Sold by: Horizon3.aiÂ
Deployed on AWS
The NodeZero Platform by Horizon3.ai is an offensive security platform for continuous, production risk management for organizations worldwide. Customers use autonomous pentesting, emerging threat intelligence, threat detection, and unified risk reporting to stay ahead of bad actors.
Overview
The NodeZero Platform by Horizon3.ai is an offensive security platform for continuous, production risk management for organizations worldwide. Customers use autonomous pentesting, emerging threat intelligence, threat detection, and unified risk reporting to stay ahead of bad actors.
Highlights
- Suite of autonomous penetration and operational tests: assess risk across on-prem, cloud, and hybrid networks with unlimited scope and frequency.
- NodeZero Tripwires(TM): Use integrated threat deception and detection to auto-drop and alert on decoys against your most critical exposures discovered during tests. NodeZero Rapid Response(TM): Get ahead of emerging threats with proactive alerting on zero- and N-day threats that impact your networks.
- NodeZero Insights(TM): Continuously manage your threat exposure with unified trend data about your security posture, operational KPIs, and security controls efficacy.
Details
Unlock automation with AI agent solutions
Fast-track AI initiatives with agents, tools, and solutions from AWS Partners.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
NodeZero Elite Package (500 Assets) - SKU: Pack-ST-Elite | Autonomous Pentesting Platform + Insights + Tripwires + Rapid Response | $42,500.00 |
NodeZero Pro Package (500 Assets) - SKU: Pack-ST-Pro | Autonomous Pentesting Platform + Tripwires + Rapid Response | $32,500.00 |
NodeZero Core Package (500 Assets) - SKU: Pack-ST-Core | Autonomous Pentesting Platform | $25,000.00 |
NodeZero Core to Pro Upgrade (500 Assets) - SKU: Upg-Core-Pro | Upgrade Core Package to Pro adding Tripwires + Rapid Response | $7,500.00 |
NodeZero Core to Elite Upgrade (500 Assets) - SKU: Upg-Core-Elite | Core to Elite Upgrade adding Tripwires + Rapid Response + Insights | $17,500.00 |
NodeZero Pro to Elite Upgrade (500 Assets) - SKU: Upg-Pro-Elite | Pro package upgrade adding Insights | $10,000.00 |
NodeZero Flex (1000 Assets) - SKU: N0-ST-Flex | Autonomous pentest for one-time test of an asset | $15,000.00 |
NodeZero Premium Support Gold (Up to 25K Assets) - SKU: N0-PS-GOLD | 24x7 support, Implementation up to 90 days, Customer Success Monthly | $100,000.00 |
Vendor refund policy
All fees are non-cancellable and non-refundable except as required by law.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA)Â .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
Purchases through AWS Marketplace utilize a self-service onboarding model - you deploy the solution in your AWS account using standard AWS Marketplace workflows and billing. After purchasing via Marketplace, a member of our team will contact you within 2 business days to provide access to your account.
Please reference our quick start guide at Docs.Horizon3.ai for guidance on setting up NodeZero. We offer 24/7 break fix support (https://horizon3.ai/support-policy/Â ) for all technical and operational issues with the deployed product.
Should you require professional services - such as implementation guidance, architecture consulting, or custom integrations - please contact us directly at support@horizon3.aiÂ
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
Network Penetration Testing
By NCC Group
NCC Group’s network penetration tests help you identify external or internal vulnerabilities before threat actors exploit them. As the security landscape evolves, so must our testing approach to simulate and evaluate these evolutions.
We combine the best parts of AI and automation with the expertise of our penetration testing consultants. We offer manual, autonomous, and hybrid testing approaches to adapt to your unique environment, ensuring the most efficient and effective testing for your needs.
Customer reviews
2.5
2 ratings
2 AWS reviews
|
3 external reviews
Star ratings include only reviews from verified AWS customers. External reviews can also include a star rating, but star ratings from external reviews are not averaged in with the AWS customer star ratings.
Brian W.
Effectively prioritizes vulnerabilities and has been one of the most transformative technologies
Reviewed on Sep 23, 2025
Review provided by PeerSpot
What is our primary use case?
The primary use case that we have for The NodeZero Platform is for scanning the environment and identifying vulnerabilities. The tool prioritizes vulnerabilities, focusing on the most critical ones.
How has it helped my organization?
It has evolved significantly over time. What sets this tool apart from others is its ability to prioritize vulnerabilities effectively. Many vulnerability management (VM) tools today provide users with extensive lists of vulnerabilities—often numbering in the thousands, with categories like four thousand critical and three thousand high. Upon deeper examination, it's common to find that more than half of those vulnerabilities aren't even exploitable. This results in overwhelming amounts of data without a clear focus on what needs immediate attention to improve security. In contrast, this tool excels at prioritizing vulnerabilities based on their relevance to attack scenarios. It analyzes specific attack chains to determine how critical each vulnerability is and assesses how frequently those vulnerabilities appear across various attack chains. By doing this, this tool can elevate the priority of certain vulnerabilities, allowing organizations to concentrate their remediation efforts on the most critical issues. A prime example of this effectiveness comes from an acquisition we conducted. The organization believed it had a robust security environment. However, after running The NodeZero Platform over a weekend, we discovered vulnerabilities that allowed for compromise in approximately 35 different ways. With other tools, addressing these vulnerabilities could have taken six to twelve months due to poor prioritization. In our case, we were able to eliminate the risk of domain compromise within one month and address all single-host vulnerabilities by the second month, all done with a small team, thanks to our precise focus on what truly mattered.
The solution’s feature that allows security teams to fix and re-test vulnerabilities instantly is fantastic. With traditional penetration tests conducted by a human, the process is very expensive. You typically get two weeks of testing, then you make your fixes, and sometimes you can get them to retest. However, often you have to pay extra, and sometimes you just don't have enough time. This results in going another year hoping or thinking that vulnerabilities are fixed, but they might not be. With Horizon3, you can immediately retest vulnerabilities, and it will clearly indicate whether or not they are still present. Probably 20 times in the last year or two, we were told something was fixed when it actually wasn’t. Sometimes it’s due to a patch not being applied correctly, or perhaps they missed adding a registry key. There could be various root causes. The ability to dig in with our team and confirm whether a vulnerability is resolved is crucial. They can go back and fix it, and sometimes that takes multiple attempts. So this functionality is really valuable.
The platform's real attack capabilities have massively helped in identifying vulnerabilities in our on-prem systems. The best litmus test I can give is that during our previous penetration tests, attackers would easily gain domain admin access. However, with Horizon3, we can prioritize vulnerabilities and address them effectively. We recently conducted our first penetration test where the testers were completely unable to gain domain admin access, which is impressive given that this was done by a well-known player in penetration testing.
In terms of NodeZero's Endpoint Security Effectiveness feature's impact on our understanding of potential security threats, looking at it from the endpoint perspective really helps us identify what needs to be done to address vulnerabilities. Once we know what those are, we can go in and fix them. It’s pretty cool.
What is most valuable?
Prioritization is really key; it's a massive differentiator. The prioritization aspect is crucial. The ability to capture or crack credentials and then use that to move laterally and identify additional vulnerabilities is significant. Their password-cracking capability is a distinct function that is very helpful.
Additionally, when a new vulnerability, such as a zero-day exploit, is identified, they review your previous scans to determine if you might be vulnerable to it, and they proactively notify you. That's a huge benefit.
Also, the fact that they provide fixes alongside all their identified vulnerabilities means you don’t have to search for fixes yourself. They give you specific actions to take, which is incredibly helpful and saves a lot of time.
What needs improvement?
One significant area to focus on is external vulnerabilities, particularly in the web application space. This often requires a greater level of human ingenuity, as it typically involves navigating a webpage, creating an account, and testing for various vulnerabilities, such as SQL injection. Adding this capability would be a valuable enhancement.
For how long have I used the solution?
I have been using The NodeZero Platform for approximately four to five years.
What do I think about the stability of the solution?
The only issue we’ve encountered is that sometimes the scans take a long time to complete. This happens when a credential is identified late in the scan, leading the system to attempt that credential on all the other hosts. As a result, the scans can run longer than expected and may even cause some memory issues. Fortunately, this is a relatively easy fix; you just need to increase the amount of memory on the server. Overall, it’s a minor issue.
What do I think about the scalability of the solution?
The NodeZero Platform has unbelievable scalability. The limiting factor is just where you have the hardware infrastructure to be able to add additional VMs. Anywhere you can put a VM, you can run another concurrent scan.
How are customer service and support?
I might sound like a fanboy, but I truly have about three and a half vendors that I really like. I'm generally tough on most of my other vendors, but these particular ones stand out because they are that good. From a tech support perspective, I would say they have some of the best support compared to any of the companies I work with. Microsoft, for example, is very hit or miss. Sometimes you get an excellent support representative, but I find that about 80% of the time, the person assisting you has no idea what they're doing. As for other decent options, CrowdStrike typically provides good support, but it seems like they focus more on managing tickets from an ITIL perspective, prioritizing the speed of ticket resolution over thoroughness. Zscaler is similar in that respect; They are better than Microsoft, but the quality of support can still be somewhat inconsistent.
Overall, when it comes to The NodeZero Platform's tech support, you can reach them via a chat message on their website, and they respond almost immediately. You're quickly connected with a very knowledgeable engineer, and you receive prompt responses. They are really good.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
We have used Nessus, Qualys, and Tenable as alternatives to The NodeZero Platform. We were paying for Tenable. We were paying for Qualys. We basically stopped and moved to Horizon3.
If you were looking for a super wide net of everything that you could possibly try and identify, I think the other ones might be more holistic, but their prioritization is lacking, leaving you less secure because they do not help you prioritize.
How was the initial setup?
It was super easy. From initially getting it set up to running it, it took about 24 hours. The biggest time requirement is actually getting a virtual machine (VM) stood up. If you can get a Linux VM set up, that’s the hardest part of the whole process. After that, it’s really easy.Â
From a maintenance perspective, in terms of keeping the system healthy and functional, there isn’t much that we need to do; it pretty much runs itself. However, where we do put in work is in reviewing the outputs and determining our priorities. We then collaborate with the rest of the team, particularly on the server side, to address vulnerabilities and other issues that arise. So, while there is work involved, it’s not about maintaining the Horizon3 product itself, but rather managing the findings that we need to fix.Â
The benefits of The NodeZero Platform are immediate. Just having access to a list of prioritized vulnerabilities and understanding how they were exploited in various attack chains was eye-opening. You might think you have a highly secure environment, but in reality, it can be compromised easily. This insight highlighted everything that needed improvement. Honestly, it's one of the most transformational technologies we've implemented in our company.
What's my experience with pricing, setup cost, and licensing?
They offer really fantastic pricing. We've been with them for a long time, so I believe we might have a special deal. However, from conversations with other peers, it seems their pricing is very competitive as well.
What other advice do I have?
I would rate The NodeZero Platform a 10 out of 10.
Andi Heckel
Deploying autonomous security tools improves network protection and efficiency
Reviewed on May 06, 2025
Review from a verified AWS customer
What is our primary use case?
The primary use case for the NodeZero Platform is as an extension to existing vulnerability management systems. Initially, it complemented solutions like Qualys or Tenable. However, there has been a shift towards using NodeZero to replace existing vulnerability management solutions altogether. The motivations include cost savings and addressing issues that traditional vulnerability managers might report but do not actually affect system security.
What is most valuable?
Deploying the NodeZero Platform is straightforward for me as it involves just a Docker container in a network or a network segment, saving time and eliminating the need for agents on every endpoint. Its autonomous operation, safe for production use, makes it practical to schedule pen tests during business hours. The tripwires feature acts like a honeypot, providing network alerts for potential threats. These factors make it an effective tool for enhancing security in organizations.
What needs improvement?
One of the areas where improvement is needed is in the visibility and reporting for large enterprises. The existing GUI or NodeZero insights provide better visibility, but there's still room for enhancement. Moreover, there is a need to automate interactions with other systems, particularly in triggering or opening tickets in ServiceNow . Adding the application layer would also be valuable for clients.
For how long have I used the solution?
I have used the solution for 1.5 years.
What was my experience with deployment of the solution?
No issues were encountered in deploying the NodeZero Platform. Once the firewalls are open and communication with the cloud is enabled, it's a matter of installing a Docker container or VMware and opening the ports for smooth operation.
What do I think about the stability of the solution?
I rate the stability of the NodeZero Platform a ten out of ten. We have not encountered any issues on the platform regarding accessibility, performance, or stability.
What do I think about the scalability of the solution?
I rate the scalability of the NodeZero Platform a ten out of ten. We have conducted pen tests in environments with hundreds of thousands of IP addresses without any scalability issues. The platform is built for large scale deployment and operation.
How are customer service and support?
I rate their support an eight out of ten. The support is skilled and effective, although there are sometimes delays due to bandwidth issues, possibly due to the size of the team.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Initially, NodeZero and similar solutions were used alongside existing vulnerability management solutions like Qualys or Tenable. However, there has been a shift towards replacing these existing solutions as businesses seek to address vulnerability issues more efficiently.
How was the initial setup?
The initial setup is very easy, rated 10 out of 10. It involves straightforward steps of installing a Docker container, configuring firewalls, and ensuring communication with the cloud.
What about the implementation team?
The deployment process involves an initial meeting with the client to choose the deployment method—either on a VMware or Docker container. This is followed by defining and setting up firewall rules. After preparing everything, deploying the Docker container or VMware takes a few minutes, and the pen test can begin.
What's my experience with pricing, setup cost, and licensing?
I rate the pricing a six out of ten. Pricing is moderate compared to competitors but depends on the solutions in comparison. While cheaper than XM Cyber and human pen testers, it's more expensive than vulnerability managers.
Which other solutions did I evaluate?
I evaluated Pentera and XM Cyber alongside the NodeZero Platform at various points. Pentera was assessed about two years ago, and we have clients currently using XM Cyber.
What other advice do I have?
I rate the NodeZero Platform an eight out of ten. The platform is scalable and stable, suitable for large enterprises and businesses. It needs improvement in areas like visibility, reporting, and automation with third-party systems. The overall product rating is eight.
Which deployment model are you using for this solution?
Hybrid Cloud
If public cloud, private cloud, or hybrid cloud, which cloud provider do you use?
Ken Dishon
Penetration testing adapts to our schedule with cloud integration
Reviewed on Mar 31, 2025
Review provided by PeerSpot
What is our primary use case?
To meet standards, I am required to do penetration testing periodically. This is something I can do on-demand anytime I choose, or I can set it up to recur on a recurring schedule.
What is most valuable?
The NodeZero Platform has a great cost, and its usability is straightforward. It can be deployed in the cloud. There is an on-premise container that I need to spin up to allow it to run in my environment, but it is automatically updated because it is cloud-based. It uses AI to try and gain access to my network and learns from the environment as it goes, providing a report on vulnerabilities, and demonstrates how their system exploits them to either elevate privilege or gain access to specific credentials or devices.
What needs improvement?
I haven't really come across anything that I say needs to be improved with it, other than the container runner, which tends to lose time. It does not always sync with the cloud versions, so I have to do it manually.
For how long have I used the solution?
I have used the solution for over a year.
What do I think about the stability of the solution?
Initially, there were some devices that, when it scanned, it caused network issues. So I had to exclude those, but that was fairly simple to do.
How are customer service and support?
I reached out to support and they were very responsive. I would rate them a nine out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I have reviewed other penetration testing solutions but haven't used them due to cost constraints, as they were really expensive compared to the NodeZero Platform.
How was the initial setup?
The initial setup was simple and easy to operate.
What's my experience with pricing, setup cost, and licensing?
The pricing is much more affordable than traditional penetration tests.
Which other solutions did I evaluate?
I have reviewed other penetration testing solutions but did not use any due to cost constraints.
What other advice do I have?
I would advise taking advantage of the support when you have it. For Horizon360 NodeZero, they are always responsive. Let them show you how to use it and the best way to get the most out of it. Overall, I'd rate NodeZero at nine to 9.5 out of ten.
Which deployment model are you using for this solution?
Public Cloud
Consulting
Fast, Accurate and Affordable
Reviewed on Nov 07, 2024
Review provided by G2
What do you like best about the product?
Finding the misconfigurations that have been inherent to an environment for years. Finding weaknesses that I didn't realize were an issue. Finally the ability to be alerted by Rapid Response for existing new vulnerabilities that are exploitable.
What do you dislike about the product?
No downside. If there is one part that I would like more out of is the application testing (specifically on the external pentests)
What problems is the product solving and how is that benefiting you?
Securing environments by finding weaknesses that creat major gaps within. Also validating security tools.
reviewer2331969
Doesn’t identify threats and vulnerabilities, and the reports are quite useless
Reviewed on Feb 23, 2024
Review from a verified AWS customer
What is our primary use case?
The solution is used for penetration testing.
What is most valuable?
Penetration testing and scans are useful features. These features are the reason why we started using the product.
What needs improvement?
We run the penetration testing and look at the reports. The reports are quite useless. We are looking for a different product. The tool did not help enhance our organization's cybersecurity posture. The reports had a lot of false positives. They didn't detect anything. The tool didn’t identify any vulnerabilities. The solution must detect threats and vulnerabilities.
For how long have I used the solution?
I have been using the solution for about a year. I am using the latest version of the solution.
What do I think about the stability of the solution?
We didn’t have any issues with stability.
What do I think about the scalability of the solution?
We didn’t have any issues with scalability. We didn’t need it.
How are customer service and support?
My team interacts with the support team. I haven't heard any complaints.
How was the initial setup?
The solution is deployed on the cloud. The initial deployment was easy.
What was our ROI?
We haven’t seen a return on investment.
What other advice do I have?
We used another solution parallelly. We got help from a third-party vendor to do that. I will definitely not recommend the product to others. It was quite useless for us. It didn't give us any useful results. Overall, I rate the solution a one out of ten.