NodeZero Adds External Penetration Testing, Surfaces Security Gaps Within and Outside the Perimeter

By Peter R. Kelley

Sees the enterprise attack surface, public facing assets, third-party risks and shadow IT security gaps that attackers seek – revealing open paths to ransomware attacks.

Horizon3.ai has introduced external penetration testing in its NodeZero platform, making NodeZero the first autonomous penetration testing platform to offer organizations a true understanding of their cyber risk profile across their entire environment.

“Threat actors continue to evolve their tools and techniques to evade detection within an organization’s network,” said Snehal Antani, CEO and co-founder of Horizon3.ai. Antani was formerly CTO of U.S. Joint Special Operations Command (JSOC).

“It’s crucial to shift from a peacetime to a wartime security mindset. The only way to stay ahead of attackers is to continuously attempt to exploit every attack path both inside and outside of an environment,” he said.

The introduction advances Horizon3.ai’s mission to help organizations harden their security systems and improve security controls. NodeZero’s internal and external penetration tests provide new levels of threat and risk visibility, allowing organizations to quickly fix any exploitable security gaps.

NodeZero continuously assesses an enterprise’s internal infrastructure and external attack surface, identifying ways an attacker could chain together harvested credentials, misconfigurations, dangerous product defaults, and exploitable vulnerabilities to compromise systems and data. The addition of external penetration testing lets organizations assess all assets – including on-prem, cloud, and hybrid, from both inside and outside the perimeter.

Pentesting with NodeZero reveals:

– Public facing assets that open doors to ransomware exposure – Ransomware attacks have become democratized, with criminal groups establishing Ransomware-as-a-Service (RaaS) operations, renting ransomware to recruited affiliates that, in turn, run attacks against organizations and pay a “royalty” to the RaaS providers. NodeZero shows attack paths ransomware actors can exploit to breach the perimeter, move laterally within the network, and gain access to “crown jewel” data.

– Impact of misconfigured third party applications and weak credentials – The risk and impact of misconfigured third-party applications and weak or default credentials is revealed, as are ways that an attacker would use them to breach an organization’s perimeter. Credential attacks are the fastest growing attack path across the globe. NodeZero can autonomously and safely attack an organization’s public-facing assets to reveal where the most critical problems exist.

– Risks posed by assets and shadow IT – Organizations can continuously discover their public-facing assets, hybrid cloud assets, and internal assets, and better grasp the true risk these assets pose based on real-world exploitation, rather than bet on theoretical risk assessment.

– Supply chain risks – NodeZero can be run continuously, both internally and externally, providing an immediate understanding of third-party and supply chain risks.

NodeZero penetration tests can be set up within minutes and executed as often as needed. NodeZero quickly identifies exploitable internal and external attack vectors and ineffective security controls. No extensive tuning, training, or certifications are required, and results are prioritized with proof, so time and resources can be spent fixing only what matters.

NodeZero is a “purple team partner” that orchestrates hundreds of attack tools and techniques across an entire environment to chain attack paths, and demonstrates real risk and impact.

Naveen Sunkavally, Chief Architect at Horizon3.ai, and Monti Knode, Director of Customer Success at Horizon3.ai, will give an overview (link to Eventbright registration) on the power of NodeZero internal and external autonomous penetration testing on June 16, 2022.

A demonstration of external penetration testing is available here: https://www.horizon3.ai/external-pentesting/