The IT Nerd

Horizon3.ai, leaders in autonomous penetration testing, have launched a major product refresh, doubling down on its commitment to help organizations continuously verify their security posture, including NodeZero Analytics, bringing “train like you fight” readiness and principles to security teams and MSSPs. 

NodeZero Analytics yields deeper insights, and answers the top questions every CISO and security team ask: “What’s exposed?” “What needs to be fixed first?” and “How will we do more with less?”

Foundational to Horizon3.ai’s philosophy is to use offense to inform defense, a derivative of the military principle to “train like you fight” in order to be prepared for a real cyber attack. NodeZero, Horizon3.ai’s continuous penetration testing platform, enables organizations to test their infrastructure at scale by chaining together harvested credentials, misconfigurations, dangerous product defaults, and exploitable vulnerabilities to achieve critical impacts like domain compromise and sensitive data exposure. 

The updated user experience puts powerful new insights into security teams’ hands to make autonomous pentesting a force multiplier. At the heart of the refresh are detailed attack paths with proof of exploitation, prioritized fix actions, and 1-click verification that the remediation was successful.

Leading by example: During a recent autonomous pentest of a large enterprise, NodeZero successfully elevated privileges to become a domain administrator while also compromising the organization’s business email system. The autonomous attack took 30 minutes to execute, with no humans involved, and chained together a variety of techniques including:  

1. User enumeration combined with password spraying to compromise a domain user
2. Dumping the SAM database by exploiting local admin privileges assigned to the domain user
3. Reusing local admin credentials across multiple machines 
4. Discovering a domain administrator credential by dumping credentials in LSA on a neighboring machine 
5. Pivoting from domain admin to the Microsoft Azure Active Directory infrastructure (AzureAD)
6. Gaining access to the domain administrator’s email, which did not have multi-factor authentication (MFA) enabled 

“The sequence of events in this attack path are typical of APT’s and ransomware organizations,” said Naveen Sunkavally, chief architect at Horizon3.ai. “What’s incredible is that this attack path isn’t hard coded as a runbook or predefined scripts anywhere in the product. Our machine learning techniques were able to figure out how to combine these different steps into an exploitable attack sequence safely in a production environment.” 

KEY FEATURES OF NodeZero: 

1. Attack paths that clearly explain the exact sequence of events that lead to a critical impact, with proof of exploitation and detailed descriptions for exactly what to fix. 
2. Leverage scoring that helps organizations prioritize and fix actions based on risk to the organization as well as return on effort. For example, leverage scoring can help an IT admin determine that fixing a single issue will eliminate 70% of all exploitable attack paths discovered in the pentest.
3. Automatically generating compliance reports required for SOC2, HIPAA, GDPR, and other common compliance requirements.
4. Surfacing systemic issues and policy recommendations to help organizations identify the true root cause for their exploitable attack surface. For example, poor credential policies can lead to systemically weak passwords that can be easily cracked by attackers. Compare Pentest Feature helps teams easily complete the Find-Fix-Verify Cycle by confirming that weaknesses and vulnerabilities identified in previous tests have been fixed.
5. Self-service user experience that makes pentesting conveniently accessible to all types of users, from early career IT professionals to 20-year pentesting experts.
6. Features specifically valuable for MSSP’s and MSP’s, including white labeled reporting, multi-client management, and auto-generating statements of work for remediation services.