Autonomous penetration testing uncovers cyber vulnerabilities in the shortest time possible
Frankfurt, Germany – The situation is becoming critical for businesses – the newly enacted European Union (EU) regulation package requires organizations in many industries to stringently protect against cyber attacks. The directive applies not only to critical infrastructure operators, but to organizations of all types and sizes. “Many companies are still not clear to what extent NIS 2 affects their own operations. The fact is that the law affects practically all companies, right up to the management level. Failures in cybersecurity must be identified and remedied as quickly as possible,” warns Rainer M. Richter, Vice President EMEA & APAC at Horizon3.ai. The company has a solution for business, developed by numerous former members of cyber defense teams within international armed forces. NodeZero enables autonomous pentesting – the continuous simulated attack on one’s infrastructure without a risk.
“Our method of autonomous penetration testing, unlike automated pentesting, is not simply a sequence of tests. NodeZero uses an AI-powered sequence of tests to examine the entire infrastructure and find all exploitable attack vectors. This allows vulnerability to be identified, fixed and rechecked for proper security in the shortest possible time without relying on the cybersecurity specialists usually required,” Richter continued.
Professional pentesters, on the other hand, can hardly keep up with their own orders – waiting times are long and will become even longer with NIS 2.
Autonomous pentests bring automated security
The EU’s central requirement: IT security is becoming part of corporate management and is thus shifting from the IT department to company management. Organizations must implement risk management and contingency plans. A system for the rapid reporting of incidents to the supervisory authorities will also become mandatory in the future. Autonomous pentesting that can take place while all systems are running also helps: NodeZero from Horizon3.ai offers pentesting-as-a-service, autonomous and user-friendly and thus equally suitable for use in companies and by professional pentesters. Professional reports help to detect vulnerabilities and their remediation. With little effort, the entire infrastructure can be constantly scanned for security issues, Horizon3.ai’s model works on three principles: Find, fix and verify. Potential security gaps that can be exploited by hackers are found, can be eliminated in a targeted manner, and then immediately checked for proper functioning. Furthermore, the continuous verification of the infrastructure protects permanently, while external pentesters usually only play out the attack scenario once a year. “With our NodeZero solution, pentesting is not just a feature, but a permanent element of cyber security and also verifies whether other security measures such as EDR or SIEM are actually working,” emphasizes Rainer M. Richter from Horizon3.ai.
EU roundup for the overall economy
In doing so, NodeZero uses its own European instance for customers in Europe to ensure the highest level of data security. “The level of security that can be achieved in this way is higher than any previous measure. This refers not only to NIS 2 compliance, but also to more efficient protection against attackers. Our algorithms are regularly updated on an extended basis and are therefore always on par with the hackers – regardless of whether they are economically or politically motivated,” Rainer M. Richter of Horizon3.ai further explains. For the first time, the NIS 2 directive also includes small companies with at least 50 employees and ten million euros in sales. Often, these businesses have limited resources in the IT department – so automated protection is needed. “NIS 2 affects everyone, from SMEs to the Dax 40,” emphasized Iris Plöger, responsible for digitalization at the Federation of German Industries (BDI) at a conference late last year. In addition, organizations face severe penalties: up to ten million euros or two percent of global sales for institutions “with high criticality.” Other companies are fined up to seven million euros or 1.4 percent of revenue. “Now the pressure is coming from both sides – not only are attackers threatening companies’ very existence, but so are security breaches that carry fines. There is an urgent need for action!”, summarizes Rainer M. Richter from Horizon3.ai.
Horizon3.ai’s mission is to find and fix potential attack opportunities for attackers before they can be exploited. NodeZero is a software solution for autonomous penetration testing and is available as a SaaS offering for enterprises and institutions. This allows professional pentesters to expand their offerings with automated services, but also allows companies without specialized expertise or specialized IT departments to test the security and integrity of their infrastructure. NodeZero works through the eyes of the attacker to identify any weaknesses in the security architecture, while allowing IT teams to devote their resources to fixing critical issues and future-proofing their networks. This not only allows them to comply with regulatory requirements, but also to achieve the highest possible level of security. Horizon3.ai was founded in 2019 by former members of various armed forces and is headquartered in San Francisco, California.