The NodeZero Platform by Horizon3.ai Reviews

We use The NodeZero Platform for control validation and we are also looking for the likelihood of vulnerabilities.

I think the one-click feature to fix and re-test vulnerabilities is great. This feature allows us to validate whether the remediation actually resolved the issue. It's pretty easy. You click it and it starts scanning. This is super helpful. I don't think anybody else has anything like that.

The NodeZero Platform's real attack capabilities help in identifying vulnerabilities on our on-prem systems because it provides actual vulnerabilities by attacking our systems. It shows us whether it really was able to do or meet the objectives that a threat actor could do. It really helps identify the likelihood instead of simply indicating a potential vulnerability.

The NodeZero Platform impacts my understanding of potential security threats in an eye-opening way. It provides validation of the actual security flaw, and it also provides remediation steps. Usually, it's an article that's written up, but it also shows proof as well.

I haven't seen much of an impact on my remediation time from using The NodeZero Platform. I think what it does is it justifies a vulnerable aspect. For the most part, it does speed up remediation because we have proof that there is a vulnerability. We classify those vulnerabilities as a POF or a Pants on Fire and they have to be remediated within 72 hours. It does help remediate.

I think The NodeZero Platform could improve by leveraging GPUs for password cracking, which would be pretty good.

I have used the solution for about two and a half years.

I haven't seen any stability issues such as crashing, lagging, or downtime. I have seen that their portal has been inaccessible for probably about 30 minutes one time.

The NodeZero Platform is very scalable.

I have never had to contact their technical support or customer support.

We've used Pantera, Symptom and Attack IQ.

The initial deployment was so easy. It only took us about five minutes.

I think the pricing could be a little bit more competitive. For example, Centerra had a little bit more flexible pricing than NodeZero.

I would say Pentera is the closest competitor to The NodeZero Platform. When I compare them, I think the flexibility of scanning is where Horizon 3 edges Pentera. Pentera does a better job at cracking passwords, but deploying remote nodes is very difficult. It's kind of convoluted, so it makes it difficult to operate. The NodeZero Platform's pricing is competitive. I think it could be a little bit more competitive. For example, Pentera had a little bit more flexible pricing than The NodeZero Platform.

Based on everything we've looked at and used in the past, I would rate The NodeZero Platform a 10 out of 10 as they are the best.

On-premises

The primary use case for the NodeZero Platform is as an extension to existing vulnerability management systems. Initially, it complemented solutions like Qualys or Tenable. However, there has been a shift towards using NodeZero to replace existing vulnerability management solutions altogether. The motivations include cost savings and addressing issues that traditional vulnerability managers might report but do not actually affect system security.

Deploying the NodeZero Platform is straightforward for me as it involves just a Docker container in a network or a network segment, saving time and eliminating the need for agents on every endpoint. Its autonomous operation, safe for production use, makes it practical to schedule pen tests during business hours. The tripwires feature acts like a honeypot, providing network alerts for potential threats. These factors make it an effective tool for enhancing security in organizations.

One of the areas where improvement is needed is in the visibility and reporting for large enterprises. The existing GUI or NodeZero insights provide better visibility, but there's still room for enhancement. Moreover, there is a need to automate interactions with other systems, particularly in triggering or opening tickets in ServiceNow. Adding the application layer would also be valuable for clients.

I have used the solution for 1.5 years.

No issues were encountered in deploying the NodeZero Platform. Once the firewalls are open and communication with the cloud is enabled, it's a matter of installing a Docker container or VMware and opening the ports for smooth operation.

I rate the stability of the NodeZero Platform a ten out of ten. We have not encountered any issues on the platform regarding accessibility, performance, or stability.

I rate the scalability of the NodeZero Platform a ten out of ten. We have conducted pen tests in environments with hundreds of thousands of IP addresses without any scalability issues. The platform is built for large scale deployment and operation.

I rate their support an eight out of ten. The support is skilled and effective, although there are sometimes delays due to bandwidth issues, possibly due to the size of the team.

Positive

Initially, NodeZero and similar solutions were used alongside existing vulnerability management solutions like Qualys or Tenable. However, there has been a shift towards replacing these existing solutions as businesses seek to address vulnerability issues more efficiently.

The initial setup is very easy, rated 10 out of 10. It involves straightforward steps of installing a Docker container, configuring firewalls, and ensuring communication with the cloud.

The deployment process involves an initial meeting with the client to choose the deployment method—either on a VMware or Docker container. This is followed by defining and setting up firewall rules. After preparing everything, deploying the Docker container or VMware takes a few minutes, and the pen test can begin.

I rate the pricing a six out of ten. Pricing is moderate compared to competitors but depends on the solutions in comparison. While cheaper than XM Cyber and human pen testers, it's more expensive than vulnerability managers.

I evaluated Pentera and XM Cyber alongside the NodeZero Platform at various points. Pentera was assessed about two years ago, and we have clients currently using XM Cyber.

I rate the NodeZero Platform an eight out of ten. The platform is scalable and stable, suitable for large enterprises and businesses. It needs improvement in areas like visibility, reporting, and automation with third-party systems. The overall product rating is eight.

Hybrid Cloud

Amazon Web Services (AWS)

My main use case for The NodeZero Platform by Horizon3.ai is performing quarterly pen tests on our enterprise and OT networks.

For those quarterly pen tests, we usually run them in the actual web UI interface, selecting what subnets we want to hit for pen tests, what vulnerabilities we want to use, and the whitelists that we have in place. We don't step on any sensitive devices, and then afterwards, we review the findings and remedy the problems.

The best features that The NodeZero Platform by Horizon3.ai offers include its set it and forget it type pen testing. You configure it once and then set it to automatically run during certain days, which is particularly useful, especially when you're a thin IT department.

That set-it-and-forget-it feature helps my team day-to-day by saving a lot of time, as we can set the pen test and then divert our attention to other things while the pen test is ongoing.

The NodeZero Platform by Horizon3.ai has positively impacted my organization by catching vulnerabilities and exploits that we wouldn't otherwise be able to find as easily or as quickly, so I'd say it helps better our cybersecurity posture.

The NodeZero Platform by Horizon3.ai can be improved in some ways, particularly regarding the test scan sometimes.

When the test scan doesn't work as expected, the runner sometimes acts up, and we usually have to run a command on it to fix it or sometimes reboot it. Other than that, the product works great.

I have been using The NodeZero Platform by Horizon3.ai for about a year and a half.

The NodeZero Platform by Horizon3.ai is stable.

The scalability of The NodeZero Platform by Horizon3.ai is pretty good, as you can throw in any number of subnets in the pen test, so I'd say it's very scalable.

We have had no issues with their customer support; it seemed pretty solid.

I would rate the customer support of The NodeZero Platform by Horizon3.ai as an eight.

We did not have a different solution before using The NodeZero Platform by Horizon3.ai.

I wasn't involved in the pricing, setup cost, and licensing, but I've heard that it's pretty simple and easy.

We did not evaluate any other options before choosing The NodeZero Platform by Horizon3.ai.

My impression of the solution's feature that allows security teams to fix and retest vulnerabilities instantly is that it's a very useful feature, and I highly appreciate that feature.

The platform's real attack capabilities have helped in identifying vulnerabilities in my on-prem systems by giving us a real-world example of what we should be prioritizing, which helps during the vulnerability management process, so it's helped us significantly.

We don't necessarily use the endpoint security effectiveness feature; we don't really pay attention to it.

The NodeZero Platform by Horizon3.ai has reduced our pen testing costs, but I don't have a specific number.

My advice to others looking into using The NodeZero Platform by Horizon3.ai is to utilize the one-click vulnerability or rescan feature for NodeZero.

I think they're also the reseller for the product.

I would rate this solution an eight overall.

Hybrid Cloud

Other

My main use case for The NodeZero Platform by Horizon3.ai includes pen testing and vulnerability management. I use The NodeZero Platform by Horizon3.ai to run weekly external and internal scans to identify configuration issues, software vulnerabilities, or misconfigurations.

The NodeZero Platform by Horizon3.ai has positively impacted my organization by allowing my security team to be more efficient and focus on the most valuable work at the highest criticality. My team's efficiency has improved by identifying what is truly a cybersecurity risk, allowing us to filter out vulnerabilities that are not exploitable and not worth the time and effort to remediate.

The best features The NodeZero Platform by Horizon3.ai offers include addressing security threats introduced by misconfigurations, identity, and vulnerability.

The NodeZero Platform by Horizon3.ai helps me identify security threats from misconfigurations or identity issues by conducting weekly scans of my entire environment to identify issues as an attacker would perceive them, starting from a patient zero.

The NodeZero Platform by Horizon3.ai could be improved by reducing the elapsed time from identifying a zero-day vulnerability from their QA environment to their production environment.

I have been using The NodeZero Platform by Horizon3.ai for four years.

The NodeZero Platform by Horizon3.ai is stable.

The NodeZero Platform by Horizon3.ai is very scalable.

The customer support is excellent.

I did not previously use a different solution.

I had a very good experience with pricing, setup cost, and licensing.

I evaluated other options before choosing The NodeZero Platform by Horizon3.ai, specifically Pantera.

My advice to others looking into using The NodeZero Platform by Horizon3.ai is to do yourself a favor and see what the product will find. The platform's real attack capabilities have helped in identifying vulnerabilities in my on-premises systems by allowing us to find even systems that made it off inventory; there is nowhere to hide from The NodeZero Platform by Horizon3.ai.

The NodeZero Platform by Horizon3.ai's endpoint security effectiveness feature impacts my understanding of potential security threats by allowing me to assess the efficacy of the EDR solution. The NodeZero Platform by Horizon3.ai has improved my remediation times in a meaningful way and has helped reduce my pen testing costs by approximately 25 percent. I would rate this product 8 out of 10.

Private Cloud

Amazon Web Services (AWS)

The use cases for The NodeZero Platform by Horizon3.ai include Attack Surface Monitoring primarily, followed by third-party risk management and Attack Surface Management, as well as social media monitoring. These are probably the three biggest use cases.

What I appreciate the most about The NodeZero Platform by Horizon3.ai is its distinctive competitive advantage, which is the ability to bundle multiple security solutions into one single tool. While there is competition, there is nothing quite like The NodeZero Platform by Horizon3.ai at the moment, at least to my knowledge. That is the biggest USP.

Otherwise, it is a question of time. If you benchmark a pure play Attack Surface Management tool alongside The NodeZero Platform by Horizon3.ai, then sometimes The NodeZero Platform by Horizon3.ai may do a better job, whereas sometimes the other tool might do a better job. It is a question of always catching up, much as the different AI models evolve. At some point, ChatGPT was super good, then suddenly it became Gemini and today it is flawed. Competition is constantly ongoing. However, the area where The NodeZero Platform by Horizon3.ai has done pretty well is to build multiple tools and stack them into one single solution, and that is something which competition has not really done. I have no answers to why, but that is the biggest thing with The NodeZero Platform by Horizon3.ai.

The feature that allows security teams to fix and retest vulnerabilities instantly is part of the Attack Surface Management functionality of The NodeZero Platform by Horizon3.ai. The whole idea of ASM is continuous monitoring of vulnerabilities, so the minute you actually fix it and you say that it is fixed, it will go back and check against the same particular use case. That is the functionality being discussed.

The downsides of The NodeZero Platform by Horizon3.ai are that it is an expensive tool; it is a very expensive tool.

Since The NodeZero Platform by Horizon3.ai is integrated, for people who are not looking for everything but just one particular functionality, compared to any other tool, The NodeZero Platform by Horizon3.ai tends to be a little more expensive.

I have probably been working on it for a year.

In terms of stability, I have not seen any issues with The NodeZero Platform by Horizon3.ai; I have not experienced lagging, crashing, or downtime.

I do not know the underlying architecture of The NodeZero Platform by Horizon3.ai; it is a SaaS solution, and since it has not crashed ever, and it is not a business-critical application, it is not your ERP. So frankly, even if they did crash, it would be very hard to notice unless we really manage to try and use it at that time and we get caught. The whole idea of The NodeZero Platform by Horizon3.ai is to work in the shadows and just keep pushing alerts to you. You only log into the tool when you want to. The idea is it works behind the shadows; so even if there was a downtime of, for example, five minutes or ten minutes, it is not your ERP system and you will not really notice it.

There is no single tool which can really say it has all the features that The NodeZero Platform by Horizon3.ai has. However, I have tried other tools which offer some parts of The NodeZero Platform by Horizon3.ai functionality. For example, I have used different third-party risk management tools, ASM tools such as SpyCompass, and IzoLogic for dark web monitoring and things of that nature, which are different tools, but they serve different areas; whereas The NodeZero Platform by Horizon3.ai is a combination of everything.

The initial deployment of The NodeZero Platform by Horizon3.ai is absolutely straightforward and simple; all I need to do is request for an instance, specify these things, and there is nothing really to install apart from the agent server that I need to install. It is not a big deal.

In terms of the platform's real attack capabilities, The NodeZero Platform by Horizon3.ai identifies vulnerabilities in my on-premises systems as good as any other vulnerability scanning solution that is out there. It does a very good job of finding real vulnerabilities and prioritizing them based on the criticality of the asset and contextualization of the organization's nature, which is very standard to any typical vulnerability scanning solution that is out there.

For The NodeZero Platform by Horizon3.ai overall, I would rate it an eight out of ten, with ten being the highest and one being the lowest.

Public Cloud

Other

To meet standards, I am required to do penetration testing periodically. This is something I can do on-demand anytime I choose, or I can set it up to recur on a recurring schedule.

The NodeZero Platform has a great cost, and its usability is straightforward. It can be deployed in the cloud. There is an on-premise container that I need to spin up to allow it to run in my environment, but it is automatically updated because it is cloud-based. It uses AI to try and gain access to my network and learns from the environment as it goes, providing a report on vulnerabilities, and demonstrates how their system exploits them to either elevate privilege or gain access to specific credentials or devices.

I haven't really come across anything that I say needs to be improved with it, other than the container runner, which tends to lose time. It does not always sync with the cloud versions, so I have to do it manually.

I have used the solution for over a year.

Initially, there were some devices that, when it scanned, it caused network issues. So I had to exclude those, but that was fairly simple to do.

I reached out to support and they were very responsive. I would rate them a nine out of ten.

Positive

I have reviewed other penetration testing solutions but haven't used them due to cost constraints, as they were really expensive compared to the NodeZero Platform.

The initial setup was simple and easy to operate.

The pricing is much more affordable than traditional penetration tests.

I have reviewed other penetration testing solutions but did not use any due to cost constraints.

I would advise taking advantage of the support when you have it. For Horizon360 NodeZero, they are always responsive. Let them show you how to use it and the best way to get the most out of it. Overall, I'd rate NodeZero at nine to 9.5 out of ten.

Public Cloud

The solution is used for penetration testing.

Penetration testing and scans are useful features. These features are the reason why we started using the product.

We run the penetration testing and look at the reports. The reports are quite useless. We are looking for a different product. The tool did not help enhance our organization's cybersecurity posture. The reports had a lot of false positives. They didn't detect anything. The tool didn’t identify any vulnerabilities. The solution must detect threats and vulnerabilities.

I have been using the solution for about a year. I am using the latest version of the solution.

We didn’t have any issues with stability.

We didn’t have any issues with scalability. We didn’t need it.

My team interacts with the support team. I haven't heard any complaints.

The solution is deployed on the cloud. The initial deployment was easy.

We haven’t seen a return on investment.

We used another solution parallelly. We got help from a third-party vendor to do that. I will definitely not recommend the product to others. It was quite useless for us. It didn't give us any useful results. Overall, I rate the solution a one out of ten.