Sold by: Horizon3.ai
Deployed on AWS
The NodeZero Platform by Horizon3.ai is an offensive security platform for continuous, production risk management for organizations worldwide. Customers use autonomous pentesting, emerging threat intelligence, threat detection, and unified risk reporting to stay ahead of bad actors.
4.6
Overview
The NodeZero Platform by Horizon3.ai is an offensive security platform for continuous, production risk management for organizations worldwide. Customers use autonomous pentesting, emerging threat intelligence, threat detection, and unified risk reporting to stay ahead of bad actors.
Highlights
- Suite of autonomous penetration and operational tests: assess risk across on-prem, cloud, and hybrid networks with unlimited scope and frequency.
- NodeZero Tripwires(TM): Use integrated threat deception and detection to auto-drop and alert on decoys against your most critical exposures discovered during tests. NodeZero Rapid Response(TM): Get ahead of emerging threats with proactive alerting on zero- and N-day threats that impact your networks.
- NodeZero Insights(TM): Continuously manage your threat exposure with unified trend data about your security posture, operational KPIs, and security controls efficacy.
Details
New
Introducing multi-product solutions
You can now purchase comprehensive solutions tailored to use cases and industries.
Features and programs
Financing for AWS Marketplace purchases
AWS Marketplace now accepts line of credit payments through the PNC Vendor Finance program. This program is available to select AWS customers in the US, excluding NV, NC, ND, TN, & VT.
Pricing
Pricing is based on the duration and terms of your contract with the vendor. This entitles you to a specified quantity of use for the contract duration. If you choose not to renew or replace your contract before it ends, access to these entitlements will expire.
Additional AWS infrastructure costs may apply. Use the AWS Pricing Calculator to estimate your infrastructure costs.
Dimension | Description | Cost/12 months |
|---|---|---|
NodeZero Elite Package (500 Assets) - SKU: Pack-ST-Elite | Autonomous Pentesting Platform + Insights + Tripwires + Rapid Response | $42,500.00 |
NodeZero Pro Package (500 Assets) - SKU: Pack-ST-Pro | Autonomous Pentesting Platform + Tripwires + Rapid Response | $32,500.00 |
NodeZero Core Package (500 Assets) - SKU: Pack-ST-Core | Autonomous Pentesting Platform | $25,000.00 |
NodeZero Core to Pro Upgrade (500 Assets) - SKU: Upg-Core-Pro | Upgrade Core Package to Pro adding Tripwires + Rapid Response | $7,500.00 |
NodeZero Core to Elite Upgrade (500 Assets) - SKU: Upg-Core-Elite | Core to Elite Upgrade adding Tripwires + Rapid Response + Insights | $17,500.00 |
NodeZero Pro to Elite Upgrade (500 Assets) - SKU: Upg-Pro-Elite | Pro package upgrade adding Insights | $10,000.00 |
NodeZero Flex (1000 Assets) - SKU: N0-ST-Flex | Autonomous pentest for one-time test of an asset | $15,000.00 |
NodeZero Premium Support Gold (Up to 25K Assets) - SKU: N0-PS-GOLD | 24x7 support, Implementation up to 90 days, Customer Success Monthly | $100,000.00 |
Vendor refund policy
All fees are non-cancellable and non-refundable except as required by law.
Custom pricing options
Request a private offer to receive a custom quote.
Legal
Vendor terms and conditions
Upon subscribing to this product, you must acknowledge and agree to the terms and conditions outlined in the vendor's End User License Agreement (EULA) .
Content disclaimer
Vendors are responsible for their product descriptions and other product content. AWS does not warrant that vendors' product descriptions or other product content are accurate, complete, reliable, current, or error-free.
Delivery details
Software as a Service (SaaS)
SaaS delivers cloud-based software applications directly to customers over the internet. You can access these applications through a subscription model. You will pay recurring monthly usage fees through your AWS bill, while AWS handles deployment and infrastructure management, ensuring scalability, reliability, and seamless integration with other AWS services.
Resources
Vendor resources
Support
Vendor support
Purchases through AWS Marketplace utilize a self-service onboarding model - you deploy the solution in your AWS account using standard AWS Marketplace workflows and billing. After purchasing via Marketplace, a member of our team will contact you within 2 business days to provide access to your account.
Please reference our quick start guide at Docs.Horizon3.ai for guidance on setting up NodeZero. We offer 24/7 break fix support (https://horizon3.ai/support-policy/ ) for all technical and operational issues with the deployed product.
Should you require professional services - such as implementation guidance, architecture consulting, or custom integrations - please contact us directly at support@horizon3.ai
AWS infrastructure support
AWS Support is a one-on-one, fast-response support channel that is staffed 24x7x365 with experienced and technical support engineers. The service helps customers of all sizes and technical abilities to successfully utilize the products and features provided by Amazon Web Services.
Similar products
NCC Group’s network penetration tests help you identify external or internal vulnerabilities before threat actors exploit them. As the security landscape evolves, so must our testing approach to simulate and evaluate these evolutions.
We combine the best parts of AI and automation with the expertise of our penetration testing consultants. We offer manual, autonomous, and hybrid testing approaches to adapt to your unique environment, ensuring the most efficient and effective testing for your needs.
Smarter automation starts with better data. NodeZero MCP Server plugs exploitability intelligence into your existing AI ecosystem. Now your tools can prioritize, orchestrate, and validate based on attack paths proven to be exploitable, not guesswork.
Customer reviews
Dr. Michael N.
Intuitive Yet Powerful—A Critical Part of Our Cybersecurity Toolbox
Reviewed on Jan 16, 2026
Review provided by G2
What do you like best about the product?
It is both intuitive and thorough with easy integration and implementation. During product review, NodeZero became an obvious choice because interaction was simple enough for our nontechnical personnel to follow yet the platform capabilities matched those of skilled professionals. The company has VERY responsive customer service and keeps up with the most recently discovered vulnerabilities and offers rapid release of testing against them. This has become a highly used and critical part of our cybersecurity toolbox.
What do you dislike about the product?
The only issue is something I just discovered and have not brought to their product team yet. Tripwires doesn't report the specific machines it failed on and succeeded on in an obvious manner.
What problems is the product solving and how is that benefiting you?
The NodeZero platform continuously uncovers our unknown unknowns. If an organization does not know they have a vulnerability, they cannot patch it. NodeZero solves this problem of the unknown unknowns.
Mariya O.
Essential for Compliance and Flexibility
Reviewed on Jan 14, 2026
Review provided by G2
What do you like best about the product?
I really like the service and attention that NodeZero from Horizon3.ai offers. The platform's CMMC aligned guidance is great, providing us with the necessary support to comply under CMMC and covering those pentest controls. I appreciate the flexibility to run focused or ad hoc tests, which is invaluable for us. The expertise of the team is unmatched, and I couldn't have chosen a better company. You all are great, and Will is particularly excellent. The initial setup was very easy too.
What do you dislike about the product?
N/A
What problems is the product solving and how is that benefiting you?
NodeZero from Horizon3.ai identifies vulnerabilities, provides solutions, and ensures compliance. It aligns with CMMC, covering pentest controls expertly. Its flexibility for focused or ad hoc tests and exceptional service make it invaluable.
Brian Burnett
Has improved internal and co-op security validation through detailed reporting and continuous vulnerability detection
Reviewed on Oct 31, 2025
Review provided by PeerSpot
What is our primary use case?
The NodeZero Platform is used internally every month, aligned with the patch cycle, to run the pen test and validate the patching that was done previously and find anything new in the environment. It is run at least monthly, and if something else comes up, it is run between those times. Additionally, The NodeZero Platform is used to perform pen testing for co-ops. Since some internet infrastructure is shared with co-ops, the platform can be deployed and a virtual machine can be spun up in their environment. They provide IP ranges, the pen test is deployed, the report comes back, and it is shared with them. This has been a great capability to provide to co-ops.
What is most valuable?
My favorite feature of The NodeZero Platform is that all of it has been really good. The reporting piece is very clear and very useful, which was a big piece from the start. The reporting is huge, and the fact that it learns the environment on an ongoing basis is impressive. An external third-party pen tester is brought in every two years, and the plan is to move it to every three years. After the third party conducts the pen test, The NodeZero Platform is run, and it finds the same things they found and sometimes a few other things that they did not even identify. It has stood up against that test every time.
The feature that allows security teams to fix and retest vulnerabilities instantly adds a lot of quick mitigation and the ability to fix issues on the fly. Everything that has been added and modified and improved since acquiring the tool has worked seamlessly.
The Real Attack Capabilities help in identifying vulnerabilities in on-premises systems because if patching was missed, it will identify that. With deployment across the system, any recent vulnerability will be found. The way it learns the environment makes it an easy-to-use tool. It does what it says it is going to do, which is finding vulnerabilities as they appear.
The Endpoint Security Effectiveness feature helps in understanding potential security threats better because everything that it identifies improves things on an ongoing basis. It ensures that everything is kept current, so it adds an extra layer to what is being done with the main EDR solution.
What needs improvement?
The speed of the scans takes some time, but in my opinion, it is not surprising for what it is doing. It could be a little quicker, but speed does not necessarily mean it is going to be better, since speed does not equate to doing what it needs to do.
For how long have I used the solution?
The NodeZero Platform has been used for about close to four years.
What do I think about the stability of the solution?
Regarding stability, it has never crashed, and there has not been any lagging from deployment or running. It is sometimes run randomly to see if managed service personnel will get alerted, and it has performed as expected. There has not been anything with lag or alerts, it has not crashed, and it has not caused issues.
What do I think about the scalability of the solution?
The scalability of The NodeZero Platform has been great because it is offered out to the 26 co-ops that are worked with, and over half of those have had it run on their environment, and it has worked out great.
How are customer service and support?
Technical support has never been contacted because there have never been any issues that required reaching out to them.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
There have not been any alternatives encountered that can be compared with The NodeZero Platform. After conversations with people and they have looked at it, nothing has stood out as being worth even trying to test. There is nothing that compares to it from everything that has been seen.
How was the initial setup?
The initial deployment of The NodeZero Platform was easy, from what is remembered, as that was about four years ago.
What about the implementation team?
The networking team was involved in this type of job, and it was probably just one of the networking team members and a senior engineer.
What was our ROI?
A reduction in remediation time has been seen because it is finding things before they happen. Much time is not being spent on remediation since acquiring it because it is finding things before they become an issue. Even if there is a zero-day and patching is done and then run, it verifies that, so it is preventing a lot of remediation time with anything.
What's my experience with pricing, setup cost, and licensing?
The pricing has been good, as it has not made huge leaps. Contracts and renewals are handled, so the changes have not been astronomical. It has stayed typically below what was expected for the changes as contracts are renewed, so it has all been fine.
What other advice do I have?
The overall rating given to The NodeZero Platform is ten out of ten.
Timothy Rice
One-click re-testing has validated remediations and improved threat visibility
Reviewed on Oct 21, 2025
Review provided by PeerSpot
What is our primary use case?
We use The NodeZero Platform for control validation and we are also looking for the likelihood of vulnerabilities.
What is most valuable?
I think the one-click feature to fix and re-test vulnerabilities is great. This feature allows us to validate whether the remediation actually resolved the issue. It's pretty easy. You click it and it starts scanning. This is super helpful. I don't think anybody else has anything like that.
The NodeZero Platform 's real attack capabilities help in identifying vulnerabilities on our on-prem systems because it provides actual vulnerabilities by attacking our systems. It shows us whether it really was able to do or meet the objectives that a threat actor could do. It really helps identify the likelihood instead of simply indicating a potential vulnerability.
The NodeZero Platform impacts my understanding of potential security threats in an eye-opening way. It provides validation of the actual security flaw, and it also provides remediation steps. Usually, it's an article that's written up, but it also shows proof as well.
I haven't seen much of an impact on my remediation time from using The NodeZero Platform. I think what it does is it justifies a vulnerable aspect. For the most part, it does speed up remediation because we have proof that there is a vulnerability. We classify those vulnerabilities as a POF or a Pants on Fire and they have to be remediated within 72 hours. It does help remediate.
What needs improvement?
I think The NodeZero Platform could improve by leveraging GPUs for password cracking, which would be pretty good.
For how long have I used the solution?
I have used the solution for about two and a half years.
What do I think about the stability of the solution?
I haven't seen any stability issues such as crashing, lagging, or downtime. I have seen that their portal has been inaccessible for probably about 30 minutes one time.
What do I think about the scalability of the solution?
The NodeZero Platform is very scalable.
How are customer service and support?
I have never had to contact their technical support or customer support.
How would you rate customer service and support?
Neutral
Which solution did I use previously and why did I switch?
We've used Pantera, Symptom and Attack IQ.
How was the initial setup?
The initial deployment was so easy. It only took us about five minutes.
What's my experience with pricing, setup cost, and licensing?
I think the pricing could be a little bit more competitive. For example, Centerra had a little bit more flexible pricing than NodeZero.
Which other solutions did I evaluate?
I would say Pentera is the closest competitor to The NodeZero Platform. When I compare them, I think the flexibility of scanning is where Horizon 3 edges Pentera . Pentera does a better job at cracking passwords, but deploying remote nodes is very difficult. It's kind of convoluted, so it makes it difficult to operate. The NodeZero Platform's pricing is competitive. I think it could be a little bit more competitive. For example, Pentera had a little bit more flexible pricing than The NodeZero Platform.
What other advice do I have?
Based on everything we've looked at and used in the past, I would rate The NodeZero Platform a 10 out of 10 as they are the best.
Shaun Hunt
Has unified our IT teams by providing clear visibility into network vulnerabilities and accelerated remediation with real-world attack testing
Reviewed on Oct 21, 2025
Review provided by PeerSpot
What is our primary use case?
For us, The NodeZero Platform is literally the single best security solution we have because the way that it works is we're able to scan every part of our network, both internally and externally, and then get completely actionable feedback that doesn't matter if it's for an application developer or a network admin. The way that the feedback is presented leaves no room for what is the problem. Our use cases are internal network scans, external penetration tests, and then all of the remediation that goes along with those two results. The final use case that we use is we actively scan every single network password and make sure that no one has password reuse, duplication, or any of the things that have gotten a lot of other companies in trouble. This is one of their easiest features to start with. That is the primary use case.
What is most valuable?
The favorite feature of The NodeZero Platform is that it's easiest from a password perspective because when examining all the things in cybersecurity and all the things in the news, it almost always comes down to somehow the bad guys got someone's username and password. Being able to scan literally thousands of passwords to see if there's an issue with them and then immediately take action is amazing because it keeps our network safe and we don't have to worry about constantly having accounts taken over by criminals. By immediately taking action, they told us about this thing that allows the security teams to fix and retest vulnerabilities instantly, which is their one-click feature.
For us, it's so quick to test every single password. We're able to get a list of anyone that has a password that is compromised because some other website, they use that same password. We're able to actually just rescan all passwords in such a short period, we don't need to use the one-click verification. That's more for if there's a vulnerability on a specific computer or server, which we do use that as well. But just the ability to scan all passwords in such a short time is my favorite feature.
The NodeZero Platform's real attack capabilities have helped in identifying vulnerabilities in our on-prem systems in a few ways. First and foremost, other security platforms used to have so many things that they would report on. Because they would give so many issues and in a way that wasn't clear, a lot of times there was ambiguity and the different sub-teams within IT would disagree on how the problem was or if there was a problem. The way that it's helped us is that it got rid of all of that confusion. We're able to see an issue and then resolve an issue. The one-click verify has helped us several times because in the past, we would do a penetration test once a year and if we thought we fixed it, we would wait a whole other year until we figured it out. Now with the one-click verify, our team will take an action, scan it again, and then a lot of times, even though the fix is pretty straightforward, it doesn't solve the issue. For instance, everyone has NVIDIA in the news all the time because they have these amazing graphics cards. We had an issue. We thought we resolved it. We updated a version, we did the one-click verify, the issue was still there. It said to upgrade to the newest version. So we upgraded another version, did the one-click verify, still was an issue. We ended up going through four or five different iterations and then realized what was actually the problem is that one of the checkboxes needed to be checked differently across our network. Being able to actually go through those iterations so quickly has really helped from a security standpoint.
What needs improvement?
One of the things that we've shared with Horizon is just the reporting. They've made a lot of changes over time, but when examining computers, most average normal people don't look at a computer and identify it as 114.82.117.180. They identify it as 'the printer for accounting.' When many of the reports give the very detailed technical IP address or serial number, that's really not helpful for anyone other than the person, the hands-on person that's trying to remediate it. All the managers, all the leaders, having information in that format isn't helpful. Being able to have information about what those devices are would be very helpful.
There's a technical reason they can't just have an easy button because some people have really complicated networks. When examining things for the average company, the average executive, that 114 number, there's only one of those. But if examining an AT&T or a Walmart, it isn't unique. They haven't solved that problem. But for the 90% of companies, being able to have just a human readable name for all devices on your network in all of the reports all of the time would be the most beneficial.
For how long have I used the solution?
We've been using The NodeZero Platform for a little over four years now.
What do I think about the stability of the solution?
I have not seen any lagging, crashing, downtime, or anything with The NodeZero Platform. I had some unusual situations where because some of our third parties had their systems misconfigured, our scan would run forever because we would start scanning beyond our own four walls of our company. But we've never had major issues with the product itself.
What do I think about the scalability of the solution?
Our company has about 2,000 people, about 5,000 total devices including phones and network equipment. We're a medium-sized company and it takes us a few hours to run every single scan. I am uncertain how it would work if you're on an AT&T or a Walmart where you have a million network objects. I would think it does fairly, but I don't have the experience to say anything more than what we do, which is a mid-sized company.
How are customer service and support?
I have contacted their technical support or customer support many times. The main reason that we contact their technical support and customer support isn't because their product isn't working, it's because their product tells us we have an issue and we need a little bit more help on how we actually resolve the issue. They'll have really good guidance, but sometimes we need to say how they really found this because we're seeing this other flag set this way and we need their help. So we reach out to their support to help resolve the issues that we have within our own environment, not with their product.
My team's been very happy with The NodeZero Platform support. They're not 100%, but their support is above average. Sometimes even their support doesn't know why we're seeing certain issues. But the vast majority of times they are able to resolve the exact questions my team has on the first attempt, which is really good for customer or technical support. On a scale from 1 to 10, most of the time I'd give them a 10 out of 10. Sometimes you get people and it's not their best subject. Not every person is always 100% with every issue, but grading against other customer supports of similar products, 10 out of 10.
How would you rate customer service and support?
Positive
How was the initial setup?
The initial deployment of The NodeZero Platform was extremely easy. They basically just need you to install a scanner on your network or wherever you want to scan from. Then you just click a couple of buttons and wait a few hours and then voila, you have results. We've learned a lot over time where there's certain things that maybe we weren't doing as optimally as we wanted, but the initial deployment from the time that we saw a demo to the time that we had some production results was extremely fast. It was same day. I don't know if it was two hours or four hours, but it was very quick.
Which other solutions did I evaluate?
We have used alternatives to The NodeZero Platform. We originally did several proof of concepts and looked at several competitors. What we really appreciated about Horizon is they actually attack your network. They literally do the test to see if something is open, whereas other tools would just say it's on this version and we know this version has this issue. We've looked at a lot of other tools. We really appreciated Horizon. In the four years, we also do a lot of tools that aren't 100% competitors to The NodeZero Platform, but they do many of the same things. They scan your network, they tell you the devices that are there, they tell you if there's different types of configurations. For Microsoft, we use tools that actually tell us if Microsoft is secure. For our storage devices or our network devices, every one of those tools has their own scanners. We use all of the vendor-specific, which is only good for that one vendor, but it also helps us validate that The NodeZero Platform has been spot on and has been finding all the things that we would hope it would.
What other advice do I have?
The NodeZero Platform helps us to understand better the potential security threats. We don't really use it that way because for us, we're able to scan all of our internal network and all of our external network and have so few issues, we don't really have to worry about hypothetically there's this issue in the wild or there's this issue that's going around with other companies, because our list is so short now and we're just able to resolve everything. We don't use it really as a knowledge tool to inform us on what's going on. We have a lot of other literature to keep us appraised on what's going on. We use it more of just validating that everything we do is right and we don't have to fret about a bunch of hypotheticals. On a scale from 1 to 10, The NodeZero Platform rates a 10 out of 10 overall as it is the best security investment we've ever made, mainly because it got all of our IT people talking together and seeing the issues as they truly were, and that visibility knocked down a lot of walls between teams.