drj logo
  • This field is for validation purposes and should be left unchanged.

Already have an account? Log in

drj logo

Welcome to DRJ

Already registered user? Please login here

Login Form

Register
Forgot password? Click here to reset

Create new account
(it's completely free). Subscribe

Skip to content
Disaster Recovery Journal
  • EN ESPAÑOL
  • SIGN IN
  • SUBSCRIBE
  • THE JOURNAL
    • Digital Edition
    • Article Submission
    • DRJ Annual Resource Directories
    • Article Archives
    • Career Spotlight
  • EVENTS
    • DRJ Spring 2023
    • DRJ Fall 2023
    • Call for Papers – Fall 2023
    • Other Industry Events
    • Schedule & Archive
  • WEBINARS
    • Upcoming Webinars
    • On Demand
  • MENTOR PROGRAM
  • DRJ ACADEMY
    • DRJ Academy
    • Beginner’s Guide to BC
  • RESOURCES
    • New to Business Continuity?
    • White Papers
    • DR Rules and Regs
    • Planning Groups
    • Business Directory
    • Business Resilience Decoded
    • DRJ Glossary of Business Continuity Terms
    • Careers
  • ABOUT
    • Advertise with DRJ
    • DE&I
    • Board and Committees
      • Executive Council Members
      • Editorial Advisory Board
      • Career Development Committee
      • Glossary Committee
      • Rules and Regulations Committee
  • Podcast

EU Directive NIS 2 in Force: Companies Under Pressure on Cybersecurity

by Jon Seals | January 31, 2023 | | 0 comments

Autonomous penetration testing uncovers cyber vulnerabilities in the shortest time possible

Frankfurt, Germany – The situation is becoming critical for businesses – the newly enacted European Union (EU) regulation package requires organizations in many industries to stringently protect against cyber attacks. The directive applies not only to critical infrastructure operators, but to organizations of all types and sizes. “Many companies are still not clear to what extent NIS 2 affects their own operations. The fact is that the law affects practically all companies, right up to the management level. Failures in cybersecurity must be identified and remedied as quickly as possible,” warns Rainer M. Richter, Vice President EMEA & APAC at Horizon3.ai. The company has a solution for business, developed by numerous former members of cyber defense teams within international armed forces. NodeZero enables autonomous pentesting – the continuous simulated attack on one’s infrastructure without a risk.

“Our method of autonomous penetration testing, unlike automated pentesting, is not simply a sequence of tests. NodeZero uses an AI-powered sequence of tests to examine the entire infrastructure and find all exploitable attack vectors. This allows vulnerability to be identified, fixed and rechecked for proper security in the shortest possible time without relying on the cybersecurity specialists usually required,” Richter continued.

Professional pentesters, on the other hand, can hardly keep up with their own orders – waiting times are long and will become even longer with NIS 2.

Autonomous pentests bring automated security

The EU’s central requirement: IT security is becoming part of corporate management and is thus shifting from the IT department to company management. Organizations must implement risk management and contingency plans. A system for the rapid reporting of incidents to the supervisory authorities will also become mandatory in the future. Autonomous pentesting that can take place while all systems are running also helps: NodeZero from Horizon3.ai offers pentesting-as-a-service, autonomous and user-friendly and thus equally suitable for use in companies and by professional pentesters. Professional reports help to detect vulnerabilities and their remediation. With little effort, the entire infrastructure can be constantly scanned for security issues, Horizon3.ai’s model works on three principles: Find, fix and verify. Potential security gaps that can be exploited by hackers are found, can be eliminated in a targeted manner, and then immediately checked for proper functioning. Furthermore, the continuous verification of the infrastructure protects permanently, while external pentesters usually only play out the attack scenario once a year. “With our NodeZero solution, pentesting is not just a feature, but a permanent element of cyber security and also verifies whether other security measures such as EDR or SIEM are actually working,” emphasizes Rainer M. Richter from Horizon3.ai.

EU roundup for the overall economy

In doing so, NodeZero uses its own European instance for customers in Europe to ensure the highest level of data security. “The level of security that can be achieved in this way is higher than any previous measure. This refers not only to NIS 2 compliance, but also to more efficient protection against attackers. Our algorithms are regularly updated on an extended basis and are therefore always on par with the hackers – regardless of whether they are economically or politically motivated,” Rainer M. Richter of Horizon3.ai further explains. For the first time, the NIS 2 directive also includes small companies with at least 50 employees and ten million euros in sales. Often, these businesses have limited resources in the IT department – so automated protection is needed. “NIS 2 affects everyone, from SMEs to the Dax 40,” emphasized Iris Plöger, responsible for digitalization at the Federation of German Industries (BDI) at a conference late last year. In addition, organizations face severe penalties: up to ten million euros or two percent of global sales for institutions “with high criticality.” Other companies are fined up to seven million euros or 1.4 percent of revenue. “Now the pressure is coming from both sides – not only are attackers threatening companies’ very existence, but so are security breaches that carry fines. There is an urgent need for action!”, summarizes Rainer M. Richter from Horizon3.ai.

About Horizon3.ai
Horizon3.ai’s mission is to find and fix potential attack opportunities for attackers before they can be exploited. NodeZero is a software solution for autonomous penetration testing and is available as a SaaS offering for enterprises and institutions. This allows professional pentesters to expand their offerings with automated services, but also allows companies without specialized expertise or specialized IT departments to test the security and integrity of their infrastructure. NodeZero works through the eyes of the attacker to identify any weaknesses in the security architecture, while allowing IT teams to devote their resources to fixing critical issues and future-proofing their networks. This not only allows them to comply with regulatory requirements, but also to achieve the highest possible level of security. Horizon3.ai was founded in 2019 by former members of various armed forces and is headquartered in San Francisco, California.

Related Content

  1. The Hidden Costs of Passwords
  2. Disaster Recovery Journal
    Security Controls, Self-Audit, and Testing
  3. Disaster Recovery Journal
    Powering Business Continuity Strategies with Microsoft 365

Recent Posts

Kraft Heinz and BEES Expand Partnership to Digitize Sales Process and Spur Growth in LATAM

March 20, 2023

Qu Appoints Niko Papademetriou as Co-Founder

March 20, 2023

Ault Alliance Plans to Initiate an Exchange Offer in Which It Would Offer Up to $50 Million in Preferred Shares With a Stated Value of $10.00 per Share (An Effective Price of $0.15 per Share of Common Stock Exchanged)

March 20, 2023

Standard AI Recognized by Forbes as One of America’s Best Startup Employers for 2023

March 20, 2023

Dasera Wins Four Industry Awards, Reinforcing Commitment to Delivering Best-in-Class Data Security Solutions

March 20, 2023

Hewlett Packard Enterprise to Acquire OpsRamp, Advancing Hybrid Cloud Leadership and Expanding HPE GreenLake into IT Operations Management

March 20, 2023

Archives

  • March 2023 (753)
  • February 2023 (1154)
  • January 2023 (1391)
  • December 2022 (1144)
  • November 2022 (1595)
  • October 2022 (1574)
  • September 2022 (1571)
  • August 2022 (1581)
  • July 2022 (1365)
  • June 2022 (1711)
  • May 2022 (1651)
  • April 2022 (1618)
  • March 2022 (1924)
  • February 2022 (1549)
  • January 2022 (1472)
  • December 2021 (1446)
  • November 2021 (1835)
  • October 2021 (1777)
  • September 2021 (1697)
  • August 2021 (1661)
  • July 2021 (1566)
  • June 2021 (1768)
  • May 2021 (1666)
  • April 2021 (1798)
  • March 2021 (1907)
  • February 2021 (1038)
  • January 2021 (554)
  • December 2020 (30)
  • November 2020 (35)
  • October 2020 (48)
  • September 2020 (57)
  • August 2020 (52)
  • July 2020 (40)
  • June 2020 (72)
  • May 2020 (46)
  • April 2020 (59)
  • March 2020 (46)
  • February 2020 (28)
  • January 2020 (36)
  • December 2019 (22)
  • November 2019 (11)
  • October 2019 (36)
  • September 2019 (44)
  • August 2019 (77)
  • July 2019 (117)
  • June 2019 (106)
  • May 2019 (49)
  • April 2019 (47)
  • March 2019 (24)
  • February 2019 (37)
  • January 2019 (12)
  • ARTICLES & NEWS

    • Business Continuity
    • Disaster Recovery
    • Crisis Management & Communications
    • Risk Management
    • Article Archives
    • Industry News

    THE JOURNAL

    • Digital Edition
    • Advertising & Media Kit
    • Submit an Article
    • Career Spotlight

    RESOURCES

    • White Papers
    • Rules & Regulations
    • FAQs
    • Glossary of Terms
    • Industry Groups
    • Business & Resource Directory
    • Business Resilience Decoded
    • Careers

    EVENTS

    • Spring 2023

    WEBINARS

    • Watch Now
    • Upcoming

    CONTACT

    • Article Submission
    • Media Kit
    • Contact Us

    ABOUT DRJ

    Disaster Recovery Journal is the industry’s largest resource for business continuity, disaster recovery, crisis management, and risk management, reaching a global network of more than 138,000 professionals. Offering weekly webinars, the latest industry news, rules and regulations, podcasts, the industry’s only official mentoring program, a quarterly magazine, and two annual live conferences, DRJ is leading the way to keep professionals up-to-date and connected in an ever-changing world.

    LEARN MORE

    TWITTER

    Disaster Recovery Journal is the leading publication/event covering business continuity/disaster recovery.

    Follow us for daily updates @drjournal

    Newsletter

    The Journal, right in your inbox.

    Be informed and stay connected by getting the latest in news, events, webinars and whitepapers on Business Continuity and Disaster Recovery.

    Subscribe Now
    Copyright 2023 Disater Recovery Journal
    • Terms of Use
    • Privacy Policy