Horizon3.ai launched a major product refresh, doubling down on its
commitment to help organizations continuously verify their security
posture.
"Our product investments focused on 3 key areas: first, to increase our
attack surface coverage, which spans on-prem, multi-cloud, and
perimeter, but now also includes advanced capabilities to ‘live off the
land' just as attackers do; second, to improve our AI explainability so
that defenders (aka ‘Blue Teams') can quickly understand how we
successfully compromised their organization and focus their remediation
efforts on security weaknesses that are actually exploitable; and
finally, an API interface that allows users to integrate pentest results
into existing security processes and workflows, including integration
with their defensive tools to quickly identify potential blind spots in
their detection and response," said Snehal Antani, CEO and co-founder of
Horizon3.ai.
Foundational to Horizon3.ai's philosophy is to use offense to inform
defense, a derivative of the military principle to "train like you
fight" in order to be prepared for a real cyber attack. NodeZero,
Horizon3.ai's continuous penetration testing platform, enables
organizations to test their infrastructure at scale by chaining together
harvested credentials, misconfigurations, dangerous product defaults,
and exploitable vulnerabilities to achieve critical impacts like domain
compromise and sensitive data exposure.
"NodeZero was able to compromise a financial services organization in 7
minutes and 19 seconds. This customer purchased best-in-class security
tools, yet few alerts were triggered, and defenders were unable to react
fast enough to stop the attack. Security effectiveness is the critical
initiative every enterprise should undertake to ensure they are getting
the most impact out of their security investments, and the best way to
verify that effectiveness is through continuous penetration testing. The
alternative is to wait for a real breach to find out that you forgot to
enable OS Credential Dumping in your EDR," said Antani.
The updated user experience puts powerful new insights into security
teams' hands to make autonomous pentesting a force multiplier. At the
heart of the refresh are detailed attack paths with proof of
exploitation, prioritized fix actions, and 1-click verification that the
remediation was successful.
"There are less than 5,000 OSCP-certified ethical hackers in the United
States, and it takes 10 years of hands-on experience to become a senior
penetration tester. Meanwhile demand for security testing has increased
exponentially, so we have a fundamental supply versus demand problem - a
spike in demand for security testing but an extreme shortage in the
supply of experienced ethical hackers. This is where NodeZero fits in.
Defenders have the power of self-service pentesting to harden their
networks proactively, and red teams can use NodeZero to conduct
reconnaissance and exploitation at scale so that they can focus on
attack paths that humans are uniquely gifted to uncover," said Tony
Pillitiere, founding engineer at Horizon3.ai.
"NodeZero sets the conditions for a purple team culture," said Monti
Knode, VP of Customer Success at Horizon3.ai. "The new product refresh
enables red and blue teams to quickly understand how an attacker could
compromise the network while also showing where the defensive tools
detected, logged, and stopped the attack. Or more likely, how the
defensive tools failed to stifle the attack and what must be done to
improve detection & response," said Knode.
Leading by example: During a recent autonomous pentest of a large
enterprise, NodeZero successfully elevated privileges to become a
domain administrator while also compromising the organization's business
email system. The autonomous attack took 30 minutes to execute, with no
humans involved, and chained together a variety of techniques
including:
-
User enumeration combined with password spraying to compromise a domain user
-
Dumping the SAM database by exploiting local admin privileges assigned to the domain user
-
Reusing local admin credentials across multiple machines
-
Discovering a domain administrator credential by dumping credentials in LSA on a neighboring machine
-
Pivoting from domain admin to the Microsoft Azure Active Directory infrastructure (AzureAD)
-
Gaining access to the domain administrator's email, which did not have multi-factor authentication (MFA) enabled
"The sequence of events in this attack path are typical of APT's and
ransomware organizations," said Naveen Sunkavally, chief architect at
Horizon3.ai. "What's incredible is that this attack path isn't hard
coded as a runbook or predefined scripts anywhere in the product. Our
machine learning techniques were able to figure out how to combine these
different steps into an exploitable attack sequence safely in a
production environment," said Sunkavally. "Honestly, the hardest part of
this problem is conveying these complex attacks in a way that allows an
overwhelmed IT admin with no ethical hacking experience to understand
exactly what to fix, and that was our focus in this product refresh."
KEY FEATURES OF NodeZero:
-
Attack paths that clearly explain the exact sequence of events that lead
to a critical impact, with proof of exploitation and detailed
descriptions for exactly what to fix.
-
Leverage scoring that helps organizations prioritize fix actions based
on risk to the organization as well as return on effort. For example,
leverage scoring can help an IT admin determine that fixing a single
issue will eliminate 70% of all exploitable attack paths discovered in
the pentest.
-
Automatically generating compliance reports required for SOC2, HIPAA, GDPR, and other common compliance requirements.
-
Surfacing systemic issues and policy recommendations to help
organizations identify the true root cause for their exploitable attack
surface. For example, poor credential policies can lead to systemically
weak passwords that can be easily cracked by attackers. Compare Pentest
Feature helps teams easily complete the Find-Fix-Verify Cycle by
confirming that weaknesses and vulnerabilities identified in previous
tests have been fixed.
-
Self-service user experience that makes pentesting conveniently
accessible to all types of users, from early career IT professionals to
20-year pentesting experts.
-
Features specifically valuable for MSSP's and MSP's, including white
labeled reporting, multi-client management, and auto-generating
statements of work for remediation services.
"While our results speak for themselves, our customers and partners do
the talking for us," said Knode. "We've cultivated a user and partner
community of radical champions, some of whom probably now have
Horizon3.ai tattoos, I'm not kidding. These radical champions operated
as design partners and helped shape our investments in explainability,
integrations, and attack content."
"I'm incredibly proud of the team, the product, and our community of
radical champions," said Antani. "Our customers will be inspired by the
new self-service product experience, and our competitors should be
terrified."