We were using The NodeZero Platform by Horizon3.ai for additional findings for PenTest for network, and we did manual testing as well, so it was kind of just testing it out to see if we liked it.

What I liked the most about The NodeZero Platform by Horizon3.ai is that it found a dangling DNS really well, which isn't super useful, but it did add a finding to my reports, so that was good.

The NodeZero Platform by Horizon3.ai did help me to understand potential security threats, such as with the dangling DNS issue that came up, which is not something you would normally be looking for, so that did add to my knowledge base. Other than that, I would go through its attack path, so it did have some learning qualities to it.

The main downside of The NodeZero Platform by Horizon3.ai is that it would find additional servers that were not in scope when I would put in my scope, and so I had to go through and hand-pick each one every time to move forward to the next stage of the testing. If you are not careful, you can get something that is not in scope, and then if it ends up in your report, that is a significant problem.

If they could add a web app testing feature to The NodeZero Platform by Horizon3.ai, that might be enticing.

Regarding scalability, if they could extend The NodeZero Platform by Horizon3.ai to web apps and other areas, that would be great, as it would give us more coverage. Right now, using it for networks is great, and you could really do a lot with their continuous testing, which I thought was a great feature.

I have been working with The NodeZero Platform by Horizon3.ai for about 18 months, and we did not renew our contract this year.

I never had any problems with the stability of The NodeZero Platform by Horizon3.ai. I never did anything that would require a week-long worth of testing, but for tests that take a day or two, I did not have any problems.

Regarding scalability, if they could extend The NodeZero Platform by Horizon3.ai to web apps and other areas, that would be great, as it would give us more coverage. Right now, using it for networks is great, and you could really do a lot with their continuous testing, which I thought was a great feature.

I have chatted with technical support for The NodeZero Platform by Horizon3.ai a few times, usually regarding issues such as needing the password list because we locked people out and needed to know why, or if I was entering something and getting a weird response from The NodeZero Platform by Horizon3.ai, I would ask them, and they would usually resolve it for me, so they were really good.

For support of The NodeZero Platform by Horizon3.ai, I would give them a ten, as they are right on the spot, quick, and always give me the right answers.

The initial deployment of The NodeZero Platform by Horizon3.ai was easy when I first deployed it.

It took me maybe thirty minutes to deploy The NodeZero Platform by Horizon3.ai for the first time, and it was not hard at all.

One person can manage The NodeZero Platform by Horizon3.ai, so you do not need a team for this.

Regarding maintenance on my end with The NodeZero Platform by Horizon3.ai, there was no requirement, though I did have to clean up tests that either we stopped or were duplicates, so you did have to go in once in a while and clean up, but nothing major.

I have not really used any alternatives, as The NodeZero Platform by Horizon3.ai was the only thing that we have ever used that was similar.

The last time I actually used The NodeZero Platform by Horizon3.ai was probably at least July of last year.

I have no impression of The NodeZero Platform by Horizon3.ai's feature that allows security teams to fix and retest vulnerabilities instantly as I never used the retest with them. We always did that manually.

Regarding the Real Attack capabilities of The NodeZero Platform by Horizon3.ai, out of all of that time that we were using the product, it only ever got domain admin once, and it did start from the very beginning and lay out the entire attack for us, which was good. We did hundreds of tests, so that is why we did not continue, as it was very expensive for a very low yield.

The pricing of The NodeZero Platform by Horizon3.ai is too much for what it yields.

I do not know if we are a partner with The NodeZero Platform by Horizon3.ai. I do not think so, as we were just clients and users.

I would give this review an overall rating of six.

I use The NodeZero Platform by Horizon3.ai for internal and external pentest scans, and it also provides Kubernetes scanning and scanning of GitHub accounts. Primarily, I use it for internal and external pentest scans.

Regarding on-premises systems, I have executed pentest scans on externally located and internally located systems, but I have not tried much with on-premises servers. I honestly do not have significant exposure in that area and cannot provide feedback on that part at this time.

The best features of The NodeZero Platform by Horizon3.ai are that it does not require much effort compared to manual penetration testing. You simply configure the scan and modify the requirements you need, and it scans and provides quite good results. The platform presents the data in a very clear way that even non-technical people can understand the dashboard and read through it.

The user interface is significantly more user-friendly than other tools I have used. The data and evidence gathered from the penetration test scan is excellent. It shows any compromised accounts and devices, demonstrating exactly how The NodeZero Platform by Horizon3.ai executed the attack. This is considerably better than any other tools I have used.

The NodeZero Platform by Horizon3.ai incorporates technologies that go beyond traditional testing and scanning methods for vulnerabilities, such as Nessus, Qualys, and Rapid7. While those tools focus on finding vulnerabilities, The NodeZero Platform by Horizon3.ai not only finds the vulnerabilities but also attempts to exploit them, gathers available evidence, and provides possible ways to fix them. This is one of the greatest features of The NodeZero Platform by Horizon3.ai.

When we run the penetration test scans, The NodeZero Platform by Horizon3.ai definitely identifies all negative points and the external attack surface related to them, showing what those external attack surfaces are and how we could fix them.

I feel there could be improvements in scalability, although at this point I have no specific negative points to report.

I have used the NodeZero Platform by Horizon3.ai for approximately eight or nine months.

The customer support is fantastic. I personally reached out to them, and The NodeZero Platform by Horizon3.ai provides sufficient evidence needed to understand the attacks it attempted, gathering relevant information regarding compromised accounts.

For automated scans, I have not used any other tools apart from manual scanning. I have been using The NodeZero Platform by Horizon3.ai for the first time, and it feels good and easy to work with.

I do not know exactly in terms of the client because I work for the client, but personally I feel the remediation time is significantly reduced compared to what we used to do with manual testing. I would estimate approximately thirty to forty percent reduction.

The NodeZero Platform by Horizon3.ai is better than manual penetration test scans. Usually, manual penetration test scans take considerable time and money, but I believe The NodeZero Platform by Horizon3.ai is definitely worth trying if you are considering using it, because it reduces the time and cost associated with manual scans.

I do not have detailed knowledge about specific costs, but I definitely feel that investing in manual penetration test scans is much higher than the automated scans of The NodeZero Platform by Horizon3.ai. Although I have no idea about the exact cost difference, I definitely believe there is a significant difference in favor of The NodeZero Platform by Horizon3.ai in terms of lower cost.

Regarding deployment, it is quite easy if you are talking about the cloud environment and configuring the scan. I do not find it too complex. The setup should be very quick, almost instantaneous, comparable to logging into any other portal.

The NodeZero Platform by Horizon3.ai offers options in both directions, but I personally used it in a cloud environment, and I feel it is much easier than an on-premises environment. It is easy to install, but it takes a little bit of time. Once you log in and share your targets, you can configure your scan and run it, making it much easier overall.

I would certainly recommend The NodeZero Platform by Horizon3.ai to others. I am sure they would appreciate how it presents the data and reports. It does not just provide a technical report; it presents multiple reports of various attacks that may be useful for management who might not understand technical terms. It definitely helps to have those kinds of reports as well, allowing anyone to understand what is happening in the environment and what can be done about it.

Based on my work experience over seven to eight months of using The NodeZero Platform by Horizon3.ai, I am still learning more about the product, and there is much more to explore. I would give this product a rating of eight out of ten.

The main use case for The NodeZero Platform by Horizon3.ai is internal network testing, as we put up a few runners in the customer environment and then we scan and test the environment.

The main benefits that The NodeZero Platform by Horizon3.ai brings to the table or how it helps to improve the way the organization functions is that it is very easy to read the pentest results from when it comes to prioritizing the fixing order of things, because now companies can actually see what the critical part is, how it affects the business, not just the system or one device, but the business impact is the question here, which is why companies take autonomous pentesting instead of a few manual pentests a year or vulnerability management.

The best features in The NodeZero Platform by Horizon3.ai are that it is a very easy environment to maintain, as we can pretty easily set up new pentests or add new assets there to be tested. We have a good connection with the actual company behind it, Horizon3.ai, so they help us whenever we ask pretty quickly.

My impression of The NodeZero Platform by Horizon3.ai's feature that allows security teams to fix and retest vulnerabilities instantly is that it is one of the core elements our customers use and it might even be the reason why they choose this tool over traditional vulnerability scanning. Of course, they get the pentest results on top of vulnerability scanning, but its crucial part is that they can test the especially critical findings and high-level findings immediately after they have fixed them.

The NodeZero Platform by Horizon3.ai has helped my clients reduce pentest costs, as for some companies, the cost has raised a bit, but they get a bigger area tested with just a slightly bigger price. A usual case is when they move from vulnerability scanning to pentesting, the price does not actually go up except maybe just slightly.

Apart from the licenses, specifically the tenant-based licenses that were mentioned, I would like to see more deep investigation of different environments in The NodeZero Platform by Horizon3.ai, especially in cloud. A proper mapping of assets and maybe some kind of map where I can actually see what devices or accounts are connected to each other would help a lot with the investigation and prioritization of things.

There are missing features in The NodeZero Platform by Horizon3.ai that I would like to see included in the next release or some functionality that I would like to see enhanced in it in the future, as they have already spoken of web application testing, so that is something I am looking forward to. API testing would be nice to see. I think it is coming right after the web application testing. However, the one thing that is very much asked from us as a service provider is DAST testing, so when a company is building a software, they could see their current security status while they are building the application.

I have been working with The NodeZero Platform by Horizon3.ai for about two years now.

I evaluate customer service and technical support for The NodeZero Platform by Horizon3.ai as good. If we have had problems, that is with the actual licensing style they are using. When we have customers, like midterm, let us say six months after our own contract starts, we get the pricing for the next six months, but then we have to negotiate again. What I would like to see from them is a tenant-based licensing for our customers also, not just us. Overall, we have good contacts, we get answers to questions we ask them very quickly. Support has been pretty quick also.

On a scale of one to ten, I would rate the tech support for The NodeZero Platform by Horizon3.ai as nine.

Prior to adopting The NodeZero Platform by Horizon3.ai, I did not work with any other solution of the same kind, as mentioned, I have done manual pentesting. Burp Suite has some automatic scanning and testing extensions, but I have mostly been a manual tester and bug hunter. I have read a lot about Aikido solution or Pentera, but that is just on a common level of knowledge gathered from the internet, not anything too deep or technically deep.

Regarding the pricing aspect of The NodeZero Platform by Horizon3.ai, my experience with the pricing, setup cost, and licensing part of it is that the setup cost was very minimal. I do not know if we even had that to be sure. The pricing is not on my responsibility, but what I have heard from our salespersons and the business executive whose responsibility it is, is that related to traditional vulnerability scanning, it is even cheap. The pricing is not the point why it would be hard to sell, so I guess it is on a good level now.

I did evaluate other options before going with The NodeZero Platform by Horizon3.ai, as I was not myself in the process of choosing between The NodeZero Platform by Horizon3.ai and others, but I know that we chose it because it is cloud-based, so it is easy to set up. There is no need for a customer to purchase on-prem servers or anything like that. They just need a little runner on some laptop or server or virtual machine, so it is easy to maintain. It is not too pricey for the customers we planned it for. Currently, it supports very well our offensive security offerings.

With our customer, I review the results of The NodeZero Platform by Horizon3.ai and we see what they should do to improve their security maturity.

NodeZero's endpoint security effectiveness feature impacts the understanding of potential security threats, as I must say that I do not have so much results yet in that area. It is quite new to me and I am looking forward to having more testing on endpoints on both our own environment and customers. What I have seen so far, I would say currently is good, but I personally need to know more before I can say anything in any direction.

I assess The NodeZero Platform by Horizon3.ai's impact on the organization's remediation time as much better than in traditional vulnerability management because now they actually see what has been caused and what the business impact is. They actually have already a pretty prioritized list of what needs to be fixed first. The so-called false positive noise has been reduced to almost zero. It has affected that part very much.

The advice I would share regarding organizations considering The NodeZero Platform by Horizon3.ai is that, as mentioned earlier, if there is a company that should choose whether they go to pentesting or vulnerability management. Pentesting can be a very nice test, one which does not cause any issues or show to users anyway. They can also choose the stress test mode, which may even lock out accounts or crash a computer, but we can adapt and configure the test for any environment customer needs. As a technical implementation or technical tool, it is very straightforward to set it up and schedule the scans or tests and see the results. Of course, the results could be more; now it is just a list of assets pretty much and another list for findings. There could be some maps of what accounts and devices are connected to each other, which would help. Otherwise, the solution itself is very fine and I would recommend it as an MSP partner or as a user of the tool to pretty much any company. I rate The NodeZero Platform by Horizon3.ai a nine out of ten overall.

The NodeZero Platform by Horizon3.ai is a pen testing tool specifically designed for endpoint pen testing.

In my organization, I manage The NodeZero Platform by Horizon3.ai as a service provider with plenty of clients, and I am the decision maker regarding the renewal of licenses and the extension of services, along with a couple of other teammates who assist with this.

I have deployed The NodeZero Platform by Horizon3.ai in two forms: for internal penetration testing, it requires deploying an agent into the internal network, while for external tests, it is a fully cloud-based tool.

The best feature of The NodeZero Platform by Horizon3.ai is that it is an autonomous pen testing tool that knows how to penetrate into the system automatically and perform lateral movement inside the network without the need for scripting.

Regarding The NodeZero Platform by Horizon3.ai's feature to fix and retest vulnerabilities, it provides reassessment capabilities. While it does not fix vulnerabilities instantly, it allows for reassessment as soon as vulnerabilities are fixed.

Regarding the endpoint security effectiveness feature, The NodeZero Platform by Horizon3.ai does not provide endpoint security but is an offensive tool designed to find weaknesses in endpoint solutions, not to protect them.

When assessing how much The NodeZero Platform by Horizon3.ai has helped reduce pen testing costs, it plays a vital role in providing value compared to manual methods, although it depends on the client's specific needs and budget.

I believe reporting for The NodeZero Platform by Horizon3.ai has room for improvement, specifically in terms of customizability for service providers and the challenge of dynamic IP white-listing, which I have provided feedback on.

I have been using The NodeZero Platform by Horizon3.ai for more than three years.

When it comes to the stability of The NodeZero Platform by Horizon3.ai, I would rate it around seven to eight because the stability is not that high initially due to the need for daily updates and modifications as new vulnerabilities appear.

So far, we have three specialists who focus on The NodeZero Platform by Horizon3.ai.

In terms of technical support for The NodeZero Platform by Horizon3.ai, I would rate it an eight, as they provide a business analyst for account handling and usually respond within a week.

The deployment of The NodeZero Platform by Horizon3.ai is very easy.

Implementing The NodeZero Platform by Horizon3.ai takes hardly 10 to 15 minutes, as you only need to deploy it on one endpoint, which will handle pen testing for all systems.

From our side, maintaining The NodeZero Platform by Horizon3.ai requires minimal effort as we just keep the license up to date, needing only the server on which it is deployed to run.

The pricing of The NodeZero Platform by Horizon3.ai was better than others or at least comparative, shifting to an IP-based licensing model which I believe offers fair pricing.

I would say it is fairly priced.

In comparison to other vendors like AttackIQ and Pentera, The NodeZero Platform by Horizon3.ai stands out due to its autonomous capabilities that allow it to learn from the environment and follow different attack patterns, offering a better attack path workflow.

My advice for implementing The NodeZero Platform by Horizon3.ai is to conduct a proof of concept first because it provides insights beyond what other vulnerability management tools detect. I gave this product a rating of 9.

The easiest way to describe the use case would be quality assurance. It is very easy to miss a single configuration file or overlook something easy in the heat of the moment. Having that quality assurance to consistently find and verify the fixing of issues is an amazing game changer, especially when comparing it to traditional vulnerability management.

It used to be running into a wall and now it's actually about identifying your priorities and determining where there's a point in investing the time to start on it.

Speed, scalability, and the ability to see how an attack path is actually formed are the best features. The proof that what was claimed to have happened actually did happen is what I like the most about The NodeZero Platform by Horizon3.ai.

My impressions of the solution's feature that allows my security team to fix and retest vulnerabilities instantly is that it's awesome. I really love it. It is great. Instead of running a whole retest, which for some issues you will have to do, consider the classic scenario where it's Friday and almost time to leave for the weekend, but you found about 10 or so criticals that have all been worked through. The question becomes whether you trust yourself enough that all those fixes worked or whether you trust the provider enough that all those fixes worked. The NodeZero Platform by Horizon3.ai allows you to do a one-click verify, where you only test these specific issues. Being able to do that reduces the verification time to about 20 to 30 minutes rather than several hours. I love it because you don't have to tell your employees to miss their children's sports games.

I would say I trust The NodeZero Platform by Horizon3.ai with 99 percent certainty in identifying vulnerabilities in my on-premises systems. We found some essentially insane things. There are some basic issues you find every now and then, but also things that make you really surprised about how this worked and how that company hasn't been breached years ago already. It is awesome at finding just about everything.

The endpoint security effectiveness feature is really nice to get a direct mapping to tell me which endpoints do need to be looked at and where some of the topics that actually need to be addressed are. It does speed up the understanding for the EDR teams to actually see what are the issues that need to be addressed.

I would like to see an improvement in the notification management. Right now, the notifications, for example, when you schedule tests, the notification that the test has started and or finished, will only go to the person who has set up the test. I'm told that this is coming in the future, but I would like to on a per-test or per-schedule basis be able to set the notification recipient.

I have been working with the solution since early 2023.

There's constantly improvement in the attack content itself, but on the technical basis, I'm super happy with The NodeZero Platform by Horizon3.ai.

Scalability is great for me and all my clients.

Regarding technical support, I think I'll give it a 10. There have been a couple of tickets in the recent months that I've needed to open, but those were always addressed super quickly, especially if you have something that needs an ad hoc solution. You can go via the chat and you will have a response in a couple minutes at most. Most issues have been resolved in under 20 minutes.

It is really easy to work with The NodeZero Platform by Horizon3.ai. It's easy to set up and easy to understand. The onboarding or the POC is the education for the team. After that has been done, everyone at the customer will know how to use the tool. It is really easy to get started. There's such a low barrier to entry and a minimal investment with really high reward.

It is difficult to put a number to regarding the rewards and the ROI from The NodeZero Platform by Horizon3.ai. I would essentially say either immeasurable improvement or 99.9 percent. We've had customers who had quite literally insane issues in their networks. Being able to find them because there have been no eyes on that particular section so far ever, and fixing those potentially prevented those companies from getting breached. I will say absolutely 99.9 percent.

Regarding how much time The NodeZero Platform by Horizon3.ai has reduced me in testing, for comparison, this is a bit of a difficult question because it's not really directly comparable. For example, we've tested a global company and tested their entire network. That took us two days. If you were to do that with a manual pentest on the entire network, that would take months. The amount of manpower and costs associated with that is almost an immeasurable improvement again.

Regarding pricing, that is a bit of a difficult question. I'm seeing this solely from the technical perspective. Going back to the previous point, if a solution can find the issue that would have allowed your company to get breached in seconds, what kind of price can you reasonably say you wouldn't pay? I would say it is very cost-efficient.

In the past, I've had a look at Pentera, for example.

My thoughts on the integration or API aspects are positive. There's also always the option of the MCP server. But in general, regarding integration, for example, we have our ticketing system integrated. So if there's a finding, you can say in the console that you want to create a ticket for this. Then, when this finding gets closed in the ticketing system, there is an instant call to verify that fix. If the fix worked and the finding is closed successfully, it will stay closed. If it wasn't fixed, the ticket will be reopened. The service agent knows that they need to look at this again. It works great.

If someone was looking into this product, I would absolutely recommend it. I am not exaggerating when I say that this is my absolute favorite product. If I could, I would deploy this for everyone everywhere now. The basic solution would be to start with a proof of concept. Even then, the initial test is great. You will instantly get some results. I've never had a single test without findings. There were some with lower criticalities, but you will get some great results.

After that first test is done and you fix the first findings, then you will see the point that autonomous and recurring pentesting is great. For example, if you fixed something during day one, retest. Fix something during day two, run a full retest. Run tests in a different segment and run a different scenario. It is so much fun, especially when you compare it to old-school vulnerability scanners. Getting that 2,000 to 3,000-page PDF report or even classical pentests where at the point where you get the report for the pentest, it is already out of date because in the meantime, you changed a configuration or a patch was applied. The NodeZero Platform by Horizon3.ai gets you essentially as close as possible to consistent, real-time pentesting data. I would give this product a rating of 10 out of 10.

The use cases for The NodeZero Platform by Horizon3.ai include Attack Surface Monitoring primarily, followed by third-party risk management and Attack Surface Management, as well as social media monitoring. These are probably the three biggest use cases.

What I appreciate the most about The NodeZero Platform by Horizon3.ai is its distinctive competitive advantage, which is the ability to bundle multiple security solutions into one single tool. While there is competition, there is nothing quite like The NodeZero Platform by Horizon3.ai at the moment, at least to my knowledge. That is the biggest USP.

Otherwise, it is a question of time. If you benchmark a pure play Attack Surface Management tool alongside The NodeZero Platform by Horizon3.ai, then sometimes The NodeZero Platform by Horizon3.ai may do a better job, whereas sometimes the other tool might do a better job. It is a question of always catching up, much as the different AI models evolve. At some point, ChatGPT was super good, then suddenly it became Gemini and today it is flawed. Competition is constantly ongoing. However, the area where The NodeZero Platform by Horizon3.ai has done pretty well is to build multiple tools and stack them into one single solution, and that is something which competition has not really done. I have no answers to why, but that is the biggest thing with The NodeZero Platform by Horizon3.ai.

The feature that allows security teams to fix and retest vulnerabilities instantly is part of the Attack Surface Management functionality of The NodeZero Platform by Horizon3.ai. The whole idea of ASM is continuous monitoring of vulnerabilities, so the minute you actually fix it and you say that it is fixed, it will go back and check against the same particular use case. That is the functionality being discussed.

The downsides of The NodeZero Platform by Horizon3.ai are that it is an expensive tool; it is a very expensive tool.

Since The NodeZero Platform by Horizon3.ai is integrated, for people who are not looking for everything but just one particular functionality, compared to any other tool, The NodeZero Platform by Horizon3.ai tends to be a little more expensive.

I have probably been working on it for a year.

In terms of stability, I have not seen any issues with The NodeZero Platform by Horizon3.ai; I have not experienced lagging, crashing, or downtime.

I do not know the underlying architecture of The NodeZero Platform by Horizon3.ai; it is a SaaS solution, and since it has not crashed ever, and it is not a business-critical application, it is not your ERP. So frankly, even if they did crash, it would be very hard to notice unless we really manage to try and use it at that time and we get caught. The whole idea of The NodeZero Platform by Horizon3.ai is to work in the shadows and just keep pushing alerts to you. You only log into the tool when you want to. The idea is it works behind the shadows; so even if there was a downtime of, for example, five minutes or ten minutes, it is not your ERP system and you will not really notice it.

There is no single tool which can really say it has all the features that The NodeZero Platform by Horizon3.ai has. However, I have tried other tools which offer some parts of The NodeZero Platform by Horizon3.ai functionality. For example, I have used different third-party risk management tools, ASM tools such as SpyCompass, and IzoLogic for dark web monitoring and things of that nature, which are different tools, but they serve different areas; whereas The NodeZero Platform by Horizon3.ai is a combination of everything.

The initial deployment of The NodeZero Platform by Horizon3.ai is absolutely straightforward and simple; all I need to do is request for an instance, specify these things, and there is nothing really to install apart from the agent server that I need to install. It is not a big deal.

In terms of the platform's real attack capabilities, The NodeZero Platform by Horizon3.ai identifies vulnerabilities in my on-premises systems as good as any other vulnerability scanning solution that is out there. It does a very good job of finding real vulnerabilities and prioritizing them based on the criticality of the asset and contextualization of the organization's nature, which is very standard to any typical vulnerability scanning solution that is out there.

For The NodeZero Platform by Horizon3.ai overall, I would rate it an eight out of ten, with ten being the highest and one being the lowest.