By: Len Gomes – AWS Partner Solutions ArchitectBy: Sriram Mohan – AWS Cloud ArchitectBy: Yonatan Zerahia – Zafran Director of ProductBy: Nick Fisher – Zafran VP of Marketing
Vulnerability management has evolved beyond traditional scanning. Modern threat exposure management requires constant, AI-powered approaches that use Amazon Web Services (AWS) security services. Continuous threat exposure management (CTEM) represents a fundamental shift in how organizations address vulnerability management challenges across cloud, hybrid, and on-premises environments. Security teams struggle to manage vulnerabilities while sophisticated threat actors accelerate attack methods. Traditional vulnerability management with periodic scans and Common Vulnerability Scoring System (CVSS) based patching can’t keep pace with current attack patterns. Organizations need a new operating model that is continuous, contextual, and tightly aligned with business priorities.
This post explores how Zafran’s Threat Exposure Management Platform uses generative AI and AWS services to revolutionize vulnerability management through CTEM, so organizations can close the critical period between vulnerability discovery and risk reduction, referred to as the exposure window.
As organizations adopt cloud innovations and expand their technology portfolios, their vulnerability to attack grows exponentially. Security teams struggle against both overwhelming volumes of findings and accelerating attack timelines, with threat actors exploiting vulnerabilities within only 5 days of publication and sometimes minutes when using AI tools.
Traditional vulnerability management approaches fail in this environment, creating a widening exposure window between discovery and remediation. Legacy scanners compound this problem through blind spots, fragmented data, and performance impacts across heterogeneous infrastructure. The most dangerous aspect is that attackers now preferentially target CVSS Medium-severity vulnerabilities over Critical and High-severity ones combined. This renders conventional severity-based prioritization ineffective, demanding a fundamental shift from periodic scanning to continuous, context-aware threat exposure management.
Introduced by Gartner in 2022, CTEM reframes vulnerability management through five stages: Scoping, Discovery, Prioritization, Validation, and Mobilization. The CTEM framework focuses finite security resources on exposures most likely to be exploited in specific environments. The following graphic illustrates the constant cycle of moving through these five stages.
Figure 1: Five stages of CTEM
CTEM helps chief information security officers (CISOs) improve mean time to remediate (MTTR), maintain audit readiness, and prevent breaches through context-aware, continuous operations.
Zafran’s Threat Exposure Management Platform operationalizes CTEM across AWS services, on premises, and for multi-cloud estates. The Zafran platform is a cloud-based architecture hosted on AWS. Zafran’s architecture uses AWS services for scalability, performance, and reliability.
The platform uses Amazon Bedrock for AI-powered remediation guidance, Amazon Simple Storage Service (Amazon S3) and AWS Lake Formation for scalable vulnerability data storage, AWS Lambda and Amazon EventBridge for real-time workflow orchestration, and Amazon API Gateway with AWS Identity and Access Management (IAM) for secure tool integration.
This architecture delivers elastic scalability, processing vulnerability data across hundreds of thousands of assets while maintaining subsecond query response times. For AWS customers, this means rapid onboarding through API-only, agentless integration and elastic processing for even the largest vulnerability datasets. The following diagram illustrates this architecture.
Figure 2: Zafran Threat Exposure Management Platform cloud-based AWS architecture
Zafran processes signals from multiple security sources. These include vulnerability scanners, endpoint detection and response (EDR) tools, and cloud-based application protection platforms (CNAPP). The Zafran platform also integrates with firewalls and configuration management databases (CMDBs). Zafran creates a unified exposure graph that maps assets, common vulnerabilities and exposures (CVEs), MITRE ATT&CK techniques, and compensating controls, providing a single source of truth for vulnerability data.
Zafran integrates with your existing AWS security infrastructure through API connections, including:
Vulnerability management – Tenable, Qualys, Rapid7, Amazon Inspector
Cloud security (CNAPP) – Wiz, Prisma Cloud, Orca Security, AWS Security Hub
Endpoint protection (EDR) – CrowdStrike, Microsoft Defender, Trend Micro, SentinelOne
Network security – Palo Alto Networks, Fortinet, Cisco
Identity providers – Okta, Microsoft Entra ID (Azure AD), IAM
Ticketing and Security Orchestration, Automation, and Response (SOAR) – Jira, ServiceNow, Splunk
This agentless, API-based approach enables deployment in minutes without infrastructure changes or performance impact on production systems. Security analysts gain visibility into potential attack paths across the environment.
Instead of relying solely on CVSS scores, Zafran evaluates exploitability using five environmental signals:
1. Runtime presence – Is the vulnerable component running?
2. Internet reachability – Is the asset exposed externally?
3. Active threat intelligence – Are attackers actively exploiting this CVE?
4. Control posture – Do web application firewall (WAF), next generation firewall (NGFW), or EDR policies block exploitation?
5. Business criticality – Does the asset support mission-critical workloads?
This contextual approach reduces false critical findings by 90%, so security and IT teams can focus resources on actual risk. The following screenshot shows the tool providing contextual risk scoring.
Figure 3: Contextual risk scoring reduces CVSS 9.2 Critical to 5.9 Medium
Beyond reactive vulnerability management, security teams can use Zafran to proactively hunt for exposures before attackers exploit them. The platform answers critical questions that traditional scanners can’t:
These proactive hunting capabilities help security operations center (SOC) teams, threat intelligence teams, and incident response teams stay ahead of attackers by identifying and mitigating exposures before they become incidents.
When patching requires extended change windows, Zafran prescribes fast mitigations through existing security controls, such as WAF rules, EDR policies, and CNAPP guardrails. This approach removes lengthy patch cycles from the critical path for immediate risk reduction. The following screenshot shows a CheckPoint Firewall policy change mitigating 20,000 vulnerabilities across 128 assets, demonstrating rapid risk reduction without patching.
Figure 4: CheckPoint Firewall
CTEM’s fifth phase, Mobilization, represents where vulnerability management programs often stall. Tickets accumulate, ownership remains unclear, and MTTR increases. Zafran’s Agentic Remediation solves this challenge with AI-powered automation. Zafran’s generative AI engine, powered by Amazon Bedrock, consolidates overlapping CVEs into streamlined, high-fidelity tickets containing clear, step-by-step remediation actions. This eliminates redundant work and reduces noise for remediation teams. The following screenshot shows the UI for the remediation workflow with step-by-step patching.
Figure 5: Remediation workflow with step-by-step patching
Automate the assignment and delivery of remediation tickets to the appropriate responsible parties. Through administrator-defined rules, remediation tasks are automatically routed to the correct owners in platforms like Jira or ServiceNow, eliminating manual triage efforts and substantially reducing mean time to communicate (MTTC). This intelligent routing ensures faster response times and more efficient vulnerability management workflows.
Zafran tracks MTTR, SLA deadlines, and residual risk in unified dashboards, providing CISOs with real-time evidence of program effectiveness for executive reporting and audit preparation. As patches deploy or mitigations activate, Zafran automatically re-scores exploitability and updates stakeholders, closing the loop between security and IT operations teams.
Organizations implementing Zafran’s CTEM solution across healthcare, manufacturing, and financial services report measurable security improvements:
These results demonstrate measurable improvements in security posture while reducing operational burden on security and IT teams.
Zafran delivers a unified Continuous Threat Exposure Management platform purpose-built for modern hybrid cloud environments:
Zafran’s architecture delivers specific advantages for organizations running workloads on AWS:
AWS integration offers:
Cloud-based scalability means that:
Threat Exposure Management Platform offers deployment flexibility and provides:
For AWS customers extending security operations across hybrid environments, Zafran provides a unified platform that treats AWS findings (Amazon Inspector, AWS Security Hub, Amazon GuardDuty) alongside on-premises vulnerability data with equal depth and contextual analysis.
Modern vulnerability management demands active, contextual, and automated treatment of risk. CTEM provides the strategic framework; Zafran delivers the operational engine, powered by AWS services, enriched by existing security defenses, and accelerated by Agentic Remediation.
Whether you’re starting a CTEM program or scaling existing vulnerability management operations, Zafran provides the tools for you to:
The combination of CTEM methodology, AWS Cloud services, and generative AI capabilities represents a fundamental shift in how organizations protect their expanding attack surfaces.
Ready to transform your vulnerability management program? Explore Zafran in AWS Marketplace or request a demo to see Agentic Remediation in action.
Zafran is an ISV Partner with AI Software Competency, Zafran Threat Exposure Management Platform automatically maps security findings to controls already in your security stack, so that you know exactly what actions will provide the most risk posture improvement. With Zafran, you can significantly reduce the number of critical vulnerabilities, slash mean time to mitigate, and gain much-needed SLA relief. Contact Zafran | Partner Overview | AWS Marketplace
