned to focusing on Iran, researching APT33, a group that has long targeted major aerospace and petrochemical companies. “They’re very powerful,” she says. “I found them in more than five organizations, including critical infrastructure.”
Few first-time security startup founders can claim such deep and diverse experience. “She’s spent most of her adult life at the center of understanding what adversaries are doing,” says her old Cybereason boss Div. “She’s legit… And I’ve been around the block enough times now to tell you who is bullshitting.”
MORE FROM FORBES
