The NodeZero Platform by Horizon3.ai Reviews

My main use case for The NodeZero Platform by Horizon3.ai is C-TAM to actively scan for threats or potential threats within our environment and to help keep our environment secure. A specific example of how I have used The NodeZero Platform by Horizon3.ai for C-TAM in my environment is that we had some exposed SSH ports within a cloud provider, and we were able to clear those and close those ports up.

The best features that The NodeZero Platform by Horizon3.ai offers include the automated scans, which are great to use; you set it, scope it, and let it go, which works really well. The executive reporting feature is impactful for me as a manager, providing a strong foundation to give quarterly and yearly reports to our executives and board to see the state of our infrastructure from a security standpoint.

The level of detail and clarity in the executive reports from The NodeZero Platform by Horizon3.ai absolutely helps me communicate effectively with leadership. They are detailed enough for me to extract the necessary information tailored for the executives and to provide a broader perspective on our mitigation efforts or accepted risk stance and where additional controls exist.

The NodeZero Platform by Horizon3.ai has positively impacted my organization by giving us a better continuous picture of our security posture, what's exploitable, and what can be used against the organization. It allows us to run scans whenever needed, unlike a single third-party system that only provides a snapshot in time; our processes must be ongoing as the security landscape is dynamic.

NodeZero's endpoint security effectiveness feature impacts my understanding of potential security threats by providing a clear picture of both the external and internal landscapes within my organization, enabling me to prioritize and adjust as needed for vulnerabilities such as WordPress plugin issues or user enumerations and software code version assessments.

I have built The NodeZero Platform by Horizon3.ai into our weekly and monthly workflows for security CI/CD, and we scan our externally accessible assets every week to address anything quickly if it comes up. That includes our firewalls, websites, and anything that is an external web server, which we scan weekly, while the monthly scans are for internal systems that feed our security CI/CD pipeline, enabling us to action across and prioritize any vulnerabilities caught by The NodeZero Platform by Horizon3.ai.

The NodeZero Platform by Horizon3.ai is great, with an amazing MCP server and great API integration. I have utilized both and can vouch for their features. However, my team struggles with the onboarding side of our engagement, which should have been more robust; having a statement of work and a clear definition of success would have been beneficial. We faced challenges building the boat as we were launching without clarity on how we wanted to use the system, but that is the only constructive criticism I have for improvements.

I have been using The NodeZero Platform by Horizon3.ai for six months.

The NodeZero Platform by Horizon3.ai has been very stable.

So far, we have not needed to scale The NodeZero Platform by Horizon3.ai much; it is effectively doing everything we need it to do, making the question of scalability somewhat irrelevant for us.

So far, customer support for The NodeZero Platform by Horizon3.ai has been great; we appreciate the team for always answering our questions promptly and bringing in resources as necessary. I would rate customer support for The NodeZero Platform by Horizon3.ai a 10; the team has been great in responding quickly and thoroughly explaining any questions we may have.

We did not previously use a different solution; we just had Tenable running, which is not the same as The NodeZero Platform by Horizon3.ai.

My experience with the pricing, setup cost, and licensing of The NodeZero Platform by Horizon3.ai has been great. The sales process with Calvin and the team was excellent, leaving me very satisfied with the implementation and support from the NodeZero sales team.

Although I do not have specific metrics indicating return on investment such as fewer employees or direct savings, the main metric is that we save time because The NodeZero Platform by Horizon3.ai is scanning continuously and allows us to track remediations within the platform. Time to resolution and verification is what I focus on most, as we can quickly verify the resolution of vulnerabilities through the one-click verify feature in The NodeZero Platform by Horizon3.ai.

Before choosing The NodeZero Platform by Horizon3.ai, we evaluated other options including Cymulate and Rapid7, though I cannot recall the other one.

The NodeZero Platform by Horizon3.ai is currently deployed in a public cloud, and we plan to incorporate some on-premise capabilities as we work on network segmentation to scan other sites from remote office locations or physical sites.

For our public cloud deployment of The NodeZero Platform by Horizon3.ai, we use Azure.

What we have seen as specific outcomes indicating this positive impact is that everything external on our systems scores below two, which is really good. While we have some configuration cleanup to do, everything external is very clean now, and we identified what needs to be addressed, prioritized them, and within weeks got to a very clean state externally, though we still have ongoing work internally due to some legacy systems.

The platform's real attack capabilities help in identifying vulnerabilities in our on-prem systems by reviewing our overall posture and available layers. Given our complexity with 17 different sites in Azure, we are constantly scanning across the network, realizing that our network segmentation needs improvement. Once we enhance that segmentation, we will utilize The NodeZero Platform by Horizon3.ai at one of our remote office sites to conduct scans accordingly.

I adore the feature of The NodeZero Platform by Horizon3.ai that allows security teams to fix and retest vulnerabilities instantly, as I always want to validate the efforts and diligence put forth by my team.

I assess that The NodeZero Platform by Horizon3.ai has improved our organization's remediation time because we have fewer vulnerabilities to remediate now. Initially, we had a lot of medium vulnerabilities and a few high ones, allowing us to prioritize and resolve the high risks quickly, then address the medium vulnerabilities more methodically to add value back to the organization, which we accomplished in a timely manner.

The NodeZero Platform by Horizon3.ai is great, with an amazing MCP server and great API integration. I have utilized both and can vouch for their features. However, my team struggles with the onboarding side of our engagement, which should have been more robust; having a statement of work and a clear definition of success would have been beneficial. We faced challenges building the boat as we were launching without clarity on how we wanted to use the system, but that is the only constructive criticism I have for improvements.

The NodeZero Platform by Horizon3.ai has not helped reduce our pen-testing costs; in fact, our pen-test engagement was cheaper than the cost of The NodeZero Platform by Horizon3.ai. However, the pen test occurred only once a year and provided just a snapshot of a moment in time without follow-up for remediation validation, so we appreciated it but it did not effectively portray our organization's ongoing state.

I advise others looking into using The NodeZero Platform by Horizon3.ai to buy onboarding hours and create a statement of work since building that ad hoc is not in the best interest of the organization. It is vital to define success criteria for when the onboarding process is completed and implemented.

The NodeZero Platform by Horizon3.ai does what it is advertised and does it really well, and I would rate this review a 10.

The primary use case for the NodeZero platform by Horizon3.ai is to deliver penetration testing as a service to our clients, enabling us to support their security assurance, risk reduction, and compliance obligations.

The key capabilities of the NodeZero platform by Horizon3.ai that I have found most valuable are its speed, scalability, and consistency. It is able to cover a broad scope in a relatively short period of time, which delivers significant efficiency gains when compared with traditional manual testing. It also provides a more consistent outcome, as the process is not influenced by human bias or variability.

One of the most valuable features is the ability for security teams to remediate and retest vulnerabilities immediately. The one-click verification capability is particularly effective, as it allows fixes to be validated quickly without the need to rerun the entire assessment. This streamlines the remediation cycle and supports faster confirmation of security improvements.

The platform’s real attack capabilities have also helped reduce false positives in the identification of vulnerabilities across our on-premises systems. Because the findings are evidence-based and validated prior to reporting, the results are more reliable and actionable. This enables us to focus our efforts on confirmed security issues that genuinely require attention, rather than spending time investigating theoretical or unverified exposures.

The NodeZero platform also strengthens my understanding of potential security threats through its continuously updated capabilities. With new vulnerabilities emerging and being exploited in the wild on a regular basis, it is valuable to have a platform backed by a strong research and development function that continuously updates attack content to reflect the current threat landscape. This makes the platform effective not only as a point-in-time validation tool, but as part of an ongoing and continuous security assurance programme.

At present, the platform is relatively rigid in how it operates and offers limited flexibility to align with individual user preferences or organisational requirements. While this structured approach has advantages in maintaining consistency, it can also be restrictive in practice.

In particular, greater flexibility around reporting and risk scoring would add significant value. For example, the ability for users to adjust or contextualise vulnerability ratings based on their own environment, risk appetite, or compensating controls would make the reporting more adaptable and relevant to different use cases.

I have been working with the NodeZero platform by Horizon3.ai for nearly a year, with hands-on experience using the platform since August of last year.

I would evaluate the NodeZero platform by Horizon3.ai as excellent in terms of stability and reliability. We have not experienced any issues with accessibility or availability, and the platform has consistently performed as expected.

I would rate the stability of the NodeZero platform by Horizon3.ai as 10 out of 10.

I consider the NodeZero platform by Horizon3.ai to be highly scalable. It is well-suited to enterprise environments, straightforward to deploy, and can be implemented within minutes. Its speed and breadth of testing enable it to assess large areas of network coverage in a relatively short period of time.

I would rate the scalability of the NodeZero platform by Horizon3.ai as 10 out of 10.

I interact with both the technical support and customer service teams at Horizon3.ai in relation to the NodeZero platform.

I have direct access to representatives in my region through a dedicated messaging channel, which makes communication quick and efficient. Whenever I need assistance, I can reach out directly and typically receive a response within an hour, and often sooner. In my experience, the team has been consistently responsive, helpful, and easy to work with.

I would rate the technical support for the NodeZero platform by Horizon3.ai as 9 out of 10, with 10 representing the highest level of support.

Positive

Prior to using the NodeZero platform by Horizon3.ai, our security testing activities were conducted entirely through manual methods, as we had not previously utilised an automated platform of this nature.

The installation process for the NodeZero platform by Horizon3.ai is straightforward and easy to complete. The deployment workflow is simple: you download the preconfigured virtual machine from the Horizon3.ai website, run it within the target environment, and then copy and execute the provided script within the locally deployed agent. Once that is done, the platform is ready to begin testing almost immediately.

In my experience, I have not encountered any challenges or blockers during installation. The overall setup process has been smooth, intuitive, and reliable.

I participated in the initial setup and deployment process of The NodeZero Platform by Horizon3.ai.

So far, I have seen a clear return on investment from the NodeZero platform by Horizon3.ai. As an autonomous solution, it has enabled us to save a significant amount of time and effort by reducing the level of manual work required. This has been one of the key benefits of adopting a platform of this type.

In addition, because the platform is designed to scale effectively for enterprise environments, it has also helped us improve efficiency on larger engagements. As a result, we are seeing cost savings through reduced effort and a more streamlined delivery model.

Before selecting the NodeZero platform by Horizon3.ai, I evaluated several alternative solutions from other vendors, including Pentera and RidgeBot.

We ultimately chose NodeZero for three main reasons. First, its technical capabilities were better aligned with the specific use cases and outcomes we were looking to achieve. Second, it was more commercially competitive and offered better value than the other solutions we assessed. Third, the quality of both customer and technical support was a key differentiator. Whenever we required assistance, advice, or issue resolution, the Horizon3.ai team was responsive, accessible, and highly supportive in working through our requirements.

As a managed security service provider, we use the NodeZero platform by Horizon3.ai in both a reseller and advisory capacity.

Its impact on remediation has been particularly positive. The platform provides a clear and efficient way to manage remediation through its dedicated vulnerability management capabilities, with the added benefit of integration into platforms such as Jira and ServiceNow. Because findings are evidence-based and validated, the output is highly actionable and carries a low false-positive rate, making it a strong remediation enablement tool.

From a commercial perspective, I am familiar with the platform’s pricing and licensing structure and consider it to be well-positioned across market segments. Its tiered pricing model makes it accessible for small and medium-sized businesses, while its enterprise packages provide the additional functionality required by larger organisations.

The platform has helped us reduce our penetration testing delivery costs, which was a key objective for us as a consultancy and service provider. Although I cannot disclose a specific percentage reduction, the cost savings have been significant.

My overall rating for the NodeZero platform by Horizon3.ai is eight out of ten.

My main use cases for The NodeZero Platform by Horizon3.ai primarily focus on determining how secure our environment is. I always pitch to various customers that they need to understand how secure their environment is. Specifically, I help them assess how secure it would be if an attacker breaches into any of their critical systems such as domain controllers or systems with entire admin access.

I evaluate what lateral movements an attacker could carry out into other critical systems and critical servers in their environment, and how they could steal their crown jewels. It is essential to know all of this and see it in your environment so you can take up the necessary defense that is needed.

The NodeZero Platform by Horizon3.ai has impacted my company positively. Whenever we deploy anything new, either a server or a DNS server, we are able to easily conduct a quick test with The NodeZero Platform by Horizon3.ai to know how secure that server is from wherever it has been placed. This quick test has enabled us to have peace of mind knowing that we are able to identify either the security lapses that may be available or not, and we are able to get that information quickly, just with a few clicks of the button.

The features I appreciate most about The NodeZero Platform by Horizon3.ai are as follows. First, the ease of deployment is exceptional. The deployment is very easy, taking under ten minutes to complete. Second, the process of initiating a pentest is very well detailed and straightforward. A new graduate out of school can make use of this platform effectively. Third, the detailed reports are outstanding. The detailed reports make it easy for everyone involved. They have something for executives, the network team, and the vulnerability and threat team. The reports are all well detailed, so those are the three main reasons why I appreciate The NodeZero Platform by Horizon3.ai.

Improving The NodeZero Platform by Horizon3.ai should include having audit logs on the platform. For instance, if a user deletes a pentest from the platform, it would be beneficial if audit logs could show that a particular user deleted a pentest on a specific date and time. An audit log trail would be very valuable for the platform.

Second, it would be helpful to have a dashboard or feature that showcases the NodeZero runners and their download speed or whatever is being used. When you are using a runner to run a pentest, it would be beneficial to see the module logs and everything that is being run before the runner kicks off and shows up on the dashboard. If those two things could be added, it would significantly improve the platform.

I have been using The NodeZero Platform by Horizon3.ai for four or more years.

The NodeZero Platform by Horizon3.ai is extremely stable. Every single attack configuration is safe to run in a production live environment. All of the various attack configurations and all of the various NodeZero RAT tools and RAT modules that are injected during the pentest are safe to run. They have been tested by the NodeZero engineering teams and they are safe to run in a live environment without impacting the environment whatsoever.

They do not bring down the network, do not bring down any critical infrastructure or systems, and do not leave breadcrumbs behind on any server. I have been using the tool for four or more years and there has not been an instance whereby The NodeZero Platform by Horizon3.ai breaks anything.

The scalability of The NodeZero Platform by Horizon3.ai is very good. For internal pentest, you can deploy as many Docker hosts as you want. You can also run external pentest. The platform offers various insider threats, segmentation tests, phishing tests, and PCI DSS tests. There are so many options and capabilities that The NodeZero Platform by Horizon3.ai can provide.

The customer service and technical support of The NodeZero Platform by Horizon3.ai is a very good feature. They have online chat support and they are very quick to respond. If the chatbot cannot give you the right answer that you need, you can talk to a human who is always available to assist with whatever critical questions you may have for the tool. The chat support on the platform is very fast. Also, the support through the support channel via email is very quick to answer and very responsive, providing critical answers and critical solutions as quickly as possible.

I have not used a different solution before choosing The NodeZero Platform by Horizon3.ai; this was my first autonomous pentest tool.

There was a time when my company conducted a proof of concept of another solution before choosing The NodeZero Platform by Horizon3.ai. I cannot remember the name of that company now, but we did not proceed with that solution. We decided to stick with The NodeZero Platform by Horizon3.ai.

My experience with the deployment of The NodeZero Platform by Horizon3.ai is that deployment is as easy as it gets. Within ten minutes, you should be done deploying the NodeZero OVA. After your environment check is done and everything looks good, under five minutes you should have already started a pentest. The deployment is as smooth and easy as it gets.

I did not use an integrator, reseller, or consultant for the deployment of The NodeZero Platform by Horizon3.ai.

The return on investment from The NodeZero Platform by Horizon3.ai is almost one hundred percent. While it is not replacing the role of critical pentests conducted by pentesters, the fact that you can use the platform to run as many pentests as you want depending on your license and asset count means you can test your infrastructure as often as you want and anytime you want. This makes full value of your money possible. You get full value of your money for the investment.

My experience with the pricing, setup cost, and licensing for The NodeZero Platform by Horizon3.ai is that since we charge by license allocation, the pricing for our MSP license is fair and very good. The pricing is great.

There was a time when my company conducted a proof of concept of another solution before choosing The NodeZero Platform by Horizon3.ai. I cannot remember the name of that company now, but we did not proceed with that solution. We decided to stick with The NodeZero Platform by Horizon3.ai.

My advice or recommendation to other companies considering The NodeZero Platform by Horizon3.ai is that they should not waste time because this is a very great tool. It is a much-needed tool in your security infrastructure because it helps you to know what you can see from various segments and what an attacker can reach from whatever VLAN. It is a very good tool and it gives you full visibility. I would rate The NodeZero Platform by Horizon3.ai a nine out of ten.

For us, The NodeZero Platform is literally the single best security solution we have because the way that it works is we're able to scan every part of our network, both internally and externally, and then get completely actionable feedback that doesn't matter if it's for an application developer or a network admin. The way that the feedback is presented leaves no room for what is the problem. Our use cases are internal network scans, external penetration tests, and then all of the remediation that goes along with those two results. The final use case that we use is we actively scan every single network password and make sure that no one has password reuse, duplication, or any of the things that have gotten a lot of other companies in trouble. This is one of their easiest features to start with. That is the primary use case.

The favorite feature of The NodeZero Platform is that it's easiest from a password perspective because when examining all the things in cybersecurity and all the things in the news, it almost always comes down to somehow the bad guys got someone's username and password. Being able to scan literally thousands of passwords to see if there's an issue with them and then immediately take action is amazing because it keeps our network safe and we don't have to worry about constantly having accounts taken over by criminals. By immediately taking action, they told us about this thing that allows the security teams to fix and retest vulnerabilities instantly, which is their one-click feature.

For us, it's so quick to test every single password. We're able to get a list of anyone that has a password that is compromised because some other website, they use that same password. We're able to actually just rescan all passwords in such a short period, we don't need to use the one-click verification. That's more for if there's a vulnerability on a specific computer or server, which we do use that as well. But just the ability to scan all passwords in such a short time is my favorite feature.

The NodeZero Platform's real attack capabilities have helped in identifying vulnerabilities in our on-prem systems in a few ways. First and foremost, other security platforms used to have so many things that they would report on. Because they would give so many issues and in a way that wasn't clear, a lot of times there was ambiguity and the different sub-teams within IT would disagree on how the problem was or if there was a problem. The way that it's helped us is that it got rid of all of that confusion. We're able to see an issue and then resolve an issue. The one-click verify has helped us several times because in the past, we would do a penetration test once a year and if we thought we fixed it, we would wait a whole other year until we figured it out. Now with the one-click verify, our team will take an action, scan it again, and then a lot of times, even though the fix is pretty straightforward, it doesn't solve the issue. For instance, everyone has NVIDIA in the news all the time because they have these amazing graphics cards. We had an issue. We thought we resolved it. We updated a version, we did the one-click verify, the issue was still there. It said to upgrade to the newest version. So we upgraded another version, did the one-click verify, still was an issue. We ended up going through four or five different iterations and then realized what was actually the problem is that one of the checkboxes needed to be checked differently across our network. Being able to actually go through those iterations so quickly has really helped from a security standpoint.

One of the things that we've shared with Horizon is just the reporting. They've made a lot of changes over time, but when examining computers, most average normal people don't look at a computer and identify it as 114.82.117.180. They identify it as 'the printer for accounting.' When many of the reports give the very detailed technical IP address or serial number, that's really not helpful for anyone other than the person, the hands-on person that's trying to remediate it. All the managers, all the leaders, having information in that format isn't helpful. Being able to have information about what those devices are would be very helpful.

There's a technical reason they can't just have an easy button because some people have really complicated networks. When examining things for the average company, the average executive, that 114 number, there's only one of those. But if examining an AT&T or a Walmart, it isn't unique. They haven't solved that problem. But for the 90% of companies, being able to have just a human readable name for all devices on your network in all of the reports all of the time would be the most beneficial.

We've been using The NodeZero Platform for a little over four years now.

I have not seen any lagging, crashing, downtime, or anything with The NodeZero Platform. I had some unusual situations where because some of our third parties had their systems misconfigured, our scan would run forever because we would start scanning beyond our own four walls of our company. But we've never had major issues with the product itself.

Our company has about 2,000 people, about 5,000 total devices including phones and network equipment. We're a medium-sized company and it takes us a few hours to run every single scan. I am uncertain how it would work if you're on an AT&T or a Walmart where you have a million network objects. I would think it does fairly, but I don't have the experience to say anything more than what we do, which is a mid-sized company.

I have contacted their technical support or customer support many times. The main reason that we contact their technical support and customer support isn't because their product isn't working, it's because their product tells us we have an issue and we need a little bit more help on how we actually resolve the issue. They'll have really good guidance, but sometimes we need to say how they really found this because we're seeing this other flag set this way and we need their help. So we reach out to their support to help resolve the issues that we have within our own environment, not with their product.

My team's been very happy with The NodeZero Platform support. They're not 100%, but their support is above average. Sometimes even their support doesn't know why we're seeing certain issues. But the vast majority of times they are able to resolve the exact questions my team has on the first attempt, which is really good for customer or technical support. On a scale from 1 to 10, most of the time I'd give them a 10 out of 10. Sometimes you get people and it's not their best subject. Not every person is always 100% with every issue, but grading against other customer supports of similar products, 10 out of 10.

Positive

The initial deployment of The NodeZero Platform was extremely easy. They basically just need you to install a scanner on your network or wherever you want to scan from. Then you just click a couple of buttons and wait a few hours and then voila, you have results. We've learned a lot over time where there's certain things that maybe we weren't doing as optimally as we wanted, but the initial deployment from the time that we saw a demo to the time that we had some production results was extremely fast. It was same day. I don't know if it was two hours or four hours, but it was very quick.

We have used alternatives to The NodeZero Platform. We originally did several proof of concepts and looked at several competitors. What we really appreciated about Horizon is they actually attack your network. They literally do the test to see if something is open, whereas other tools would just say it's on this version and we know this version has this issue. We've looked at a lot of other tools. We really appreciated Horizon. In the four years, we also do a lot of tools that aren't 100% competitors to The NodeZero Platform, but they do many of the same things. They scan your network, they tell you the devices that are there, they tell you if there's different types of configurations. For Microsoft, we use tools that actually tell us if Microsoft is secure. For our storage devices or our network devices, every one of those tools has their own scanners. We use all of the vendor-specific, which is only good for that one vendor, but it also helps us validate that The NodeZero Platform has been spot on and has been finding all the things that we would hope it would.

The NodeZero Platform helps us to understand better the potential security threats. We don't really use it that way because for us, we're able to scan all of our internal network and all of our external network and have so few issues, we don't really have to worry about hypothetically there's this issue in the wild or there's this issue that's going around with other companies, because our list is so short now and we're just able to resolve everything. We don't use it really as a knowledge tool to inform us on what's going on. We have a lot of other literature to keep us appraised on what's going on. We use it more of just validating that everything we do is right and we don't have to fret about a bunch of hypotheticals. On a scale from 1 to 10, The NodeZero Platform rates a 10 out of 10 overall as it is the best security investment we've ever made, mainly because it got all of our IT people talking together and seeing the issues as they truly were, and that visibility knocked down a lot of walls between teams.

The easiest way to describe the use case would be quality assurance. It is very easy to miss a single configuration file or overlook something easy in the heat of the moment. Having that quality assurance to consistently find and verify the fixing of issues is an amazing game changer, especially when comparing it to traditional vulnerability management.

It used to be running into a wall and now it's actually about identifying your priorities and determining where there's a point in investing the time to start on it.

Speed, scalability, and the ability to see how an attack path is actually formed are the best features. The proof that what was claimed to have happened actually did happen is what I like the most about The NodeZero Platform by Horizon3.ai.

My impressions of the solution's feature that allows my security team to fix and retest vulnerabilities instantly is that it's awesome. I really love it. It is great. Instead of running a whole retest, which for some issues you will have to do, consider the classic scenario where it's Friday and almost time to leave for the weekend, but you found about 10 or so criticals that have all been worked through. The question becomes whether you trust yourself enough that all those fixes worked or whether you trust the provider enough that all those fixes worked. The NodeZero Platform by Horizon3.ai allows you to do a one-click verify, where you only test these specific issues. Being able to do that reduces the verification time to about 20 to 30 minutes rather than several hours. I love it because you don't have to tell your employees to miss their children's sports games.

I would say I trust The NodeZero Platform by Horizon3.ai with 99 percent certainty in identifying vulnerabilities in my on-premises systems. We found some essentially insane things. There are some basic issues you find every now and then, but also things that make you really surprised about how this worked and how that company hasn't been breached years ago already. It is awesome at finding just about everything.

The endpoint security effectiveness feature is really nice to get a direct mapping to tell me which endpoints do need to be looked at and where some of the topics that actually need to be addressed are. It does speed up the understanding for the EDR teams to actually see what are the issues that need to be addressed.

I would like to see an improvement in the notification management. Right now, the notifications, for example, when you schedule tests, the notification that the test has started and or finished, will only go to the person who has set up the test. I'm told that this is coming in the future, but I would like to on a per-test or per-schedule basis be able to set the notification recipient.

I have been working with the solution since early 2023.

There's constantly improvement in the attack content itself, but on the technical basis, I'm super happy with The NodeZero Platform by Horizon3.ai.

Scalability is great for me and all my clients.

Regarding technical support, I think I'll give it a 10. There have been a couple of tickets in the recent months that I've needed to open, but those were always addressed super quickly, especially if you have something that needs an ad hoc solution. You can go via the chat and you will have a response in a couple minutes at most. Most issues have been resolved in under 20 minutes.

Positive

It is really easy to work with The NodeZero Platform by Horizon3.ai. It's easy to set up and easy to understand. The onboarding or the POC is the education for the team. After that has been done, everyone at the customer will know how to use the tool. It is really easy to get started. There's such a low barrier to entry and a minimal investment with really high reward.

It is difficult to put a number to regarding the rewards and the ROI from The NodeZero Platform by Horizon3.ai. I would essentially say either immeasurable improvement or 99.9 percent. We've had customers who had quite literally insane issues in their networks. Being able to find them because there have been no eyes on that particular section so far ever, and fixing those potentially prevented those companies from getting breached. I will say absolutely 99.9 percent.

Regarding how much time The NodeZero Platform by Horizon3.ai has reduced me in testing, for comparison, this is a bit of a difficult question because it's not really directly comparable. For example, we've tested a global company and tested their entire network. That took us two days. If you were to do that with a manual pentest on the entire network, that would take months. The amount of manpower and costs associated with that is almost an immeasurable improvement again.

Regarding pricing, that is a bit of a difficult question. I'm seeing this solely from the technical perspective. Going back to the previous point, if a solution can find the issue that would have allowed your company to get breached in seconds, what kind of price can you reasonably say you wouldn't pay? I would say it is very cost-efficient.

In the past, I've had a look at Pentera, for example.

My thoughts on the integration or API aspects are positive. There's also always the option of the MCP server. But in general, regarding integration, for example, we have our ticketing system integrated. So if there's a finding, you can say in the console that you want to create a ticket for this. Then, when this finding gets closed in the ticketing system, there is an instant call to verify that fix. If the fix worked and the finding is closed successfully, it will stay closed. If it wasn't fixed, the ticket will be reopened. The service agent knows that they need to look at this again. It works great.

If someone was looking into this product, I would absolutely recommend it. I am not exaggerating when I say that this is my absolute favorite product. If I could, I would deploy this for everyone everywhere now. The basic solution would be to start with a proof of concept. Even then, the initial test is great. You will instantly get some results. I've never had a single test without findings. There were some with lower criticalities, but you will get some great results.

After that first test is done and you fix the first findings, then you will see the point that autonomous and recurring pentesting is great. For example, if you fixed something during day one, retest. Fix something during day two, run a full retest. Run tests in a different segment and run a different scenario. It is so much fun, especially when you compare it to old-school vulnerability scanners. Getting that 2,000 to 3,000-page PDF report or even classical pentests where at the point where you get the report for the pentest, it is already out of date because in the meantime, you changed a configuration or a patch was applied. The NodeZero Platform by Horizon3.ai gets you essentially as close as possible to consistent, real-time pentesting data. I would give this product a rating of 10 out of 10.

We use The NodeZero Platform for its automated internal penetration testing and automated external penetration testing. We use both of them and drop tripwires in the same thing, and we also run rapid response. We don't have the highest level subscription, but we have access to a lot of it. I use it for segmentation testing. I use it to help validate vulnerabilities through vulnerability management because we use Rapid7 and CrowdStrike. I now have a three-way assessment of our vulnerabilities and which vulnerabilities actually matter. I assess the attack chain with it. We use a lot of the platform and leverage its true capabilities within our subscription.

It prevented an attack indirectly. We experienced a threat that could have severely crippled us, but we were able to shut it down before it escalated. This was possible because we had been conducting internal vulnerability testing and addressed some critical vulnerabilities using their tool. If we hadn’t done that, those vulnerabilities could have been exploited to incapacitate us. So, in real time, it protected us from a potentially crippling attack.

NodeZero's Endpoint Security Effectiveness feature significantly enhances our understanding of potential security threats. I previously used CrowdStrike and Rapid7 to identify vulnerabilities. Both highlight which vulnerabilities are exploitable using tools like Metasploit or are actively being leveraged by malicious actors. However, these tools don’t provide a complete understanding of the attack chain, which is where NodeZero excels. I encountered challenges with patch management, as we struggled to test and implement patches due to time constraints. This led to our patch management process being ineffective. After conducting an initial internal penetration test with The NodeZero Platform, we were able to clearly see the attack paths and identify critical vulnerabilities. Instead of facing a daunting list of 300 critical vulnerabilities, our team could now focus on just 30 key vulnerabilities that would effectively mitigate most of the attack vectors. As a result, we reduced our potential for significant attacks to a minimal level, thanks to NodeZero’s ability to highlight the critical pathways and prioritize the vulnerabilities that truly matter.

The NodeZero Platform is awesome. It's intuitive, easy on the eyes, and the platform and presentation are clean and crisp. The reports generated from internal or external penetration tests require little to no adjustment when I'm presenting to the C-suite. They need information that's quickly consumable so they can move on to the next task, and many other platforms just don't provide that. The reports from The NodeZero Platform deliver a clean export that can be easily copied and pasted onto a presentation. I can summarize everything in three PowerPoint slides, highlighting our current status, our goals, and what has been resolved, as well as what is still outstanding. This streamlined export is incredibly beneficial for the C-suite.

Moreover, the detailed reports not only list the vulnerabilities that matter, but they also include direct links to patches. This feature saves our team time, as we don't have to search for fixes for each vulnerability. We're a small team, servicing around 400 employees with just 12 IT personnel. So, having all vulnerabilities laid out with links to their respective fixes is immensely convenient.

This platform is truly exceptional for anyone involved in these types of scans, and I believe everyone should be conducting them regularly. With the ease of use in deploying both internal and external scan engines, even someone with minimal computer knowledge can operate it. This makes it accessible to all organizations, whether they are municipalities, government entities, or small local businesses. Being able to sign up with the company and start scanning, both internally and externally, within an hour is remarkable. You can even automate your scans on a monthly basis, along with scheduling hands-on keyboard penetration testing at least once a year. Human testers bring creativity that currently exceeds that of AI, so having that annual hands-on review is important. Many organizations neglect this practice, but the usability of this platform allows anyone to manage it. For example, my wife works as the mayor of our city, and our police chief is not very computer-savvy—he can barely open a Word document. As a test case, I plan to have him set it up to demonstrate its simplicity, as the city is considering adopting this platform. I want to see if he can manage the setup and launch, which would confirm that basic users with little computer experience can successfully execute it. Even my wife kicked off a scan and felt like a hacker, despite her limited technical skills. As someone who enjoys penetration testing and has a good amount of computer knowledge, I find using this platform not only efficient but also enjoyable.

Adding an OSINT tool would greatly improve their platform. One of the things that many vendors are pushing is identity protection, which scans the deep web for compromised credentials and identifies fake profiles of your company's leadership. Essentially, it provides an open-source intelligence view of what is happening out there and what has been compromised that attackers could potentially exploit. This service reveals which credentials and email addresses are available on the deep web, as well as which domains have been set up using typo-squatting techniques. It summarizes all this information and helps raise awareness among users. For example, if it detects that someone's credentials are exposed, it can prompt them to change their email address and passwords. If it identifies typo-squatting on certain domains, you can pass this information on to the vendors to have those domains taken down.

I have been using The NodeZero Platform for approximately two years.

I have not experienced any issues with The NodeZero Platform on their end. Occasionally the runner gets delayed, but that's due to our misconfigurations or internal issues, not their machines.

Scalability with The NodeZero Platform is straightforward. I deployed it across multiple systems - Graperoberts, Selmid, Sky Geek, and our DLC. It scales seamlessly. We currently scan approximately 1,500-2,000 assets and haven't encountered any scaling or throughput issues.

The technical support for The NodeZero Platform is exceptional. On the federal side, response times are incredibly fast - typically within five to ten minutes, with a maximum wait time of 30 minutes. Their responsiveness is remarkable.

When we were attacked, our endpoint detection and response (EDR) system was slower to respond than they were. I contacted our EDR team immediately, informing them that we were under attack and that files were being compromised. I asked for guidance on what they were seeing on the back end.

Next, I reached out to the Horizon3 team, even though I acknowledged that this wasn’t their typical area of expertise. I explained the situation and asked for their thoughts on what the next phase of the attack might be, so we could start shutting things down. Remarkably, they replied within five to ten minutes, which was an hour faster than CrowdStrike responded. Even though it wasn't their specialty, they provided valuable advice on what we should do and how to execute our response. They are truly a solid team—ethical and highly competent.

Positive

We have used alternatives to The NodeZero Platform that we found through Coalition Control, our cyber insurance company. While the alternative conveyed similar information, it functioned more as a standard vulnerability scanner. What sets The NodeZero Platform apart is the presentation of findings, making it clear and easy to understand the attack chain. The alternative tool was essentially another vulnerability scanner that could check boxes for internal and external penetration testing but didn't provide the attack chain capabilities that The NodeZero Platform does.

It's super easy. The setup takes about 30 minutes. It’s really quite simple. You log in, enter a couple of IP addresses, and hit “scan” for your external assets. I'd estimate that the external scan setup took around thirty minutes. The internal scan setup took a bit longer, probably about an hour before I could actually start scanning. I had to reach out to one of my developers, Jason, to assist because I couldn’t build it myself; I don’t have the necessary admin credentials as the InfoSec Manager. I asked Jason to create a virtual machine (VM) and install the tool for me, and after that, I was able to run it.

To summarize, it took about an hour from the time I requested help from Jason until I ran my first internal penetration test. So, we’re looking at 30 minutes for the external setup and an hour for the internal setup. However, keep in mind that we’re not a new operation—we have skilled personnel. If you're a small business that has never set up a VM before, it might take you two to three hours to follow the instructions. Unless you have a Horizon3 team member to guide you, it generally takes about an hour. Overall, it's very simple.

It couldn't be better unless it fixed the vulnerabilities automatically. I've already communicated this to them, stating, "You need to fix them for me." They have seen the issues and have the link, so I just want them to apply the patch.

If I were to rate this solution on a scale from one to ten, it would definitely be a ten. 

The primary use case that we have for The NodeZero Platform is for scanning the environment and identifying vulnerabilities. The tool prioritizes vulnerabilities, focusing on the most critical ones.

It has evolved significantly over time. What sets this tool apart from others is its ability to prioritize vulnerabilities effectively. Many vulnerability management (VM) tools today provide users with extensive lists of vulnerabilities—often numbering in the thousands, with categories like four thousand critical and three thousand high. Upon deeper examination, it's common to find that more than half of those vulnerabilities aren't even exploitable. This results in overwhelming amounts of data without a clear focus on what needs immediate attention to improve security. In contrast, this tool excels at prioritizing vulnerabilities based on their relevance to attack scenarios. It analyzes specific attack chains to determine how critical each vulnerability is and assesses how frequently those vulnerabilities appear across various attack chains. By doing this, this tool can elevate the priority of certain vulnerabilities, allowing organizations to concentrate their remediation efforts on the most critical issues. A prime example of this effectiveness comes from an acquisition we conducted. The organization believed it had a robust security environment. However, after running The NodeZero Platform over a weekend, we discovered vulnerabilities that allowed for compromise in approximately 35 different ways. With other tools, addressing these vulnerabilities could have taken six to twelve months due to poor prioritization. In our case, we were able to eliminate the risk of domain compromise within one month and address all single-host vulnerabilities by the second month, all done with a small team, thanks to our precise focus on what truly mattered.

The solution’s feature that allows security teams to fix and re-test vulnerabilities instantly is fantastic. With traditional penetration tests conducted by a human, the process is very expensive. You typically get two weeks of testing, then you make your fixes, and sometimes you can get them to retest. However, often you have to pay extra, and sometimes you just don't have enough time. This results in going another year hoping or thinking that vulnerabilities are fixed, but they might not be. With Horizon3, you can immediately retest vulnerabilities, and it will clearly indicate whether or not they are still present. Probably 20 times in the last year or two, we were told something was fixed when it actually wasn’t. Sometimes it’s due to a patch not being applied correctly, or perhaps they missed adding a registry key. There could be various root causes. The ability to dig in with our team and confirm whether a vulnerability is resolved is crucial. They can go back and fix it, and sometimes that takes multiple attempts. So this functionality is really valuable.

The platform's real attack capabilities have massively helped in identifying vulnerabilities in our on-prem systems. The best litmus test I can give is that during our previous penetration tests, attackers would easily gain domain admin access. However, with Horizon3, we can prioritize vulnerabilities and address them effectively. We recently conducted our first penetration test where the testers were completely unable to gain domain admin access, which is impressive given that this was done by a well-known player in penetration testing.

In terms of NodeZero's Endpoint Security Effectiveness feature's impact on our understanding of potential security threats, looking at it from the endpoint perspective really helps us identify what needs to be done to address vulnerabilities. Once we know what those are, we can go in and fix them. It’s pretty cool.

Prioritization is really key; it's a massive differentiator. The prioritization aspect is crucial. The ability to capture or crack credentials and then use that to move laterally and identify additional vulnerabilities is significant. Their password-cracking capability is a distinct function that is very helpful.

Additionally, when a new vulnerability, such as a zero-day exploit, is identified, they review your previous scans to determine if you might be vulnerable to it, and they proactively notify you. That's a huge benefit.

Also, the fact that they provide fixes alongside all their identified vulnerabilities means you don’t have to search for fixes yourself. They give you specific actions to take, which is incredibly helpful and saves a lot of time.

One significant area to focus on is external vulnerabilities, particularly in the web application space. This often requires a greater level of human ingenuity, as it typically involves navigating a webpage, creating an account, and testing for various vulnerabilities, such as SQL injection. Adding this capability would be a valuable enhancement.

I have been using The NodeZero Platform for approximately four to five years.

The only issue we’ve encountered is that sometimes the scans take a long time to complete. This happens when a credential is identified late in the scan, leading the system to attempt that credential on all the other hosts. As a result, the scans can run longer than expected and may even cause some memory issues. Fortunately, this is a relatively easy fix; you just need to increase the amount of memory on the server. Overall, it’s a minor issue.

The NodeZero Platform has unbelievable scalability. The limiting factor is just where you have the hardware infrastructure to be able to add additional VMs. Anywhere you can put a VM, you can run another concurrent scan.

I might sound like a fanboy, but I truly have about three and a half vendors that I really like. I'm generally tough on most of my other vendors, but these particular ones stand out because they are that good. From a tech support perspective, I would say they have some of the best support compared to any of the companies I work with. Microsoft, for example, is very hit or miss. Sometimes you get an excellent support representative, but I find that about 80% of the time, the person assisting you has no idea what they're doing. As for other decent options, CrowdStrike typically provides good support, but it seems like they focus more on managing tickets from an ITIL perspective, prioritizing the speed of ticket resolution over thoroughness. Zscaler is similar in that respect; They are better than Microsoft, but the quality of support can still be somewhat inconsistent.

Overall, when it comes to The NodeZero Platform's tech support, you can reach them via a chat message on their website, and they respond almost immediately. You're quickly connected with a very knowledgeable engineer, and you receive prompt responses. They are really good.

Positive

We have used Nessus, Qualys, and Tenable as alternatives to The NodeZero Platform. We were paying for Tenable. We were paying for Qualys. We basically stopped and moved to Horizon3.

If you were looking for a super wide net of everything that you could possibly try and identify, I think the other ones might be more holistic, but their prioritization is lacking, leaving you less secure because they do not help you prioritize.

It was super easy. From initially getting it set up to running it, it took about 24 hours. The biggest time requirement is actually getting a virtual machine (VM) stood up. If you can get a Linux VM set up, that’s the hardest part of the whole process. After that, it’s really easy. 

From a maintenance perspective, in terms of keeping the system healthy and functional, there isn’t much that we need to do; it pretty much runs itself. However, where we do put in work is in reviewing the outputs and determining our priorities. We then collaborate with the rest of the team, particularly on the server side, to address vulnerabilities and other issues that arise. So, while there is work involved, it’s not about maintaining the Horizon3 product itself, but rather managing the findings that we need to fix. 

The benefits of The NodeZero Platform are immediate. Just having access to a list of prioritized vulnerabilities and understanding how they were exploited in various attack chains was eye-opening. You might think you have a highly secure environment, but in reality, it can be compromised easily. This insight highlighted everything that needed improvement. Honestly, it's one of the most transformational technologies we've implemented in our company.

They offer really fantastic pricing. We've been with them for a long time, so I believe we might have a special deal. However, from conversations with other peers, it seems their pricing is very competitive as well.

I would rate The NodeZero Platform a 10 out of 10.

I have been using The NodeZero Platform by Horizon3.ai for about three years now.

I use The NodeZero Platform by Horizon3.ai to run scheduled penetration tests against my internal and external network resources.

I recently changed my hosting service and web hosting service, and along with that change, I decided to run another penetration test against it to ensure everything was functioning properly. I did find a vulnerability which I was able to quickly address and resolve.

I run this once a month in general, although I will run it whenever something new is introduced into my infrastructure. My monthly run reports provide me with data that I can review, and if I find anything in there that I did not see before, I can address it.

One of my favorite features of The NodeZero Platform by Horizon3.ai is the scheduling feature, which means I do not have to remember to run the penetration tests. Another feature I really appreciate is the remediation tasks that it provides. When it offers remediation guidance, it gives me steps to resolve the issue, which saves me time in determining what I need to do to remediate a certain vulnerability.

The remediation steps provided by The NodeZero Platform by Horizon3.ai are usually quite detailed and helpful. Occasionally, I will get one that does not offer a lot in the way of specific steps because the device on which it found the vulnerability is not a standard device that it recognizes. However, if it is a Windows box or Linux box, it is very good about giving me accurate information.

I believe that The NodeZero Platform by Horizon3.ai has kept me safer in a cybersecurity sense. It is one of a couple of different products I use for that purpose, but because I have cybersecurity insurance, I am required to run pen tests at least once a year. This product allows me the opportunity to run it as many times as I want, which is very beneficial because when new things are introduced into my network, I may not be able to identify these vulnerabilities until I run my next penetration test, which could be up to eleven months later.

Because I stay on top of these things, I am not usually caught off guard with a security issue that suddenly appears. I see them monthly and I do not have to generally perform any sort of emergency response that I would have had to do in the past when I had nothing in place.

I would love it if I could whitelist certain vulnerabilities that I consider not especially significant with The NodeZero Platform by Horizon3.ai. The NodeZero Platform by Horizon3.ai classifies them based on severity, and the severity for a lot of these things, such as threes, ones, and 0.01s, are generally things that I do not care too much about. I want to see them in a report when they appear the first time, but I would love it if I could simply check that one and indicate that I do not want to see a report about this one again because I am not going to take action on it.

I have been working in this field for around thirty years.

The NodeZero Platform by Horizon3.ai is quite stable.

It is kind of difficult for me to comment on The NodeZero Platform by Horizon3.ai's scalability because I have not had to change the scale. It certainly works fine in my rather small environment, but since I have not run it in a very large network environment, I cannot really say much more than that.

Customer support for The NodeZero Platform by Horizon3.ai is awesome. I love the chat person I work with on chat. She is always super responsive and very patient and is able to get to the bottom of my problems, which are fairly infrequent. At the beginning, there were a few little hiccups that I was causing through some misunderstanding on my part, but she was very good.

I previously used Fortelist, an annual service that they provided to run penetration tests on my network. The reason I switched is because I wanted to be able to run penetration tests more frequently, and it simply would not have been cost-effective to do it more often than one time a year. That is the main reason for the change.

Interestingly enough, I have used that quite a bit in the past. The last time I ran my pen test, I for whatever reason was not able to quickly retest as conveniently as before. I am not really sure why that is, and I probably should just talk with Horizon3.ai about that.

Certainly, time has been saved with The NodeZero Platform by Horizon3.ai, and I would imagine money has been saved from the previous way of doing my pen tests, which were a yearly pen test that were quite expensive to do. There has been no change in employment or employees, but as far as the licensing costs, I think that was a big win for me.

I did not have involvement in the evaluation process. I was not the one who evaluated it; I was the one who implemented it.

I believe The NodeZero Platform by Horizon3.ai has helped reduce my pen testing costs, but I cannot tell you exactly how much as I am not the person who paid for those services. However, I believe it was a significant reduction.

I cannot really speak to the pricing as I was not involved in the purchase of it or any of the costs. I was the one that implemented it, and for that, I give it a thumbs up—it was awesome.

I think everything else is fine.

The first time you run a test with The NodeZero Platform by Horizon3.ai, be prepared to triage because you are going to find things you had no idea you had.

It is because I have not had any serious problems for a long time. I would say that the very first time I ran The NodeZero Platform by Horizon3.ai, I did find many things such as open SFTP ports, open FTP ports, and open database ports that I was able to quickly address. I would say quickly, but it took a while because the platform found so many. However, it was super helpful because I did not have a single way to find those things before.

I give this review a rating of nine.

The NodeZero Platform by Horizon3.ai is a pen testing tool specifically designed for endpoint pen testing.

In my organization, I manage The NodeZero Platform by Horizon3.ai as a service provider with plenty of clients, and I am the decision maker regarding the renewal of licenses and the extension of services, along with a couple of other teammates who assist with this.

I have deployed The NodeZero Platform by Horizon3.ai in two forms: for internal penetration testing, it requires deploying an agent into the internal network, while for external tests, it is a fully cloud-based tool.

The best feature of The NodeZero Platform by Horizon3.ai is that it is an autonomous pen testing tool that knows how to penetrate into the system automatically and perform lateral movement inside the network without the need for scripting.

Regarding The NodeZero Platform by Horizon3.ai's feature to fix and retest vulnerabilities, it provides reassessment capabilities. While it does not fix vulnerabilities instantly, it allows for reassessment as soon as vulnerabilities are fixed.

Regarding the endpoint security effectiveness feature, The NodeZero Platform by Horizon3.ai does not provide endpoint security but is an offensive tool designed to find weaknesses in endpoint solutions, not to protect them.

When assessing how much The NodeZero Platform by Horizon3.ai has helped reduce pen testing costs, it plays a vital role in providing value compared to manual methods, although it depends on the client's specific needs and budget.

I believe reporting for The NodeZero Platform by Horizon3.ai has room for improvement, specifically in terms of customizability for service providers and the challenge of dynamic IP white-listing, which I have provided feedback on.

I have been using The NodeZero Platform by Horizon3.ai for more than three years.

When it comes to the stability of The NodeZero Platform by Horizon3.ai, I would rate it around seven to eight because the stability is not that high initially due to the need for daily updates and modifications as new vulnerabilities appear.

So far, we have three specialists who focus on The NodeZero Platform by Horizon3.ai.

In terms of technical support for The NodeZero Platform by Horizon3.ai, I would rate it an eight, as they provide a business analyst for account handling and usually respond within a week.

Positive

The deployment of The NodeZero Platform by Horizon3.ai is very easy.

Implementing The NodeZero Platform by Horizon3.ai takes hardly 10 to 15 minutes, as you only need to deploy it on one endpoint, which will handle pen testing for all systems.

From our side, maintaining The NodeZero Platform by Horizon3.ai requires minimal effort as we just keep the license up to date, needing only the server on which it is deployed to run.

The pricing of The NodeZero Platform by Horizon3.ai was better than others or at least comparative, shifting to an IP-based licensing model which I believe offers fair pricing.

I would say it is fairly priced.

In comparison to other vendors like AttackIQ and Pentera, The NodeZero Platform by Horizon3.ai stands out due to its autonomous capabilities that allow it to learn from the environment and follow different attack patterns, offering a better attack path workflow.

My advice for implementing The NodeZero Platform by Horizon3.ai is to conduct a proof of concept first because it provides insights beyond what other vulnerability management tools detect. I gave this product a rating of 9.

My main use case for The NodeZero Platform by Horizon3.ai is autonomous and continuous penetration testing.

A specific example of how I use The NodeZero Platform by Horizon3.ai for autonomous and continuous penetration testing is testing web applications for vulnerabilities as new releases come out. I run these tests weekly or depending upon when it is necessary for different applications.

The best features The NodeZero Platform by Horizon3.ai offers are ease of deployment, intuitive interface, and the extremely useful and phenomenal data that it provides as an outcome.

The interface of The NodeZero Platform by Horizon3.ai is intuitive for me because it provides us with actionable data, and it is very easy to use and straightforward, not requiring much of a learning curve to pick up.

The NodeZero Platform by Horizon3.ai has positively impacted our organization by definitely increasing our security posture significantly.

Since using The NodeZero Platform by Horizon3.ai, I have noticed specific improvements such as a decrease in identified vulnerabilities, with fewer critical and high vulnerabilities over time.

The NodeZero Platform by Horizon3.ai could be improved by speeding up the time from initializing a test to actually starting the test, as the deployment of the underlying infrastructure can take several minutes, sometimes over 10 minutes.

I have been using The NodeZero Platform by Horizon3.ai for four years.

The NodeZero Platform by Horizon3.ai is stable.

The scalability of The NodeZero Platform by Horizon3.ai is very good.

The customer support is very good. On a scale of 1 to 10, I would rate the customer support a 10.

I did not use a previous solution before using The NodeZero Platform by Horizon3.ai.

I have seen a return on investment with The NodeZero Platform by Horizon3.ai but cannot share any relevant metrics.

I evaluated other options before choosing The NodeZero Platform by Horizon3.ai, specifically Pentera.

My advice to others looking into using The NodeZero Platform by Horizon3.ai is to use it to its full potential, as it is very easy to use and has very powerful features; just make sure you're using them all.

Regarding The NodeZero Platform by Horizon3.ai's AI capabilities, I have no preference about its governance and security. I think its accuracy and reliability of output are very good.

The NodeZero Platform by Horizon3.ai is deployed in my organization on a public cloud, as it is a Software as a Service solution. I use AWS as my cloud provider. I did not purchase The NodeZero Platform by Horizon3.ai through the AWS Marketplace.

My impression of the solution's feature that allows security teams to fix and retest vulnerabilities instantly is that it is phenomenal.

The platform's real attack capabilities have helped in identifying actual exploitable vulnerabilities in my on-premises systems compared to a vulnerability management solution, which only gives me theoretically exploitable vulnerabilities.

The NodeZero Platform by Horizon3.ai's endpoint security effectiveness feature impacts my understanding of potential security threats by showing what can actually be exploited.

I would assess The NodeZero Platform by Horizon3.ai's impact on my organization's remediation time as very high.

The NodeZero Platform by Horizon3.ai has not necessarily reduced my penetration testing costs, but it could; however, it has certainly increased our security posture, which could essentially allow me to reduce my penetration testing costs.

I would rate this review a 10.