External reviews are not included in the AWS star rating for the product.
I use The NodeZero Platform by Horizon3.ai for internal and external pentest scans, and it also provides Kubernetes scanning and scanning of GitHub accounts. Primarily, I use it for internal and external pentest scans.
Regarding on-premises systems, I have executed pentest scans on externally located and internally located systems, but I have not tried much with on-premises servers. I honestly do not have significant exposure in that area and cannot provide feedback on that part at this time.
The best features of The NodeZero Platform by Horizon3.ai are that it does not require much effort compared to manual penetration testing. You simply configure the scan and modify the requirements you need, and it scans and provides quite good results. The platform presents the data in a very clear way that even non-technical people can understand the dashboard and read through it.
The user interface is significantly more user-friendly than other tools I have used. The data and evidence gathered from the penetration test scan is excellent. It shows any compromised accounts and devices, demonstrating exactly how The NodeZero Platform by Horizon3.ai executed the attack. This is considerably better than any other tools I have used.
The NodeZero Platform by Horizon3.ai incorporates technologies that go beyond traditional testing and scanning methods for vulnerabilities, such as Nessus, Qualys, and Rapid7. While those tools focus on finding vulnerabilities, The NodeZero Platform by Horizon3.ai not only finds the vulnerabilities but also attempts to exploit them, gathers available evidence, and provides possible ways to fix them. This is one of the greatest features of The NodeZero Platform by Horizon3.ai.
When we run the penetration test scans, The NodeZero Platform by Horizon3.ai definitely identifies all negative points and the external attack surface related to them, showing what those external attack surfaces are and how we could fix them.
I feel there could be improvements in scalability, although at this point I have no specific negative points to report.
I have used the NodeZero Platform by Horizon3.ai for approximately eight or nine months.
The customer support is fantastic. I personally reached out to them, and The NodeZero Platform by Horizon3.ai provides sufficient evidence needed to understand the attacks it attempted, gathering relevant information regarding compromised accounts.
For automated scans, I have not used any other tools apart from manual scanning. I have been using The NodeZero Platform by Horizon3.ai for the first time, and it feels good and easy to work with.
I do not know exactly in terms of the client because I work for the client, but personally I feel the remediation time is significantly reduced compared to what we used to do with manual testing. I would estimate approximately thirty to forty percent reduction.
The NodeZero Platform by Horizon3.ai is better than manual penetration test scans. Usually, manual penetration test scans take considerable time and money, but I believe The NodeZero Platform by Horizon3.ai is definitely worth trying if you are considering using it, because it reduces the time and cost associated with manual scans.
I do not have detailed knowledge about specific costs, but I definitely feel that investing in manual penetration test scans is much higher than the automated scans of The NodeZero Platform by Horizon3.ai. Although I have no idea about the exact cost difference, I definitely believe there is a significant difference in favor of The NodeZero Platform by Horizon3.ai in terms of lower cost.
Regarding deployment, it is quite easy if you are talking about the cloud environment and configuring the scan. I do not find it too complex. The setup should be very quick, almost instantaneous, comparable to logging into any other portal.
The NodeZero Platform by Horizon3.ai offers options in both directions, but I personally used it in a cloud environment, and I feel it is much easier than an on-premises environment. It is easy to install, but it takes a little bit of time. Once you log in and share your targets, you can configure your scan and run it, making it much easier overall.
I would certainly recommend The NodeZero Platform by Horizon3.ai to others. I am sure they would appreciate how it presents the data and reports. It does not just provide a technical report; it presents multiple reports of various attacks that may be useful for management who might not understand technical terms. It definitely helps to have those kinds of reports as well, allowing anyone to understand what is happening in the environment and what can be done about it.
Based on my work experience over seven to eight months of using The NodeZero Platform by Horizon3.ai, I am still learning more about the product, and there is much more to explore. I would give this product a rating of eight out of ten.
The main use case for The NodeZero Platform by Horizon3.ai is internal network testing, as we put up a few runners in the customer environment and then we scan and test the environment.
The main benefits that The NodeZero Platform by Horizon3.ai brings to the table or how it helps to improve the way the organization functions is that it is very easy to read the pentest results from when it comes to prioritizing the fixing order of things, because now companies can actually see what the critical part is, how it affects the business, not just the system or one device, but the business impact is the question here, which is why companies take autonomous pentesting instead of a few manual pentests a year or vulnerability management.
The best features in The NodeZero Platform by Horizon3.ai are that it is a very easy environment to maintain, as we can pretty easily set up new pentests or add new assets there to be tested. We have a good connection with the actual company behind it, Horizon3.ai, so they help us whenever we ask pretty quickly.
My impression of The NodeZero Platform by Horizon3.ai's feature that allows security teams to fix and retest vulnerabilities instantly is that it is one of the core elements our customers use and it might even be the reason why they choose this tool over traditional vulnerability scanning. Of course, they get the pentest results on top of vulnerability scanning, but its crucial part is that they can test the especially critical findings and high-level findings immediately after they have fixed them.
The NodeZero Platform by Horizon3.ai has helped my clients reduce pentest costs, as for some companies, the cost has raised a bit, but they get a bigger area tested with just a slightly bigger price. A usual case is when they move from vulnerability scanning to pentesting, the price does not actually go up except maybe just slightly.
Apart from the licenses, specifically the tenant-based licenses that were mentioned, I would like to see more deep investigation of different environments in The NodeZero Platform by Horizon3.ai, especially in cloud. A proper mapping of assets and maybe some kind of map where I can actually see what devices or accounts are connected to each other would help a lot with the investigation and prioritization of things.
There are missing features in The NodeZero Platform by Horizon3.ai that I would like to see included in the next release or some functionality that I would like to see enhanced in it in the future, as they have already spoken of web application testing, so that is something I am looking forward to. API testing would be nice to see. I think it is coming right after the web application testing. However, the one thing that is very much asked from us as a service provider is DAST testing, so when a company is building a software, they could see their current security status while they are building the application.
I have been working with The NodeZero Platform by Horizon3.ai for about two years now.
I evaluate customer service and technical support for The NodeZero Platform by Horizon3.ai as good. If we have had problems, that is with the actual licensing style they are using. When we have customers, like midterm, let us say six months after our own contract starts, we get the pricing for the next six months, but then we have to negotiate again. What I would like to see from them is a tenant-based licensing for our customers also, not just us. Overall, we have good contacts, we get answers to questions we ask them very quickly. Support has been pretty quick also.
On a scale of one to ten, I would rate the tech support for The NodeZero Platform by Horizon3.ai as nine.
Prior to adopting The NodeZero Platform by Horizon3.ai, I did not work with any other solution of the same kind, as mentioned, I have done manual pentesting. Burp Suite has some automatic scanning and testing extensions, but I have mostly been a manual tester and bug hunter. I have read a lot about Aikido solution or Pentera, but that is just on a common level of knowledge gathered from the internet, not anything too deep or technically deep.
Regarding the pricing aspect of The NodeZero Platform by Horizon3.ai, my experience with the pricing, setup cost, and licensing part of it is that the setup cost was very minimal. I do not know if we even had that to be sure. The pricing is not on my responsibility, but what I have heard from our salespersons and the business executive whose responsibility it is, is that related to traditional vulnerability scanning, it is even cheap. The pricing is not the point why it would be hard to sell, so I guess it is on a good level now.
I did evaluate other options before going with The NodeZero Platform by Horizon3.ai, as I was not myself in the process of choosing between The NodeZero Platform by Horizon3.ai and others, but I know that we chose it because it is cloud-based, so it is easy to set up. There is no need for a customer to purchase on-prem servers or anything like that. They just need a little runner on some laptop or server or virtual machine, so it is easy to maintain. It is not too pricey for the customers we planned it for. Currently, it supports very well our offensive security offerings.
With our customer, I review the results of The NodeZero Platform by Horizon3.ai and we see what they should do to improve their security maturity.
NodeZero's endpoint security effectiveness feature impacts the understanding of potential security threats, as I must say that I do not have so much results yet in that area. It is quite new to me and I am looking forward to having more testing on endpoints on both our own environment and customers. What I have seen so far, I would say currently is good, but I personally need to know more before I can say anything in any direction.
I assess The NodeZero Platform by Horizon3.ai's impact on the organization's remediation time as much better than in traditional vulnerability management because now they actually see what has been caused and what the business impact is. They actually have already a pretty prioritized list of what needs to be fixed first. The so-called false positive noise has been reduced to almost zero. It has affected that part very much.
The advice I would share regarding organizations considering The NodeZero Platform by Horizon3.ai is that, as mentioned earlier, if there is a company that should choose whether they go to pentesting or vulnerability management. Pentesting can be a very nice test, one which does not cause any issues or show to users anyway. They can also choose the stress test mode, which may even lock out accounts or crash a computer, but we can adapt and configure the test for any environment customer needs. As a technical implementation or technical tool, it is very straightforward to set it up and schedule the scans or tests and see the results. Of course, the results could be more; now it is just a list of assets pretty much and another list for findings. There could be some maps of what accounts and devices are connected to each other, which would help. Otherwise, the solution itself is very fine and I would recommend it as an MSP partner or as a user of the tool to pretty much any company. I rate The NodeZero Platform by Horizon3.ai a nine out of ten overall.
The NodeZero Platform by Horizon3.ai is a pen testing tool specifically designed for endpoint pen testing.
In my organization, I manage The NodeZero Platform by Horizon3.ai as a service provider with plenty of clients, and I am the decision maker regarding the renewal of licenses and the extension of services, along with a couple of other teammates who assist with this.
I have deployed The NodeZero Platform by Horizon3.ai in two forms: for internal penetration testing, it requires deploying an agent into the internal network, while for external tests, it is a fully cloud-based tool.
The best feature of The NodeZero Platform by Horizon3.ai is that it is an autonomous pen testing tool that knows how to penetrate into the system automatically and perform lateral movement inside the network without the need for scripting.
Regarding The NodeZero Platform by Horizon3.ai's feature to fix and retest vulnerabilities, it provides reassessment capabilities. While it does not fix vulnerabilities instantly, it allows for reassessment as soon as vulnerabilities are fixed.
Regarding the endpoint security effectiveness feature, The NodeZero Platform by Horizon3.ai does not provide endpoint security but is an offensive tool designed to find weaknesses in endpoint solutions, not to protect them.
When assessing how much The NodeZero Platform by Horizon3.ai has helped reduce pen testing costs, it plays a vital role in providing value compared to manual methods, although it depends on the client's specific needs and budget.
I believe reporting for The NodeZero Platform by Horizon3.ai has room for improvement, specifically in terms of customizability for service providers and the challenge of dynamic IP white-listing, which I have provided feedback on.
I have been using The NodeZero Platform by Horizon3.ai for more than three years.
When it comes to the stability of The NodeZero Platform by Horizon3.ai, I would rate it around seven to eight because the stability is not that high initially due to the need for daily updates and modifications as new vulnerabilities appear.
So far, we have three specialists who focus on The NodeZero Platform by Horizon3.ai.
In terms of technical support for The NodeZero Platform by Horizon3.ai, I would rate it an eight, as they provide a business analyst for account handling and usually respond within a week.
The deployment of The NodeZero Platform by Horizon3.ai is very easy.
Implementing The NodeZero Platform by Horizon3.ai takes hardly 10 to 15 minutes, as you only need to deploy it on one endpoint, which will handle pen testing for all systems.
From our side, maintaining The NodeZero Platform by Horizon3.ai requires minimal effort as we just keep the license up to date, needing only the server on which it is deployed to run.
The pricing of The NodeZero Platform by Horizon3.ai was better than others or at least comparative, shifting to an IP-based licensing model which I believe offers fair pricing.
I would say it is fairly priced.
My advice for implementing The NodeZero Platform by Horizon3.ai is to conduct a proof of concept first because it provides insights beyond what other vulnerability management tools detect. I gave this product a rating of 9.
The primary use case for the NodeZero platform by Horizon3.ai is to deliver penetration testing as a service to our clients, enabling us to support their security assurance, risk reduction, and compliance obligations.
The key capabilities of the NodeZero platform by Horizon3.ai that I have found most valuable are its speed, scalability, and consistency. It is able to cover a broad scope in a relatively short period of time, which delivers significant efficiency gains when compared with traditional manual testing. It also provides a more consistent outcome, as the process is not influenced by human bias or variability.
One of the most valuable features is the ability for security teams to remediate and retest vulnerabilities immediately. The one-click verification capability is particularly effective, as it allows fixes to be validated quickly without the need to rerun the entire assessment. This streamlines the remediation cycle and supports faster confirmation of security improvements.
The platform’s real attack capabilities have also helped reduce false positives in the identification of vulnerabilities across our on-premises systems. Because the findings are evidence-based and validated prior to reporting, the results are more reliable and actionable. This enables us to focus our efforts on confirmed security issues that genuinely require attention, rather than spending time investigating theoretical or unverified exposures.
The NodeZero platform also strengthens my understanding of potential security threats through its continuously updated capabilities. With new vulnerabilities emerging and being exploited in the wild on a regular basis, it is valuable to have a platform backed by a strong research and development function that continuously updates attack content to reflect the current threat landscape. This makes the platform effective not only as a point-in-time validation tool, but as part of an ongoing and continuous security assurance programme.
At present, the platform is relatively rigid in how it operates and offers limited flexibility to align with individual user preferences or organisational requirements. While this structured approach has advantages in maintaining consistency, it can also be restrictive in practice.
In particular, greater flexibility around reporting and risk scoring would add significant value. For example, the ability for users to adjust or contextualise vulnerability ratings based on their own environment, risk appetite, or compensating controls would make the reporting more adaptable and relevant to different use cases.
I have been working with the NodeZero platform by Horizon3.ai for nearly a year, with hands-on experience using the platform since August of last year.
I would evaluate the NodeZero platform by Horizon3.ai as excellent in terms of stability and reliability. We have not experienced any issues with accessibility or availability, and the platform has consistently performed as expected.
I would rate the stability of the NodeZero platform by Horizon3.ai as 10 out of 10.
I consider the NodeZero platform by Horizon3.ai to be highly scalable. It is well-suited to enterprise environments, straightforward to deploy, and can be implemented within minutes. Its speed and breadth of testing enable it to assess large areas of network coverage in a relatively short period of time.
I would rate the scalability of the NodeZero platform by Horizon3.ai as 10 out of 10.
I interact with both the technical support and customer service teams at Horizon3.ai in relation to the NodeZero platform.
I have direct access to representatives in my region through a dedicated messaging channel, which makes communication quick and efficient. Whenever I need assistance, I can reach out directly and typically receive a response within an hour, and often sooner. In my experience, the team has been consistently responsive, helpful, and easy to work with.
I would rate the technical support for the NodeZero platform by Horizon3.ai as 9 out of 10, with 10 representing the highest level of support.
Positive
Prior to using the NodeZero platform by Horizon3.ai, our security testing activities were conducted entirely through manual methods, as we had not previously utilised an automated platform of this nature.
The installation process for the NodeZero platform by Horizon3.ai is straightforward and easy to complete. The deployment workflow is simple: you download the preconfigured virtual machine from the Horizon3.ai website, run it within the target environment, and then copy and execute the provided script within the locally deployed agent. Once that is done, the platform is ready to begin testing almost immediately.
In my experience, I have not encountered any challenges or blockers during installation. The overall setup process has been smooth, intuitive, and reliable.
I participated in the initial setup and deployment process of The NodeZero Platform by Horizon3.ai.
So far, I have seen a clear return on investment from the NodeZero platform by Horizon3.ai. As an autonomous solution, it has enabled us to save a significant amount of time and effort by reducing the level of manual work required. This has been one of the key benefits of adopting a platform of this type.
In addition, because the platform is designed to scale effectively for enterprise environments, it has also helped us improve efficiency on larger engagements. As a result, we are seeing cost savings through reduced effort and a more streamlined delivery model.
Before selecting the NodeZero platform by Horizon3.ai, I evaluated several alternative solutions from other vendors, including Pentera and RidgeBot.
We ultimately chose NodeZero for three main reasons. First, its technical capabilities were better aligned with the specific use cases and outcomes we were looking to achieve. Second, it was more commercially competitive and offered better value than the other solutions we assessed. Third, the quality of both customer and technical support was a key differentiator. Whenever we required assistance, advice, or issue resolution, the Horizon3.ai team was responsive, accessible, and highly supportive in working through our requirements.
As a managed security service provider, we use the NodeZero platform by Horizon3.ai in both a reseller and advisory capacity.
Its impact on remediation has been particularly positive. The platform provides a clear and efficient way to manage remediation through its dedicated vulnerability management capabilities, with the added benefit of integration into platforms such as Jira and ServiceNow. Because findings are evidence-based and validated, the output is highly actionable and carries a low false-positive rate, making it a strong remediation enablement tool.
From a commercial perspective, I am familiar with the platform’s pricing and licensing structure and consider it to be well-positioned across market segments. Its tiered pricing model makes it accessible for small and medium-sized businesses, while its enterprise packages provide the additional functionality required by larger organisations.
The platform has helped us reduce our penetration testing delivery costs, which was a key objective for us as a consultancy and service provider. Although I cannot disclose a specific percentage reduction, the cost savings have been significant.
My overall rating for the NodeZero platform by Horizon3.ai is eight out of ten.
The use cases for The NodeZero Platform by Horizon3.ai include Attack Surface Monitoring primarily, followed by third-party risk management and Attack Surface Management, as well as social media monitoring. These are probably the three biggest use cases.
What I appreciate the most about The NodeZero Platform by Horizon3.ai is its distinctive competitive advantage, which is the ability to bundle multiple security solutions into one single tool. While there is competition, there is nothing quite like The NodeZero Platform by Horizon3.ai at the moment, at least to my knowledge. That is the biggest USP.
Otherwise, it is a question of time. If you benchmark a pure play Attack Surface Management tool alongside The NodeZero Platform by Horizon3.ai, then sometimes The NodeZero Platform by Horizon3.ai may do a better job, whereas sometimes the other tool might do a better job. It is a question of always catching up, much as the different AI models evolve. At some point, ChatGPT was super good, then suddenly it became Gemini and today it is flawed. Competition is constantly ongoing. However, the area where The NodeZero Platform by Horizon3.ai has done pretty well is to build multiple tools and stack them into one single solution, and that is something which competition has not really done. I have no answers to why, but that is the biggest thing with The NodeZero Platform by Horizon3.ai.
The feature that allows security teams to fix and retest vulnerabilities instantly is part of the Attack Surface Management functionality of The NodeZero Platform by Horizon3.ai. The whole idea of ASM is continuous monitoring of vulnerabilities, so the minute you actually fix it and you say that it is fixed, it will go back and check against the same particular use case. That is the functionality being discussed.
The downsides of The NodeZero Platform by Horizon3.ai are that it is an expensive tool; it is a very expensive tool.
Since The NodeZero Platform by Horizon3.ai is integrated, for people who are not looking for everything but just one particular functionality, compared to any other tool, The NodeZero Platform by Horizon3.ai tends to be a little more expensive.
I have probably been working on it for a year.
In terms of stability, I have not seen any issues with The NodeZero Platform by Horizon3.ai; I have not experienced lagging, crashing, or downtime.
I do not know the underlying architecture of The NodeZero Platform by Horizon3.ai; it is a SaaS solution, and since it has not crashed ever, and it is not a business-critical application, it is not your ERP. So frankly, even if they did crash, it would be very hard to notice unless we really manage to try and use it at that time and we get caught. The whole idea of The NodeZero Platform by Horizon3.ai is to work in the shadows and just keep pushing alerts to you. You only log into the tool when you want to. The idea is it works behind the shadows; so even if there was a downtime of, for example, five minutes or ten minutes, it is not your ERP system and you will not really notice it.
There is no single tool which can really say it has all the features that The NodeZero Platform by Horizon3.ai has. However, I have tried other tools which offer some parts of The NodeZero Platform by Horizon3.ai functionality. For example, I have used different third-party risk management tools, ASM tools such as SpyCompass, and IzoLogic for dark web monitoring and things of that nature, which are different tools, but they serve different areas; whereas The NodeZero Platform by Horizon3.ai is a combination of everything.
The initial deployment of The NodeZero Platform by Horizon3.ai is absolutely straightforward and simple; all I need to do is request for an instance, specify these things, and there is nothing really to install apart from the agent server that I need to install. It is not a big deal.
In terms of the platform's real attack capabilities, The NodeZero Platform by Horizon3.ai identifies vulnerabilities in my on-premises systems as good as any other vulnerability scanning solution that is out there. It does a very good job of finding real vulnerabilities and prioritizing them based on the criticality of the asset and contextualization of the organization's nature, which is very standard to any typical vulnerability scanning solution that is out there.
For The NodeZero Platform by Horizon3.ai overall, I would rate it an eight out of ten, with ten being the highest and one being the lowest.
I use The NodeZero Platform as a consultant on penetration testing engagements for various customers. This might be different than some of their more common use cases where companies use it internally. The primary use case is for penetration testing engagements, and the main driver for having The NodeZero Platform is that it's a force multiplier for me as an individual to perform more penetration testing without additional human resources.
My favorite feature about The NodeZero Platform is that it's autonomous, and it truly delivers on that promise. It can be set and forgotten while it performs its tasks. It does exactly what it claims to do.
I started with The NodeZero Platform when it was less mature. Anytime I encountered something annoying or identified a gap that needed attention, they had already fixed or added it by the time I would have requested it. The product is being rapidly developed at this stage. There really isn't anything feature-wise that I would request or change because it's a good product. It does what it claims and excels at finding issues and covering large environments so humans don't have to perform repetitive tasks for extended periods. This allows us to focus on what's important: fixing and protecting systems. If there was one thing I would change, I would want their consulting licensing to return to being unlimited.
I have been using The NodeZero Platform for four years this month.
In the early stages, I experienced issues with large penetration tests where things might get delayed or require intervention, but I cannot remember the last time that occurred. While one of their main selling points is that it's safe to run in production, we might still try to avoid unnecessary risk. For companies operating during normal business hours, we might conduct penetration testing at night. When using SaaS-based products at night, maintenance windows can cause downtime, but I haven't encountered any of these issues with The NodeZero Platform. I cannot recall any instances of downtime or the platform being offline.
I have used it for tests ranging from tens to thousands to tens of thousands of assets, and I haven't encountered any trouble scaling. While I wouldn't say it's infinitely scalable, it certainly handles scaling effectively.
The support currently is really good. When I have questions or concerns, I receive responses promptly. They've added a chatbot which isn't particularly useful, but when it can't answer questions, it forwards messages to human support. I typically receive human responses within 12 hours, usually the same day or next day. Previously, with time-sensitive engagements, I would worry about resolving issues before deadlines. That concern has diminished as they've become more responsive and require less escalation to engineering. Support cases are now handled more efficiently, either by directing to documentation or providing workarounds for project completion.
The setup process is extremely straightforward. It has become even easier with the addition of Runners feature, which allows for automatic setup of repeated tests throughout the year. The initial setup takes approximately 30 minutes, mostly spent reading documentation, as the process is primarily point-and-click.
I have used three alternatives: Pentera, Core Impact, and Metasploit Professional. Core Impact and Metasploit Professional aren't direct competitors as they are penetration testing toolkits with built-in automation. Pentera markets itself similarly to The NodeZero Platform. Compared to Pentera, The NodeZero Platform requires less setup and delivers higher quality results. Pentera follows a consistent pattern of running vulnerability scans and attempting exploits, producing results similar to vulnerability scans. The NodeZero Platform varies its approach and continues exploring potential vulnerabilities more thoroughly, similar to a real threat actor.
The NodeZero Platform has helped identify vulnerabilities with on-premises systems effectively. They handle all technical aspects internally. I have given The NodeZero Platform a rating of 9 out of 10.
Positive