Horizon3.ai extends its NodeZero platform to include both internal and external penetration testing

Horizon3.ai announced it has extended the capabilities of its NodeZero platform to include external penetration testing.

With this enhancement, Horizon3.ai is the first autonomous penetration testing platform to offer organizations both internal and external penetration testing in one self-service platform.

“As threat actors continue to evolve their tools and techniques to evade detection within an organization’s network, it’s crucial to shift from a peacetime to a wartime security mindset. The only way to stay ahead of attackers is to continuously attempt to exploit every attack path both inside and outside of an environment,” said Snehal Antani, CEO and co-founder of Horizon3.ai.

“It’s always been Horizon3.ai’s mission to help organizations harden their security systems and improve security controls. By extending the capabilities of NodeZero to include internal and external penetration tests, organizations have full visibility into their cyber risk profile, allowing them to quickly fix anything exploitable, and then verify it’s removed.”

Horizon3.ai’s autonomous penetration testing platform, NodeZero, continuously assesses an enterprise’s internal infrastructure and external attack surface, identifying ways an attacker could chain together harvested credentials, misconfigurations, dangerous product defaults, and exploitable vulnerabilities to compromise systems and data. By extending NodeZero’s capabilities to include both internal and external penetration testing, organizations can now assess all their assets – including on-prem, cloud, and hybrid, from both inside and outside the perimeter.

When you combine the results of an external and internal penetration test, organizations have a true understanding of their cyber risk profile across their entire environment.

NodeZero offers organizations the following benefits:

• Verify if public facing assets open doors to ransomware exposure – Ransomware attacks have become democratized, with criminal groups establishing Ransomware-as-a-Service (RaaS) operations, renting ransomware to recruited affiliates that, in turn, run attacks against organizations and pay a “royalty” to the RaaS providers. With NodeZero, organizations will understand what attack paths ransomware actors can exploit to breach the perimeter, move laterally within the network, and gain access to “crown jewel” data.
• Visualize the risk and impact – See the risk and impact of misconfigured third-party applications and weak or default credentials as an attacker would use them to breach your perimeter. Credential attacks are the fastest growing attack path across the globe, and NodeZero will autonomously and safely attack your public-facing assets so you know where your most critical problems exist.
• Improve asset management and eliminate shadow IT – With NodeZero, organizations can continuously discover their public-facing assets, hybrid cloud assets, and internal assets. NodeZero allows organizations to understand and visualize the true risk these assets pose based on real-world exploitation rather than just theoretical risk.
• Understand third-party and supply chain risks – NodeZero can be run continuously, both internally and externally, providing an immediate understanding of third-party and supply chain risks.
• Save time and resources – Penetration tests can be set up within minutes and executed as often as needed. NodeZero quickly identifies exploitable internal and external attack vectors and ineffective security controls. No extensive tuning, training, or certifications are required, and results are prioritized with proof, so time and resources can be spent fixing only what matters.
• Continuous security assessments – NodeZero is every organization’s purple team partner, orchestrating hundreds of attack tools and techniques across an entire environment to chain attack paths and demonstrate real risk and impact. This isn’t an annual compliance checkbox or a limited snapshot in time. Autonomous penetration tests with NodeZero can be automated and run as often as needed to ensure that blue and red teams can focus and complement each other’s efforts.