PRESS RELEASE
SAN FRANCISCO, March 5, 2024 – Horizon3.ai, a pioneer in autonomous security solutions, today announced the availability of Horizon3.ai pentesting services for compliance. Horizon3.aire recognizes that demand for pentesting skills is at an all-time high and that organizations may struggle to meet their compliance-driven pentesting needs. This advanced, tailored service is designed to meet internal and external pentesting requirements for rigorous regulatory standards that require manual penetration testing to uncover complex logic errors and unknown vulnerabilities.
Request for manual penetration testing ranges from Payment Card Industry Data Security Standard (PCI DSS) v4.0 and updated Self-Assessment Questionnaires (SAQs) to System and Organization Controls (SOC), Digital Operational Resilience Act (DORA), General Regulations on Data Protection (GDPR), Center for Internet Security (CIS), National Institute of Standards and Technology (NIST), Cybersecurity Maturity Model Certification (CMMC), and internal requirements of many organizations.
Horizon3.ai compliance pentesting services embrace the concept of human-machine teaming, where a world-class team of Offensive Security Certified Professional (OSCP) pentesters conduct their pentests according to the methodologies specified in each standard, e.g. authenticated and unauthenticated, internal and external perspectives, segmentation controls, and so on. They feature the NodeZeroTM autonomous pentesting platform, which leverages artificial intelligence to identify exploitable attack paths that go well beyond the capabilities of vulnerability scanners to add scale, speed, contextual relevance and consistency to their penetration tests.
NodeZero’s combination of expert human analysis and autonomous testing results in a comprehensive and actionable assessment of the network infrastructure examined. With the service, customers receive a meticulous Pentesting Report and Corrective Action Report with detailed, prioritized guidance. They also have access to their pentest results on the NodeZero platform for 12 months to help guide and optimize their remediation efforts. Customers can also confirm that their fixes are effective with NodeZero’s 1-click verification tool. 1-Click Verification is a new targeted test of identified pain points that the customer can repeatedly run after resolving the issue to verify that an issue has actually been resolved. Once the fix is verified, customers can download an associated report to share with their reviewers as essential evidence. This means customers no longer need to schedule additional consulting engagements to verify that issues have been resolved. As an added benefit, the service includes rapid response alerts from Horizon3.ai’s expert attack team on emerging zero-day and N-day vulnerabilities that may impact their environment.
“Horizon3.ai offers its customers an unprecedented advantage with the 1-click verification tool in NodeZero. It is often the case that a customer does not have the experience to easily interpret or act on the list of fixes they receive after a thorough pentest. Horizon3.aide provides step-by-step, priority troubleshooting guidance and goes above and beyond with the 1-Click Check Tool. With the click of a button, the client can initiate a new targeted test that generates remediation evidence for their audit,” said James T. Flowers, CISSP, CISM, security and compliance expert, auditor and consultant.
Organizations can also choose to supplement their pentesting efforts with a bundled subscription to NodeZero for continuous security testing, both to go beyond simple “point-in-time” compliance and to alleviate the remediation burdens of upcoming remediation cycles. audit. This allows organizations to evaluate and improve their security posture with a variety of operations beyond internal and external pentesting, such as AD password auditing, phishing impact testing, N-day testing, and more .
Horizon3.ai compliance pentesting services are optimized to meet the needs of organizations subject to annual compliance with PCI DSS v4.0 or updated SAQs. Effective March 31, 2024, PCI DSS v3.2.1 will be retired, and v4.0, which introduces more stringent and ongoing security practices, will become the only active version of the standard.
“The security of the cardholder data environment is of utmost importance to the organization and its consumers. We are excited to offer our new service tailored to the pentesting methodology specified by the PCI Security Standards Council. We provide timely, world-class penetration testing and deploy our services in a way that helps our customers accelerate and improve their remediation efforts and advance towards continuous security testing,” said Horizon3.ai Co-Founder and CEO Snehal Antani .
Learn Learn more about Horizon3.ai’s pentesting services for compliance.
For more information send your request to [email protected]
About Horizon3.ai
Horizon3.ai was founded in 2019 by former US industry and national security veterans. Our mission is to help organizations see their networks through the eyes of the attacker and proactively fix the problems that really matter, improve the effectiveness of their security initiatives, and ensure they are prepared to respond to real cyber attacks.