I use The NodeZero Platform as a consultant on penetration testing engagements for various customers. This might be different than some of their more common use cases where companies use it internally. The primary use case is for penetration testing engagements, and the main driver for having The NodeZero Platform is that it's a force multiplier for me as an individual to perform more penetration testing without additional human resources.
Horizon3.ai NodeZero Platform
Horizon3.aiExternal reviews
10 reviews
from
and
External reviews are not included in the AWS star rating for the product.
Has allowed me to increase testing coverage and focus on remediation by automating repetitive tasks
What is our primary use case?
What is most valuable?
My favorite feature about The NodeZero Platform is that it's autonomous, and it truly delivers on that promise. It can be set and forgotten while it performs its tasks. It does exactly what it claims to do.
What needs improvement?
I started with The NodeZero Platform when it was less mature. Anytime I encountered something annoying or identified a gap that needed attention, they had already fixed or added it by the time I would have requested it. The product is being rapidly developed at this stage. There really isn't anything feature-wise that I would request or change because it's a good product. It does what it claims and excels at finding issues and covering large environments so humans don't have to perform repetitive tasks for extended periods. This allows us to focus on what's important: fixing and protecting systems. If there was one thing I would change, I would want their consulting licensing to return to being unlimited.
For how long have I used the solution?
I have been using The NodeZero Platform for four years this month.
What do I think about the stability of the solution?
In the early stages, I experienced issues with large penetration tests where things might get delayed or require intervention, but I cannot remember the last time that occurred. While one of their main selling points is that it's safe to run in production, we might still try to avoid unnecessary risk. For companies operating during normal business hours, we might conduct penetration testing at night. When using SaaS-based products at night, maintenance windows can cause downtime, but I haven't encountered any of these issues with The NodeZero Platform. I cannot recall any instances of downtime or the platform being offline.
What do I think about the scalability of the solution?
I have used it for tests ranging from tens to thousands to tens of thousands of assets, and I haven't encountered any trouble scaling. While I wouldn't say it's infinitely scalable, it certainly handles scaling effectively.
How are customer service and support?
The support currently is really good. When I have questions or concerns, I receive responses promptly. They've added a chatbot which isn't particularly useful, but when it can't answer questions, it forwards messages to human support. I typically receive human responses within 12 hours, usually the same day or next day. Previously, with time-sensitive engagements, I would worry about resolving issues before deadlines. That concern has diminished as they've become more responsive and require less escalation to engineering. Support cases are now handled more efficiently, either by directing to documentation or providing workarounds for project completion.
How was the initial setup?
The setup process is extremely straightforward. It has become even easier with the addition of Runners feature, which allows for automatic setup of repeated tests throughout the year. The initial setup takes approximately 30 minutes, mostly spent reading documentation, as the process is primarily point-and-click.
Which other solutions did I evaluate?
I have used three alternatives: Pentera, Core Impact, and Metasploit Professional. Core Impact and Metasploit Professional aren't direct competitors as they are penetration testing toolkits with built-in automation. Pentera markets itself similarly to The NodeZero Platform. Compared to Pentera, The NodeZero Platform requires less setup and delivers higher quality results. Pentera follows a consistent pattern of running vulnerability scans and attempting exploits, producing results similar to vulnerability scans. The NodeZero Platform varies its approach and continues exploring potential vulnerabilities more thoroughly, similar to a real threat actor.
What other advice do I have?
The NodeZero Platform has helped identify vulnerabilities with on-premises systems effectively. They handle all technical aspects internally. I have given The NodeZero Platform a rating of 9 out of 10.
Deploying autonomous security tools improves network protection and efficiency
What is our primary use case?
The primary use case for the NodeZero Platform is as an extension to existing vulnerability management systems. Initially, it complemented solutions like Qualys or Tenable. However, there has been a shift towards using NodeZero to replace existing vulnerability management solutions altogether. The motivations include cost savings and addressing issues that traditional vulnerability managers might report but do not actually affect system security.
What is most valuable?
Deploying the NodeZero Platform is straightforward for me as it involves just a Docker container in a network or a network segment, saving time and eliminating the need for agents on every endpoint. Its autonomous operation, safe for production use, makes it practical to schedule pen tests during business hours. The tripwires feature acts like a honeypot, providing network alerts for potential threats. These factors make it an effective tool for enhancing security in organizations.
What needs improvement?
One of the areas where improvement is needed is in the visibility and reporting for large enterprises. The existing GUI or NodeZero insights provide better visibility, but there's still room for enhancement. Moreover, there is a need to automate interactions with other systems, particularly in triggering or opening tickets in ServiceNow. Adding the application layer would also be valuable for clients.
For how long have I used the solution?
I have used the solution for 1.5 years.
What was my experience with deployment of the solution?
No issues were encountered in deploying the NodeZero Platform. Once the firewalls are open and communication with the cloud is enabled, it's a matter of installing a Docker container or VMware and opening the ports for smooth operation.
What do I think about the stability of the solution?
I rate the stability of the NodeZero Platform a ten out of ten. We have not encountered any issues on the platform regarding accessibility, performance, or stability.
What do I think about the scalability of the solution?
I rate the scalability of the NodeZero Platform a ten out of ten. We have conducted pen tests in environments with hundreds of thousands of IP addresses without any scalability issues. The platform is built for large scale deployment and operation.
How are customer service and support?
I rate their support an eight out of ten. The support is skilled and effective, although there are sometimes delays due to bandwidth issues, possibly due to the size of the team.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
Initially, NodeZero and similar solutions were used alongside existing vulnerability management solutions like Qualys or Tenable. However, there has been a shift towards replacing these existing solutions as businesses seek to address vulnerability issues more efficiently.
How was the initial setup?
The initial setup is very easy, rated 10 out of 10. It involves straightforward steps of installing a Docker container, configuring firewalls, and ensuring communication with the cloud.
What about the implementation team?
The deployment process involves an initial meeting with the client to choose the deployment method—either on a VMware or Docker container. This is followed by defining and setting up firewall rules. After preparing everything, deploying the Docker container or VMware takes a few minutes, and the pen test can begin.
What's my experience with pricing, setup cost, and licensing?
I rate the pricing a six out of ten. Pricing is moderate compared to competitors but depends on the solutions in comparison. While cheaper than XM Cyber and human pen testers, it's more expensive than vulnerability managers.
Which other solutions did I evaluate?
What other advice do I have?
I rate the NodeZero Platform an eight out of ten. The platform is scalable and stable, suitable for large enterprises and businesses. It needs improvement in areas like visibility, reporting, and automation with third-party systems. The overall product rating is eight.
Penetration testing adapts to our schedule with cloud integration
What is our primary use case?
To meet standards, I am required to do penetration testing periodically. This is something I can do on-demand anytime I choose, or I can set it up to recur on a recurring schedule.
What is most valuable?
The NodeZero Platform has a great cost, and its usability is straightforward. It can be deployed in the cloud. There is an on-premise container that I need to spin up to allow it to run in my environment, but it is automatically updated because it is cloud-based. It uses AI to try and gain access to my network and learns from the environment as it goes, providing a report on vulnerabilities, and demonstrates how their system exploits them to either elevate privilege or gain access to specific credentials or devices.
What needs improvement?
I haven't really come across anything that I say needs to be improved with it, other than the container runner, which tends to lose time. It does not always sync with the cloud versions, so I have to do it manually.
For how long have I used the solution?
I have used the solution for over a year.
What do I think about the stability of the solution?
Initially, there were some devices that, when it scanned, it caused network issues. So I had to exclude those, but that was fairly simple to do.
How are customer service and support?
I reached out to support and they were very responsive. I would rate them a nine out of ten.
How would you rate customer service and support?
Positive
Which solution did I use previously and why did I switch?
I have reviewed other penetration testing solutions but haven't used them due to cost constraints, as they were really expensive compared to the NodeZero Platform.
How was the initial setup?
The initial setup was simple and easy to operate.
What's my experience with pricing, setup cost, and licensing?
The pricing is much more affordable than traditional penetration tests.
Which other solutions did I evaluate?
I have reviewed other penetration testing solutions but did not use any due to cost constraints.
What other advice do I have?
I would advise taking advantage of the support when you have it. For Horizon360 NodeZero, they are always responsive. Let them show you how to use it and the best way to get the most out of it. Overall, I'd rate NodeZero at nine to 9.5 out of ten.
showing 1 - 3