Horizon3.ai NodeZero Platform

We were using The NodeZero Platform by Horizon3.ai  for additional findings for PenTest for network, and we did manual testing as well, so it was kind of just testing it out to see if we liked it.

What I liked the most about The NodeZero Platform by Horizon3.ai  is that it found a dangling DNS really well, which isn't super useful, but it did add a finding to my reports, so that was good.

The NodeZero Platform by Horizon3.ai did help me to understand potential security threats, such as with the dangling DNS issue that came up, which is not something you would normally be looking for, so that did add to my knowledge base. Other than that, I would go through its attack path, so it did have some learning qualities to it.

The main downside of The NodeZero Platform by Horizon3.ai is that it would find additional servers that were not in scope when I would put in my scope, and so I had to go through and hand-pick each one every time to move forward to the next stage of the testing. If you are not careful, you can get something that is not in scope, and then if it ends up in your report, that is a significant problem.

If they could add a web app testing feature to The NodeZero Platform by Horizon3.ai, that might be enticing.

Regarding scalability, if they could extend The NodeZero Platform by Horizon3.ai to web apps and other areas, that would be great, as it would give us more coverage. Right now, using it for networks is great, and you could really do a lot with their continuous testing, which I thought was a great feature.

I have been working with The NodeZero Platform by Horizon3.ai for about 18 months, and we did not renew our contract this year.

I never had any problems with the stability of The NodeZero Platform by Horizon3.ai. I never did anything that would require a week-long worth of testing, but for tests that take a day or two, I did not have any problems.

Regarding scalability, if they could extend The NodeZero Platform by Horizon3.ai to web apps and other areas, that would be great, as it would give us more coverage. Right now, using it for networks is great, and you could really do a lot with their continuous testing, which I thought was a great feature.

I have chatted with technical support for The NodeZero Platform by Horizon3.ai a few times, usually regarding issues such as needing the password list because we locked people out and needed to know why, or if I was entering something and getting a weird response from The NodeZero Platform by Horizon3.ai, I would ask them, and they would usually resolve it for me, so they were really good.

For support of The NodeZero Platform by Horizon3.ai, I would give them a ten, as they are right on the spot, quick, and always give me the right answers.

The initial deployment of The NodeZero Platform by Horizon3.ai was easy when I first deployed it.

It took me maybe thirty minutes to deploy The NodeZero Platform by Horizon3.ai for the first time, and it was not hard at all.

One person can manage The NodeZero Platform by Horizon3.ai, so you do not need a team for this.

Regarding maintenance on my end with The NodeZero Platform by Horizon3.ai, there was no requirement, though I did have to clean up tests that either we stopped or were duplicates, so you did have to go in once in a while and clean up, but nothing major.

I have not really used any alternatives, as The NodeZero Platform by Horizon3.ai was the only thing that we have ever used that was similar.

The last time I actually used The NodeZero Platform by Horizon3.ai was probably at least July of last year.

I have no impression of The NodeZero Platform by Horizon3.ai's feature that allows security teams to fix and retest vulnerabilities instantly as I never used the retest with them. We always did that manually.

Regarding the Real Attack capabilities of The NodeZero Platform by Horizon3.ai, out of all of that time that we were using the product, it only ever got domain admin once, and it did start from the very beginning and lay out the entire attack for us, which was good. We did hundreds of tests, so that is why we did not continue, as it was very expensive for a very low yield.

The pricing of The NodeZero Platform by Horizon3.ai is too much for what it yields.

I do not know if we are a partner with The NodeZero Platform by Horizon3.ai. I do not think so, as we were just clients and users.

I would give this review an overall rating of six.

I use The NodeZero Platform by Horizon3.ai  for internal and external pentest scans, and it also provides Kubernetes  scanning and scanning of GitHub  accounts. Primarily, I use it for internal and external pentest scans.

Regarding on-premises systems, I have executed pentest scans on externally located and internally located systems, but I have not tried much with on-premises servers. I honestly do not have significant exposure in that area and cannot provide feedback on that part at this time.

The best features of The NodeZero Platform by Horizon3.ai  are that it does not require much effort compared to manual penetration testing. You simply configure the scan and modify the requirements you need, and it scans and provides quite good results. The platform presents the data in a very clear way that even non-technical people can understand the dashboard and read through it.

The user interface is significantly more user-friendly than other tools I have used. The data and evidence gathered from the penetration test scan is excellent. It shows any compromised accounts and devices, demonstrating exactly how The NodeZero Platform by Horizon3.ai executed the attack. This is considerably better than any other tools I have used.

The NodeZero Platform by Horizon3.ai incorporates technologies that go beyond traditional testing and scanning methods for vulnerabilities, such as Nessus, Qualys, and Rapid7. While those tools focus on finding vulnerabilities, The NodeZero Platform by Horizon3.ai not only finds the vulnerabilities but also attempts to exploit them, gathers available evidence, and provides possible ways to fix them. This is one of the greatest features of The NodeZero Platform by Horizon3.ai.

When we run the penetration test scans, The NodeZero Platform by Horizon3.ai definitely identifies all negative points and the external attack surface related to them, showing what those external attack surfaces are and how we could fix them.

I feel there could be improvements in scalability, although at this point I have no specific negative points to report.

I have used the NodeZero Platform by Horizon3.ai for approximately eight or nine months.

The customer support is fantastic. I personally reached out to them, and The NodeZero Platform by Horizon3.ai provides sufficient evidence needed to understand the attacks it attempted, gathering relevant information regarding compromised accounts.

For automated scans, I have not used any other tools apart from manual scanning. I have been using The NodeZero Platform by Horizon3.ai for the first time, and it feels good and easy to work with.

I do not know exactly in terms of the client because I work for the client, but personally I feel the remediation time is significantly reduced compared to what we used to do with manual testing. I would estimate approximately thirty to forty percent reduction.

The NodeZero Platform by Horizon3.ai is better than manual penetration test scans. Usually, manual penetration test scans take considerable time and money, but I believe The NodeZero Platform by Horizon3.ai is definitely worth trying if you are considering using it, because it reduces the time and cost associated with manual scans.

I do not have detailed knowledge about specific costs, but I definitely feel that investing in manual penetration test scans is much higher than the automated scans of The NodeZero Platform by Horizon3.ai. Although I have no idea about the exact cost difference, I definitely believe there is a significant difference in favor of The NodeZero Platform by Horizon3.ai in terms of lower cost.

Regarding deployment, it is quite easy if you are talking about the cloud environment and configuring the scan. I do not find it too complex. The setup should be very quick, almost instantaneous, comparable to logging into any other portal.

The NodeZero Platform by Horizon3.ai offers options in both directions, but I personally used it in a cloud environment, and I feel it is much easier than an on-premises environment. It is easy to install, but it takes a little bit of time. Once you log in and share your targets, you can configure your scan and run it, making it much easier overall.

I would certainly recommend The NodeZero Platform by Horizon3.ai to others. I am sure they would appreciate how it presents the data and reports. It does not just provide a technical report; it presents multiple reports of various attacks that may be useful for management who might not understand technical terms. It definitely helps to have those kinds of reports as well, allowing anyone to understand what is happening in the environment and what can be done about it.

Based on my work experience over seven to eight months of using The NodeZero Platform by Horizon3.ai, I am still learning more about the product, and there is much more to explore. I would give this product a rating of eight out of ten.

The main use case for The NodeZero Platform by Horizon3.ai  is internal network testing, as we put up a few runners in the customer environment and then we scan and test the environment.

The main benefits that The NodeZero Platform by Horizon3.ai  brings to the table or how it helps to improve the way the organization functions is that it is very easy to read the pentest results from when it comes to prioritizing the fixing order of things, because now companies can actually see what the critical part is, how it affects the business, not just the system or one device, but the business impact is the question here, which is why companies take autonomous pentesting instead of a few manual pentests a year or vulnerability management.

The best features in The NodeZero Platform by Horizon3.ai are that it is a very easy environment to maintain, as we can pretty easily set up new pentests or add new assets there to be tested. We have a good connection with the actual company behind it, Horizon3.ai, so they help us whenever we ask pretty quickly.

My impression of The NodeZero Platform by Horizon3.ai's feature that allows security teams to fix and retest vulnerabilities instantly is that it is one of the core elements our customers use and it might even be the reason why they choose this tool over traditional vulnerability scanning. Of course, they get the pentest results on top of vulnerability scanning, but its crucial part is that they can test the especially critical findings and high-level findings immediately after they have fixed them.

The NodeZero Platform by Horizon3.ai has helped my clients reduce pentest costs, as for some companies, the cost has raised a bit, but they get a bigger area tested with just a slightly bigger price. A usual case is when they move from vulnerability scanning to pentesting, the price does not actually go up except maybe just slightly.

Apart from the licenses, specifically the tenant-based licenses that were mentioned, I would like to see more deep investigation of different environments in The NodeZero Platform by Horizon3.ai, especially in cloud. A proper mapping of assets and maybe some kind of map where I can actually see what devices or accounts are connected to each other would help a lot with the investigation and prioritization of things.

There are missing features in The NodeZero Platform by Horizon3.ai that I would like to see included in the next release or some functionality that I would like to see enhanced in it in the future, as they have already spoken of web application testing, so that is something I am looking forward to. API testing would be nice to see. I think it is coming right after the web application testing. However, the one thing that is very much asked from us as a service provider is DAST testing, so when a company is building a software, they could see their current security status while they are building the application.

I have been working with The NodeZero Platform by Horizon3.ai for about two years now.

I evaluate customer service and technical support for The NodeZero Platform by Horizon3.ai as good. If we have had problems, that is with the actual licensing style they are using. When we have customers, like midterm, let us say six months after our own contract starts, we get the pricing for the next six months, but then we have to negotiate again. What I would like to see from them is a tenant-based licensing for our customers also, not just us. Overall, we have good contacts, we get answers to questions we ask them very quickly. Support has been pretty quick also.

On a scale of one to ten, I would rate the tech support for The NodeZero Platform by Horizon3.ai as nine.

Prior to adopting The NodeZero Platform by Horizon3.ai, I did not work with any other solution of the same kind, as mentioned, I have done manual pentesting. Burp  Suite has some automatic scanning and testing extensions, but I have mostly been a manual tester and bug hunter. I have read a lot about Aikido solution or Pentera , but that is just on a common level of knowledge gathered from the internet, not anything too deep or technically deep.

Regarding the pricing aspect of The NodeZero Platform by Horizon3.ai, my experience with the pricing, setup cost, and licensing part of it is that the setup cost was very minimal. I do not know if we even had that to be sure. The pricing is not on my responsibility, but what I have heard from our salespersons and the business executive whose responsibility it is, is that related to traditional vulnerability scanning, it is even cheap. The pricing is not the point why it would be hard to sell, so I guess it is on a good level now.

I did evaluate other options before going with The NodeZero Platform by Horizon3.ai, as I was not myself in the process of choosing between The NodeZero Platform by Horizon3.ai and others, but I know that we chose it because it is cloud-based, so it is easy to set up. There is no need for a customer to purchase on-prem servers or anything like that. They just need a little runner on some laptop or server or virtual machine, so it is easy to maintain. It is not too pricey for the customers we planned it for. Currently, it supports very well our offensive security offerings.

With our customer, I review the results of The NodeZero Platform by Horizon3.ai and we see what they should do to improve their security maturity.

NodeZero's endpoint security effectiveness feature impacts the understanding of potential security threats, as I must say that I do not have so much results yet in that area. It is quite new to me and I am looking forward to having more testing on endpoints on both our own environment and customers. What I have seen so far, I would say currently is good, but I personally need to know more before I can say anything in any direction.

I assess The NodeZero Platform by Horizon3.ai's impact on the organization's remediation time as much better than in traditional vulnerability management because now they actually see what has been caused and what the business impact is. They actually have already a pretty prioritized list of what needs to be fixed first. The so-called false positive noise has been reduced to almost zero. It has affected that part very much.

The advice I would share regarding organizations considering The NodeZero Platform by Horizon3.ai is that, as mentioned earlier, if there is a company that should choose whether they go to pentesting or vulnerability management. Pentesting can be a very nice test, one which does not cause any issues or show to users anyway. They can also choose the stress test mode, which may even lock out accounts or crash a computer, but we can adapt and configure the test for any environment customer needs. As a technical implementation or technical tool, it is very straightforward to set it up and schedule the scans or tests and see the results. Of course, the results could be more; now it is just a list of assets pretty much and another list for findings. There could be some maps of what accounts and devices are connected to each other, which would help. Otherwise, the solution itself is very fine and I would recommend it as an MSP partner or as a user of the tool to pretty much any company. I rate The NodeZero Platform by Horizon3.ai a nine out of ten overall.

The NodeZero Platform by Horizon3.ai  is a pen testing tool specifically designed for endpoint pen testing.

In my organization, I manage The NodeZero Platform by Horizon3.ai  as a service provider with plenty of clients, and I am the decision maker regarding the renewal of licenses and the extension of services, along with a couple of other teammates who assist with this.

I have deployed The NodeZero Platform by Horizon3.ai in two forms: for internal penetration testing, it requires deploying an agent into the internal network, while for external tests, it is a fully cloud-based tool.

The best feature of The NodeZero Platform by Horizon3.ai is that it is an autonomous pen testing tool that knows how to penetrate into the system automatically and perform lateral movement inside the network without the need for scripting.

Regarding The NodeZero Platform by Horizon3.ai's feature to fix and retest vulnerabilities, it provides reassessment capabilities. While it does not fix vulnerabilities instantly, it allows for reassessment as soon as vulnerabilities are fixed.

Regarding the endpoint security effectiveness feature, The NodeZero Platform by Horizon3.ai does not provide endpoint security but is an offensive tool designed to find weaknesses in endpoint solutions, not to protect them.

When assessing how much The NodeZero Platform by Horizon3.ai has helped reduce pen testing costs, it plays a vital role in providing value compared to manual methods, although it depends on the client's specific needs and budget.

I believe reporting for The NodeZero Platform by Horizon3.ai has room for improvement, specifically in terms of customizability for service providers and the challenge of dynamic IP white-listing, which I have provided feedback on.

I have been using The NodeZero Platform by Horizon3.ai for more than three years.

When it comes to the stability of The NodeZero Platform by Horizon3.ai, I would rate it around seven to eight because the stability is not that high initially due to the need for daily updates and modifications as new vulnerabilities appear.

So far, we have three specialists who focus on The NodeZero Platform by Horizon3.ai.

In terms of technical support for The NodeZero Platform by Horizon3.ai, I would rate it an eight, as they provide a business analyst for account handling and usually respond within a week.

The deployment of The NodeZero Platform by Horizon3.ai is very easy.

Implementing The NodeZero Platform by Horizon3.ai takes hardly 10 to 15 minutes, as you only need to deploy it on one endpoint, which will handle pen testing for all systems.

From our side, maintaining The NodeZero Platform by Horizon3.ai requires minimal effort as we just keep the license up to date, needing only the server on which it is deployed to run.

The pricing of The NodeZero Platform by Horizon3.ai was better than others or at least comparative, shifting to an IP-based licensing model which I believe offers fair pricing.

I would say it is fairly priced.

In comparison to other vendors like AttackIQ  and Pentera , The NodeZero Platform by Horizon3.ai stands out due to its autonomous capabilities that allow it to learn from the environment and follow different attack patterns, offering a better attack path workflow.

My advice for implementing The NodeZero Platform by Horizon3.ai is to conduct a proof of concept first because it provides insights beyond what other vulnerability management tools detect. I gave this product a rating of 9.