Horizon3.ai NodeZero Platform

My main use cases for The NodeZero Platform by Horizon3.ai primarily focus on determining how secure our environment is. I always pitch to various customers that they need to understand how secure their environment is. Specifically, I help them assess how secure it would be if an attacker breaches into any of their critical systems such as domain controllers or systems with entire admin access.

I evaluate what lateral movements an attacker could carry out into other critical systems and critical servers in their environment, and how they could steal their crown jewels. It is essential to know all of this and see it in your environment so you can take up the necessary defense that is needed.

The NodeZero Platform by Horizon3.ai has impacted my company positively. Whenever we deploy anything new, either a server or a DNS server, we are able to easily conduct a quick test with The NodeZero Platform by Horizon3.ai to know how secure that server is from wherever it has been placed. This quick test has enabled us to have peace of mind knowing that we are able to identify either the security lapses that may be available or not, and we are able to get that information quickly, just with a few clicks of the button.

The features I appreciate most about The NodeZero Platform by Horizon3.ai are as follows. First, the ease of deployment is exceptional. The deployment is very easy, taking under ten minutes to complete. Second, the process of initiating a pentest is very well detailed and straightforward. A new graduate out of school can make use of this platform effectively. Third, the detailed reports are outstanding. The detailed reports make it easy for everyone involved. They have something for executives, the network team, and the vulnerability and threat team. The reports are all well detailed, so those are the three main reasons why I appreciate The NodeZero Platform by Horizon3.ai.

Improving The NodeZero Platform by Horizon3.ai should include having audit logs on the platform. For instance, if a user deletes a pentest from the platform, it would be beneficial if audit logs could show that a particular user deleted a pentest on a specific date and time. An audit log trail would be very valuable for the platform.

Second, it would be helpful to have a dashboard or feature that showcases the NodeZero runners and their download speed or whatever is being used. When you are using a runner to run a pentest, it would be beneficial to see the module logs and everything that is being run before the runner kicks off and shows up on the dashboard. If those two things could be added, it would significantly improve the platform.

I have been using The NodeZero Platform by Horizon3.ai for four or more years.

The NodeZero Platform by Horizon3.ai is extremely stable. Every single attack configuration is safe to run in a production live environment. All of the various attack configurations and all of the various NodeZero RAT tools and RAT modules that are injected during the pentest are safe to run. They have been tested by the NodeZero engineering teams and they are safe to run in a live environment without impacting the environment whatsoever.

They do not bring down the network, do not bring down any critical infrastructure or systems, and do not leave breadcrumbs behind on any server. I have been using the tool for four or more years and there has not been an instance whereby The NodeZero Platform by Horizon3.ai breaks anything.

The scalability of The NodeZero Platform by Horizon3.ai is very good. For internal pentest, you can deploy as many Docker hosts as you want. You can also run external pentest. The platform offers various insider threats, segmentation tests, phishing tests, and PCI DSS tests. There are so many options and capabilities that The NodeZero Platform by Horizon3.ai can provide.

The customer service and technical support of The NodeZero Platform by Horizon3.ai is a very good feature. They have online chat support and they are very quick to respond. If the chatbot cannot give you the right answer that you need, you can talk to a human who is always available to assist with whatever critical questions you may have for the tool. The chat support on the platform is very fast. Also, the support through the support channel via email is very quick to answer and very responsive, providing critical answers and critical solutions as quickly as possible.

I have not used a different solution before choosing The NodeZero Platform by Horizon3.ai; this was my first autonomous pentest tool.

There was a time when my company conducted a proof of concept of another solution before choosing The NodeZero Platform by Horizon3.ai. I cannot remember the name of that company now, but we did not proceed with that solution. We decided to stick with The NodeZero Platform by Horizon3.ai.

My experience with the deployment of The NodeZero Platform by Horizon3.ai is that deployment is as easy as it gets. Within ten minutes, you should be done deploying the NodeZero OVA. After your environment check is done and everything looks good, under five minutes you should have already started a pentest. The deployment is as smooth and easy as it gets.

I did not use an integrator, reseller, or consultant for the deployment of The NodeZero Platform by Horizon3.ai.

The return on investment from The NodeZero Platform by Horizon3.ai is almost one hundred percent. While it is not replacing the role of critical pentests conducted by pentesters, the fact that you can use the platform to run as many pentests as you want depending on your license and asset count means you can test your infrastructure as often as you want and anytime you want. This makes full value of your money possible. You get full value of your money for the investment.

My experience with the pricing, setup cost, and licensing for The NodeZero Platform by Horizon3.ai is that since we charge by license allocation, the pricing for our MSP license is fair and very good. The pricing is great.

There was a time when my company conducted a proof of concept of another solution before choosing The NodeZero Platform by Horizon3.ai. I cannot remember the name of that company now, but we did not proceed with that solution. We decided to stick with The NodeZero Platform by Horizon3.ai.

My advice or recommendation to other companies considering The NodeZero Platform by Horizon3.ai is that they should not waste time because this is a very great tool. It is a much-needed tool in your security infrastructure because it helps you to know what you can see from various segments and what an attacker can reach from whatever VLAN. It is a very good tool and it gives you full visibility. I would rate The NodeZero Platform by Horizon3.ai a nine out of ten.

My main use case for The NodeZero Platform by Horizon3.ai is C-TAM to actively scan for threats or potential threats within our environment and to help keep our environment secure. A specific example of how I have used The NodeZero Platform by Horizon3.ai for C-TAM in my environment is that we had some exposed SSH ports within a cloud provider, and we were able to clear those and close those ports up.

The best features that The NodeZero Platform by Horizon3.ai offers include the automated scans, which are great to use; you set it, scope it, and let it go, which works really well. The executive reporting feature is impactful for me as a manager, providing a strong foundation to give quarterly and yearly reports to our executives and board to see the state of our infrastructure from a security standpoint.

The level of detail and clarity in the executive reports from The NodeZero Platform by Horizon3.ai absolutely helps me communicate effectively with leadership. They are detailed enough for me to extract the necessary information tailored for the executives and to provide a broader perspective on our mitigation efforts or accepted risk stance and where additional controls exist.

The NodeZero Platform by Horizon3.ai has positively impacted my organization by giving us a better continuous picture of our security posture, what's exploitable, and what can be used against the organization. It allows us to run scans whenever needed, unlike a single third-party system that only provides a snapshot in time; our processes must be ongoing as the security landscape is dynamic.

NodeZero's endpoint security effectiveness feature impacts my understanding of potential security threats by providing a clear picture of both the external and internal landscapes within my organization, enabling me to prioritize and adjust as needed for vulnerabilities such as WordPress plugin issues or user enumerations and software code version assessments.

I have built The NodeZero Platform by Horizon3.ai into our weekly and monthly workflows for security CI/CD, and we scan our externally accessible assets every week to address anything quickly if it comes up. That includes our firewalls, websites, and anything that is an external web server, which we scan weekly, while the monthly scans are for internal systems that feed our security CI/CD pipeline, enabling us to action across and prioritize any vulnerabilities caught by The NodeZero Platform by Horizon3.ai.

The NodeZero Platform by Horizon3.ai is great, with an amazing MCP server and great API integration. I have utilized both and can vouch for their features. However, my team struggles with the onboarding side of our engagement, which should have been more robust; having a statement of work and a clear definition of success would have been beneficial. We faced challenges building the boat as we were launching without clarity on how we wanted to use the system, but that is the only constructive criticism I have for improvements.

I have been using The NodeZero Platform by Horizon3.ai for six months.

The NodeZero Platform by Horizon3.ai has been very stable.

So far, we have not needed to scale The NodeZero Platform by Horizon3.ai much; it is effectively doing everything we need it to do, making the question of scalability somewhat irrelevant for us.

So far, customer support for The NodeZero Platform by Horizon3.ai has been great; we appreciate the team for always answering our questions promptly and bringing in resources as necessary. I would rate customer support for The NodeZero Platform by Horizon3.ai a 10; the team has been great in responding quickly and thoroughly explaining any questions we may have.

We did not previously use a different solution; we just had Tenable running, which is not the same as The NodeZero Platform by Horizon3.ai.

My experience with the pricing, setup cost, and licensing of The NodeZero Platform by Horizon3.ai has been great. The sales process with Calvin and the team was excellent, leaving me very satisfied with the implementation and support from the NodeZero sales team.

Although I do not have specific metrics indicating return on investment such as fewer employees or direct savings, the main metric is that we save time because The NodeZero Platform by Horizon3.ai is scanning continuously and allows us to track remediations within the platform. Time to resolution and verification is what I focus on most, as we can quickly verify the resolution of vulnerabilities through the one-click verify feature in The NodeZero Platform by Horizon3.ai.

Before choosing The NodeZero Platform by Horizon3.ai, we evaluated other options including Cymulate and Rapid7, though I cannot recall the other one.

The NodeZero Platform by Horizon3.ai is currently deployed in a public cloud, and we plan to incorporate some on-premise capabilities as we work on network segmentation to scan other sites from remote office locations or physical sites.

For our public cloud deployment of The NodeZero Platform by Horizon3.ai, we use Azure.

What we have seen as specific outcomes indicating this positive impact is that everything external on our systems scores below two, which is really good. While we have some configuration cleanup to do, everything external is very clean now, and we identified what needs to be addressed, prioritized them, and within weeks got to a very clean state externally, though we still have ongoing work internally due to some legacy systems.

The platform's real attack capabilities help in identifying vulnerabilities in our on-prem systems by reviewing our overall posture and available layers. Given our complexity with 17 different sites in Azure, we are constantly scanning across the network, realizing that our network segmentation needs improvement. Once we enhance that segmentation, we will utilize The NodeZero Platform by Horizon3.ai at one of our remote office sites to conduct scans accordingly.

I adore the feature of The NodeZero Platform by Horizon3.ai that allows security teams to fix and retest vulnerabilities instantly, as I always want to validate the efforts and diligence put forth by my team.

I assess that The NodeZero Platform by Horizon3.ai has improved our organization's remediation time because we have fewer vulnerabilities to remediate now. Initially, we had a lot of medium vulnerabilities and a few high ones, allowing us to prioritize and resolve the high risks quickly, then address the medium vulnerabilities more methodically to add value back to the organization, which we accomplished in a timely manner.

The NodeZero Platform by Horizon3.ai is great, with an amazing MCP server and great API integration. I have utilized both and can vouch for their features. However, my team struggles with the onboarding side of our engagement, which should have been more robust; having a statement of work and a clear definition of success would have been beneficial. We faced challenges building the boat as we were launching without clarity on how we wanted to use the system, but that is the only constructive criticism I have for improvements.

The NodeZero Platform by Horizon3.ai has not helped reduce our pen-testing costs; in fact, our pen-test engagement was cheaper than the cost of The NodeZero Platform by Horizon3.ai. However, the pen test occurred only once a year and provided just a snapshot of a moment in time without follow-up for remediation validation, so we appreciated it but it did not effectively portray our organization's ongoing state.

I advise others looking into using The NodeZero Platform by Horizon3.ai to buy onboarding hours and create a statement of work since building that ad hoc is not in the best interest of the organization. It is vital to define success criteria for when the onboarding process is completed and implemented.

The NodeZero Platform by Horizon3.ai does what it is advertised and does it really well, and I would rate this review a 10.

My main use case for The NodeZero Platform by Horizon3.ai is performing quarterly pen tests on our enterprise and OT networks.

For those quarterly pen tests, we usually run them in the actual web UI interface, selecting what subnets we want to hit for pen tests, what vulnerabilities we want to use, and the whitelists that we have in place. We don't step on any sensitive devices, and then afterwards, we review the findings and remedy the problems.

The best features that The NodeZero Platform by Horizon3.ai offers include its set it and forget it type pen testing. You configure it once and then set it to automatically run during certain days, which is particularly useful, especially when you're a thin IT department.

That set-it-and-forget-it feature helps my team day-to-day by saving a lot of time, as we can set the pen test and then divert our attention to other things while the pen test is ongoing.

The NodeZero Platform by Horizon3.ai has positively impacted my organization by catching vulnerabilities and exploits that we wouldn't otherwise be able to find as easily or as quickly, so I'd say it helps better our cybersecurity posture.

The NodeZero Platform by Horizon3.ai can be improved in some ways, particularly regarding the test scan sometimes.

When the test scan doesn't work as expected, the runner sometimes acts up, and we usually have to run a command on it to fix it or sometimes reboot it. Other than that, the product works great.

I have been using The NodeZero Platform by Horizon3.ai for about a year and a half.

The NodeZero Platform by Horizon3.ai is stable.

The scalability of The NodeZero Platform by Horizon3.ai is pretty good, as you can throw in any number of subnets in the pen test, so I'd say it's very scalable.

We have had no issues with their customer support; it seemed pretty solid.

I would rate the customer support of The NodeZero Platform by Horizon3.ai as an eight.

We did not have a different solution before using The NodeZero Platform by Horizon3.ai.

I wasn't involved in the pricing, setup cost, and licensing, but I've heard that it's pretty simple and easy.

We did not evaluate any other options before choosing The NodeZero Platform by Horizon3.ai.

My impression of the solution's feature that allows security teams to fix and retest vulnerabilities instantly is that it's a very useful feature, and I highly appreciate that feature.

The platform's real attack capabilities have helped in identifying vulnerabilities in my on-prem systems by giving us a real-world example of what we should be prioritizing, which helps during the vulnerability management process, so it's helped us significantly.

We don't necessarily use the endpoint security effectiveness feature; we don't really pay attention to it.

The NodeZero Platform by Horizon3.ai has reduced our pen testing costs, but I don't have a specific number.

My advice to others looking into using The NodeZero Platform by Horizon3.ai is to utilize the one-click vulnerability or rescan feature for NodeZero.

I think they're also the reseller for the product.

I would rate this solution an eight overall.